Analysis Date2014-11-23 03:44:12
MD58417a6a368a579ba0e32c91ccb69029b
SHA18321f79a0d84daadf7a2f5641594583043ba9756

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
SectionCODE md5: a01d461905c27832d4f9ef34665f727f sha1: 21a8991addfc11efdb6c172abbf52d88bcaba35d size: 154624
SectionDATA md5: d784a312335ce684a1e7cfa64639dc8a sha1: 457b080d76d588476f8e36910cfb2146b238a962 size: 2560
SectionBSS md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.idata md5: ec75f3854a76c2e3fb9aaa1fb5be175b sha1: 0782a6e854975c1b2cb9f3233a2a314c6f840045 size: 3584
Section.tls md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.rdata md5: 1144cf17efa7e08a7c62921375bd99ee sha1: c3abadcbab3a348f1f027194a6f126b1d6da7d6c size: 512
Section.reloc md5: 04107c9eecebff9a3a562d645500beb7 sha1: b44982b6284fa431a2244e07a6156faa45ec49f6 size: 11264
Section.rsrc md5: b7bcbbd120b057f81d9108de5d2910a7 sha1: 53944e6c7ae3312f08d2b8cb9a9a1dbb7066b7e6 size: 5632
Timestamp1992-06-19 22:22:17
PEhashafdcaf3b848925c367fd6306fe50f140baa57450
IMPhashff896ded744b9fdce59165dd737de22b
AV360 SafeTrojan.Generic.5378859
AVAd-AwareTrojan.Generic.5378859
AVAlwil (avast)Downloader-JED [Trj]
AVArcabit (arcavir)Heur.W32
AVAuthentiumno_virus
AVAvira (antivir)TR/ATRAPS.Gen
AVBullGuardTrojan.Generic.5378859
AVCA (E-Trust Ino)Win32/Scar.KH
AVCAT (quickheal)Trojan.Scar.cown
AVClamAVTrojan.Scar-953
AVDr. WebBackDoor.DirtJump.1
AVEmsisoftTrojan.Generic.5378859
AVEset (nod32)Win32/Delf.NWJ
AVFortinetW32/Scar.COWN!tr
AVFrisk (f-prot)no_virus
AVF-SecureTrojan.Generic.5378859
AVGrisoft (avg)Win32/Delf.2.AA
AVIkarusTrojan-Dropper.Delf
AVK7no_virus
AVKasperskyTrojan.Win32.Scar.cowo
AVMalwareBytesno_virus
AVMcafeeno_virus
AVMicrosoft Security EssentialsTrojan:Win32/Trufip!rts
AVMicroWorld (escan)Trojan.Generic.5378859
AVRisingTrojan.Win32.Generic.1235EBD9
AVSophosMal/Generic-L
AVSymantecTrojan.Gen
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\WINDOWS\system32\drivers\enternublad.exe
Creates ServiceIO_Enternableds - C:\WINDOWS\system32\drivers\enternublad.exe
Starts ServiceIOEnternableds

Process
↳ C:\WINDOWS\system32\drivers\enternublad.exe

Creates Filepipe\net\NtControlPipe10
Creates File\Device\Afd\Endpoint
Winsock DNSbinmop.com

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 808

Process
↳ Pid 860

Process
↳ C:\WINDOWS\System32\svchost.exe

Process
↳ Pid 1216

Process
↳ C:\WINDOWS\system32\spoolsv.exe

RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝
NULL
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝
7
RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝
NULL
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝
C:\WINDOWS\System32\spool\PRINTERS\\x00

Process
↳ Pid 1856

Process
↳ Pid 1148

Network Details:

DNSbinmop.com
Type: A
204.11.56.26
HTTP GEThttp://binmop.com/777/i.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US)
Flows TCP192.168.1.1:1031 ➝ 204.11.56.26:80

Raw Pcap
0x00000000 (00000)   47455420 2f373737 2f692e70 68702048   GET /777/i.php H
0x00000010 (00016)   5454502f 312e300d 0a486f73 743a2062   TTP/1.0..Host: b
0x00000020 (00032)   696e6d6f 702e636f 6d0d0a4b 6565702d   inmop.com..Keep-
0x00000030 (00048)   416c6976 653a2033 30300d0a 436f6e6e   Alive: 300..Conn
0x00000040 (00064)   65637469 6f6e3a20 6b656570 2d616c69   ection: keep-ali
0x00000050 (00080)   76650d0a 55736572 2d416765 6e743a20   ve..User-Agent: 
0x00000060 (00096)   4d6f7a69 6c6c612f 352e3020 2857696e   Mozilla/5.0 (Win
0x00000070 (00112)   646f7773 3b20553b 2057696e 646f7773   dows; U; Windows
0x00000080 (00128)   204e5420 352e313b 20656e2d 5553290d    NT 5.1; en-US).
0x00000090 (00144)   0a0d0a                                ...


