Analysis Date2015-01-21 20:14:54
MD5a4e5f7cd66e0b955807139effd85071f
SHA13c0183d24db2fb38f892dfb8e5b01c7855051236

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: efa7b418c6052e231133b7ece6b92c41 sha1: 1132e7105de81c0b7a182fa8fb40b00d6d48aa69 size: 98304
Section.data md5: 620f0b67a91f7f74151bc5be745b7110 sha1: 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d size: 4096
Section.rsrc md5: 56c54a9e36663ef04ac316225e399b59 sha1: 119972a804192a53dbc2fce35e1485cedce9b6e8 size: 163840
Timestamp2009-11-29 02:42:01
Pdb path@
PackerMicrosoft Visual Basic v5.0
PEhash83bd621c881ab33628ae89c6997b14c8657232a2
IMPhasha4bc78787695a5bce39c844101da113f
AV360 Safeno_virus
AVAd-AwareGen:Variant.Barys.1943
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)Gen:Variant.Barys.1943
AVAuthentiumW32/Trojan.DKKJ-1677
AVAvira (antivir)TR/Dropper.Gen
AVBullGuardGen:Variant.Barys.1943
AVCA (E-Trust Ino)Win32/ASuspect.HADKB
AVCAT (quickheal)no_virus
AVClamAVTrojan.VB-8572
AVDr. WebTrojan.Siggen3.36337
AVEmsisoftGen:Variant.Barys.1943
AVEset (nod32)Win32/AutoRun.VB.VP worm
AVFortinetW32/VBKrypt.CAA!tr
AVFrisk (f-prot)W32/Trojan2.MFTO
AVF-SecureGen:Variant.Barys.1943
AVGrisoft (avg)Generic15.BYWR
AVIkarusTrojan.Win32.VB
AVK7Trojan ( 00071a9a1 )
AVKasperskyTrojan.Win32.VB.zvs
AVMalwareBytesno_virus
AVMcafeeDownloader-CGH
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Tonick
AVMicroWorld (escan)Gen:Variant.Barys.1943
AVRisingWorm.Win32.Autorun.txi
AVSophosMal/VB-BZ
AVSymantecTrojan Horse
AVTrend MicroTROJ_VB.SMAJ
AVVirusBlokAda (vba32)MAS.Trojan.VB.0342

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\VB and VBA Program Settings\tob\x\x ➝
x\\x00
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\xxx.bat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\dllhost.exe
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\dllhost.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\dllhost.exe

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\win ➝
C:\Documents and Settings\Administrator\Local Settings\Temp\dllhost.exe
RegistryHKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\win ➝
C:\Documents and Settings\Administrator\Local Settings\Temp\dllhost.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\vbzip11.dll
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\install\readm.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\micka.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\install\key.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\install\Install.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\zip.zip
Creates FileC:\WINDOWS\system32\vbzip11.dll
Creates Processregsvr32.exe /s "C:\WINDOWS\system32\vbzip11.dll"
Creates Processregsvr32.exe /s "C:\WINDOWS\system32\vbzip11.dll"
Creates Processregsvr32.exe /s "C:\WINDOWS\system32\vbzip11.dll"
Creates Processregsvr32.exe /s "C:\Documents and Settings\Administrator\Local Settings\Temp\vbzip11.dll"
Creates Processregsvr32.exe /s "C:\Documents and Settings\Administrator\Local Settings\Temp\vbzip11.dll"
Creates Processregsvr32.exe /s "C:\Documents and Settings\Administrator\Local Settings\Temp\vbzip11.dll"
Creates Processregsvr32.exe /s "C:\WINDOWS\system32\vbzip11.dll"
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\zip.zip
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\micka.exe
Creates Processregsvr32.exe /s "C:\Documents and Settings\Administrator\Local Settings\Temp\vbzip11.dll"
Winsock URLhttp://ns2.thebuisness.com/zip.zip
Winsock URLhttp://ns2.thebuisness.com/main1.gif
Winsock URLhttp://google.com

Process
↳ regsvr32.exe /s "C:\WINDOWS\system32\vbzip11.dll"

Process
↳ regsvr32.exe /s "C:\WINDOWS\system32\vbzip11.dll"

Process
↳ regsvr32.exe /s "C:\WINDOWS\system32\vbzip11.dll"

Process
↳ regsvr32.exe /s "C:\WINDOWS\system32\vbzip11.dll"

Process
↳ regsvr32.exe /s "C:\Documents and Settings\Administrator\Local Settings\Temp\vbzip11.dll"

Process
↳ regsvr32.exe /s "C:\Documents and Settings\Administrator\Local Settings\Temp\vbzip11.dll"

