Analysis Date2015-01-11 08:26:58
MD5b41e211be77c2793cfb73192588d1f1e
SHA1746868b4e68a5f5b58410dde95bc054e95c32d51

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: f87af40a99f471d9089552fdd86e7988 sha1: 1068df5a9258f4bd8e202bf068b573cce7edbcef size: 143360
Section.rdata md5: 7ae575d53c59121124cecd1fc993f592 sha1: b8e2dc335701c4c251fb7784c15d0d8d80de914f size: 36864
Section.data md5: 01eb5c8da37239db16cd264bd1c6eada sha1: e4dbfdfac5471cdf86dc84c7633daefb9261c3cf size: 20480
Section.rsrc md5: 51080dc4554277373d78c75be23b4f34 sha1: 270affb81d85118fec92bb431ba3e92f451e42c4 size: 32768
Timestamp2011-06-07 07:23:55
PackerMicrosoft Visual C++ v6.0
PEhashad8aec542165d352c94afbd3c9d24dac93e72833
IMPhashd91f69ac8ecab2e1bccc333ce65d2cb0
AV360 Safeno_virus
AVAd-AwareTrojan.Generic.7472583
AVAlwil (avast)InfoStealer-AS [Spy]
AVArcabit (arcavir)Trojan.Generic.7472583
AVAuthentiumno_virus
AVAvira (antivir)no_virus
AVBullGuardTrojan.Generic.7472583
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVWin.Trojan.Agent-55441
AVDr. WebTrojan.MulDrop3.41778
AVEmsisoftTrojan.Generic.7472583
AVEset (nod32)Win32/Spy.Agent.OAO
AVFortinetno_virus
AVFrisk (f-prot)no_virus
AVF-SecureTrojan.Generic.7472583
AVGrisoft (avg)Dropper.Agent.AVTU
AVIkarusGen.Win32.ExplorerHijack
AVK7Backdoor ( 04c4e5e71 )
AVKasperskyTrojan-Dropper.Win32.Agent.hdwp
AVMalwareBytesno_virus
AVMcafeeBackDoor-FCBA!4A2FDD7EF5FE
AVMicrosoft Security EssentialsBackdoor:Win32/Minjat.A
AVMicroWorld (escan)Trojan.Generic.7472583
AVRisingno_virus
AVSophosTroj/Minjat-A:Mal/Behav-043
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)TrojanDropper.Agent

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Update.exe
Creates FileC:\\\xe0\\xb9\\x81\\xe0\\xb8\\x99\\xe0\\xb8\\xa7\\xe0\\xb8\\x97\\xe0\\xb8\\xb2\\xe0\\xb8\\x87\\xe0\\xb8\\xaa\\xe0\\xb8\\xb1\\xe0\\xb8\\xa1\\xe0\\xb8\\xa0\\xe0\\xb8\\xb2\\xe0\\xb8\\xa9\\xe0\\xb8\\x93\\xe0\\xb9\\x8c \\xe0\\xb8\\x9c\\xe0\\xb8\\x9a.\\xe0\\xb8\\x97\\xe0\\xb8\\xaa\\xe0\\xb8\\xaa..pdf
Creates ProcessC:\WINDOWS\system32\cmd.exe /c del C:\746868~1.EXE
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Application Data\Update.exe

Process
↳ C:\WINDOWS\system32\cmd.exe /c del C:\746868~1.EXE

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Application Data\Update.exe

Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\32d2_appcompat.txt
Creates FileC:\Documents and Settings\Administrator\spoolv.exe
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 200
Creates ProcessC:\WINDOWS\system32\drwtsn32 -p 148 -e 156 -g

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 200

Process
↳ C:\WINDOWS\system32\drwtsn32 -p 148 -e 156 -g

Network Details:


Raw Pcap

Strings
..
.
0--E-0-0
00...........?-  
0
0 
0 
...
 
u

 (*.*)
080404b0
0 MB
 %1 
1, 0, 0, 1
116736
%2\CLSID
%2\DocObject
%2\Insertable
%2\protocol\StdFileEditing\server
%2\protocol\StdFileEditing\verb\0
%3,%7
393866
%9, %8
About
Accept-Encoding:gzip,deflate/r/n
Accept-Language:En-us/r/n
ADISPLAY
Admin
AfxControlBar42su
AfxFrameOrView42su
AfxMDIFrame42su
AfxOldWndProc423
AfxOleControl42su
AfxWnd42su
AHelv
Application Data\
Bcombobox
Bjjh
Boat
 Boat
Boat 1.0 
 Boat(&A)...
BRichEdit Text and Objects
 (C) 2009
*Can't Get
CLSID\%1
CLSID\%1\AuxUserType\2
CLSID\%1\AuxUserType\3
CLSID\%1\DefaultExtension
CLSID\%1\DefaultIcon
CLSID\%1\DocObject
CLSID\%1\InprocHandler32
CLSID\%1\InProcServer32
CLSID\%1\Insertable
CLSID\%1\LocalServer32
CLSID\%1\MiscStatus
CLSID\%1\Printable
CLSID\%1\ProgID
CLSID\%1\Verb\0
CLSID\%1\Verb\1
combobox
commctrl_DragListMsg
Comments
CompanyName
ComSpec
COMSPEC
Content-Type:application/x-www-form-urlencoded/r/n
Copyright ? 2012
Copyright (C) 2011
c"%s" -local
%d-%d-%d %d-%d
DISPLAY
 DLL 
%d MB
dMozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.0; .NET CLR 1.1.4322)
Edit
&Edit
&Edit,0,2
Embedded Object
Embed Source
&File
FileDescription
FileName
FileNameW
FileVersion
GUEST
         (((((                  H
(&H)
h&About ...