Strings
-
\
-
 @@@
dlt|............
t|............

Abstract Error?Access violation at address %p in module '%s'. %s of address %p
A call to an OS function failed
Access violation
Application Error1Format '%s' invalid or incompatible with argument
April
Assertion failed
August	September
Cannot assign a %s to a %sECheckSynchronize called from thread $%x, which is NOT the main thread%String list does not allow duplicates
Cannot create file "%s". %s
Cannot open file "%s". %s
Control-C hit
December
Division by zero
DVCLAL
Exception in safecall method
External exception %x
February
File access denied
File not found
Floating point division by zero
Floating point overflow
Floating point underflow
Friday
Integer overflow Invalid floating point operation
Interface not supported
Invalid argument
Invalid class typecast0Access violation at address %p. %s of address %p
Invalid filename
Invalid numeric input
Invalid pointer operation
Invalid property value
Invalid variant operation%Invalid variant operation (%s%.8x)
Invalid variant type
Invalid variant type conversion
I/O error %d
January
jjjj
July
June
 List capacity out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d)+Out of memory while expanding memory stream
March
Monday
No argument for format '%s'"Variant method calls not supported
November
October
Operation not supported
Out of memory
PACKAGEINFO
Privileged instruction(Exception %s in module %s at %p.
Range check error
Read
Read beyond end of file	Disk full
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Saturday
%s%s
%s.Seek not implemented$Operation not allowed on sorted list
%s (%s, line %d)
Stack overflow
Stream read error
Stream write error
Sunday
System Error.  Code: %d.
Thread creation error: %s
Thread Error: %s (%d)
Thursday
Too many open files
Tuesday	Wednesday
Unexpected variant error
Variant or safe array is locked
Variant overflow
Write$Error creating variant or safe array)Variant or safe array index out of bounds
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
0.0.0.0
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
0 0$0(0,00040V0Z0^0b0f0j0n0r0v0z0~0
0"0'00090B0K0T0|0
0.0.0.1
0(0@0L0l0x0|0
0+0=0O0a0s0
0*060B0N0Z0f0r0~0
00A0w0
0$0D0L0P0T0X0\0`0d0h0l0p0t0x0|0
0.0X0f0k0
0123456789ABCDEF
020F0z0~0
021)2=2x2
? ?(?,?0?4?8?<?@?D?H?`?
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<
= =$=(=,=0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=
? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<v<~<
?$?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?x?
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>h>u>y>
; ;$;(;,;0;4;8;<;L;];a;t;
> >$>(>,>0>4>8>L>l>t>x>|>
> >$>(>,>0>4>8><>@>X>p>t>
? ?$?(?,?0?4?P?p?x?|?
050H0Z0
080@0D0H0L0P0T0X0\0`0|0
080@0D0H0L0P0T0X0\0`0p0
:0:8:<:@:D:H:L:P:T:X:l:
>0C0v0
0I0Y0w0
; ;$;(;,;0;:;>;P;a;e;x;
>0>U>z>
1 1$1(1,1014181<1@1D1H1L1P1X1\1d1h1p1t1|1
111@1D1`1h1l1p1t1x1|1
1 1$1(1H1h1p1t1x1|1
1	1$1D1L1P1T1X1\1`1d1h1l1
1"1,1E1P1q1|1
1&121>1J1V1b1n1z1
1&131?1L1^1f1n1v1~1
1'131;1n1
1(181_1
1'191K1]1o1
1,1C1G1X1z1
1<1D1H1L1P1T1X1\1`1d1h1l1x1
1<1G1d1n1
127.0.0.1
.1. 27. 77. .8. 8.1. 27. 77. 18. 8.1. 27. 77. .5. 8.1. 27. 77. 77. 8.1. 27. .8. 37. 8.1. 27. 87. 57. 8.1. 27. 77. .5. 8.1. 27. 77. 18. 8.1. 27. .8
141N1S1%2
