Analysis Date2015-04-06 20:24:39
MD569cfb34a485357c2a05918841163ad83
SHA16b076152f0619c2c32deb1ae46390485063155c4

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: bb0464822aa94b214f80bb7d8c39939e sha1: d48dbfca80856871e70434eb7ff7f13f08b4fcbf size: 454656
Section.rdata md5: 00f6dff0ab595582f850d054f79c4db0 sha1: 63b5cb9c96a98a7b03206cd5ce4a3e34295bf102 size: 77824
Section.data md5: 20e39fb5a1985f3d3407ab343db3b235 sha1: ab1e0a5f12ef1e436d8d7628eb21c939c71b18d8 size: 61440
Section.rsrc md5: cc21801dd4531d66cf98c773ddfe0e09 sha1: 512399976779df1225e6caa4c0441992680ab07f size: 32768
Timestamp2014-05-11 08:26:46
VersionLegalCopyright: 皓晨 版权所有
FileVersion: 1.0.0.0
CompanyName: 皓晨
Comments: 本程序使用易语言编写(http://www.eyuyan.com)
ProductName: 易语言程序
ProductVersion: 1.0.0.0
FileDescription: 易语言程序
PackerMicrosoft Visual C++ v6.0
PEhasha7669f07ca5f672b4de5c4006928f86d3c43e225
IMPhash5e7e169f64e5e57d2784dcb6192da3c1
AV360 Safeno_virus
AVAd-Awareno_virus
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)no_virus
AVAuthentiumW32/Agent.EW.gen!Eldorado
AVAvira (antivir)no_virus
AVBullGuardno_virus
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftno_virus
AVEset (nod32)Win32/PSW.QQPass.ONJ
AVFortinetW32/QQPass.ELG!tr.pws
AVFrisk (f-prot)W32/Agent.EW.gen!Eldorado
AVF-SecureTrojan:W32/DelfInject.R
AVGrisoft (avg)PSW.Generic12.BFHY
AVIkarusno_virus
AVK7no_virus
AVKaspersky 2015Trojan.Win32.Generic
AVMalwareBytesno_virus
AVMcafeeno_virus
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)no_virus
AVRisingno_virus
AVSophosno_virus
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Network Details:

DNSlogin.iwofeng.com
Type: A
141.8.225.80
DNSacesecureshop.com
Type: A
HTTP POSThttp://login.iwofeng.com:88/login.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP POSThttp://login.iwofeng.com:88/login.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Flows TCP192.168.1.1:1031 ➝ 141.8.225.80:88
Flows TCP192.168.1.1:1032 ➝ 141.8.225.80:88

Raw Pcap
0x00000000 (00000)   504f5354 202f6c6f 67696e2e 61737020   POST /login.asp 
0x00000010 (00016)   48545450 2f312e31 0d0a4163 63657074   HTTP/1.1..Accept
0x00000020 (00032)   3a20696d 6167652f 6769662c 20696d61   : image/gif, ima
0x00000030 (00048)   67652f78 2d786269 746d6170 2c20696d   ge/x-xbitmap, im
0x00000040 (00064)   6167652f 6a706567 2c20696d 6167652f   age/jpeg, image/
0x00000050 (00080)   706a7065 672c2061 70706c69 63617469   pjpeg, applicati
0x00000060 (00096)   6f6e2f78 2d73686f 636b7761 76652d66   on/x-shockwave-f
0x00000070 (00112)   6c617368 2c206170 706c6963 6174696f   lash, applicatio
0x00000080 (00128)   6e2f766e 642e6d73 2d657863 656c2c20   n/vnd.ms-excel, 
0x00000090 (00144)   6170706c 69636174 696f6e2f 766e642e   application/vnd.
0x000000a0 (00160)   6d732d70 6f776572 706f696e 742c2061   ms-powerpoint, a
0x000000b0 (00176)   70706c69 63617469 6f6e2f6d 73776f72   pplication/mswor
0x000000c0 (00192)   642c202a 2f2a0d0a 52656665 7265723a   d, */*..Referer:
0x000000d0 (00208)   20687474 703a2f2f 6c6f6769 6e2e6977    http://login.iw
0x000000e0 (00224)   6f66656e 672e636f 6d3a3838 2f6c6f67   ofeng.com:88/log
0x000000f0 (00240)   696e2e61 73700d0a 41636365 70742d4c   in.asp..Accept-L
0x00000100 (00256)   616e6775 6167653a 207a682d 636e0d0a   anguage: zh-cn..