Process
↳ regsvr32.exe /s "C:\Documents and Settings\Administrator\Local Settings\Temp\vbzip11.dll"

Process
↳ regsvr32.exe /s "C:\Documents and Settings\Administrator\Local Settings\Temp\vbzip11.dll"

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\zip.zip

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\micka.exe

Creates FileC:\WINDOWS\SYSTEM32\REDIR.EXE
Creates FileC:\WINDOWS\SYSTEM32\MSCDEXNT.EXE
Creates FileC:\WINDOWS\SYSTEM32\COMMAND.COM
Creates FileC:\WINDOWS\TEMP\scs1.tmp
Creates FileC:\WINDOWS\TEMP\scs2.tmp
Creates FileC:\Documents and Settings\Administrator\Local Settings\TEMP\MICKA.EXE
Creates FileC:\WINDOWS\SYSTEM32\HIMEM.SYS
Creates FileC:\WINDOWS\SYSTEM32\DOSX.EXE
Deletes FileC:\WINDOWS\TEMP\scs1.tmp
Deletes FileC:\WINDOWS\TEMP\scs2.tmp

Network Details:

DNSgoogle.com
Type: A
74.125.228.228
DNSgoogle.com
Type: A
74.125.228.229
DNSgoogle.com
Type: A
74.125.228.230
DNSgoogle.com
Type: A
74.125.228.231
DNSgoogle.com
Type: A
74.125.228.232
DNSgoogle.com
Type: A
74.125.228.233
DNSgoogle.com
Type: A
74.125.228.238
DNSgoogle.com
Type: A
74.125.228.224
DNSgoogle.com
Type: A
74.125.228.225
DNSgoogle.com
Type: A
74.125.228.226
DNSgoogle.com
Type: A
74.125.228.227
DNSns2.thebuisness.com
Type: A
HTTP GEThttp://google.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Flows TCP192.168.1.1:1031 ➝ 74.125.228.228:80

Raw Pcap

Strings
.G
XYYYYPh..
/.
\\
/
//
.//
/
UT
/
/
C.
.
e
 
00-+ 
\ -=::.:\a.
.

