Analysis Date2015-02-01 20:13:55
MD524521cd276a1715f69cf0e8fd20af838
SHA1df78bfa20bb66b6732b0c2c9aca5c84959d098a6

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: d9cb89a03a66a02db228dc306051fd51 sha1: 7253ad7a8bde40333b0019330f713f5e488714b0 size: 143360
Section.data md5: 620f0b67a91f7f74151bc5be745b7110 sha1: 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d size: 4096
Section.rsrc md5: ceb908fb09af23e47d3c4e2f55cf6030 sha1: e9b7a3516ce335e3c4cdcd9434b4d0283d8f1a39 size: 151552
Timestamp2009-12-14 01:17:04
Pdb path@
VersionLegalCopyright: microsoft compiler
InternalName: final
FileVersion: 1.02.0057
CompanyName: microsoft
Comments: microsoft
ProductName: microsoft dll loader
ProductVersion: 1.02.0057
FileDescription: dll loader
OriginalFilename: final.exe
PackerMicrosoft Visual Basic v5.0
PEhashcb7ad8cbcf5e730cc59a755c59a0b8d56e0a9bc6
IMPhash310ebf044e1b071bf1c6392c83ec1587
AV360 Safeno_virus
AVAd-AwareTrojan.Generic.5528231
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)Trojan.Generic.5528231
AVAuthentiumW32/VB.AF.gen!Eldorado
AVAvira (antivir)TR/Dropper.Gen
AVBullGuardTrojan.Generic.5528231
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)Trojan.VB.Gen
AVClamAVWin.Trojan.3954912
AVDr. WebWin32.HLLW.Generic.234
AVEmsisoftTrojan.Generic.5528231
AVEset (nod32)Win32/AutoRun.VB.VP worm
AVFortinetno_virus
AVFrisk (f-prot)W32/VB.AF.gen!Eldorado
AVF-SecureTrojan.Generic.5528231
AVGrisoft (avg)Generic15.CPOD
AVIkarusTrojan.Win32.Mepaow
AVK7Trojan ( 00071a9a1 )
AVKasperskyP2P-Worm.Win32.VB.iy
AVMalwareBytesTrojan.P2P.Downloader
AVMcafeeno_virus
AVMicrosoft Security EssentialsTrojan:Win32/Msposer.A
AVMicroWorld (escan)Trojan.Generic.5528231
AVRisingWorm.Win32.Autorun.txi
AVSophosMal/VB-BZ
AVSymantecTrojan Horse
AVTrend MicroPossible_Otorun8
AVVirusBlokAda (vba32)SIM.Trojan.VBO.01948

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\VB and VBA Program Settings\tob\x\x ➝
x\\x00
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\xxx.bat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\dllhost.exe
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\dllhost.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\dllhost.exe

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\win ➝
C:\Documents and Settings\Administrator\Local Settings\Temp\dllhost.exe
RegistryHKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\win ➝
C:\Documents and Settings\Administrator\Local Settings\Temp\dllhost.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\vbzip11.dll
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\install\readm.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\micka.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\install\key.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\install\Install.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\zip.zip
Creates FileC:\WINDOWS\system32\vbzip11.dll
Creates Processregsvr32.exe /s "C:\Documents and Settings\Administrator\Local Settings\Temp\vbzip11.dll"
Creates Processregsvr32.exe /s "C:\Documents and Settings\Administrator\Local Settings\Temp\vbzip11.dll"
Creates Processregsvr32.exe /s "C:\Documents and Settings\Administrator\Local Settings\Temp\vbzip11.dll"
Creates Processregsvr32.exe /s "C:\Documents and Settings\Administrator\Local Settings\Temp\vbzip11.dll"
Creates Processregsvr32.exe /s "C:\WINDOWS\system32\vbzip11.dll"
Creates Processregsvr32.exe /s "C:\WINDOWS\system32\vbzip11.dll"
Creates Processregsvr32.exe /s "C:\WINDOWS\system32\vbzip11.dll"
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\zip.zip
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\micka.exe
Creates Processregsvr32.exe /s "C:\WINDOWS\system32\vbzip11.dll"
Winsock URLhttp://ns2.thebuisness.com/zip.zip
Winsock URLhttp://ns2.thebuisness.com/main1.gif
Winsock URLhttp://google.com