;!;%;);-;1;5;9;=;A;E;I;M;Q;U;Y;];a;e;i;m;q;E=`?
:1;6;P;
181R1p1
192X2z2
1A1F1p1
1E1M1U1]1e1
1Q1m1q1u1y1}1
212:2X2^2f2
2$2(20242<2@2H2L2T2X2`2d2l2p2x2|2
2 2(2,2024282<2@2D2H2
2 2$2(2,2024282<2x2
2"2*222:2B2J2R2Z2b2j2r2z2
2 2-2:2a2,494G4c4p4
2"2.2:2F2R2^2j2v2
2!2&2+2M2a2
2&2.262>2F2N2V2^2f2n2v2~2
2 2$2a3
2$2>2c2
2*2;2L2]2n2
2#252G2Y2k2}2
2$292K2_2
2=2d2p2t2
2"2N2z2
2%383V3q3
242<2@2D2H2L2P2T2X2\2|2
253J3_3A4U4
255.255.255.255
2&5e5u5
 27. 77. 37. 8.1. 27. 77. 57. 8.1. 27. 77. 57. 8.1. 27. 77. 77. 8.1. 27. 97. 18. 8.1. 27. .8. .7. 8.1. 27. .8. .7. 8.1. 27. 87. 77. 8.1. 27. 77. .7. 8
?'?.?2?8?<?B?I?M?g?p?y?
2N2]2l2
<*<2<r<
2U3\3s3"565N5U5
314Q4y4
3#303=3W3v3
3%313>3D3P3X3
3&3.3{3
3 3$3,303?3K3V3j3u3
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3j3r3z3
3 3$3(3M3[3j3
3)3:3K3\3m3~3
3*363B3N3Z3f3r3~3
3(373N3]3j3y3
3*3B3f3n3t3z3
3>3F3N3V3^3f3n3v3
3 3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
3:3L3v3
3&4O4x4
;#;';+;/;3;7;;;?;C;G;K;O;S;W;[;_;c;^<
<3<A<H<S<
;3;:;D;N;X;d;o;
>!>3>E>W>i>{>
=!>3>G>
<3=?=L=^=
3l4p4t4x4|4
3Messages
:!;4;|;
42474Q4V4p4	5
4'424<4F4P4Z4d4n4x4
4&424>4J4V4b4n4z4
4!4%4)4-4145494=4A4E4I4M4Q4U4)6
4$4,444<4D4L4T4\4d4l4t4|4
4-4=4b4r4
4+4<4L4a4
4!494>4_4k4w4
4(494J4X4f4t4
4:4F4K4W4\4h4m4y4~4
4=4K4Z4q4
4"5G5o5
4#5L5T5
>*?4?S?c?
4W5h5r5
515>5W5f5
5$5*50575A5
5&5,53595@5F5M5S5Z5l5|5
5$5,545<5D5L5T5\5d5l5t5|5
5#5(54595E5J5V5[5g5l5x5}5
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5~5
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
5"5.5:5F5R5^5j5v5
5$5)5C5
5!5,5G5P5c5l5
5-5;5J5a5
5<5I5\5o5|5
5?5K5X5j5r5z5
5;5L5d5
5$616Z6
565=5E5R5X5`5m5t5{5
5 6C6]6o6
5%6k6~6
5`7d7h7l7p7t7x7|7
>5>C>]>
:5:@:^:h:
5H6M6t6|6
;%;*;5;;;@;K;Q;V;a;g;l;w;};
626<6F6X6m6x6}6
626;6H6R6[6g6q6}6
6,606A6c6
6&606H6b6l6v6
6!616Q6
6#6*61686?6F6M6T6[6b6i6p6w6~6
6"6'63686D6I6U6Z6f6k6w6|6
6$6,646<6D6L6T6\6d6l6t6
6/6;6C6
6/6`6s6
6[6c6s6
6$6E6T6k6z6
6.6g6s6z6
6	727h7u7
6&7C7w7
6#8-888H8O8
6C6W6h6x6
;&;.;6;>;F;N;c;
6G788@9
717N7`7
747G7i7{7
7&757F7x7
7!7&72777C7H7T7Y7e7j7v7{7
7 7-727?7D7Q7V7c7h7u7z7
7"7)737@7_7k7x7
7&7-747;7B7I7P7W7^7e7l7s7z7
7 7$7(7,7074787L7l7t7x7|7
7+7/7@7`7h7l7p7t7x7|7
7*7@7S7W7h7
7>7g7s7z7
. .7. 8.1. 27. .5. 27. 8.1. 27. .5. 27. 8.1. 27. .5. 27. 8.1. 27. .8. .7. 8.1.
7&8C8z8
7)8J8o8
7A8\8e8
:%:-:7:A:K:a:g:u:
< <7<G<r<
7H8T8X8h8p8t8x8|8
7I8c8m8
<"<,<7<I<b<n<w<
7-:::j:s:c;
7M7f7}7
=7>?>Q>Y>a>f>
8(8084888<8@8D8H8L8P8`8
8#828I8
8+858?8I8S8]8o8
8 878}8
8 8%81868B8G8S8X8d8i8u8z8
8 8$8(8,8084888<8@8D8
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
8 8$8(8,8084888<8@8P8p8x8|8
8)8.8;8@8M8R8_8d8q8v8
8$8>8H8^8h8
888K8^8g8
8+8>8T8
8,8X8u8
8"9&9,9V9\9
8I9V9r9|9
:8:\:u:
= =$=8=X=`=d=h=l=p=t=x=|=
90989<9@9D9H9L9P9T9X9h9
9%:3:8:C:I:N:Y:_:d:o:u:z:
98:O:q:
9(9094989<9@9D9H9L9P9`9
9$90959A9F9R9W9c9h9t9y9
9 90989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9|9
9)929>9E9g<
9*949Q9[9
9$989?9F9K9Q9_9k9{9
9%9*979<9I9N9[9`9m9r9
9 9$9(9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9|9
9 9$9(9,9094989<9L9]9a9
9-9A9_9
9$9F9h9
9&<;<F<
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=
accept
AddPortNumberToHost
Address already in use
Address family not supported
advapi32.dll
;A;N;^;
:+:A:N:S:m:l<y<
application/x-www-form-urlencoded
Array 
?/?A?S?e?w?
ASN1_INTEGER_set
ASN1_UTCTIME_free