Hardware\Description\System\CentralProcessor\0
Hello World!
&Help
.HLP
@I64
iE&xit
 INI 
.INI
InstallDate
InternalName
killlab.ticp.net
killlab.vicp.net
%ld 
LegalCopyright
LegalTrademarks
Link Source
Link Source Descriptor
-local
~MHz
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
MS Sans Serif
MS Shell Dlg
@MSWHEEL_ROLLMSG
(&N)
Native
(null)
Object Descriptor
ObjectLink
ole32.dll
open
&Open,0,2
OriginalFilename
OwnerLink
..pdf
PreviewPages
PrivateBuild
ProductName
ProductVersion
psapi.dll
Rar$
Rich Text Format
ROOT
 %s 
%s\*.*
%s /c del %s
:SeDebugPrivilege
Settings
Shell32.dll
software
Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
SOFTWARE\Microsoft\Windows NT\CurrentVersion
SpecialBuild
"%s" %s
Startup
StringFileInfo
System
@System
Translation
Update.exe
USER
USER32
%USERPROFILE%\spoolv.exe
VarFileInfo
VS_VERSION_INFO
WinMM Version 1.0
Yahoo
Yahoo.exe
\Yahoo Talk Start.lnk
^,_^][
^$_^[]
~"""""
=?]-|/_
   .= ]
;::_^^
.===??=]
"""""-
"""""!
"""""?
""""""
"""""" 
"""""",
""""""!
"""""""
"""""""<
""""""" 
"""""""!
""""""""
"""""""" 
""""""""!
"""""""""
"""""""""""?
"""""""""""""""!
""""""""""""""""
""""""""""""""""""
""""""""""""""""""""""""""">@
"""""""""""""""""""""""#
""""""""""""""""#
""""""""""""""#
"""""""""""#
""""""""""$
""""""""#
"""""""@
"""""""#
""""""@
""""""#
"""""@
"""""$
"""""#
]]]]]]]]]]]]]]]]]]]]]]]
]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]
$..===?=]
$			$			$			$			$
% .   
%%%%%%%%%
%%%%%%%%%%%%%%%$
								
0000000000 65535 f 
0000000015 00000 n 
0000000059 00000 n 
0000000167 00000 n 
0000000271 00000 n 
0000000290 00000 n 
0000027419 00000 n 
0000027441 00000 n 
0000027458 00000 n 
0000027520 00000 n 
0000027632 00000 n 
0000027737 00000 n 
0000027756 00000 n 
0000067300 00000 n 
0000067322 00000 n 
0000067340 00000 n 
0000067404 00000 n 
0000067516 00000 n 
0000067621 00000 n 
0000067640 00000 n 
0000129385 00000 n 
0000129407 00000 n 
0000129425 00000 n 
0000129489 00000 n 
0000129601 00000 n 
0000129706 00000 n 
0000129725 00000 n 
0000212294 00000 n 
0000212316 00000 n 
0000212334 00000 n 
0000212398 00000 n 
0000212510 00000 n 
0000212615 00000 n 
0000212634 00000 n 
0000282933 00000 n 
0000282955 00000 n 
0000282973 00000 n 
0000283037 00000 n 
0000283149 00000 n 
0000283254 00000 n 
0000283273 00000 n 
0000365056 00000 n 
0000365078 00000 n 
0000365096 00000 n 
0000365160 00000 n 
0000365272 00000 n 
0000365377 00000 n 
0000365396 00000 n 
0000392409 00000 n 
0000392431 00000 n 
0000392449 00000 n 
0000392513 00000 n 
0000392619 00000 n 
0000392670 00000 n 
""""$08
0B"""#
0BC$3c
0DCB""""""""#
0dk:ghV
0.>?i8
!0#@sf`
10 0 obj 35
1 0 obj<</Type/Catalog/Pages 2 0 R>>
11 0 obj 26891
12 0 obj<</Type/Page/MediaBox[0 0 595 842]/Rotate 15 0 R/Contents 13 0 R/Resources 14 0 R/Parent 4 0 R>>
13 0 obj<</Filter/FlateDecode/Length 17 0 R>>stream
14 0 obj<</XObject<</Im0 16 0 R>>/ProcSet[/PDF/ImageB]>>
15 0 obj 0
16 0 obj<</Type/XObject/Subtype/Image/Width 2481/Height 3509/ColorSpace/DeviceGray/BitsPerComponent 1/Filter/CCITTFaxDecode/DecodeParms<</K -1/Columns 2481/Rows 3509/BlackIs1 true>>/Interpolate true/Length 18 0 R>>stream
17 0 obj 35
?1=$7C
18 0 obj 39305
19 0 obj<</Type/Page/MediaBox[0 0 595 842]/Rotate 22 0 R/Contents 20 0 R/Resources 21 0 R/Parent 4 0 R>>
1AABBf
1d2A^?~
1f70*G
1^la#j
1#QNAN
1#SNAN
1WF{IQ
_[1w	o[
""$1xA
%1zTftf
"""""""2
20 0 obj<</Filter/FlateDecode/Length 24 0 R>>stream
2 0 obj<</Type/Pages/Kids[ 4 0 R]/Count 7>>
20/qmm
21 0 obj<</XObject<</Im0 23 0 R>>/ProcSet[/PDF/ImageB]>>
22 0 obj 0
23 0 obj<</Type/XObject/Subtype/Image/Width 2481/Height 3509/ColorSpace/DeviceGray/BitsPerComponent 1/Filter/CCITTFaxDecode/DecodeParms<</K -1/Columns 2481/Rows 3509/BlackIs1 true>>/Interpolate true/Length 25 0 R>>stream
24 0 obj 35
25 0 obj 61506
26 0 obj<</Type/Page/MediaBox[0 0 595 842]/Rotate 29 0 R/Contents 27 0 R/Resources 28 0 R/Parent 4 0 R>>
27 0 obj<</Filter/FlateDecode/Length 31 0 R>>stream
28 0 obj<</XObject<</Im0 30 0 R>>/ProcSet[/PDF/ImageB]>>
29 0 obj 0
/2	d30
2	dL! 