040904E4
'12,%";
2000
2003
21qeqe234-234eqe34-5qeqe5892-4sasw2
</a>
A*\AC:\Documents and Settings\tonck\Desktop\newp2p\Project1.vbp
Abrir
Abrir USB
action
AddFileSpec
\AppData\Local\Ares\My Shared Folder\
\AppData\Local\Ares\My Shared Folder\incompletes\
\AppData\Local\eMule\config\preferences.ini
\AppData\Roaming\frostwire\frostwire.props
\AppData\Roaming\LimeWire\limewire.props
\Application Data\frostwire\frostwire.props
\Application Data\LimeWire\limewire.props
\Ares\Ares.exe
AUTORUN
Autorun.inf
BasePath
blank">
ClearFileSpecs
CompanyName
CopyFileW
CURSOR
Del 
DIRECTORIES_TO_SEARCH_FOR_FILES
\dllhost.exe
dllhost.exe
\Documents\Shareaza Downloads\
\Documents\Shareaza Downloads\incompletes\
\Downloads\eMule\Incoming\
\emule\config\preferences.ini
\emule\emule.exe
\eMule\Incoming\
Error
.exe
FileDescription
FileVersion
folderexists
\frostwire\frostwire.exe
         (((((                  H
Header
HKEY_
HKEY_CLASSES_ROOT
HKEY_CURRENT_CONFIG
HKEY_CURRENT_USER
HKEY_DYN_DATA
HKEY_LOCAL_MACHINE
HKEY_PERFORMANCE_DATA
HKEY_USERS
HOMEDRIVE
html
.html
http://apps.katz.cd/pg/--PAGE--
http://games.katz.cd/pg/1
http://google.com
http://ns2.thebuisness.com/main1.gif
http://ns2.thebuisness.com/test.gif
http://ns2.thebuisness.com/zip.zip
http://www.fullversions.org/crack-serial-keygen-torrent-free-full-download-App---PAGE--
http://www.phazeddl.com/pg/apps--PAGE--
icon
IIF]ZERZ[OEXR[\UCN@[SB@YK_GQt}mORMEPyqNFME\_qmZBCW]@cSEKPUU`oKQ
IIF]ZJHKHFTALMGY_WOGZPCOXH^@Pw|RNQLBQzpAGND[^rlEC@VZA`RJJSTRalJ.
IncomingDir
incomplete
incompletes\
Info-ZIP
Info-ZIP 1997
Info-ZIP's WiZ
Info-ZIP's Zip dll
\install
\install\
\install\Install.exe
\install\key.txt
\install\readm.txt
InternalName
@isual Studio\VB98\C2
jjjj
kernel32
LegalCopyright
\LimeWire\LimeWire.exe
\Local Settings\Application Data\Ares\My Shared Folder\
\Local Settings\Application Data\Ares\My Shared Folder\incompletes\
micka
\micka.exe
money money money,must be funny
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
\My Documents\Shareaza Downloads\
\My Documents\Shareaza Downloads\incompletes\
(null)
open
OriginalFilename
--PAGE--
ping; 1.2; 0.3; 0.4 - n; 1 - w; 500 > nul
please re-download the application
ProductName
ProductVersion
ProgramFiles
PROGRAMFILES
RecurseSubDirs
regsvr32.exe /s "
Scripting.FileSystemObject
\Shareaza\Shareaza.exe
shell32
ShellExecuteW
shell\open
shell\open\command
shell\open\Default
StoreFolderNames
StringFileInfo
system
%SystemRoot%\system32\SHELL32.dll,7
Temp
The Device was not found!
Translation
Unknown
UseAutoPlay
USERPROFILE
VarFileInfo
\vbzip11.dll
Vista
VS_VERSION_INFO
\xxx.bat
xxx.bat
.zip
Zip32
ZIP32.DLL
ZipFile
\zip.zip
:;,=+"[]<>| 	
""""""
"""""""""
"""""""""""
"""""	"
@(>-?%
@*~"? 
*@??=@
&?\&_@
0#000=0J0Q0`0
0"0*02080?0I0N0]0c0p0v0
0(0<0C0I0c0s0}0
0*0<0K0_0o0t0
0'0@0X0`0g0
000Z0c0i0
010>0E0P0W0b0o0u0{0
0&1+191`1e1s1
@04/>zrt?
050[0u0|0
075kmn
: :$:0:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
0?	8\@f
<!=0=:=a=o=x=
;"<0<?<F<Q<W<
0@H}_?
?0l=>(
@0Ww@Vi
1"1.141J1Z1m1s1
1$1/151:1@1M1j1p1{1
1,141m1|1
1"151;1A1z1
1$171>1P1X1h1
1$191C1V1_1
1<1D1h1p1
1$1I1c1o1
121E1M1Y1d1k1q1w1
1/252I2
142:2E2R2Z2b2j2r2y2~2
161?1w1~1
182C2R2W2\2e2o2
:):1:A:P:X:h:w:
1C1R1W1
>1?D?M?a?f?
?%?1?:?@?D?O?Z?m?t?
<#<+<1<?<F<M<Y<a<i<o<x<
>1>J>O>Y>^>y>Q?q?{?