ASN1_UTCTIME_new
Authorization: Basic 
Bad address
Bad file number
>	?&?B?I?o?|?
BIO_ctrl_pending
BIO_free_all
BIO_new
BIO_read
BIO_s_mem
BIO_write
: :$:(:,:::B:J:R:Z:p:
blcksock
Boolean
:=;B;P;s;
Buffer
ByRef 
;(<C<~<
Can't assign requested address
Can't send after Socket shutdown
CertCA@
CertCAFile
Certificate@
CertificateFile@
CharNextA
CharToOemA
CHUNKED
Ciphers@
Classes
^Classes
CloseHandle
CloseServiceHandle
closesocket
CompareStringA
connect
CONNECT 
CONNECTION:
Connection: close
Connection: keep-alive
Connection refused
Connection reset by peer
Connection timed out
Content-Length: 
CONTENT-LENGTH:
Content-Type: 
CONTENT-TYPE:
ConvertLineEnd
Cookie: 
Cookies
CreateEventA
CreateFileA
CreateServiceA
CreateThread
CRYPTO_cleanup_all_ex_data
CRYPTO_num_locks
CRYPTO_set_locking_callback
C<"u1S
Currency
CVariants
D0H0L0P1X1\1
d2i_PKCS12_bio
%d.%d.%d.%d
Decimal
DEFAULT
DeleteCriticalSection
DES_ecb_encrypt
DES_set_key_checked
DES_set_odd_parity
Destination address required
;<;D;H;L;P;T;X;\;`;d;t;
; ;:;D;i;~;
Directory is not empty
Disconnect
Disk quota exceeded
Dispatch
%.*dLe@
<$<D<L<P<T<X<\<`<d<h<l<
=(=:=D=N=S=]=
Document(
Double
DownloadSize(
:':D:Q:
:/:D:w:
e162l2r3
EAbstractError
EAccessViolation
EAssertionFailed
	EControlC
EConvertError
EDivByZero
	EExternal
EExternalException
EFCreateError
EFilerError
EFileStreamError
EFOpenError
<&<E<h<
EHeapException
EInOutError
	EIntError
EIntfCastError
EIntOverflow
EInvalidCast
EInvalidOp
EInvalidPointer
EListError
EMathError
EnterCriticalSection
EnumCalendarInfoA
EOSError
?.?^?e?o?u?|?
EOutOfMemory
	EOverflow
EPrivilege
ERangeError\j@
EReadError
ERR_clear_error
ERR_error_string_n
ERR_free_strings
ERR_get_error
	ErrorCode@
Error loading Socket interface (ws2_32.dll)!
ErrorMessage
ERR_remove_state
ESafecallException
EStackOverflow
EStreamError
EStringListError
ESynapseErrorDgA
ESynapseError gA
EThreadh
EUnderflow
EVariantArrayCreateError
EVariantArrayLockedError
EVariantBadIndexError
EVariantBadVarTypeError
EVariantDispatchError
EVariantError
EVariantInvalidArgErrord
EVariantInvalidOpError
EVariantNotImplError
EVariantOutOfMemoryError
EVariantOverflowError
EVariantTypeCastError
EVariantUnexpectedError,
EVP_cleanup
EVP_get_digestbyname
EVP_PKEY_assign
EVP_PKEY_free
EVP_PKEY_new
EWriteError
	Exception
	Exception g@
ExitProcess
ExitThread
Expect: 100-continue
EZeroDivide
Family
Fblcksock
File name is too long
FindClose
FindFirstFileA
FormatMessageA
="=,=F=P=c=l=
FPUMaskValue
freeaddrinfo
FreeLibrary
:::F:Z:d:w:
GetACP
getaddrinfo
GetCommandLineA
GetCPInfo
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetErrorDesc
GetErrorDescEx
GetExitCodeThread
GetFileSize
GetFileType
GetFullPathNameA
gethostbyaddr
gethostbyname
gethostname
GetKeyboardType
GetLastError
GetLocaleInfoA
GetLocalTime
GetLongPathNameA
GetModuleFileNameA
GetModuleHandleA
getnameinfo
getpeername
GetProcAddress
getprotobyname
getprotobynumber
getservbyname
getservbyport
getsockname
getsockopt
GetStartupInfoA
GetStdHandle
GetStringTypeExA
GetSystemMetrics
GetThreadLocale
GetTickCount
GetVersion
GetVersionExA
GlobalAlloc
GlobalFree
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalUnlock
;(;`;g;v;};
;G<V<e<t<
>/>]>h>
Headers
HeartbeatRate
: :@:H:L:P:T:X:\:`:d:h:l:p:t:x:
Host: 
Host is down