Process
↳ regsvr32.exe /s "C:\WINDOWS\system32\vbzip11.dll"

Process
↳ regsvr32.exe /s "C:\WINDOWS\system32\vbzip11.dll"

Process
↳ regsvr32.exe /s "C:\WINDOWS\system32\vbzip11.dll"

Process
↳ regsvr32.exe /s "C:\WINDOWS\system32\vbzip11.dll"

Process
↳ regsvr32.exe /s "C:\Documents and Settings\Administrator\Local Settings\Temp\vbzip11.dll"

Process
↳ regsvr32.exe /s "C:\Documents and Settings\Administrator\Local Settings\Temp\vbzip11.dll"

Process
↳ regsvr32.exe /s "C:\Documents and Settings\Administrator\Local Settings\Temp\vbzip11.dll"

Process
↳ regsvr32.exe /s "C:\Documents and Settings\Administrator\Local Settings\Temp\vbzip11.dll"

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\zip.zip

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\micka.exe

Creates FileC:\WINDOWS\SYSTEM32\REDIR.EXE
Creates FileC:\WINDOWS\SYSTEM32\MSCDEXNT.EXE
Creates FileC:\WINDOWS\SYSTEM32\COMMAND.COM
Creates FileC:\WINDOWS\TEMP\scs1.tmp
Creates FileC:\WINDOWS\TEMP\scs2.tmp
Creates FileC:\Documents and Settings\Administrator\Local Settings\TEMP\MICKA.EXE
Creates FileC:\WINDOWS\SYSTEM32\HIMEM.SYS
Creates FileC:\WINDOWS\SYSTEM32\DOSX.EXE
Deletes FileC:\WINDOWS\TEMP\scs1.tmp
Deletes FileC:\WINDOWS\TEMP\scs2.tmp

Network Details:

DNSgoogle.com
Type: A
216.58.219.142
DNSns2.thebuisness.com
Type: A
HTTP GEThttp://google.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Flows TCP192.168.1.1:1031 ➝ 216.58.219.142:80

Raw Pcap
0x00000000 (00000)   47455420 2f204854 54502f31 2e310d0a   GET / HTTP/1.1..
0x00000010 (00016)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000020 (00032)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000030 (00048)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000040 (00064)   696e646f 7773204e 5420352e 313b2053   indows NT 5.1; S
0x00000050 (00080)   5631290d 0a486f73 743a2067 6f6f676c   V1)..Host: googl
0x00000060 (00096)   652e636f 6d0d0a0d 0a                  e.com....