1L2P2X2\2
;1;:;T;c;
@&1x?Xp
?<:)@2
20363O3U3]3m3
:@221@
2 2$2(2,202z2
2 2'2-222E2Z2_2e2k2t2
2(22272?2J2P2V2[2y2
2)2.2<2r2w2
2#2D2I2S2Y2_2s2
2 2D2L2p2x2
2%2T2Y2
23292A2I2O2W2^2c2y2
2\3`3d3h3l3p3t3x3|3
2 3(3L3T3x3
@2<6@@	1?x
283B3m3
?$?2?8?>?F?L?T?Z?f?k?t?y?
@,]2@8VZ>
_?`?2@c8
;!;2;C;I;U;[;f;
%2d%2d%4d
<2=>=d=i=s=
> >%>*>2>>>J>Y>a>f>q>v>
2K2X2e2l2q2
: :2:@:O:`:
3%323?3E3L3]3p3v3
3#3=3C3T3m3y3
3-3>3e3k3
3-3?3P3Y3^3
3!3E3K3Q3X3]3
3&3J3U3]3
343X3g3m3
363L3g3
>%>->3>9>D>L>
3D4H4L4P4T4X4\4`4d4h4l4p4
3J3O3U3b3u3z3
:-:3:P:V:i:r:
? ?*?3?;?R?[?
<"<3<U<Z<d<~<
=#=3=>=X=^=
:,:3:Z:w:
40444X7\7`7x7|7
4@046@
>4>#?-?2?W?e?
4%40454@4G4N4_4e4
4+40484>4C4q4w4}4
4(404T4\4
4%4/4G4L4V4p4~4
4!4&4n4
4*4?4T4u4
4*484m4
454;4A4H4M4q4w4}4
4+5?5F5`5k5r5x5
!/45km
4=5X5g5
475E5J5W5l5u5
494L4U4k4
>4>a>h>u>
@`4c??
:(:4:D:
%4d-%2d-%2d
@4Hb?`
;4<H<f<r<
@4jL@% 
4:mTW{THM,F
<#<4<P<_<q<z<
=4=P=Z=
;4<R<Z<z<
4?"Y6@
5 505m5t5
5.545:5C5X5m5w5
5%5+51585=5a5g5m5t5y5
5%5-535;5E5J5U5`5k5x5~5
5)5/5B5
5(5]5b5l5q5
5!5;5C5T5Y5f5k5
5#585>5N5c5i5r5x5
5+5Q5d5i5
5?5Y5n5
5#6.636]6
5(6/6w6
5>6a6r6
575B5I5R5Y5
585@5H5P5X5`5h5p5x5
>)?.?5?d?
5D9P9_9e9u9
5)eijY
:5;_;E<v<
6(626S6a6q6w6
6 6(60686@6H6P6X6`6h6p6x6
6#6-63696?6E6K6Q6W6]6c6g6m6s6y6
6"6;6}6
6&6+6<6X6i6
6#686j6t6
6"6F6L6R6Y6^6
6\6h6m6s6
6(70787=7D7Z7g7m7}7
6"747C7d7j7
6)7=7h7
6<7$8)8G8
6"7Z7#8
;)?68-@
6L7S7Z7_7l7w7
*+6LVZ@
6T6]6h6t6z6
>6vN@$
>(*\@7
747_7e7y7~7
7@6&K@X$?>
7(757;7K7k7s7{7
7 7(70787@7H7P7X7`7h7p7x7
777=7J7k7
7%7;7k8%9/:v:
7'7,7P7V7\7c7
7%7a7l7
7)7F7W7\7a7
7(848>8I8S8]8c8
798C8q8
7c7s7z7
=,=7=>=H=Q=W=
?*7i@j
7m8t8~8
@^7n@0
<7=R=a=
819R9[9K:
839=9R9]9
84999@9F9T9Z9g9
858<8@8D8H8L8P8T8X8
8.848@8l8v8
8$8,848<8D8L8T8\8d8l8t8|8
8!8'8-868I8O8U8f8l8{8~9
8$888@8E8N8S8
8'8/8?8P8c8{8
8:8@8F8M8R8v8|8
8"8+8I8X8b8
8+8H8`8
8>9D9b9
;-;8;C;h;o;~;
@8J4@ 
?+?8?L?
8M9S9q9
@8<)>t
?8|u@ 
>8v~@A
@8V<@ u
*8@V%z@ti
>8>X>h>x>
93999E9j9u9
9,:4:9:L:Q:d:
^}%95 
9,919H9Y9_9h9n9
9&9+989D9Y9d9i9s9x9
9/9:9B9R9m9|9
9%9@9G9L9P9T9q9
99:M:[:z:
9::@:D:H:L:
9d:j:u:{:
>">9>G>Q>
9k:q:~:
;$<9<><T<`<l<q<{<
@9y;@<
A@09@L<
A4cV@L
A`,4>K
A67n@Da%@
A8Sv>@
A>a!?~
AB8P@"
abnormal program termination
ABQ@RP
ABVa@ 4g@D
:Ac@wc@
AddFileSpec
  adding: %s
AD~:?H#K>%
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
adjusting offsets for
AdjustTokenPrivileges
	Ad&O@o
advapi32.dll
ADVAPI32.dll
A`F8? 8C@D
Ah(I?M
A`I!@dX
AJ'B@B
Aj h?L?
Aj=\@T
}	A&KO?
A l*@D$
alldatax
_allmul
allocating temp filename
AllowAppend
A &m@"/
america
american
american english
american-english
:(=a=m=s=
AM%X@@
Ans<@P$
>A?N?W?
AnWZ@;}
A}Og@8
A\oo@4t
AOyu@?'
APe=?;T
Appending
A" Q?g{
	Arcr?RT8@
Argentina
a@t~<@
A=Tj3TE
attempting to restore %s to its previous state
ATYc@l
August
Australia
australian
Austria
A?ve@*fd@
A=wW@0
AX3&>G
Ax*(?C
A`'Y@c
Az;~@=a
AzQE@=
AzuV@{r-@
@b?=?^
@b?:@`|
B 02CV
(@B{8@
bad extended local header for 
bad pack level
BasePath
Basque
>b'~b(
bCancel
belgian
Belgium
:&;b;g;~;
:!:=:B:H:L:h:
=B=H=T=d=k=r=x=
==>B>[>i>
:#:B:J:c:l:
block vanished
=!=B=O=f=l=z=
britain
bState
btHHt.
@(c?>(
;$<*<C<
C =02CVu
c2.c3>c4Nc
CallWindowProcA
Canada
canadian
Cancel
cannot repeat names in zip file
can only have one -P
can only have one -t
can only have one -tt
can't rewrite method
can't use - and -@ together
can't use -d,-f,-u or -g on stdout
can't use -F with -A, -F ignored