Host not found
:!:(:H:P:T:X:\:`:d:h:l:p:t:x:
HR_Bind
HR_CanRead
HR_CanWrite	HR_Listen	HR_Accept
HR_Connect
HR_Error
HR_ReadCount
HR_ResolvingBegin
HR_ResolvingEnd
HR_SocketClose
HR_SocketCreate
HR_Wait
HR_WriteCount
Ht Ht.
http://
 HTTP/
 HTTP/1.0
https://
httpsend_s
HTTPTunnelIP@
HTTPTunnelPass(
HTTPTunnelPort@
HTTPTunnelTimeout
HTTPTunnelUser@
i2d_PrivateKey_bio
i2d_X509_bio
.idata
IInterface
inet_addr
inet_ntoa
INFNAN
InitializeCriticalSection
Integer
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
InterPacketTimeout(
Interrupted system call
Invalid argument
ioctlsocket
IOEnternableds
IO_Enternableds
IPInterface(
IStringsAdapter
>-?J?g?
	KeepAlive(
Keep-Alive: 
KeepAliveTimeout
kernel32.dll
KeyPassword@
KWindows
~KxI[)
<#>L>}>
l0p0t0x0|0
LeaveCriticalSection
libeay32.dll
libssl32.dll
listen
LoadLibraryA
LoadLibraryExA
LoadStringA
LocalAlloc
LocalFree
localhost
LongWord
lstrcpynA
lstrlenA
LT_all
LT_SSHv2
LT_SSLv2
LT_SSLv3
LT_TLSv1
LT_TLSv1_1
MaxBandwidth
MaxLineLength(
MaxRecvBandwidth(
MaxSendBandwidth(
m/d/yy
MessageBoxA
Message too long
Microsoft Internet Explorer/4.0b1 (Windows 95)
MimeType@
mmmm d, yyyy
:mm:ss
MoveFileA
Mozilla/1.22 (compatible; MSIE 1.5; Windows NT)
Mozilla/1.22 (compatible; MSIE 2.0; Windows 95)
Mozilla/2.0 (compatible; MSIE 3.01; Windows 98)
Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Mozilla/4.0 (compatible; MSIE 5.0; Mac_PowerPC) Opera 6.0 [en]
Mozilla/4.0 (compatible; MSIE 5.0; SunOS 5.9 sun4u; X11)
Mozilla/4.0 (compatible; MSIE 5.0; Windows 2000) Opera 6.03 [en]
Mozilla/4.0 (compatible; MSIE 5.17; Mac_PowerPC)
Mozilla/4.0 (compatible; MSIE 5.23; Mac_PowerPC)
Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)
Mozilla/4.0 (compatible; MSIE 6.0; ; Linux armv5tejl; U) Opera 8.02 [en_US] Maemo browser 0.4.31 N770/SU-18
Mozilla/4.0 (compatible; MSIE 6.0; MSN 2.5; Windows 98)
Mozilla/4.0 (compatible; MSIE 6.0; Nitro) Opera 8.50 [de]
Mozilla/4.0 (compatible; MSIE 6.0; Nitro) Opera 8.50 [en]
Mozilla/4.0 (compatible; MSIE 6.0; Nitro) Opera 8.50 [es-es]
Mozilla/4.0 (compatible; MSIE 6.0; Nitro) Opera 8.50 [fr]
Mozilla/4.0 (compatible; MSIE 6.0; Nitro) Opera 8.50 [it]
Mozilla/4.0 (compatible; MSIE 6.0; Nitro) Opera 8.50 [ja]
Mozilla/4.0 (compatible; MSIE 6.0; Symbian OS; Nokia 6600/5.27.0; 1657) Opera 8.60 [ru]
Mozilla/4.0 (compatible; MSIE 6.0; Symbian OS; Nokia 6600/5.27.0; 1665) Opera 8.60 [ru]
Mozilla/4.0 (compatible; MSIE 6.0; Symbian OS; Nokia 6600/5.27.0; 6329) Opera 8.00 [ru]
Mozilla/4.0 (compatible; MSIE 6.0; Symbian OS; Nokia 6600/5.27.0; 6936) Opera 8.50 [ru]
Mozilla/4.0 (compatible; MSIE 6.0; Symbian OS; Nokia 6600/5.27.0; 9399) Opera 8.65 [ru]
Mozilla/4.0 (compatible; MSIE 6.0; Symbian OS; Nokia 6600/5.27.0; 9424) Opera 8.65 [ru]
Mozilla/4.0 (compatible; MSIE 6.0; Symbian OS; Nokia 6630/4.03.38; 6937) Opera 8.50 [es]
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.50
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322)
Mozilla/4.0 (compatible; MSIE 7.0b; Win32)
Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)
Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; Arcor 5.005; .NET CLR 1.0.3705; .NET CLR 1.1.4322)
mozilla/4.0 (compatible; msie 7.0; windows nt 5.1; trident/4.0; ...)