30 0 obj<</Type/XObject/Subtype/Image/Width 2481/Height 3509/ColorSpace/DeviceGray/BitsPerComponent 1/Filter/CCITTFaxDecode/DecodeParms<</K -1/Columns 2481/Rows 3509/BlackIs1 true>>/Interpolate true/Length 32 0 R>>stream
3 0 obj<</Producer(EPSON Scan)>>
31 0 obj 35
32 0 obj 82330
#32770
33 0 obj<</Type/Page/MediaBox[0 0 595 842]/Rotate 36 0 R/Contents 34 0 R/Resources 35 0 R/Parent 4 0 R>>
33% %$t
34 0 obj<</Filter/FlateDecode/Length 38 0 R>>stream
35 0 obj<</XObject<</Im0 37 0 R>>/ProcSet[/PDF/ImageB]>>
36 0 obj 0
37 0 obj<</Type/XObject/Subtype/Image/Width 2481/Height 3509/ColorSpace/DeviceGray/BitsPerComponent 1/Filter/CCITTFaxDecode/DecodeParms<</K -1/Columns 2481/Rows 3509/BlackIs1 true>>/Interpolate true/Length 39 0 R>>stream
38 0 obj 35
39 0 obj 70060
392710
3	d2CTr
-3hid#
3$ %I$=`%M?`$t
3`M2vAl
|!3"q8!
3}unmQ
""""-4
"4"""!
40 0 obj<</Type/Page/MediaBox[0 0 595 842]/Rotate 43 0 R/Contents 41 0 R/Resources 42 0 R/Parent 4 0 R>>
4 0 obj<</Type/Pages/Kids[ 5 0 R 12 0 R 19 0 R 26 0 R 33 0 R 40 0 R 47 0 R]/Count 7/Parent 2 0 R>>
41 0 obj<</Filter/FlateDecode/Length 45 0 R>>stream
42 0 obj<</XObject<</Im0 44 0 R>>/ProcSet[/PDF/ImageB]>>
43 0 obj 0
.=4-333]/
%4   4
44 0 obj<</Type/XObject/Subtype/Image/Width 2481/Height 3509/ColorSpace/DeviceGray/BitsPerComponent 1/Filter/CCITTFaxDecode/DecodeParms<</K -1/Columns 2481/Rows 3509/BlackIs1 true>>/Interpolate true/Length 46 0 R>>stream
44999-]
449994]
45 0 obj 35
46 0 obj 81544
47 0 obj<</Type/Page/MediaBox[0 0 595 842]/Rotate 50 0 R/Contents 48 0 R/Resources 49 0 R/Parent 4 0 R>>
48 0 obj<</Filter/FlateDecode/Length 52 0 R>>stream
49 0 obj<</XObject<</Im0 51 0 R>>/ProcSet[/PDF/ImageB]>>
4933333]34]
%494944
49999-333
49999-34]
""""""""""""""""$4A
4lG6Np
4M=%]$ $3$=$I
}4oz3,
|$4QRVW
=4qSM4
4qSMSG
\$4USWVj
\$4USWVP
4w	:SBo
4xW74}
<4Zl#F@
50 0 obj 0
5 0 obj<</Type/Page/MediaBox[0 0 595 842]/Rotate 8 0 R/Contents 6 0 R/Resources 7 0 R/Parent 4 0 R>>
51 0 obj<</Type/XObject/Subtype/Image/Width 2481/Height 3509/ColorSpace/DeviceGray/BitsPerComponent 1/Filter/CCITTFaxDecode/DecodeParms<</K -1/Columns 2481/Rows 3509/BlackIs1 true>>/Interpolate true/Length 53 0 R>>stream
52 0 obj 35
53 0 obj 26774
-==5]5A
56A#~c
57tpaLOG
5M4, z
5M5OI< 
}-5MRc
5qA=<&
=5UUMt
5WH:9mm;n
"""""""#6
60axj)
6 0 obj<</Filter/FlateDecode/Length 10 0 R>>stream
6^C.zy
}$6:wK
   = 7
    = 7
7 0 obj<</XObject<</Im0 9 0 R>>/ProcSet[/PDF/ImageB]>>
71tq~mt
7.2nCF
7=4paM
777777777
7A5[muF.