0x00000110 (00272)   436f6e74 656e742d 54797065 3a206170   Content-Type: ap
0x00000120 (00288)   706c6963 6174696f 6e2f782d 7777772d   plication/x-www-
0x00000130 (00304)   666f726d 2d75726c 656e636f 6465640d   form-urlencoded.
0x00000140 (00320)   0a436f6e 74656e74 2d4c656e 6774683a   .Content-Length:
0x00000150 (00336)   2033310d 0a557365 722d4167 656e743a    31..User-Agent:
0x00000160 (00352)   204d6f7a 696c6c61 2f342e30 2028636f    Mozilla/4.0 (co
0x00000170 (00368)   6d706174 69626c65 3b204d53 49452036   mpatible; MSIE 6
0x00000180 (00384)   2e303b20 57696e64 6f777320 4e542035   .0; Windows NT 5
0x00000190 (00400)   2e30290d 0a486f73 743a206c 6f67696e   .0)..Host: login
0x000001a0 (00416)   2e69776f 66656e67 2e636f6d 3a38380d   .iwofeng.com:88.
0x000001b0 (00432)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x000001c0 (00448)   6e6f2d63 61636865 0d0a0d0a 49443d26   no-cache....ID=&
0x000001d0 (00464)   50573d26 5375626d 69743d2b 2b254235   PW=&Submit=++%B5
0x000001e0 (00480)   25433725 43322542 432b2b              %C7%C2%BC++

0x00000000 (00000)   504f5354 202f6c6f 67696e2e 61737020   POST /login.asp 
0x00000010 (00016)   48545450 2f312e31 0d0a4163 63657074   HTTP/1.1..Accept
0x00000020 (00032)   3a20696d 6167652f 6769662c 20696d61   : image/gif, ima
0x00000030 (00048)   67652f78 2d786269 746d6170 2c20696d   ge/x-xbitmap, im
0x00000040 (00064)   6167652f 6a706567 2c20696d 6167652f   age/jpeg, image/
0x00000050 (00080)   706a7065 672c2061 70706c69 63617469   pjpeg, applicati
0x00000060 (00096)   6f6e2f78 2d73686f 636b7761 76652d66   on/x-shockwave-f
0x00000070 (00112)   6c617368 2c206170 706c6963 6174696f   lash, applicatio
0x00000080 (00128)   6e2f766e 642e6d73 2d657863 656c2c20   n/vnd.ms-excel, 
0x00000090 (00144)   6170706c 69636174 696f6e2f 766e642e   application/vnd.
0x000000a0 (00160)   6d732d70 6f776572 706f696e 742c2061   ms-powerpoint, a
0x000000b0 (00176)   70706c69 63617469 6f6e2f6d 73776f72   pplication/mswor
0x000000c0 (00192)   642c202a 2f2a0d0a 52656665 7265723a   d, */*..Referer:
0x000000d0 (00208)   20687474 703a2f2f 6c6f6769 6e2e6977    http://login.iw
0x000000e0 (00224)   6f66656e 672e636f 6d3a3838 2f6c6f67   ofeng.com:88/log
0x000000f0 (00240)   696e2e61 73700d0a 41636365 70742d4c   in.asp..Accept-L
0x00000100 (00256)   616e6775 6167653a 207a682d 636e0d0a   anguage: zh-cn..
0x00000110 (00272)   436f6e74 656e742d 54797065 3a206170   Content-Type: ap
0x00000120 (00288)   706c6963 6174696f 6e2f782d 7777772d   plication/x-www-
0x00000130 (00304)   666f726d 2d75726c 656e636f 6465640d   form-urlencoded.
0x00000140 (00320)   0a436f6e 74656e74 2d4c656e 6774683a   .Content-Length:
0x00000150 (00336)   2033310d 0a557365 722d4167 656e743a    31..User-Agent:
0x00000160 (00352)   204d6f7a 696c6c61 2f342e30 2028636f    Mozilla/4.0 (co
0x00000170 (00368)   6d706174 69626c65 3b204d53 49452036   mpatible; MSIE 6
0x00000180 (00384)   2e303b20 57696e64 6f777320 4e542035   .0; Windows NT 5
0x00000190 (00400)   2e30290d 0a486f73 743a206c 6f67696e   .0)..Host: login
0x000001a0 (00416)   2e69776f 66656e67 2e636f6d 3a38380d   .iwofeng.com:88.