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; YPC 3.0.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; .NET CLR 3.5.21022)
mozilla/4.0 (compatible; msie 8.0; windows nt 5.1; trident/4.0; ...)
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; WOW64; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; .NET CLR 3.5.21022)
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; WOW64; Trident/4.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.21022; .NET CLR 3.5.30729; .NET CLR 3.0.30618)
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)
Mozilla/4.0 (compatible; Synapse)
Mozilla/4.1 (compatible; MSIE 5.0; Symbian OS; Nokia 6600;452) Opera 6.20 [ru]
Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7
Mozilla/5.0 (Windows NT 5.1; U; en) Opera 8.50
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3a) Gecko/20030105 Phoenix/0.5
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.27 Safari/525.13
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/0.4.154.25 Safari/525.19
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6b) Gecko/20031215 Firebird/0.7+
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060516 SeaMonkey/1.0.2
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728 SeaMonkey/1.0.4
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5
Mozilla/5.0 (Windows; U; Windows NT 5.1; nl-NL; rv:1.7.5) Gecko/20041202 Firefox/1.0
Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8) Gecko/20051107 Firefox/1.5
Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17
Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.19) Gecko/20081201 Firefox/2.0.0.19
Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20
Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9
Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1
Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.0.2) Gecko/2008091620 Firefox/3.0.2
Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3
Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 (.NET CLR 3.5.30729)
Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7
Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9) Gecko/2008052906 Firefox/3.0
Mozilla/5.0 (Windows; U; Windows NT 5.2; ru; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1
Mozilla/5.0 (Windows; U; Windows NT 6.0; ru; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.65 Safari/525.19
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5
Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.8) Gecko/20050609 Firefox/1.0.4
Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.9 (KHTML, like Gecko) Chrome/5.0.307.9 Safari/532.9
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.6) Gecko/20060808 Fedora/1.5.0.6-2.fc5 Firefox/1.5.0.6 pango-text
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.2) Gecko/20070220 Firefox/2.0.0.2
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.2) Gecko/20070221 SUSE/2.0.0.2-6.1 Firefox/2.0.0.2
Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9
Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9a1) Gecko/20061204 GranParadiso/3.0a1
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1) Gecko/20060601 Firefox/2.0 (Ubuntu-edgy)
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.1) Gecko/20090716 Ubuntu/9.04 (jaunty) Shiretoko/3.5.1