7>';]j
:7kJ5M
7ns}'zz
:<?7>o
7<OtfNo
7tpaL]
7Vah j
:7W]S	
7z>Nbz9
"""""8
""""""""""8
""""""""""""""""8
""""8`
8 0 obj 0
88<,;]a
89=P9C
8 dN"q
8 d^"Y
8FC$5l 
8tm4mQ
\$8USWV
:__8Zt
""""""""9
""""""""""""""""9
"""""""""""""""""9
"""""""""""""""""""""9
9 0 obj<</Type/XObject/Subtype/Image/Width 2481/Height 3509/ColorSpace/DeviceGray/BitsPerComponent 1/Filter/CCITTFaxDecode/DecodeParms<</K -1/Columns 2481/Rows 3509/BlackIs1 true>>/Interpolate true/Length 11 0 R>>stream
93%$$$$%3]
93I%$4%%`9t$M4$$%
93]I%%%%%9]
^}%958
967lggCBB
%9999444449999-]I
]9--9999999444499999-33
9G4_^d
_9=h9C
9^Htd3
%9$ %I$.`IM=$%t=t
_9= PC
)9PSqn@
9~@St99~8~
%$$9t$
9^@t53
9u ^t	
9|$(u"V
9x u	f
>"""""A
"""""A
"""""""A
\'a28T
a2NC$3
a4"""""""""""""""""""#
AAf91u
|>A~az1
abnormal program termination
\A, d=
"a	d0p
A	:%d5
AdjustTokenPrivileges
AdjustWindowRectEx
Advapi32.dll
ADVAPI32.dll
a< h0D
A&k'd<
Al54F?
Al5oW_
Al	 &F
a;MoM~
\a.?_N
<a%nm~>
a;OM4)=
AP1!`R
AppendMenuW
ARsm5mh&
.?AUCThreadData@@
August
.?AUIBoundObjectSite@@
.?AUIDispatch@@
.?AUIEnumVOID@@
.?AUIMessageFilter@@
.?AUINotifyDBEvents@@
.?AUIOleClientSite@@
.?AUIOleContainer@@
.?AUIOleControlSite@@
.?AUIOleInPlaceFrame@@
.?AUIOleInPlaceSite@@
.?AUIOleInPlaceUIWindow@@
.?AUIOleWindow@@
.?AUIParseDisplayName@@
.?AUIPropertyNotifySink@@
.?AUIRowsetNotify@@
.?AUISequentialStream@@
.?AUIStream@@
.?AUIUnknown@@
aU;Mm}m1Q
auMxa;A
av"""#
.?AV_AFX_BASE_MODULE_STATE@@
.?AV_AFX_CTL3D_STATE@@
.?AV_AFX_CTL3D_THREAD@@
.?AVAFX_MODULE_STATE@@
.?AVAFX_MODULE_THREAD_STATE@@
.?AV_AFX_OLE_STATE@@
.?AV_AFX_THREAD_STATE@@
.?AV_AFX_WIN_STATE@@
.?AVCArchiveStream@@
.?AVCClientDC@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCCommonDialog@@
.?AVCDataSourceControl@@
.?AVCDC@@
.?AVCDialog@@
.?AVCEnumArray@@
.?AVCEnumUnknown@@
.?AVCException@@
.?AVCFile@@
.?AVCFileException@@
.?AVCFont@@
.?AVCGdiObject@@
.?AVCHandleMap@@
.?AVCMapPtrToPtr@@
.?AVCMemFile@@
.?AVCMemoryException@@
.?AVCMenu@@
.?AVCNoTrackObject@@
.?AVCNotSupportedException@@
.?AVCObject@@
.?AVCOccManager@@
.?AVCOleBusyDialog@@
.?AVCOleControlContainer@@
.?AVCOleControlSite@@
.?AVCOleDialog@@
.?AVCOleDispatchException@@
.?AVCOleException@@
.?AVCOleMessageFilter@@
.?AVCPaintDC@@
.?AVCPtrList@@
.?AVCResourceException@@
.?AVCSimpleException@@
.?AVCTempDC@@
.?AVCTempGdiObject@@
.?AVCTempMenu@@
.?AVCTempWnd@@
.?AVCTestCmdUI@@
.?AVCUserException@@
.?AVCWinApp@@
.?AVCWindowDC@@
.?AVCWinThread@@
.?AVCWnd@@
.?AVtype_info@@
.?AVXAmbientProps@COleControlSite@@
.?AVXBoundObjectSite@COleControlSite@@
.?AVXEnumVOID@CEnumArray@@
.?AVXEventSink@COleControlSite@@
.?AVXMessageFilter@COleMessageFilter@@
.?AVXNotifyDBEvents@COleControlSite@@
.?AVXOleClientSite@COleControlSite@@
.?AVXOleContainer@COleControlContainer@@
.?AVXOleControlSite@COleControlSite@@
.?AVXOleIPFrame@COleControlContainer@@
.?AVXOleIPSite@COleControlSite@@
.?AVXPropertyNotifySink@COleControlSite@@
.?AVXRowsetNotify@COleControlSite@@
""""""""""""Aw
#@Ax#@ 
]:ax|B
Ax!&h 
^azF:6
b"""";\
b""""!
b"""""
b""""""
b"""""""""""?
b""""#
|B|.""!