0x000001b0 (00432)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x000001c0 (00448)   6e6f2d63 61636865 0d0a0d0a 49443d26   no-cache....ID=&
0x000001d0 (00464)   50573d26 5375626d 69743d2b 2b254235   PW=&Submit=++%B5
0x000001e0 (00480)   25433725 43322542 432b2b              %C7%C2%BC++


Strings
...
....  ................
"#
....
.........
10/.-,+*)('&%$#"! ..............
.....
..........
..
.........
-
..
x
==
...
.
 
-% BbmHpAadYySMI \
.-E-0-0..
00-+ 
e
 
00...........?-  
0
0 
0
?
.
   
u.
    
 ......
 (*.*)
#####
#######
080404B0
 %1 
1.0.0.0
	1uM
(&C)
Comments
CompanyName
	Ctrl+
	Ctrl+D
	Ctrl+End
	Ctrl+G
	Ctrl+Home
	Ctrl+N
	Ctrl+PageDown
	Ctrl+PageUp
	&D.
DEFAULT_ICON
 DLL 
(&E)
FileDescription
FileVersion
Gjjj
Gjjjj
Gjjjjjjjj
         (((((                  H
(&H)
(http://www.eyuyan.com)
(&I)
 INI 
jjjj
jjjjh
LegalCopyright
msctls_progress32
msctls_updown32
MS Shell Dlg
(&N)
(null)
(&O)
(&P)
	PageDown
	PageUp
ProductName
ProductVersion
Progress1
 %s 
(&S)
	Shift+Tab
Spin1
StringFileInfo
(&T)
	Tab/Enter
TEXTINCLUDE
Translation
VarFileInfo
VS_VERSION_INFO
xxxx
^,_^][
^$_^[]
 (*.*)|*.*||
	!	!	!	!	
(&07-034/)7 '
0dk:ghV
0R>\W[
,1"52.*
1#QNAN
1#SNAN
	2	5	5	5	5	5
%+.2d%.2d
\$4t|Ht@H
|?5^<@
5	!	!	!	!
	5	5	5
	6	6	6	6
	6	6	6	6	6	6	6	6	6	6	,	,	,	,	,	,	,	,	+	+	+	+	+	/	/	/	'	'	'	'	'	'	'	'	'	'	(	(	(	(	(	(	(	(	(	(	(	(	(	
707ca37322474f6ca841f0e224f4b620
	7	7	7	7	7	7	7	7	7	7	7	*	*	-	-	-	-
8MThdu
\$8UVW
9^0u/j
'9A`u"9
9D$$t+
9L$x~e
9l$xtU9
9nPu	9^T
9o4u'V
	9oTtc
9t$0v8
9^xu5j
<A|2<Z
abcddefghijklmnoopqrrsstuvvwwxyyz;
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
abnormal program termination
Accept: 
Accept: */*
Accept: */* 
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: 
Accept-Language: zh-cn
%a, %d %b %Y %H:%M:%S 
AdjustWindowRectEx
Advapi32.dll
ADVAPI32.dll
AfxControlBar42s
AfxFrameOrView42s
AfxMDIFrame42s
AfxOldWndProc423
AfxOleControl42s
AfxWnd42s
Afx:%x:%x
Afx:%x:%x:%x:%x:%x
AppendMenuA
.?AUCThreadData@@
August
.?AV_AFX_BASE_MODULE_STATE@@
.?AV_AFX_CHECKLIST_STATE@@
.?AV_AFX_COLOR_STATE@@
.?AV_AFX_CTL3D_STATE@@
.?AV_AFX_CTL3D_THREAD@@
.?AVAFX_MODULE_STATE@@
.?AVAFX_MODULE_THREAD_STATE@@
.?AV_AFX_SOCK_STATE@@
.?AV_AFX_THREAD_STATE@@
.?AV_AFX_WIN_STATE@@
.?AVCArchiveException@@
.?AVCBitmap@@
.?AVCBrush@@
.?AVCButton@@
.?AVCClientDC@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCColorDialog@@
.?AVCComboBox@@
.?AVCCommonDialog@@
.?AVCCriticalSection@@