can't use -T on stdout, -T ignored
can't use -y with -k, -y ignored
:c:.;d;|;
CDE*&&'
C:\Documents and Settings\tonck\Desktop\final.pdb
central 
chinese
chinese-hongkong
chinese-simplified
chinese-singapore
chinese-traditional
	@ci?@_
_CIatan
_CIcos
_CIexp
_CIlog
_CIsin
_CIsqrt
_CItan
C@jGC@T
ClearFileSpecs
?`C`@`LF>K;
CloseHandle
Colombia
Command2
Comment
CompareStringA
CompareStringW
 compressed size %ld, actual size %ld for %s
Compression
ConvertCRLFToLF
ConvertLFToCRLF
CopyFileA
Costa Rica
Could not create output file
could not open for reading: 
could not read input file: 
cP8!D*
C:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
CreateFileA
CreateMutexA
c ?$rK@
CRLF-LF
>Cu28V
C?Vl7@
C:\WINDOWS.0\system32\msvbvm60.dll\3
<=<d<	=
>'>d>}>
@d1S@^
D$4j*P
@D7m?t
da^ff^ebNf1
`.data
@.data
dC.dD>dENdF^dGndH~
dddd, MMMM dd, yyyy
DdEBA@@@@=
@dE]@/
December
 (deflated %d%%)
Delete
DeleteCriticalSection
DeleteFileA
deleting directory %s (if empty)                
deleting: %s
?dfs@w
@dIH@^
?;?D?I?X?a?h?m?
DllFunctionCall
@Dnh@nH7?J2
.@@d&?o
DOMAIN error
Dominican Republic
do not specify both -r and -R
dOve_vfo
@Dp9?-
:@dQt@^T
'D@r]:@J
dutch-belgian
D$ VSj
@dwd@t
:!:>:D:y:
@(+|?E
Ea|9\L)8L=5
Ecuador
eLevel
empty name without -j or -r
Encrpyt
Encrypt
england
English
english-american
english-aus
english-belize
english-can
english-caribbean
english-ire
english-jamaica
english-nz
english-south africa
english-trinidad y tobago
english-uk
english-us
english-usa
Enter comment for %s:
EnterCriticalSection
Enter password: 
Entry too big to split
EnumSystemLocalesA
EN@.}V@W
@e+q@q
eR.eS>eTNeU
error deleting 
:!:&:,:<:E:S:]:b:
EVENT_SINK_AddRef
EVENT_SINK_GetIDsOfNames
EVENT_SINK_Invoke
EVENT_SINK_QueryInterface
EVENT_SINK_Release
excluding %s
ExitProcess
extended local header not found for 
@	ez@2
F2@ ,b@C
 fcopy: write error
fCXwvoww
?fDd@n
f;D$<t
February
ff&fc>Z
fffffox
@<F*@gT
file and directory with the same name: 
file matches zip file -- skipping
File not found or no read permission
FileSpec
FileSpecCount
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
findos
Finland
Finnish
  first full name: 
F@j@Ph
@Fj.?Z
- floating point not loaded
FlushFileBuffers
; ;/;>;F;N;T;\;a;j;p;v;
Force DOS
->(F/@p
F PjPWj
F$PjQWj
F.PjRWj
F*PjTWj
F+PjUWj
F,PjVWj
F-PjWWj
\FqKZV2
France
FreeEnvironmentStringsA
FreeEnvironmentStringsW
French
french-belgian
french-canadian
french-luxembourg
french-swiss
Freshen
FreshenFiles
freshening: %s
@F+r?:I
Friday
@fS/@[
fstat(stdin)
~f@V)?@t
@f& @X
!@(Fz>p2
GA?PFu?,h @
gB@hi7@W
g@b:j@p
German
german-austrian
german-lichtenstein
german-luxembourg
german-swiss
GetACP
GetActiveWindow
GetCommandLineA
GetCPInfo
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentThreadId
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetFileAttributesA
GetFileInformationByHandle
GetFileTime
GetFileType
GetFullPathNameA
GetKernelObjectSecurity
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetLocalTime
GetLogicalDriveStringsA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetSecurityDescriptorLength
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDirectoryA
GetSystemTime
GetTimeZoneInformation
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVolumeInformationA
GIF89a
?Gj-@	U
GlobalAlloc