#B""""""""""""""""""#
B""""" 
B""""""
B"""""""""""""""""#
B""""""""""#
B""""""""#
B"""""""@
B""""""#
B"""""#
b""""""$2
b"-5Mn
`#B6! 
B$6`h0
B"""""8
b"""""A
B@Afee
B#B""""!
)>=bC$<	
BdWM2X
BeginPaint
BfBqvC`
BitBlt
B"JC$0
btHHt.
""#B$x#
=?c}=:
""""""C$
""""C<
~C/-14
"C 3c!
C3dHNew
C3dLNew
C3dNew
C 3-Hhr
C 3sM0O	
C$5_ xf
{~""C8
CallNextHookEx
CallWindowProcA
CallWindowProcW
~*C!~C
%cccz___}]]]}___}]]]}]]]}]]]}___z
CClientDC
CCmdTarget
CDialog
CException
(Cfd<dw
CFileException
CGdiObject
>C$G K
CharNextA
CharNextW
CharUpperW
CheckMenuItem
}Ci|UPM 
ClientToScreen
CloseHandle
ClosePrinter
CLSIDFromProgID
CLSIDFromString
CMapPtrToPtr
CMemFile
CMemoryException
CNotSupportedException
$CNp|DH)g
CObject
CoFreeUnusedLibraries
CoGetClassObject
CoInitialize
COleBusyDialog
COleDialog
COleDispatchException
COleException
ComboBox
ComboLBox
COMCTL32.dll
COMCTL32.DLL
comdlg32.dll
CompareStringA
CompareStringW
CopyAcceleratorTableW
CopyFileW
CopyRect
CoRegisterMessageFilter
CoRevokeClassObject
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CPaintDC
CPtrList
""""C(r
CreateBitmap
CreateCompatibleDC
CreateDialogIndirectParamW
CreateDIBitmap
CreateEventW
CreateFileW
CreateILockBytesOnHGlobal
CreatePipe
CreateProcessW
CreateSolidBrush
CreateThread
CreateWindowExW
CResourceException
CTempDC
CTempGdiObject
CTempMenu
CTempWnd
CTq xi
CUserException
cWI]%A
CWinApp
CWindowDC
CWinThread
D$<_^[
D$\_^[
	d08F`
D$0f9D$,t
;D$0u,
%d0>"'xD|8
!` d1a
$.d2N1
D$49D$ u
|D~6*+i
D6xh30
D$8+D$0+D$(
D$8QRPV
daab__
@.data
DATA_BEGIN:
DATA_END
dbbeccURR
D$$+D$
|DDD0A
DDD0B"
DDD0B" 
DDD0B$
DDD0M>
DDD}~cu
|DDDD0
\DDDDC
,DDDDD
DDDDD0B!
DDDDD4
DDDDD4"
DDDDDA
<DDDDDA
\DDDDDA
DDDDDC
DDDDDD
|DDDDDD
\DDDDDD
DDDDDD0
\DDDDDD0
_|DDDDDD4,
DDDDDDA
|DDDDDDCB
,DDDDDDD0
DDDDDDD0M
DDDDDDDC
DDDDDDDDC
DDDDDDDDCB
DDDDDDDDD4-4
|DDDDDDDDDD0
DDDDDDDDDDD0
DDDDDDDDDDDDDD
DDDDDDDDDDDDDDD
DDDDDDDDDDDDDDDDCB"""8
'|DDDDDDDDDDDDDDDDDDDDDDDDDG u
DDDDDDDDDDDDDDDDDDDDp
DDDDDDDDDDDDDDDp
DDDDDDDDDDDDDDHgq
DDDDDDDDDDDDDG@
DDDDDDDDDDDDE
DDDDDDDDDDG	
DDDDDDDDDG
DDDDDDDDDS_
DDDDDDDDG
DDDDDDDDG M
DDDDDDDE
DDDDDDDHg
DDDDDDDq
,DDDDDDDq
DDDDDDDXB"!
DDDDDDE
DDDDDDGv
DDDDDDq
DDDDDDx
DDDDDE
DDDDDG
DDDDDHA
DDDDDv
DDDDDw
DDDDH(
DDDDH4
\DDDDHg
DDDDHlq
dddd, MMMM dd, yyyy
}|DDDE
DDDH08
DDDH.9
DDDHhq
DDDHlr
D$D+D$<PQRV
DDDwM=
DDDXM;
DDD}yy
DDG xi9
D$,+D$$PQRV
D$,+D$$PSQRV
,DDXMBp
DDXMl&
December
DefDlgProcA
DefWindowProcA
DefWindowProcW
DeleteCriticalSection
DeleteDC
DeleteObject
DestroyMenu
DestroyWindow
d>"$	f
D$h]_^[
D$H+D$@
DhDDDDH
D$HSQRPVW
DialogBoxParamW
DisableThreadLibraryCalls
DispatchMessageW
D$$j@P
dK#r8 
dLL a4
DllGetClassObject
D$LQPV
DocumentPropertiesW
DOMAIN error
dp6LDHk
/dpAw `r
D$P+D$H+D$@
\$dPSWVj
DPtoLP
DrawFocusRect
DrawIcon
DrawTextA
DrawTextW
/%d%s%d
%d%s%d
DuplicateHandle
D$$UPS
"` dvB
/dW!&C?
dwError1 = %d
Dw=|:s
ech1Y%
|E~G~D
EnableMenuItem
EnableWindow
EndDialog
endobj
EndPaint
endstream
english
EnterCriticalSection
EnumDisplayMonitors
Escape
E VVVV
ExcludeUpdateRgn
Execute Error!