.?AVCDC@@
.?AVCDialog@@
.?AVCDWordArray@@
.?AVCEdit@@
.?AVCException@@
.?AVCFile@@
.?AVCFileDialog@@
.?AVCFileException@@
.?AVCGdiObject@@
.?AVCHandleMap@@
.?AVCImageList@@
.?AVCMapPtrToPtr@@
.?AVCMapStringToPtr@@
.?AVCMemFile@@
.?AVCMemoryException@@
.?AVCMenu@@
.?AVCNoTrackObject@@
.?AVCNotSupportedException@@
.?AVCObject@@
.?AVCPaintDC@@
.?AVCPen@@
.?AVCProgressCtrl@@
.?AVCPtrArray@@
.?AVCPtrList@@
.?AVCResourceException@@
.?AVCRgn@@
.?AVCSessionMapPtrToPtr@@
.?AVCSharedFile@@
.?AVCSimpleException@@
.?AVCSpinButtonCtrl@@
.?AVCStatic@@
.?AVCStringArray@@
.?AVCSyncObject@@
.?AVCTempDC@@
.?AVCTempGdiObject@@
.?AVCTempImageList@@
.?AVCTempMenu@@
.?AVCTempWnd@@
.?AVCTestCmdUI@@
.?AVCToolTipCtrl@@
.?AVCUserException@@
.?AVCWinApp@@
.?AVCWindowDC@@
.?AVCWinThread@@
.?AVCWnd@@
.?AVCWordArray@@
.?AVtype_info@@
<A|@<Z
B 02CV
bcdfghijklmnpqrstuvwxyz
BeginPaint
BeginPath
BitBlt
BKbhTb~XBK!;
 (*.BMP)|*.BMP|GIF
Bogus message code %d
BRPj+S
Button
BUTTON
BY:790005254
C =02CVu
CallNextHookEx
CallWindowProcA
CArchiveException
CBitmap
CBrush
CButton
CClientDC
CCmdTarget
CColorDialog
CColourPicker
CComboBox
CCriticalSection
Cc: %s
CDialog
CDWordArray
CException
CFileDialog
CFileException
CGdiObject
CharUpperA
CheckMenuItem
ChildWindowFromPointEx
ChooseColorA
CImageList
ck(WSbpS
ClientToScreen
CloseClipboard
CloseDatabase
CloseHandle
ClosePrinter
CLSIDFromString
CMapPtrToPtr
CMapStringToPtr
CMemFile
CMemoryException
CNotSupportedException
CObject
CombineRgn
combobox
COMCTL32.dll
COMCTL32.DLL
comdlg32.dll
commctrl_DragListMsg
commdlg_ColorOK
commdlg_FileNameOK
commdlg_help
commdlg_LBSelChangedNotify
commdlg_SetRGBColor
commdlg_ShareViolation
CompareStringA
CompareStringW
Content-Length: 
Content-Transfer-Encoding: base64
Content-Type: application/x-www-form-urlencoded
Content-type: multipart/mixed; boundary="#BOUNDARY#"
Content-type: text/plain; charset="
CopyAcceleratorTableA
CopyRect
CPaintDC
CPalette
CProgressCtrl
CPtrArray
CPtrList
CreateAcceleratorTableA
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDialogIndirectParamA
CreateDIBitmap
CreateEllipticRgn
CreateEventA
CreateFileA
CreateFontIndirectA
CreateIconFromResource
CreateIconFromResourceEx
CreateMenu
CreatePalette
CreatePen
CreatePolygonRgn
CreatePopupMenu
CreateRectRgn
CreateRectRgnIndirect
CreateRoundRectRgn
CreateSemaphoreA
CreateSolidBrush
CreateThread
CreateWindowExA
CResourceException
CSharedFile
CSpinButtonCtrl
CStatic