Strings
.
/.
\\
/
//
.//
/
UT
/
/
C.
.
e
 
00-+ 
\ -=::.:\a
040904B0
040904E4
1.02.0057
'12,%";
2000
2003
21qeqe234-234eqe34-5qeqe5892-4sasw2
@9A9AOA\A^A
</a>
Abrir
Abrir USB
action
AddFileSpec
\AppData\Local\Ares\My Shared Folder\
\AppData\Local\Ares\My Shared Folder\incompletes\
\AppData\Local\eMule\config\preferences.ini
\AppData\Roaming\frostwire\frostwire.props
\AppData\Roaming\LimeWire\limewire.props
\Application Data\frostwire\frostwire.props
\Application Data\LimeWire\limewire.props
\Ares\Ares.exe
Ares.exe
</a></th>
Autoconnect=0
Autoconnect=1
AUTORUN
\Autorun.inf
Autorun.inf
B*\AC:\Documents and Settings\tonck\Desktop\Copy (4) of newp2p\Project1.vbp
BasePath
blank">
class="BlckUnd">
ClearFileSpecs
Comments
CompanyName
CopyFileW
CURSOR
Del 
DIRECTORIES_TO_SEARCH_FOR_FILES
\dllhost.exe
dllhost.exe
dll loader
\Documents\Shareaza Downloads\
\Documents\Shareaza Downloads\incompletes\
\Downloads\eMule\Incoming\
\emule\config\preferences.ini
\emule\emule.exe
emule.exe
\eMule\Incoming\
Error
.exe
FileDescription
FileVersion
final
final.exe
final.exe,Shareaza.exe,emule.exe,Frostwire.exe,LimeWire.exe,Ares.exe,bla.exe
folderexists
FrostWire
Frostwire.exe
\frostwire\Frostwire.exe
@ftware\MFC\Xtreme ToolkitProP
         (((((                  H
Header
HKEY_
HKEY_CLASSES_ROOT
HKEY_CURRENT_CONFIG
HKEY_CURRENT_USER
HKEY_DYN_DATA
HKEY_LOCAL_MACHINE
HKEY_PERFORMANCE_DATA
HKEY_USERS
HOMEDRIVE
html
.html
http://apps.katz.cd/pg/--PAGE--
http://btjunkie.org/browse/Games/page
http://btjunkie.org/browse/Software/page
http://games.katz.cd/pg/1
http://games.katz.cd//pg/--PAGE--
http://google.com
http://ns2.thebuisness.com/main1.gif
http://ns2.thebuisness.com/test.gif
http://ns2.thebuisness.com/zip.zip
http://www.fullversions.org/crack-serial-keygen-torrent-free-full-download-App---PAGE--
http://www.fullversions.org/crack-serial-keygen-torrent-free-full-download-Game---PAGE--
http://www.phazeddl.com/pg/apps--PAGE--
http://www.phazeddl.com/pg/games--PAGE--
icon
IIF]ZERZ[OEXR[\UCN@[SB@YK_GQt}mORMEPyqNFME\_qmZBCW]@cSEKPUU`oKQ
IIF]ZJHKHFTALMGY_WOGZPCOXH^@Pw|RNQLBQzpAGND[^rlEC@VZA`RJJSTRalJ.
IncomingDir
incomplete
incompletes\
Info-ZIP
Info-ZIP 1997
Info-ZIP's WiZ
Info-ZIP's Zip dll
inot.zip
\install
\install\
\install\Install.exe
\install\key.txt
\install\readm.txt
InternalName
@isual Studio\VB98\C2
jjjj
kernel32
LegalCopyright
LimeWire
LimeWire.exe
\LimeWire\LimeWire.exe
\Local Settings\Application Data\Ares\My Shared Folder\
\Local Settings\Application Data\Ares\My Shared Folder\incompletes\
micka
\micka.exe
microsoft
microsoft compiler
microsoft dll loader
money money money,must be funny
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
\My Documents\Shareaza Downloads\
\My Documents\Shareaza Downloads\incompletes\
(null)
open
OriginalFilename
--PAGE--
--PAGE--/?o=52&t=0
ping; 1.2; 0.3; 0.4 - n; 1 - w; 500 > nul
please re-download the application
ProductName
ProductVersion
ProgramFiles
PROGRAMFILES
RecurseSubDirs
regsvr32.exe /s "
regwrite
Scripting.FileSystemObject
Shareaza.exe
\Shareaza\Shareaza.exe
shell32
ShellExecuteW
shell\open
shell\open\command
shell\open\Default
StoreFolderNames