GlobalFree
__GLOBAL_HEAP_SELECTED
GlobalLock
GlobalUnlock
?&?G?\?n?
g(@O+n@
>G>P>U>f>k>u>
great britain
Guatemala
`h````
>h1`@W]
H4Q4]4n4~4
has been
@hDU?f
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HHtpHHtl
H:mm:ss
HO@$A`?
holland
hong-kong
hpppiffT
hPs)uPsP
HSUVWh
h+@TB-@
>Hw)>(
< <:<I<
Iceland
Icelandic
#%iIMzR
=imI@YQ
IncludeSystemAndHiddenFiles
incorrect compressed size
InitializeCriticalSection
	(in=%lu) (out=%lu)
Input file read failure
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
Internal logic error
InternetCheckConnectionA
InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile
Interrupted
Invalid command arguments
Invalid comment format
invalid date entered for -t option
invalid date entered for -tt option
invalid option(s) used with -d; ignored.
invalid path
invalid time
irish-english
i@	s?@d
IsValidCodePage
IsValidLocale
italian-swiss
It[IItM
@>!i@X!
I@X`&@p
j0h<a@
@j7X@(
} j8h<?@
JanFebMarAprMayJunJulAugSepOctNovDec
January
J@@D_>
;J;e;u;{;
} j|h\?@
j$h<a@
} jhh\?@
jhh\?@
@^\J@hN
-@j'i@V
} jPh\?@
jPh\?@
?@JsK@
Junk Dir Names
Junk SFX
} jXh\?@
@Jxo@,
?jy%@P
;@<J<Z<
:$;<;K;];
kernel32
KERNEL32.dll
k@m84@
k@n+T?
k<PdAfv
<,<k<q<
@~"'@l
L0N5Yd
l$0VWPU
+@[L	A>
Label1
LC_ALL
LC_COLLATE
LC_CTYPE
LCMapStringA
LCMapStringW
LC_MONETARY
LC_NUMERIC
lCount
LC_TIME
 (%ld bytes security)
@l]e@$
LeaveCriticalSection
LF-CRLF
>>lh@,
+@LMG@
LoadLibraryA
local 
local and central headers differ for 
local extra (%ld bytes) != central extra (%ld bytes): 
LocalFileTimeToFileTime
local flags = 0x%04x, central = 0x%04x: 
local header not found for 
LookupPrivilegeValueA
L@pwY@2
:?;L;q;
@lQK@Q5
@lsc@R
lstrcatA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
-l used on binary file
Luxembourg
;(;L;V;\;l;
l@W'.@
l@`Zy=
;-;:;M;
made by version %d.%d on system type %d: 
mainrutine
Making argv
@""M@B
M/d/yy
MeCZha
MessageBoxA
MessageLevel
Mexico
Microsoft Visual C++ Runtime Library
M@ii%@V
missing argument for -b or -P
missing end signature--probably not a zip file (did you
missing or early
Missing or empty zip file
missing suffix list
Monday
MoveFileA
MSVBVM60.DLL
__MSVCRT_HEAP_SELECT
MultiByteToWideChar
multiple disk information ignored
(*MXob
,%?MYL@
@N~2@?
name in zip file repeated: 
name lengths in local and central differ for 
name not matched: 
names in local and central differ for 
=ne8@'
needs unzip %d.%d on system type %d: 
new-zealand
new zip file left as: 
nIndex
n@*)k@
$}	nL	
&+,Nlo
NLPQhT
@n[`@O
No Dir Entries
norwegian
norwegian-bokmal
norwegian-nynorsk
no such option: %c
- not enough space for arguments
- not enough space for environment
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
 not found or empty
Nothing to do!
nothing to select from
November
November 29th 1999
@.n{@pq>?
@@n`@R@
nRs*aQs?|Ps
Ns1hRs
NsbrRs
Ns$FPs
(null)
N?v#R@"V
NX\kqphZUQ3,
_@@,>O@20
o@2]R@LA
@oAe@5
October
Offsets
 offset %u--local = %02x, central = %02x
o@`g+=
:O:h:p:
?.OJ@\
O_mcs]0
>@:On@
OpenProcessToken
`Os0jPs
OsDROsk
OsEtPs?
OsfLPs
Os mPs
?Os*<Rs
OssnPs0sRs
Os@sRs
OstLPs"
Out of memory
output buffer too small for in-memory compression
Output file write failure
P;?@@?
P;?@@@@?
Panama
Paraguay
PasswordRequest
password verification failed
@PB[?,
-@P	D>(
PeekNamedPipe
Picture1
@P`=>l
pN@0ZC@Y