CStringArray
CSyncObject
CTempDC
CTempGdiObject
CTempImageList
CTempMenu
CTempWnd
CToolTipCtrl
Ctrl+A
Ctrl+B
Ctrl+C
Ctrl+D
Ctrl+E
Ctrl+F
Ctrl+F1
Ctrl+F10
Ctrl+F11
Ctrl+F12
Ctrl+F2
Ctrl+F3
Ctrl+F4
Ctrl+F5
Ctrl+F6
Ctrl+F7
Ctrl+F8
Ctrl+F9
Ctrl+G
Ctrl+H
Ctrl+I
Ctrl+J
Ctrl+K
Ctrl+L
Ctrl+M
Ctrl+N
Ctrl+O
Ctrl+P
Ctrl+Q
Ctrl+R
Ctrl+S
Ctrl+Shift+F1
Ctrl+Shift+F10
Ctrl+Shift+F11
Ctrl+Shift+F12
Ctrl+Shift+F2
Ctrl+Shift+F3
Ctrl+Shift+F4
Ctrl+Shift+F5
Ctrl+Shift+F6
Ctrl+Shift+F7
Ctrl+Shift+F8
Ctrl+Shift+F9
Ctrl+T
Ctrl+U
Ctrl+V
Ctrl+W
Ctrl+X
Ctrl+Y
Ctrl+Z
 (*.CUR)|*.CUR|
CUserException
CWinApp
CWindowDC
CWinFormUnit
CWinThread
CWordArray
?? / %d]
D$ _^][
D$,_^]
D$,;\$|
D$(_^]
D$(_^][
D$$_^[
D$$_^]
d09f2340818511d396f6aaf844c7e325
D$0WPQ
D$ |2;
D$49D$$}
D$4xoG
D$89Vdu
D$8RPj
D$8VPQ
D$$~9+
@.data
Date: %s
D$(CUSWP
 %d/%d 
(%d-%d):
%d / %d
%d / %d]
dddd, MMMM dd, yyyy
D$ d}G
D$dPQV
D$dQUWRP
D$dSUVW
D$DSWRPQ
D$DURP
December
DEFAULT_ICON
#define _AFX_NO_OLE_RESOURCES
#define _AFX_NO_PROPERTY_RESOURCES
#define _AFX_NO_TRACKER_RESOURCES
DefWindowProcA
DELETE
DeleteCriticalSection
DeleteDC
DeleteMenu
DeleteObject
DestroyAcceleratorTable
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
device
devices
D$<|}G
D$ |}G
D$H_^][
D$|hDmH
D$ hL2H
D$hQRP
D$hRPQ
D$hSUV3
D$hUPQ
D$HUPQ
D$HUSj
DispatchMessageA
DISPLAY
D$(;l$ 
D$L|}G
DllRegisterServer
DllUnregisterServer
D$LPUj
D$LUSWP
DocumentPropertiesA
DOMAIN error
D$<pGG
D$ pGG
D$,Pj<j
DPQh4mH
D$ PQR
D$PQRP
D$PRPQ
DPtoLP
D$(QPW
D$(QRP
D$$QUP
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIconEx
DrawTextA
D$@RPQj
D$ RPUhD
DRQPh4mH
D$,RVhLnH
D$,SPh
D$(SUV
D$$SUV
D$TRPW
D$TVPW
DuplicateHandle
D$@UPQ
|$D UV
D$@WPS
D$XPQU
D$XQRWP
;D$xt&
ech1Y%
EditBox
EHPWVS
Ellipse
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndDoc
#endif
#endif //_WIN32
EndPage
EndPaint
EndPath
EnterCriticalSection
EnumDisplayMonitors
EnumDisplaySettingsA
eQpenc
EqualRect
Escape
ExcludeClipRect
ExitProcess
ExtSelectClipRgn
ExtTextOutA
F<_^][
F,_^][
F\_^][
F09^4u*j
F49^8u&j
F89^8u&j
F(9V8tQ
FD@ul9L$(}f
FD uy9D$$}s
February
F(_+F$^[;E
?fff&ff23
F$@;F(v
F$@@;F(v
FileTimeToLocalFileTime
FileTimeToSystemTime
FillRect
FillRgn
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
F\jLSP
- floating point not loaded
FlushFileBuffers
FpHt&Ht
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
Friday
From: %s
[/fS_MR
Fxt_;FTu@
GAIsProcessorFeaturePresent
g~b1Y%
gb2312
=?gb2312?B?