Mozilla/5.0 (X11; U; Linux x86_64; ru; rv:1.9.0.2) Gecko/2008092702 Gentoo Firefox/3.0.2
Mozilla/5.0 (X11; U; Linux x86_64; ru; rv:1.9.1.1) Gecko/20090730 Gentoo Firefox/3.5.1
MsgWaitForMultipleObjects
;M;T;v;
MultiByteToWideChar
Network dropped connection on reset
Network is down
Network is unreachable
Network subsystem is unusable
No Buffer space available
Non authoritative - host not found
NonblockSendTimeout
Non recoverable error
No route to host
=(>N>w>
:O:a:/;?;F;M;\;o;x;
oleaut32.dll
OleStr
OnAfterConnect
OnCreateSocket\iA
OnHeartbeat(
	OnMonitor
OnReadFilter,iA
OnStatus
OpenSCManagerA
OpenServiceA
OPENSSL_add_all_algorithms_noconf
Opera/10.00 (Windows NT 6.0; U; en) Presto/2.2.0
Opera/7.23 (Windows 98; U) [en]
Opera/8.02 (Qt embedded; Linux armv4ll; U) [en] SONY/COM1
Opera/8.0 (X11; Linux i686; U; cs)
Opera/8.51 (Windows NT 5.1; U; en)
Opera/9.00 (Nintendo Wii; U; ; 1309-9; en)
Opera/9.00 (Wii; U; ; 1038-58; Wii Shop Channel/1.0; en)
Opera/9.01 (X11; Linux i686; U; en)
Opera/9.02 (Windows NT 5.1; U; en)
Opera/9.0 (Windows NT 5.1; U; en)
Opera/9.10 (Windows NT 5.1; U; en)
Opera/9.23 (Windows NT 5.1; U; ru)
Opera/9.50 (Windows NT 5.1; U; ru)
Opera/9.50 (Windows NT 6.0; U; en)
Opera/9.60 (Windows NT 5.1; U; en) Presto/2.1.1
Opera/9.80 (Windows NT 5.1; U; en) Presto/2.5.18 Version/10.50
Opera/9.80 (Windows NT 5.1; U; ru) Presto/2.2.15 Version/10.20
Opera/9.80 (Windows NT 6.1; U; ru) Presto/2.2.15 Version/10.00
Opera/9.80 (X11; Linux x86_64; U; en) Presto/2.2.15 Version/10.10
Operation already in progress
Operation not supported on Socket
Operation now in progress
Operation would block
Other Winsock error (
?'?>?P?
Password
Password@
PeekMessageA
Permission denied
PFXfile@
PKCS12_free
PKCS12_parse
Pointer
	PreferIP4
P.reloc
PrivateKey@
PrivateKeyFile@
Protocol
Protocol family not supported
Protocol not available
Protocol not supported
Protocol wrong type for Socket
Proxy-
Proxy-Authorization: Basic 
PROXY-CONNECTION:
	ProxyHost@
	ProxyPass@
	ProxyPort@
	ProxyUser@
P.rsrc
QQQQQQQQSV
QQQQQQQSV
QQQQQQSV
QQQQQQSVW3
QQQQQSVW
QQQQSV
QQQQSVW
QTypInfo
Q<"u8S
QueryPerformanceCounter
QueryPerformanceFrequency
QueryServiceStatus
RaiseExcept(
RaiseException
RAND_screen
Range: bytes=
RangeEnd@
RangeStart(
.rdata
ReadFile
Reason
recvfrom
Referer: 
RegCloseKey
RegisterServiceCtrlHandlerA
RegOpenKeyExA
RegQueryValueExA
ResetEvent
ResultCode@
ResultString(
ResumeThread
RSA_generate_key
"RTLConsts
RtlUnwind
Runtime error     at 00000000
=+=S=~=
sActiveX
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SdZ]_^[
SDZ_^[
<;=S=e=}=
select
Sender
SendMaxChunk
sendto
set-cookie:
SetEndOfFile
SetEvent
SetFilePointer
SetServiceStatus
setsockopt
SF_Any
SF_IP4
SF_IP6
shell32.dll
SHGetSpecialFolderPathA
ShortInt
shutdown
Single
Smallint
socket
Socket is already connected
Socket is not connected
Socket not supported
Socket operation on nonsocket
SocksIP@
SocksPassword(
	SocksPort@
SocksResolver\jA
SocksTimeout
	SocksType
SocksUsername@
Software\Borland\Delphi\Locales
SOFTWARE\Borland\Delphi\RTL
Software\Borland\Locales
Software caused connection abort
SSHChannelArg1@
SSHChannelArg2
SSHChannelType@
SSL_accept
SSL_CIPHER_get_bits
SSL_CIPHER_get_name
SSL_connect
SSL_CTX_check_private_key
SSL_CTX_free
SSL_CTX_load_verify_locations