portuguese-brazilian
PPPPPPPP
ppxxxx
;`<p<Q=f=
pr china
pr-china
Privileges
Program: 
<program name unknown>
Progress
Ps2uQs
PsEjPsZ]Os
PsfzPs
>PsM@|
Ps_]Qs
PstjPs
Ps>UPs
$p>t:O
~@Pu\@{
puerto-rico
punqq974.
puqqqqq<770
- pure virtual function call
@pWX@/
=.=<=Q=
>Q?^?h?p?z?
q@J:&@
Qkkbal
Q-@n&h@
@qQ5@%
QQSUVWj
QQSVW3
QQSVWj
Qs@9Rs
Qs&nPsI
Qs];Os
QswUPs'kPs7
`QsYuRspuRs
@[qv@kr
@R4v?T
?>r8?9UF@
`.rdata
ReadFile
r@ECj@b\f?
Recurse -r
Recurse -R
RecurseSubDirs
RegCloseKey
RegCreateKeyA
RegDeleteKeyA
RegDeleteValueA
registry
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
ReleaseMutex
@.reloc
remember to use binary mode when you transferred it?)
RemoveDirectoryA
Repair
 replace: can't open %s
Retry with option -qF to truncate, with -FF to attempt full recovery
@r{g@J 
r->`{i@c^
@RIw@x
rlbA?4)
RRPQj	
Rs|sQs%
:Rs\TPs
RtlMoveMemory
RtlUnwind
runtime error 
Runtime Error!
RYjgfW2+*
{{{s<.
@~{S?$
%s: adjusting offsets for a preamble of %lu bytes
Saturday
sBasePath
SeBackupPrivilege
 second full name: 
September
SeSecurityPrivilege
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetFileAttributesA
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
SetStdHandle
SetWindowLongA
sFileName
shell32.dll
ShellExecuteA
SING error
 s=%ld, actual=%ld 
SleepEx
slovak
south africa
south-africa
South Africa
south korea
south-korea
Spanish
spanish-argentina
spanish-bolivia
spanish-chile
spanish-colombia
spanish-costa rica
spanish-dominican republic
spanish-ecuador
spanish-el salvador
spanish-guatemala
spanish-honduras
spanish-mexican
spanish-modern
Spanish - Modern Sort
spanish-nicaragua
spanish-panama
spanish-paraguay
spanish-peru
spanish-puerto rico
Spanish - Traditional Sort
spanish-uruguay
spanish-venezuela
sPassword
S@pcg@&
specify just one action
spread
?s@{@:^s?
%s: %s a preamble of %lu bytes
SS@SSPVSS
{ssuBBs@@@<4
starts on disk %u: 
 (stored 0%%)
StoreDirectories
StoreFolderNames
StoreVolumeLabel
Sunday
SunMonTueWedThuFriSat
S?uTOuU_uVouW
SUVWhX
Sweden
Swedish
swedish-finland
Switzerland
\$$SWV
System
SystemTimeToFileTime
t$0Fj/V
<:t0<;t,
t8@NyX?
target buffer too small
&@_Tb@
>T>b>v>
,@TDS@ho
tEj@Vh
Temp dir switch command
Temporary directory
Temporary file failure
TerminateProcess
<]t_G<-uA
!This program cannot be run in DOS mode.
@T=h@u
Thursday
@T]H@us
Timer1
Timer2
Timer3
</tK<:tG<\tC
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
total bytes=%lu, compressed=%lu -> %d%% savings
T$ QPRW
T$$QRW
tried to write binary zipfile data to console!
trinidad & tobago
T$<RUV
t$ SRV
t#SSUP
<?t#<*t
t.;t$$t(
</t~<\tz
Tuesday
TUW}H@
@T]_@v
t$$VSS
t$ WVjP
t/WWUPj
$ < u	
u@,DC@b
@uF<@b
>:u#FV
uL9|$$t
Unable to allocate memory in zip dll
Unable to allocate memory in zip library at %s
- unable to initialize heap
- unable to open console device
undefined bits used in flags = 0x%04x: 
Unexpected end of zip file
unexpected error on zip file
- unexpected heap error
- unexpected multithread lock error
>:uNFV
united-kingdom
united-states
unknown compression method %u: 
unknown internal attributes = 0x%04x: 
Update
UpdateOnlyIfNewer
updating: %s
up to date
U@rAs@
Uruguay
use -b before zip file name
use -P before zip file name
user32
user32.dll
USER32.dll
User terminated operation
use -x or -i after name of zipfile
?"^V@@
?V1"@ 
@v1N@D