Gdi32.dll
GDI32.dll
GetACP
GetActiveWindow
GetBkColor
GetBkMode
GetCapture
GetClassInfoA
GetClassLongA
GetClassNameA
GetClientRect
GetClipboardData
GetClipBox
GetClipRgn
GetCommandLineA
GetConnectString
GetCPInfo
GetCurrentObject
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetCursorPos
GetDesktopWindow
GetDeviceCaps
GetDIBits
GetDlgCtrlID
GetDlgItem
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetFileAttributesA
GetFileSize
GetFileTime
GetFileTitleA
GetFileType
GetFocus
GetForegroundWindow
GetFullPathNameA
GetKeyState
GetLastActivePopup
GetLastError
GetLocalTime
GetMenu
GetMenuCheckMarkDimensions
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMessageA
GetMessagePos
GetMessageTime
GetModuleFileNameA
GetModuleHandleA
GetMonitorInfoA
GetNextDlgTabItem
GetObjectA
GetOEMCP
GetOpenFileNameA
GetParent
GetPolyFillMode
GetProcAddress
GetProcessHeap
GetProcessVersion
GetProfileStringA
GetPropA
GetROP2
GetSaveFileNameA
GetScrollPos
GetScrollRange
GetStartupInfoA
GetStdHandle
GetStockObject
GetStretchBltMode
GetStringTypeA
GetStringTypeW
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetSystemPaletteEntries
GetSystemTime
GetTabList
GetTextColor
GetTextExtentPoint32A
GetTextMetricsA
GetTickCount
GetTimeZoneInformation
GetTopWindow
GetVersion
GetVersionExA
GetViewportExtEx
GetViewportOrgEx
GetVolumeInformationA
GetWindow
GetWindowDC
GetWindowExtEx
GetWindowLongA
GetWindowOrgEx
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
 (*.GIF)|*.GIF|
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFlags
GlobalFree
GlobalGetAtomNameA
GlobalHandle
__GLOBAL_HEAP_SELECTED
GlobalLock
GlobalReAlloc
GlobalSize
GlobalUnlock
GrayStringA
GroupBox
`h````
h9n`u;
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
hgjlkbrfzaoe
HHtiHtGH
HHtpHHtl
H:mm:ss
HrCg@b	g
HSVHWtgHHtF
Ht#HHt
HtHHt(
HtHHuz
HtOHt)H
HtTHtFHt8Ht*Ht
http://
HTTP/1.0
HTTP/1.1
http://login.iwofeng.com:88/
http://login.iwofeng.com:88/login.asp
http://login.iwofeng.com:88/quit.asp
http://login.iwofeng.com:88/Viery.asp
HttpOpenRequestA
HttpQueryInfoA
HttpSendRequestA
hWj@_;
_hypot
 (*.ICO)|*.ICO|
#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_CHS)
#ifdef _WIN32
ImageList_Destroy
#include "l.chs\afxres.rc"          // Standard components
InflateRect
InitCommonControlsEx
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
InternetCanonicalizeUrlA
InternetCloseHandle
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetSetOptionA
IntersectRect
InvalidateRect
iPhone QQ
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
IsChild
IsDialogMessageA
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
It#Iu%
\$\}-j
JanFebMarAprMayJunJulAugSepOctNovDec
January
jBWVSSQ
JPEGMEM
 (*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
 (*.JPG)|*.JPG|BMP
j VUPWQ
KERNEL32
Kernel32.dll
KERNEL32.dll
KillTimer
kXEQ>\u
^l_^][
;l$ }:
L$ ]_^
L$$_^]
L$0h|nH
L$0PQR
L$0PQS
L$0SUV@W
L23fff&ff
L$,_^]3
L$,_[3
L$4_^3
L$4_^[d
L$4S+L$0Qj
L$4UQWP
L$4VQUP
L$4WPQR
L$4WQUVS