StringFileInfo
system
%SystemRoot%\system32\SHELL32.dll,7
Temp
Text
The Device was not found!
Translation
Unknown
UseAutoPlay
USERPROFILE
VarFileInfo
\vbzip11.dll
Vista
VS_VERSION_INFO
\xxx.bat
xxx.bat
.zip
Zip32
ZIP32.DLL
ZipFile
\zip.zip
:;,=+"[]<>| 	
""""""
"""""""""
"""""""""""
"""""	"
0#000=0J0Q0`0
0"0*02080?0I0N0]0c0p0v0
0(0<0C0I0c0s0}0
0*0<0K0_0o0t0
0'0@0X0`0g0
000Z0c0i0
010>0E0P0W0b0o0u0{0
0&1+191`1e1s1
050[0u0|0
: :$:0:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
<!=0=:=a=o=x=
;"<0<?<F<Q<W<
1"1.141J1Z1m1s1
1$1/151:1@1M1j1p1{1
1,141m1|1
1"151;1A1z1
1$171>1P1X1h1
1$191C1V1_1
1<1D1h1p1
1$1I1c1o1
121E1M1Y1d1k1q1w1
1/252I2
142:2E2R2Z2b2j2r2y2~2
161?1w1~1
182C2R2W2\2e2o2
:):1:A:P:X:h:w:
1C1R1W1
>1?D?M?a?f?
?%?1?:?@?D?O?Z?m?t?
<#<+<1<?<F<M<Y<a<i<o<x<
>;1h@N
>1>J>O>Y>^>y>Q?q?{?
1L2P2X2\2
;1;:;T;c;
20363O3U3]3m3
2 2$2(2,202z2
2 2'2-222E2Z2_2e2k2t2
2(22272?2J2P2V2[2y2
2)2.2<2r2w2
2#2D2I2S2Y2_2s2
2 2D2L2p2x2
2%2T2Y2
23292A2I2O2W2^2c2y2
2\3`3d3h3l3p3t3x3|3
2 3(3L3T3x3
283B3m3
?$?2?8?>?F?L?T?Z?f?k?t?y?
;!;2;C;I;U;[;f;
%2d%2d%4d
<2=>=d=i=s=
> >%>*>2>>>J>Y>a>f>q>v>
2K2X2e2l2q2
: :2:@:O:`:
3%323?3E3L3]3p3v3
3#3=3C3T3m3y3
3-3>3e3k3
3-3?3P3Y3^3
3!3E3K3Q3X3]3
3&3J3U3]3
343X3g3m3
363L3g3
>%>->3>9>D>L>
3D4H4L4P4T4X4\4`4d4h4l4p4
3J3O3U3b3u3z3
:-:3:P:V:i:r:
? ?*?3?;?R?[?
<"<3<U<Z<d<~<
=#=3=>=X=^=
:,:3:Z:w:
40444X7\7`7x7|7
>4>#?-?2?W?e?
4%40454@4G4N4_4e4
4+40484>4C4q4w4}4
4(404T4\4
4%4/4G4L4V4p4~4
4!4&4n4
4*4?4T4u4
4*484m4
454;4A4H4M4q4w4}4
4+5?5F5`5k5r5x5
4=5X5g5
475E5J5W5l5u5
494L4U4k4
>4>a>h>u>
:(:4:D:
%4d-%2d-%2d
;4<H<f<r<
4:mTW{THM,F
<#<4<P<_<q<z<
=4=P=Z=
;4<R<Z<z<
5 505m5t5
5.545:5C5X5m5w5
5%5+51585=5a5g5m5t5y5
5%5-535;5E5J5U5`5k5x5~5
5)5/5B5
5(5]5b5l5q5
5!5;5C5T5Y5f5k5
5#585>5N5c5i5r5x5
5+5Q5d5i5
5?5Y5n5
5#6.636]6
5(6/6w6
5>6a6r6
575B5I5R5Y5
585@5H5P5X5`5h5p5x5
>)?.?5?d?
5D9P9_9e9u9
5)eijY
:5;_;E<v<
6(626S6a6q6w6
6 6(60686@6H6P6X6`6h6p6x6
6#6-63696?6E6K6Q6W6]6c6g6m6s6y6
6"6;6}6
6&6+6<6X6i6
6#686j6t6
6"6F6L6R6Y6^6
6\6h6m6s6
6(70787=7D7Z7g7m7}7
6"747C7d7j7
6)7=7h7
6<7$8)8G8
6"7Z7#8
6L7S7Z7_7l7w7
*+6LVZ@
6T6]6h6t6z6
747_7e7y7~7
7(757;7K7k7s7{7
7 7(70787@7H7P7X7`7h7p7x7
777=7J7k7
7%7;7k8%9/:v:
7'7,7P7V7\7c7
7%7a7l7
7)7F7W7\7a7
7(848>8I8S8]8c8
798C8q8
7c7s7z7
=,=7=>=H=Q=W=
7m8t8~8
<7=R=a=
819R9[9K:
839=9R9]9
84999@9F9T9Z9g9
858<8@8D8H8L8P8T8X8
8.848@8l8v8
8$8,848<8D8L8T8\8d8l8t8|8
8!8'8-868I8O8U8f8l8{8~9
8$888@8E8N8S8
8'8/8?8P8c8{8
8:8@8F8M8R8v8|8
8"8+8I8X8b8
8+8H8`8
8>9D9b9
;-;8;C;h;o;~;
?+?8?L?
8M9S9q9
>8>X>h>x>
93999E9j9u9
9,:4:9:L:Q:d:
^}%95 
9,919H9Y9_9h9n9
9&9+989D9Y9d9i9s9x9
9/9:9B9R9m9|9
9%9@9G9L9P9T9q9
99:M:[:z:
9::@:D:H:L:
9d:j:u:{:
>">9>G>Q>
9k:q:~:
;$<9<><T<`<l<q<{<
abnormal program termination
ABQ@RP
:Ac@wc@
AddFileSpec
  adding: %s
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
adjusting offsets for
AdjustTokenPrivileges
advapi32.dll
ADVAPI32.dll
alldatax
_allmul
allocating temp filename
AllowAppend
america
american
american english
american-english
:(=a=m=s=
>A?N?W?
Appending
Argentina
A=Tj3TE
attempting to restore %s to its previous state
August
Australia
australian
Austria
B 02CV
bad extended local header for 
bad pack level
BasePath
Basque