@V!8@to
VBA6.DLL
__vbaAryConstruct2
__vbaAryCopy
__vbaAryDestruct
__vbaAryLock
__vbaAryMove
__vbaAryUnlock
__vbaAryVar
__vbaBoolVarNull
__vbaChkstk
__vbaCopyBytes
__vbaEnd
__vbaErase
__vbaExceptHandler
__vbaExitProc
__vbaFailedFriend
__vbaFileClose
__vbaFileOpen
__vbaFileSeek
__vbaFixstrConstruct
__vbaFPException
__vbaFpI2
__vbaFpI4
__vbaFPInt
__vbaFreeObj
__vbaFreeObjList
__vbaFreeStr
__vbaFreeStrList
__vbaFreeVar
__vbaFreeVarList
__vbaGosub
__vbaGosubFree
__vbaGosubReturn
__vbaHresultCheckObj
__vbaI2Var
__vbaI4Str
__vbaI4Var
__vbaInStr
__vbaInStrB
__vbaLateMemCall
__vbaLbound
__vbaLenBstr
__vbaLenBstrB
__vbaLineInputStr
__vbaLsetFixstr
__vbaMidStmtBstr
__vbaNew
__vbaNew2
__vbaObjSet
__vbaObjSetAddref
__vbaObjVar
__vbaOnError
__vbaPrintFile
__vbaPut3
__vbaPut4
__vbaPutOwner3
__vbaRaiseEvent
__vbaRecAnsiToUni
__vbaRecDestruct
__vbaRecDestructAnsi
__vbaRecUniToAnsi
__vbaRedim
__vbaRedimPreserve
__vbaSetSystemError
__vbaStrCat
__vbaStrCmp
__vbaStrCopy
__vbaStrI2
__vbaStrI4
__vbaStrMove
__vbaStrToAnsi
__vbaStrToUnicode
__vbaStrVarCopy
__vbaStrVarMove
__vbaStrVarVal
__vbaUbound
__vbaUI1Str
__vbaVar2Vec
__vbaVarAdd
__vbaVarCat
__vbaVarCmpEq
__vbaVarCopy
__vbaVarDup
__vbaVarForInit
__vbaVarForNext
__vbaVargVarCopy
__vbaVargVarMove
__vbaVarLateMemCallLd
__vbaVarLateMemSt
__vbaVarMove
__vbaVarOr
__vbaVarSetObj
__vbaVarSetVar
__vbaVarTstEq
__vbaVarTstNe
__vbaVarVargNofree
__vbaVarZero
vBWSSSj
vbzip11.dll
VC20XC00U
Venezuela
Verbose
Verify password: 
VirtualAlloc
VirtualFree
Volume
V@t~N@
_VTTPPI
Vtvj0j
V_VPTPIG
VXw[Q/
	W@2N	?B
WaitForSingleObject
was adding files to zip file
was copying %s
was creating pattern list
was deleting moved files and directories
was getting encryption password
was processing arguments
was processing list of files
was reading comment lines
was replacing the original zip file
was setting comments to null
was verifying encryption password
was zipping %s
w@"<b?8
Wednesday
WideCharToMultiByte
w@I?j@
will just copy entry over: 
wininet
wininet.dll
winlogos
wiz.exe
would be
w@P5c@
W@Pz!@
WQj1Pj
write error on zip file
WriteFile
WritePrivateProfileStringA
;);W;s;
?WSa@q
w@Tsb?
wvsprintfA
wwwwww
wwwwwwp
wwwwwwwx
wwwwwx
wxwwwwww
>@/x<@-
%?|X:@
?.#X@\}-@5A
@X@}>lC
@@XM@&
@X_;@p'
@xS%@@(
@XS.?3
@xSy@~
xv@@Lz@OP
{X@v{Q@C
x@xd%>
@=y<@0
@-~y@0
@Y{d@n
@yJf@|Q
Y@L5B@
)-.Yln
@yQn@>
_^][YY
ZaZaZXKJ
z@_b|@s
@zcV?L
:	;Z;e;
zero-length name for entry #
zero length password not allowed
@z[H@>
?>zI@[,
zip -0 not supported for I/O on pipes or devices
ZIP32.dll
zip diagnostic: deleting file %s
zip diagnostic: GetFileAttributes failed
zip diagnostic: GetVolumeInformation failed
zip diagnostic: %scluding %s
zip diagnostic: %s %s
zip error: %s (%s)
ZipFile
zip file empty
zip file has only directories, can't make it as old as latest entry
Zip file invalid or could not spawn unzip
zip file is empty, can't make it as old as latest entry
Zip file name
Zip file structure invalid
zip info: %s has %ld bytes of %sextra data
	zip info: %s%s
zip I/O error
zip: reading %s
zip warning
	zip warning: %s%s
zip warning: %s %s truncated.
ziXXXXXX
Z@%KP@
Zombie_GetTypeInfo
Zombie_GetTypeInfoCount
ZpArchive
ZpGetOptions
ZpInit
ZpSetOptions
ZpVersion
@ztu@{u
zu^SSS
ZVlE)m
>Z%v@n
@z]|@x
.Z:.zip:.zoo:.arc:.lzh:.arj
Z_ZT_PI
zzz||||
z}z}z{v