L$8^]_3
L$8_^][d
L$8WPQR
LANGUAGE 4, 2
LCMapStringA
LCMapStringW
L$`_^][d
L$|_^][d
L$ ^][d
L$ _^d
L$ _^][d
L$,_^][d
L$(_^][d
L$@^[d
L$@_^][d
L$$^[d
L$$^]d
L$$_^d
L$$_^][d
L$\_^][d
L$D_^[d
L$D_^][d
L$D_]d
L$DPQj
L$DSVQ
LeaveCriticalSection
l	g~b0R 
l	g~b0Rdk
L$h_^]3
L$h_^][d
L$H_^][d
L$H][d
L$Hj&Q
L$,h$mH
L$@h mH
l$HQRVU
L$HSUVWP
LineTo
L$L_^]3
L$l_^][d
L$L^[d
L$L_^][d
L$LPQR
L$lRVQ
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
LoadLibraryA
LoadResource
LoadStringA
LocalAlloc
LocalFree
LocalReAlloc
LockFile
LockResource
L$P_^d
L$P_]^[d
L$ PQh
L$(PQR
L$@PQR
L$<PQVV
L$pRPQ
LPtoDP
L$(PVQ
L$ QRh
L$ QSR
L$,RPQ
L$(RPQ
L$<RPQW
L$@RQj
L$@RUQ
L$<SQR
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
L$,SUV
L$(SUV
L$T_^]
L$t_^d
L$t][d
L$T_^]d
L$T_^][d
|$LtE;
L$TSWQ
L$(UUh
\$lUV3
L$(VQRSP
L$(VQVj
l$@VW3
l$<VWj
L$ WPQ
L$(WQR
L$(WSR
L$X_^]3
L$x_^d
L$x_^][d
L$X_^d
L$X;L$
L$XSQh
@;l$\~Z
mailto:
MapWindowPoints
M/d/yy
MessageBoxA
MGridCells
Microsoft Visual C++ Runtime Library
midiOutPrepareHeader
midiOutReset
midiOutUnprepareHeader
midiStreamClose
midiStreamOpen
midiStreamOut
midiStreamProperty
midiStreamRestart
midiStreamStop
 (*.MID)|*.MID|
MIME-Version: 1.0
ModifyMenuA
Monday
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MoveToEx
MoveWindow
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Mpr.dll
msctls_updown32
MS Sans Serif
MS Shell Dlg
__MSVCRT_HEAP_SELECT
MulDiv
MultiByteToWideChar
n0SSSSU
-NbkSbpS
-NbkSbpS(
nd9~dt
N/f@b	g
NH_^][
Nh;NX|
-N"N1Y
N*Ncktepe
N*Ntepe
N*N(W%
N*N(W0
- not enough space for arguments
- not enough space for environment
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
nt2Ht#Ht
NTRPQj
(null)
N$~	WU
NX9NXu 
Nyt2S	W	w	w
nzzpenc
O(_^][
o0SSSSU
October
OffsetRect
OffsetViewportOrgEx
ole32.dll
OLEAUT32.dll
OleInitialize
OleUninitialize
OpenClipboard
OpenDatabase
OpenPrinterA
out.prn
OX[0R 
~P9~Pun
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
PA#define _AFX_NO_SPLITTER_RESOURCES
PatBlt
PathToRegion
.PAVCArchiveException@@
.PAVCException@@
.PAVCFileException@@
.PAVCMemoryException@@
.PAVCNotSupportedException@@
.PAVCObject@@
.PAVCResourceException@@
.PAVCSimpleException@@
.PAVCUserException@@
PeekMessageA
Ph_^][Y
PicBox
P#include "afxres.h"
PostMessageA
PostQuitMessage
PPPPhd
PPPPPPPP
P<PuWSV
ppxxxx
PQj WUS
PQQQQQ
\$ PQV
#pragma code_page(936)
PreviewPages
 (*.prn)|*.prn|
Program: 
<program name unknown>
P$RWPh0
~'PSQR
PtInRect
PtVisible
- pure virtual function call
@PVj,S
\$PVUUS
PWVWWW
QPSWVR
QQSVW3
QQSVWd
QQSVWj
QQUWSS
QSUVWj
QUhH2H
QX[gbL
RaiseException
RASAPI32.dll
RasGetConnectStatusA
RasHangUpA
`.rdata
ReadFile
RealizePalette
Rectangle
RectVisible
RedrawWindow
Referer: 
RegCloseKey
RegCreateKeyExA
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
RegOpenKeyExA
RegQueryValueA
RegSetValueExA
ReleaseCapture
ReleaseDC
ReleaseSemaphore
RemovePlayer
RemovePropA
Reply-To: %s
resource.h
RestoreDC
ResumeThread
RoundRect
|$,RPQ
RSbpS\O
RtlUnwind
runtime error 
Runtime Error!