>b'~b(
bCancel
belgian
Belgium
:&;b;g;~;
:!:=:B:H:L:h:
=B=H=T=d=k=r=x=
==>B>[>i>
:#:B:J:c:l:
block vanished
=!=B=O=f=l=z=
britain
bState
btHHt.
;$<*<C<
C =02CVu
c2.c3>c4Nc
CallWindowProcA
Canada
canadian
Cancel
cannot repeat names in zip file
can only have one -P
can only have one -t
can only have one -tt
can't rewrite method
can't use - and -@ together
can't use -d,-f,-u or -g on stdout
can't use -F with -A, -F ignored
can't use -T on stdout, -T ignored
can't use -y with -k, -y ignored
:c:.;d;|;
C:\Documents and Settings\tonck\Desktop\final.pdb
central 
chinese
chinese-hongkong
chinese-simplified
chinese-singapore
chinese-traditional
_CIatan
_CIcos
_CIexp
_CIlog
_CIsin
_CIsqrt
_CItan
ClearFileSpecs
CloseHandle
Colombia
Command2
Comment
CompareStringA
CompareStringW
 compressed size %ld, actual size %ld for %s
Compression
ConvertCRLFToLF
ConvertLFToCRLF
CopyFileA
Costa Rica
Could not create output file
could not open for reading: 
could not read input file: 
cP8!D*
C:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
CreateFileA
CreateMutexA
CreateToolhelp32Snapshot
CRLF-LF
>Cu28V
C:\WINDOWS.0\system32\msvbvm60.dll\3
<=<d<	=
>'>d>}>
D$4j*P
da^ff^ebNf1
`.data
@.data
dC.dD>dENdF^dGndH~
dddd, MMMM dd, yyyy
December
 (deflated %d%%)
Delete
DeleteCriticalSection
DeleteFileA
deleting directory %s (if empty)                
deleting: %s
?;?D?I?X?a?h?m?
DllFunctionCall
DOMAIN error
Dominican Republic
do not specify both -r and -R
dOve_vfo
dutch-belgian
D$ VSj
:!:>:D:y:
Ea|9\L)8L=5
Ecuador
eLevel
empty name without -j or -r
Encrpyt
Encrypt
england
English
english-american
english-aus
english-belize
english-can
english-caribbean
english-ire
english-jamaica
english-nz
english-south africa
english-trinidad y tobago
english-uk
english-us
english-usa
Enter comment for %s:
EnterCriticalSection
Enter password: 
Entry too big to split
EnumSystemLocalesA
eR.eS>eTNeU
error deleting 
:!:&:,:<:E:S:]:b:
EVENT_SINK_AddRef
EVENT_SINK_GetIDsOfNames
EVENT_SINK_Invoke
EVENT_SINK_QueryInterface
EVENT_SINK_Release
excluding %s
ExitProcess
extended local header not found for 
 fcopy: write error
fCXwvoww
f;D$<t
February
ff&fc>Z
file and directory with the same name: 
file matches zip file -- skipping
File not found or no read permission
FileSpec
FileSpecCount
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
findos
FindWindowA
Finland
Finnish
  first full name: 
F@j@Ph
- floating point not loaded
FlushFileBuffers
; ;/;>;F;N;T;\;a;j;p;v;
Force DOS
F PjPWj
F$PjQWj
F.PjRWj
F*PjTWj
F+PjUWj
F,PjVWj
F-PjWWj
\FqKZV2
France
FreeEnvironmentStringsA
FreeEnvironmentStringsW
French
french-belgian
french-canadian
french-luxembourg
french-swiss
Freshen
FreshenFiles
freshening: %s
Friday
fstat(stdin)
German
german-austrian
german-lichtenstein
german-luxembourg
german-swiss
GetACP
GetActiveWindow
GetCommandLineA
GetCPInfo
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentThreadId
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetFileAttributesA
GetFileInformationByHandle
GetFileTime
GetFileType
GetFullPathNameA
GetKernelObjectSecurity
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetLocalTime
GetLogicalDriveStringsA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetParent
GetProcAddress
GetProcessHeap
GetSecurityDescriptorLength
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDirectoryA
GetSystemTime
GetTimeZoneInformation
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVolumeInformationA
GetWindow
GetWindowThreadProcessId
GIF89a
GlobalAlloc
GlobalFree
__GLOBAL_HEAP_SELECTED
GlobalLock
GlobalUnlock
?&?G?\?n?
>G>P>U>f>k>u>
great britain
Guatemala
`h````
H4Q4]4n4~4
has been
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HHtpHHtl
H:mm:ss
holland
hong-kong
hPs)uPsP
HSUVWh
< <:<I<
Iceland
Icelandic
ifexeruning
#%iIMzR
IncludeSystemAndHiddenFiles
incorrect compressed size
InitializeCriticalSection
	(in=%lu) (out=%lu)
Input file read failure
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
Internal logic error
InternetCheckConnectionA
InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile
Interrupted
Invalid command arguments
Invalid comment format
invalid date entered for -t option
invalid date entered for -tt option
invalid option(s) used with -d; ignored.
invalid path
invalid time
irish-english
IsValidCodePage
IsValidLocale
italian-swiss
It[IItM
j0hpr@
JanFebMarAprMayJunJulAugSepOctNovDec
January
;J;e;u;{;
jHhpr@
j$hpr@
jPhpr@
jPsEjPsZ]Os
}#jTh4F@
Junk Dir Names
Junk SFX
} jXh4F@
jXhpr@
;@<J<Z<
:$;<;K;];
Kernel32
KERNEL32.dll
killproces
k<PdAfv
<,<k<q<
L0N5Yd
l$0VWPU
Label1
Label2
LC_ALL
LC_COLLATE
LC_CTYPE
LCMapStringA
LCMapStringW
LC_MONETARY
LC_NUMERIC
lCount
LC_TIME
 (%ld bytes security)
LeaveCriticalSection
LF-CRLF
LoadLibraryA
local 
local and central headers differ for 
local extra (%ld bytes) != central extra (%ld bytes): 
LocalFileTimeToFileTime
local flags = 0x%04x, central = 0x%04x: 
local header not found for 
LookupPrivilegeValueA
:?;L;q;
lstrcatA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
-l used on binary file
Luxembourg
;(;L;V;\;l;
;-;:;M;
made by version %d.%d on system type %d: 
mainrutine
Making argv
M/d/yy
MeCZha
MessageBoxA
MessageLevel
Mexico
microsoft
microsoft dll loader
Microsoft Visual C++ Runtime Library
missing argument for -b or -P
missing end signature--probably not a zip file (did you
missing or early
Missing or empty zip file
missing suffix list
Monday
MoveFileA
MSVBVM60.DLL
__MSVCRT_HEAP_SELECT
MultiByteToWideChar
multiple disk information ignored
name in zip file repeated: 
name lengths in local and central differ for 
name not matched: 
names in local and central differ for 
needs unzip %d.%d on system type %d: 
new-zealand
new zip file left as: 
nIndex
$}	nL	
NLPQhT
No Dir Entries
norwegian
norwegian-bokmal
norwegian-nynorsk
no such option: %c
- not enough space for arguments
- not enough space for environment
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
 not found or empty
Nothing to do!
nothing to select from
November
November 29th 1999
@n}<@P
nRs*aQs?|Ps
Ns1hRs
NsbrRs
Ns$FPs
Ns];Os
(null)
October
Offsets
 offset %u--local = %02x, central = %02x
:O:h:p:
OpenProcess
OpenProcessToken
`Os0jPs
OsDROsk
OsEtPs
OsfLPs
Os mPs
?Os*<Rs
OssnPs0sRs
Os@sRs
OstLPs"
Out of memory