SSL_CTX_new
SSL_CTX_set_cipher_list
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_set_verify
SSL_CTX_use_certificate
SSL_CTX_use_certificate_ASN1
SSL_CTX_use_certificate_chain_file
SSL_CTX_use_certificate_file
SSL_CTX_use_PrivateKey
SSL_CTX_use_PrivateKey_ASN1
SSL_CTX_use_RSAPrivateKey_file
ssleay32.dll
SSLeay_version
SSL_free
SSL_get_current_cipher
SSL_get_error
SSL_get_peer_certificate
SSL_get_verify_result
SSL_get_version
SSL_library_init
SSL_load_error_strings
SSL_new
ssl_none
)ssl_openssl
ssl_openssl
ssl_openssl_lib
SSL_peek
SSL_pending
SSL_read
SSL_set_fd
SSL_shutdown
SSL/TLS support is not compiled!
SSLType@
SSLv23_method
SSLv2_method
SSLv3_method
SSL_write
ssynautil
Stale NFS file handle
StartServiceA
StartServiceCtrlDispatcherA
	Status100@
StopFlag(
String
Strings
	ST_Socks5	ST_Socks4
S$_^[Y]
synacode
&synafpc
$synaip
Synapse TCP/IP Socket error %d: %s
SyncObjs
SysAllocStringLen
SysConst
SysFreeString
SysInit
SysReAllocStringLen
System
\system32\drivers\enternublad.exe
SysUtils
<*t"<0r=<9w9i
TargetHost@
TargetPort@
<#<T<b<
TBlockSocket
TCriticalSection
TCustomMemoryStream
TCustomSSL
TCustomVariantType
teh4LA
	TErrorRec
TExceptRec
text/html
TFileStream
THandleStream
This program must be run under Win32
THookAfterConnect
THookCreateSocket
THookDataFilter
THookHeartbeat
THookMonitor
THookSocketReason
THookSocketStatus
t%HtIHtm
THTTPSend_s
Timeout@
TInterfacedObject
TlsGetValue
TlsSetValue
TLSv1_method
TMemoryStream
TMemoryStreamp
$TMultiReadExclusiveWriteSynchronizer
TObject
Too many levels of remote in path
Too many levels of symbolic links
Too many open files
Too many processes
Too many references:can't splice
Too many users
TPersistent
TPersistent(
TRANSFER-ENCODING:
	TRegGroup
TRegGroups
TrustCertificate@
TrustCertificateFile@
TSocketFamily
TSocksBlockSocket
TSocksBlockSocket0qA
TSocksType
TSSLNone
TSSLNone\yA
TSSLOpenSSL
TSSLOpenSSLP	B
TSSLType
Tstart
TStreamD
TStreaml
TStringItem
TStringList
TStringList,
TStrings
TSynaClient
TSynaClient0zA
TSynaOption@kA
TSynaOptionPkA
TSynchroObject
Tsynsock
TTCPBlockSocket
TThread
TThreadList(
TThreadLocalCounter
u}h\LA
UnhandledExceptionFilter
Unknown
UploadSize
user32.dll
	UserAgent(
User-Agent: 
Username@
UserName@
UTypes
Valid name, no data record of requested type
VarAdd
VarAnd
VarBoolFromStr
VarBstrFromBool
VarBstrFromCy
VarBstrFromDate
VarCmp
VarCyFromStr
VarDateFromStr
VarDiv
VarI4FromStr
Variant
VariantChangeType
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit
Variants
VarIdiv
VarMod
VarMul
VarNeg
VarNot
VarR4FromStr
VarR8FromStr
VarSub
$VarUtils
VarXor
VerifyCert@
VirtualAlloc
VirtualFree
VirtualQuery
?-?V?z?
;-;w;|;
WaitForSingleObject
<*=W=d=v=
WideCharToMultiByte
Winsock DLL cannot support this application
Winsock not initialized
Without SSL support
WriteFile
Writing
ws2_32.dll
WSACleanup
__WSAFDIsSet
WSAGetLastError
WSAIoctl
WSAStartup
wship6.dll
X509_digest
X509_free
X509_get_issuer_name
X509_get_serialNumber
X509_get_subject_name
X509_gmtime_adj
X509_NAME_add_entry_by_txt
X509_NAME_hash
X509_NAME_oneline
X509_new
X509_print
X509_set_issuer_name
X509_set_notAfter
X509_set_notBefore
X509_set_pubkey
X509_set_version
X509_sign
<>=X=g=
;Y<h<q<
_^[YY]
YZ]_^[
YZXtm1
(Z]_^[
$Z]_^[
<Z=^=b=f=j=n=r=v=z=~=
ZTUWVSPRTj