RVPUSQ
Saturday
SaveDC
SbpS0R
SbpS@b	gu
SbpS:g:
SbpS\O
ScaleViewportExtEx
ScaleWindowExtEx
ScreenToClient
ScrollWindowEx
SelectClipRgn
SelectObject
SelectPalette
SendDlgItemMessageA
SendMessageA
September
SetActiveWindow
SetBkColor
SetBkMode
SetCapture
SetClipboardData
SetCurrentDirectoryA
SetCursor
SetCursorPos
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetFilePointer
SetFocus
SetForegroundWindow
SetHandleCount
SetLastError
SetMapMode
SetMenu
SetMenuItemBitmaps
SetParent
SetPolyFillMode
SetPropA
SetRect
SetRectEmpty
SetROP2
SetScrollPos
SetScrollRange
SetStdHandle
SetStretchBltMode
SetTextColor
SetTimer
Settings
SetUnhandledExceptionFilter
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowLongA
SetWindowOrgEx
SetWindowPos
SetWindowRgn
SetWindowsHookExA
SetWindowTextA
Shell32.dll
SHELL32.dll
ShellExecuteA
Shell_NotifyIconA
\shell\open\command
Shift+F1
Shift+F10
Shift+F11
Shift+F12
Shift+F2
Shift+F3
Shift+F4
Shift+F5
Shift+F6
Shift+F7
Shift+F8
Shift+F9
ShowWindow
SING error
sO;>|C;~
software
%s <%s>
SS@SSPVSS
_SSSSU
StartDocA
StartPage
StretchBlt
Subject: %s
&Submit=++%B5%C7%C2%BC++
Sunday
SunMonTueWedThuFriSat
SWVVVRPV
System
SystemParametersInfoA
T$$_^]
T$0PQR
T$0SUV
@t4Ht1Ht_Ht
T$8QRP
T$8RWj
t$ 90t
t	9p$u
t&9^$t
TabbedTextOutA
tAhPqG
T$$+D$4
tD9_Pt?
T$dPQR
T$DPQRW
T$DQRU
T$DQSR
T$DWRh
T$\;D$Xu
t(ENEN;
TerminateProcess
TextOutA
T/f&Tcknx
<]t_G<-uA
T$|hHmH
T$Hh$mH
!This program cannot be run in DOS mode.
T$,h$mH
t>Ht Ht
t+Ht$Ht
Thursday
T$H} VP
tI;Ftr
T$\jdSR
+tJHt:Ht*
TLOSS error
T$lPRh
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
t$LUPh
T$LWUQVR
tn<%t2
tooltips_class32
To: %s
T$pPQR
t$PPVS
T$(PQR
T$\PQR
T$PQRP
T$ PQWWR
T$$PRV
tq9~Dt
T$(Qh$mH
T$ QRh
T$ QRP
T$(QVURWP
TranslateAcceleratorA
TranslateMessage
tRHt}H
T$,RQP
t%RSQP
t$$RVP
T$<RVW
tS9~@uN
tSh8wG
T$ SRh
T$,SRh
t$(SSh
t#SSUP
T$ SWRP
+ttHHtd
t.;t$$t(
Tuesday
T$\URP
t$$VSS
tvWWWWU
T$\WVR
t/WWUPj
 (*.txt)|*.txt|
T$XUSR
;t$Xu";\$\u
t$XWVS
?u='@^
u._^][
u29l$xu,
u"8D$yu
u]9B uX
u	9~@u
>:u#FV
uh9^8uX
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
>:uNFV
UnhandledExceptionFilter
UnhookWindowsHookEx
UNLINK
UnlockFile
UnregisterClassA
UpdateWindow
uR9BxuM
uRFGHt
us-ascii
USER32
user32.dll
User32.dll
USER32.dll
u$SShe
u(Uh8oH
\$(UVW
ValidateRect
VC20XC00U
V#D$,WPQ
Vh;VX|
Viery=
VirtualAlloc
VirtualFree
\$<VW3
VWtp9E
V,_^[Y
W9^du-
WaitForMultipleObjects
WaitForSingleObject
waveOutClose
waveOutGetNumDevs
waveOutOpen
waveOutPause
waveOutPrepareHeader
waveOutReset
waveOutUnprepareHeader
waveOutWrite
 (*.WAV;*.MID)|*.WAV;*.MID|WAV
 (*.WAV)|*.WAV|MIDI
Wednesday
	WG!2S(
WideCharToMultiByte
window
WindowFromPoint
windows
WinExec
WinHelpA
wininet.dll
WININET.dll
WINMM.dll
WINSPOOL.DRV
WjdjdPQh
Wj(_Wj
|$$}$WP
(wqt\HHtS
WriteFile
WritePrivateProfileStringA
WS2_32.dll
wsprintfA
WTWindow
|$@ Wu
wwwwww
XY[Z[]
YHYtLHt9
Yt&h4rG
YX[(W	
_^][YY
|z;^<}uWS