ExitProcess
ExitThread
ExpandEnvironmentStringsW
ExtTextOutA
ExtTextOutW
 {!_ F
F,_^][
f*3:<&
F""4""-0
F8+N,+F0
f(a;I-5
fBa8%d0
FBB;t$
FButton
February
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileW
FindNextFileW
FindResourceA
FindResourceW
- floating point not loaded
FlushFileBuffers
Fo1?]U;
FormatMessageW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
Friday
[/fS_MR
F{Tg4ok7
G>""" 
g5FsF~
G71;Zo
g8<DDG
 g# ]9
GAIsProcessorFeaturePresent
g~b1Y%
GDI32.dll
GdK!;"
GetACP
GetActiveWindow
GetBkColor
GetCapture
GetClassInfoA
GetClassInfoW
GetClassNameA
GetClassNameW
GetClientRect
GetClipBox
GetCommandLineA
GetCommandLineW
GetComputerNameW
GetCPInfo
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetCursorPos
GetDesktopWindow
GetDeviceCaps
GetDiskFreeSpaceExW
GetDlgCtrlID
GetDlgItem
GetDriveTypeW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetFileAttributesW
GetFileSize
GetFileTime
GetFileTitleW
GetFileType
GetFocus
GetForegroundWindow
GetFullPathNameW
GetKeyState
GetLastActivePopup
GetLastError
GetMapMode
GetMenu
GetMenuCheckMarkDimensions
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMessagePos
GetMessageTime
GetMessageW
GetModuleFileNameA
-GetModuleFileNameExW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetMonitorInfoW
GetNextDlgGroupItem
GetNextDlgTabItem
GetObjectW
GetOEMCP
GetParent
GetProcAddress
GetProcessVersion
GetProfileStringA
GetPropA
GetPropW
GetShortPathNameW
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStockObject
GetStringTypeA
GetStringTypeW
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemInfo
GetSystemMenu
GetSystemMetrics
GetTempPathW
GetTextColor
GetTextExtentPointA
GetThreadLocale
GetTickCount
GetTimeZoneInformation
GetTopWindow
GetUserNameW
GetVersion
GetVersionExA
GetVersionExW
GetViewportExtEx
GetVolumeInformationW
GetWindow
GetWindowDC
GetWindowExtEx
GetWindowLongA
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
GetWindowTextW
ghDDDD
@ |G L
GlobalAddAtomA
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomW
GlobalFlags
GlobalFree
GlobalHandle
?__GLOBAL_HEAP_SELECTED
GlobalLock
GlobalMemoryStatus
GlobalReAlloc
GlobalUnlock
!_!G":n
G;= PC
GrayStringW
@gu xj
`h````
h0[O$[
h2VGdH	
H5FCPr
=h7KFsFi
 H8dp[
hangeul
hangeulmenu
hD0B"""""""
hDDDDa
hDDDDDDDDDA
hDDDDDDDDDDDDG 
hDDDDDDXB!
hDDDDG
hDDDDzx
HDDDHg
hdX"@A
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
heghzwyz
h(}:fg
HHtpHHtl
HideCaret
h?M5M4
HM5UL 
Hm+A&4
h;[Mm|{
H:mm:ss
HrCg@b	g 
HRNC 6
;HRUA6
HSVHWtgHHtF
Ht#HHt
Ht~HtS
HttpAddRequestHeadersW
HttpOpenRequestA
HttpSendRequestExW
HttpSendRequestW
HtYHt6H
 hX"""
hXM;	'
HXM5O f
hX za0@
_hypot
~"""",'i
;]=;I=
I-=4%3?]
i4yio	_
	I88=y
I-'A0A
i]aIra
_[IEDV
I:H&(R
i={ih&
=$I$=$M
InflateRect
InitCommonControlsEx
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
InternetCloseHandle
InternetConnectW
InternetOpenW
InternetQueryOptionW
InternetReadFile
InternetSetOptionW
InternetWriteFile
IntersectClipRect
IntersectRect
InvalidateRect
IPnF<V
Iqih"N
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
IsChild
IsDialogMessageW
IsIconic
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
{ItN/ko
iz|0~?