output buffer too small for in-memory compression
Output file write failure
Panama
Paraguay
PasswordRequest
password verification failed
PeekNamedPipe
 Phtw@
Picture1
portuguese-brazilian
PPPPPPPP
ppxxxx
;`<p<Q=f=
PQh(o@
pr china
pr-china
Privileges
Process32First
Process32Next
Program: 
<program name unknown>
Progress
Ps2uQs
PsfzPs
PstjPs
Ps>UPs
puerto-rico
- pure virtual function call
=.=<=Q=
>Q?^?h?p?z?
Qkkbal
qPs_]Qs
QQSUVWj
QQSVW3
QQSVWj
Qs@9Rs
Qs&nPsI
QswUPs'kPs7
`QsYuRspuRs
`.rdata
ReadFile
Recurse -r
Recurse -R
RecurseSubDirs
RegCloseKey
RegCreateKeyA
RegDeleteKeyA
RegDeleteValueA
registry
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
ReleaseMutex
@.reloc
remember to use binary mode when you transferred it?)
RemoveDirectoryA
Repair
 replace: can't open %s
Retry with option -qF to truncate, with -FF to attempt full recovery
RPh(o@
RPhxp@
RRPQj	
Rs|sQs%
:Rs\TPs
RtlMoveMemory
RtlUnwind
runtime error 
Runtime Error!
%s: adjusting offsets for a preamble of %lu bytes
Saturday
sBasePath
SeBackupPrivilege
 second full name: 
September
SeSecurityPrivilege
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetFileAttributesA
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
SetStdHandle
SetWindowLongA
sFilename
shell32.dll
ShellExecuteA
ShowWindow
SING error
 s=%ld, actual=%ld 
SleepEx
slovak
south africa
south-africa
South Africa
south korea
south-korea
Spanish
spanish-argentina
spanish-bolivia
spanish-chile
spanish-colombia
spanish-costa rica
spanish-dominican republic
spanish-ecuador
spanish-el salvador
spanish-guatemala
spanish-honduras
spanish-mexican
spanish-modern
Spanish - Modern Sort
spanish-nicaragua
spanish-panama
spanish-paraguay
spanish-peru
spanish-puerto rico
Spanish - Traditional Sort
spanish-uruguay
spanish-venezuela
sPassword
specify just one action
spread
%s: %s a preamble of %lu bytes
SS@SSPVSS
starts on disk %u: 
 (stored 0%%)
StoreDirectories
StoreFolderNames
StoreVolumeLabel
Sunday
SunMonTueWedThuFriSat
S?uTOuU_uVouW
SUVWhX
Sweden
Swedish
swedish-finland
Switzerland
\$$SWV
System
SystemTimeToFileTime
t$0Fj/V
<:t0<;t,
target buffer too small
>T>b>v>
tEj@Vh
Temp dir switch command
Temporary directory
Temporary file failure
TerminateProcess
<]t_G<-uA
!This program cannot be run in DOS mode.
Thursday
Timer1
Timer2
Timer3
Timer4
</tK<:tG<\tC
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
total bytes=%lu, compressed=%lu -> %d%% savings
T$ QPRW
T$$QRW
tried to write binary zipfile data to console!
trinidad & tobago
T$<RUV
t$ SRV
t#SSUP
<?t#<*t
t.;t$$t(
</t~<\tz
Tuesday
TUW}H@
t$$VSS
t$ WVjP
t/WWUPj
$ < u	
>:u#FV
uL9|$$t
Unable to allocate memory in zip dll
Unable to allocate memory in zip library at %s
- unable to initialize heap
- unable to open console device
undefined bits used in flags = 0x%04x: 
Unexpected end of zip file
unexpected error on zip file
- unexpected heap error
- unexpected multithread lock error
>:uNFV
united-kingdom
united-states
unknown compression method %u: 
unknown internal attributes = 0x%04x: 
Update
UpdateOnlyIfNewer
updating: %s
up to date
Uruguay
use -b before zip file name
use -P before zip file name
user32