izkZi&
[j""""""",
j""""""$1bA
JanFebMarAprMayJunJulAugSepOctNovDec
January
[J+aS	
^$<jCo
jgg	hee
jggjheehebbeb__b
Jm=/M4
-,@JPV
,!jqg:
j=-W h
jWj@_;
k^""""""
|k\|~A
kanjimenu
KERNEL32
kernel32.dll
KERNEL32.dll
KERNEL32.DLL
!_k|=h4
{k|]=j
\/Kj/c
kka5MS
=/kKm|
kLDDDE
,_k	O/
;]?_KoA
KUMt~i
K xj^\&\
kzu//ut
L$0QSWPV
L$4+D$$
?l=-,5
L$8PQVWSW
l$8USWVj
L$(9L$
l'|>A<
LCMapStringA
LCMapStringW
LDDDDD
LDDDDDDH
LDDDDDDXA
]lDDXMmV
L$DPQSV
L$,+D$ Q+
LeaveCriticalSection
l	g~b0R 
l	g~b0Rdk
LIIDAA
ListBox
LoadAcceleratorsW
LoadBitmapW
LoadCursorW
LoadIconW
LoadLibraryA
LoadLibraryW
LoadResource
LoadStringW
-local
LocalAlloc
LocalFree
LocalReAlloc
LockFile
LockResource
LookupPrivilegeValueW
+ LOOP 
_lo_|V
LPtoDP
L&)]-Q!
lqS8}{^
lstrcatW
lstrcmpA
lstrcmpiA
lstrcmpiW
lstrcmpW
lstrcpynW
lstrcpyW
lstrlenA
lstrlenW
/Lsuj/
ltlZ6,
lTn"""""!
lT}=pi7_k
L$TPQh
 LV""""""", 
""-m0E
M2=H["
M4""""
M4""""<7n
m=4{9Q
m4,!hC
M5L#PV
M5M8xI4
{M5M;A
M5M{G6
M5X0M;
""""";Ma
MapDialogRect
MapWindowPoints
Mb""A@
M/d/yy
MessageBeep
MessageBoxA
MessageBoxW
mf}mXk^
%mGo/6
mh{Xad
Microsoft Visual C++ Runtime Library
M;L d=
M=?{M4
M;M5M4
m;_[M8
;M=m;L*i
{M;_mm
M;Mm}S
M;M;M;U
m=moD*
M:MSL 
MmU5]uMu
M>mWF'
M?Nq?MS
ModifyMenuW
M:OJmp
M?OM:M;ZM=oI4
Monday
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MoveWindow
MPzxMU=5M
MSIi?KM4
MS]?KKA
<m\SL}53
MS]~mt
]m\Su!
__MSVCRT_HEAP_SELECT
Msw}~0
%M%]t3
mto{|:
_]mtp'oI
MulDiv
MultiByteToWideChar
M^UuM-J
Mwh|TD
MWM{M;N
mX]L|?
]^={n?
N"""""""""!
n0SSSSU
N8+F,+N0
N>"""""A|
Nbz	5G
n*Ch|H
n:d2C@
NETAPI32.dll
NetApiBufferFree
NetUserGetInfo
N/f@b	g
-N"N1Y
N*Ncktepe
N(;N,r
N*Ntepe
N*N(W%
N*N(W0
N^oq=i
- not enough space for arguments
- not enough space for environment
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
Nq}4m;
nqC}[JC$
nqpw"##5
nt2Ht#Ht
NtVC^H
(null)
|N^)v)
]=?==.      o
]=?=.     o
] .    o
o     .===??
o    .==??=]
o    ..===?
o    ..==?=]
o    #.==
o   .==?
o   .==.]
o   .= ]
o   .=.]
o   . ]
o   ..==?=]
o   ..==.]
o  .===
o  .====
o  .==?
o  .==??
o  . ]
o  .. ]
o  ...
O| a:M
O\b"""#
October
OffsetRect
OffsetViewportOrgEx
OI=}:OI>
ok1~a?
ole32.dll
OLEAUT32.dll
oledlg.dll
OleFlushClipboard
OleInitialize
OleIsCurrentClipboard
OLEPRO32.DLL
OleUIBusyW
OleUninitialize
omkokigkgecg
OM=m2(
ommomkkmkiik
ONm5_N
]    oo
].=.    oo
OOM>mvmu
/]=:OOzA
O]=;PDt
OpenPrinterW
OpenProcess
OpenProcessToken
O}W8:O
:OW\|{N
OX[0R 
P"""""
p9pCJE
"p a0B
+!PA{'d1B
PatBlt
.PAVCException@@
.PAVCFileException@@
.PAVCMemoryException@@
.PAVCNotSupportedException@@
.PAVCObject@@
.PAVCOleDispatchException@@
.PAVCOleException@@
.PAVCResourceException@@
.PAVCSimpleException@@
.PAVCUserException@@
pB"""#
PD6P4C 
pDDDDC
%PDF-1.4
 pD_Fpa
PeekMessageW
PeekNamedPipe
Ph_^][Y
piw}7o
PostMessageW
PostQuitMessage
PostThreadMessageW
PPPPPPPP
ppxxxx
PQQQQQ
\$<PQSV
Program: 
<program name unknown>
PsApi.dll
PSAPI.DLL
PtInRect
PtVisible
- pure virtual function call
|PvhoI
PVhPpB
{PWhHuB
\$,PWVSVt
PWVWWW
""""""""$Q
Qb""""""?
Qkkbal
QQSUVWj
QQSVW3
QQSVWd
QQSVWj
qS<Tm;
QSUVWj
~="qut
QX[gbL
RaiseException
`.rdata
ReadFile
RectVisible
RegCloseKey
RegCreateKeyExW
RegisterClassExW
RegisterClassW
RegisterClipboardFormatW
RegisterWindowMessageW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
ReleaseDC
RemovePropA
RemovePropW
RestoreDC
ResumeThread
<</Root 1 0 R/Info 3 0 R/Size 54>>
,=R}Pl~
RSbpS\O
RtlUnwind
Rtx[}}
runtime error 
Runtime Error!