user32.dll
USER32.dll
User terminated operation
use -x or -i after name of zipfile
VBA6.DLL
__vbaAryConstruct2
__vbaAryCopy
__vbaAryDestruct
__vbaAryLock
__vbaAryMove
__vbaAryUnlock
__vbaAryVar
__vbaBoolVarNull
__vbaChkstk
__vbaCopyBytes
__vbaEnd
__vbaErase
__vbaErrorOverflow
__vbaExceptHandler
__vbaExitProc
__vbaFailedFriend
__vbaFileClose
__vbaFileOpen
__vbaFileSeek
__vbaFixstrConstruct
__vbaFPException
__vbaFpI2
__vbaFpI4
__vbaFPInt
__vbaFreeObj
__vbaFreeObjList
__vbaFreeStr
__vbaFreeStrList
__vbaFreeVar
__vbaFreeVarList
__vbaGenerateBoundsError
__vbaGosub
__vbaGosubFree
__vbaGosubReturn
__vbaHresultCheckObj
__vbaI2Abs
__vbaI2I4
__vbaI2Var
__vbaI4Var
__vbaInStr
__vbaInStrB
__vbaInStrVar
__vbaLateMemCall
__vbaLbound
__vbaLenBstr
__vbaLenBstrB
__vbaLineInputStr
__vbaLineInputVar
__vbaLsetFixstr
__vbaMidStmtBstr
__vbaNew
__vbaNew2
__vbaObjSet
__vbaObjSetAddref
__vbaObjVar
__vbaOnError
__vbaPrintFile
__vbaPut3
__vbaPut4
__vbaPutOwner3
__vbaRaiseEvent
__vbaRecAnsiToUni
__vbaRecDestruct
__vbaRecDestructAnsi
__vbaRecUniToAnsi
__vbaRedim
__vbaRedimPreserve
__vbaRefVarAry
__vbaSetSystemError
__vbaStrCat
__vbaStrCmp
__vbaStrCopy
__vbaStrFixstr
__vbaStrI2
__vbaStrI4
__vbaStrMove
__vbaStrToAnsi
__vbaStrToUnicode
__vbaStrVarCopy
__vbaStrVarMove
__vbaStrVarVal
__vbaUbound
__vbaUI1I2
__vbaUI1Str
__vbaVar2Vec
__vbaVarAdd
__vbaVarCat
__vbaVarCmpEq
__vbaVarCopy
__vbaVarDup
__vbaVargVarCopy
__vbaVargVarMove
__vbaVarIndexLoad
__vbaVarLateMemCallLd
__vbaVarLateMemSt
__vbaVarMove
__vbaVarOr
__vbaVarSetObj
__vbaVarSetVar
__vbaVarTstEq
__vbaVarTstGt
__vbaVarTstNe
__vbaVarVargNofree
__vbaVarZero
vBWSSSj
vbzip11.dll
VC20XC00U
Venezuela
Verbose
Verify password: 
VirtualAlloc
VirtualFree
Volume
Vtvj0j
VXw[Q/
WaitForSingleObject
was adding files to zip file
was copying %s
was creating pattern list
was deleting moved files and directories
was getting encryption password
was processing arguments
was processing list of files
was reading comment lines
was replacing the original zip file
was setting comments to null
was verifying encryption password
was zipping %s
Wednesday
WideCharToMultiByte
will just copy entry over: 
wininet
wininet.dll
wiz.exe
would be
WQj1Pj
write error on zip file
WriteFile
WritePrivateProfileStringA
;);W;s;
WSPVQR
wvsprintfA
?x*2?C
[x	O:O
_^][YY
:	;Z;e;
zero-length name for entry #
zero length password not allowed
zip -0 not supported for I/O on pipes or devices
ZIP32.dll
zip diagnostic: deleting file %s
zip diagnostic: GetFileAttributes failed
zip diagnostic: GetVolumeInformation failed
zip diagnostic: %scluding %s
zip diagnostic: %s %s
zip error: %s (%s)
ZipFile
zip file empty
zip file has only directories, can't make it as old as latest entry
Zip file invalid or could not spawn unzip
zip file is empty, can't make it as old as latest entry
Zip file name
Zip file structure invalid
zip info: %s has %ld bytes of %sextra data
	zip info: %s%s
zip I/O error
zip: reading %s
zip warning
	zip warning: %s%s
zip warning: %s %s truncated.
ziXXXXXX
Zombie_GetTypeInfo
Zombie_GetTypeInfoCount
ZpArchive
ZpGetOptions
ZpInit
ZpSetOptions
ZpVersion
zu^SSS
ZVlE)m
.Z:.zip:.zoo:.arc:.lzh:.arj