[[S8U4
Saturday
SaveDC
SB""""#
ScaleViewportExtEx
ScaleWindowExtEx
ScreenToClient
SelectObject
SendDlgItemMessageA
SendDlgItemMessageW
SendMessageA
SendMessageW
September
SetActiveWindow
SetBkColor
SetBkMode
SetCursor
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetFileAttributesW
SetFilePointer
SetFocus
SetForegroundWindow
SetHandleCount
SetLastError
SetMapMode
SetMenuItemBitmaps
SetPriorityClass
SetPropA
SetPropW
SetRect
SetStdHandle
SetTextColor
SetUnhandledExceptionFilter
SetViewportExtEx
SetViewportOrgEx
SetWindowContextHelpId
SetWindowExtEx
SetWindowLongA
SetWindowLongW
SetWindowPos
SetWindowsHookExA
SetWindowsHookExW
SetWindowTextW
s!fA;!fA
SHELL32.dll
ShellExecuteW
ShowCaret
ShowWindow
[ShTpB
=SI<'I
SING error
SizeofResource
sLllSL&
SM;}=;
SM5Ml'
SMH-Sk
sO;>|C;~
SS@SSPVSS
_SSSSU
startxref
Static
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
Sunday
SunMonTueWedThuFriSat
SVWu	3
SVWUu	3
SystemParametersInfoW
@t4Ht1Ht_Ht
t$4SWV
 t{94x
t	9A8u
t	9p$u
TabbedTextOutW
t	BBFFf
tD9_Pt?
T$dPQRV
T$DQRj
t$dSWV
TerminateProcess
TextOutW
|$(tFf=#
T/f&Tcknx
!This program cannot be run in DOS mode.
t>Ht Ht
t*Ht"Ht
Thursday
t<It0It'It$IuV
T$ )L$$j
TLOSS error
T$lQRV
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
Tm=4q==j
T$ PQR
T$$PQRV
T$@PQVWRW
t$PWUj
tq9w(tlSj
T$@QPVWRW
T$(QRV
T|qSD6?
Tq=SW	
@Tr7!l
trailer
TranslateAcceleratorW
TranslateMessage
tSf@f=
tShHSB
t#SSUP
+ttHHtd
t.;t$$t(
Tuesday
t$$VSS
tvWWWWU
t$ WUj
t/WWUPj
T$XPRV
t$XSWV
]=U=5p
U=5 xeB>
u	AABB
UcJ?Kb
}uco{D
uf9=X<C
>:u#FV
Ug<SMlu
u-h!]A
#uI<(O
ukp\DDDXA
]uM=2v@
UM+Ii?ISOG
Umo\|P=
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
>:uNFV
UnhandledExceptionFilter
UnhookWindowsHookEx
UnlockFile
UnregisterClassW
=;UOL&
uo=POA
UpdateWindow
U|Pv+v(?
uPz Gap
uQQHqV
UQQWSS
uRFGHt
user32.dll
USER32.dll
@u+;t$
U xi`A
=u x/O fXF9
	@V>"$
V"""""
v"""80
ValidateRect
V"""""""C
VC20XC00U
VC$X!]DG@
^VhTpB
v*Hv*?
VirtualAlloc
VirtualFree
v!|lll{_
(	v=n?
vp]Rk<
"VVShPpB
VVVPQR
V@W@PQ
`V>$Zt8
 `wa		a
W	^"Adv{B
WaitForSingleObject
,&| Wd
w"_D$n
Wednesday
WideCharToMultiByte
windows
WinHelpW
Wininet.dll
WININET.dll
WINSPOOL.DRV
wj=x a
w}<q=Moy
(wqt\HHtS
WriteFile
WritePrivateProfileStringW
wsprintfW
|WVVVj
"WWShPpB
WWWWhd
wwwwww
|WZew<#
x?1l;N
 x/?]2
 x48M:
$_ x5`
 x58MB
 x6ZjJ
}X88z~
[Xa5]7
XB""$2
XB"";K^
 X>"C4v
 xHM6?
/xj-49
X}jbzt
{ xjXL 
' xl={
xm'^lWK
XM;OU	
xM<!wv
 xmZ|Z:
	x#@pd
\$XPSWVj
\$XRSVP
XTox,Rx,
xuCZO h
XV=]'A
 x\ x=
;X|><x
[XX`^^
Y95 PC
y 9 )@q
YHYtLHt9
ypBbd6
Yw~^=u
YX[(W	
yxxa^^tqq
_^][YY
YYF;5 
YYF;5 PC
z4UM4f
Z]5OM4
z8t{i&
z<ak1f
zA=SL&
zdoh<&
<'zhRa4
;zI=7{
ZM5O	Z
ZO$'1?G
zQ~T&hA
Zt(Ht Ht
!Z{Tx^
ZtxZ<+
z{\u'KD
zwwztqqtroor
ZWZ8?^
zxX\q7
]ZZWTT
zzzxL&
~~~~zzzzvvvvssssqqqqoooommmmkkkkiiiiggggeeeebbbb^^^^[[[[WWWWTTTTPPPPLLLLCCCC????::::777733330000))))''''%%%%!!!!