• Stay aware

    Inquietari sueti praenturis et stationibus servabantur agrariis

  • How to get the best

    Inquietari sueti praenturis et stationibus servabantur agrariis

  • Help us

    Inquietari sueti praenturis et stationibus servabantur agrariis

  • Forum

    Inquietari sueti praenturis et stationibus servabantur agrariis

Wed, 03/29/2017 - 03:13

Gen.Heur.MSIL.Krypt.4_ac6834a521

HEUR:Trojan.Win32.Generic (Kaspersky), Gen:Heur.MSIL.Krypt.4 (B) (Emsisoft), Gen:Heur.MSIL.Krypt.4 (AdAware), Backdoor.Win32.Fynloski.FD, Trojan.Win32.Iconomon.FD, Trojan.Win32.Sasfis.FD, VirTool.Win32.DelfInject.FD, BackdoorFynloski.YR, GenericDownloader.YR, GenericInjector.YR, TrojanDownloaderAndromeda.YR (Lavasoft MAS) Behaviour: Trojan-Downloader, Trojan, Backdoor, VirTool

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

Summary

MD5: ac6834a521562e37b7c4794c9e1e59ec

SHA1: 1d5e2ddf67a6cfd8473121f5576fdc02da8e7ddc

SHA256: 0f5b7aa27ab723da95baf36ac5781dc923e0f9dc038f070f588c2122de0631e2

SSDeep: 12288:34oBI/3BKJrY/kzsF9ZVdcojCEq9tpyG2:34oK/i/49nCEq9tI

Size: 409600 bytes

File type: EXE

Platform: WIN32

Entropy: Packed

PEID: MicrosoftVisualC, NETexecutable, UPolyXv05_v6

Company: no certificate found

Created at: 2017-03-14 01:09:01

Analyzed on: Windows7 SP1 32-bit

Summary: Trojan-Downloader. Trojan program, which downloads files from the Internet without user's notice and executes them.

Dynamic Analysis

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

%original file name%.exe:316

The Trojan injects its code into the following process(es):

vbc.exe:2528

Mutexes

The following mutexes were created/opened: No objects were found.

File activity

The process vbc.exe:2528 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):

C:\ProgramData\Microsoft\Windows\Start Menu\winupdate\winupdate.exe (7547 bytes)

The process %original file name%.exe:316 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):

Registry activity

The process vbc.exe:2528 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:


To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"WinUpdate" = "C:\ProgramData\Microsoft\Windows\Start Menu\winupdate\winupdate.exe"

The Trojan adds the reference to itself to be executed when a user logs on:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserInit" = "C:\Windows\system32\userinit.exe,C:\ProgramData\Microsoft\Windows\Start Menu\winupdate\winupdate.exe"

The process %original file name%.exe:316 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:


To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"winupdater" = "/winupdate\winupdate.exe.exe"

Dropped PE files

MD5 File path
34aa912defa18c2c129f1e09d75c1d7ec:\ProgramData\Microsoft\Windows\Start Menu\winupdate\winupdate.exe
34aa912defa18c2c129f1e09d75c1d7ec:\Users\All Users\Microsoft\Windows\Start Menu\winupdate\winupdate.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

Removals

Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.

Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    %original file name%.exe:316

  2. Delete the original Trojan file.
  3. Delete or disinfect the following files created/modified by the Trojan:

    C:\ProgramData\Microsoft\Windows\Start Menu\winupdate\winupdate.exe (7547 bytes)

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "WinUpdate" = "C:\ProgramData\Microsoft\Windows\Start Menu\winupdate\winupdate.exe"

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "winupdater" = "/winupdate\winupdate.exe.exe"

  5. Remove the references to the Trojan by modifying the following registry value(s) (How to Work with System Registry):

    [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "UserInit" = "C:\Windows\system32\userinit.exe,C:\ProgramData\Microsoft\Windows\Start Menu\winupdate\winupdate.exe"

  6. Reboot the computer.
*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Static Analysis

VersionInfo

Company Name: P
Product Name: mm
Product Version: 2.2.20.20
Legal Copyright: mm
Legal Trademarks: nCNAP7adRnKG0W5n0q
Original Filename: ggggggg.exe
Internal Name: ggggggg.exe
File Version: 2.2.20.20
File Description: PP
Comments: PP
Language: Language Neutral

Company Name: P Product Name: mm Product Version: 2.2.20.20 Legal Copyright: mm Legal Trademarks: nCNAP7adRnKG0W5n0q Original Filename: ggggggg.exe Internal Name: ggggggg.exe File Version: 2.2.20.20 File Description: PP Comments: PP Language: Language Neutral

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text81923954283973125.536951261e1649a311c9ed6c3a74d31143015
.rsrc40960088040960.626509bc0631dd3354a682be6298de95a493bb
.reloc4177921240960.01137362114abb324f09a9e43a9fc1de8c99a2

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Network Activity

URLs

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

Map

The Trojan connects to the servers at the folowing location(s):

Strings from Dumps

vbc.exe_2528:

`.rsrc

`.rsrc

kernel32.dll

kernel32.dll

Windows

Windows

MSWHEEL_ROLLMSG

MSWHEEL_ROLLMSG

MSH_WHEELSUPPORT_MSG

MSH_WHEELSUPPORT_MSG

MSH_SCROLL_LINES_MSG

MSH_SCROLL_LINES_MSG

$*@@@*[email protected]@@$ *@@* [email protected]@($*)@-$*@@$-*@@$*[email protected]@(*$)@-*[email protected]@*[email protected]@*[email protected]@-* [email protected]$ *@* [email protected]$ *[email protected]$ -*@*- [email protected]($ *)(* $)

$*@@@*[email protected]@@$ *@@* [email protected]@($*)@-$*@@$-*@@$*[email protected]@(*$)@-*[email protected]@*[email protected]@*[email protected]@-* [email protected]$ *@* [email protected]$ *[email protected]$ -*@*- [email protected]($ *)(* $)

oleaut32.dll

oleaut32.dll

EVariantBadIndexError

EVariantBadIndexError

ssShift

ssShift

htKeyword

htKeyword

EInvalidOperation

EInvalidOperation

%s_%d

%s_%d

EInvalidGraphicOperation

EInvalidGraphicOperation

SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes

SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes

%s, ClassID: %s

%s, ClassID: %s

%s, ProgID: "%s"

%s, ProgID: "%s"

ole32.dll

ole32.dll

USER32.DLL

USER32.DLL

uxtheme.dll

uxtheme.dll

DWMAPI.DLL

DWMAPI.DLL

clWebSnow

clWebSnow

clWebFloralWhite

clWebFloralWhite

clWebLavenderBlush

clWebLavenderBlush

clWebOldLace

clWebOldLace

clWebIvory

clWebIvory

clWebCornSilk

clWebCornSilk

clWebBeige

clWebBeige

clWebAntiqueWhite

clWebAntiqueWhite

clWebWheat

clWebWheat

clWebAliceBlue

clWebAliceBlue

clWebGhostWhite

clWebGhostWhite

clWebLavender

clWebLavender

clWebSeashell

clWebSeashell

clWebLightYellow

clWebLightYellow

clWebPapayaWhip

clWebPapayaWhip

clWebNavajoWhite

clWebNavajoWhite

clWebMoccasin

clWebMoccasin

clWebBurlywood

clWebBurlywood

clWebAzure

clWebAzure

clWebMintcream

clWebMintcream

clWebHoneydew

clWebHoneydew

clWebLinen

clWebLinen

clWebLemonChiffon

clWebLemonChiffon

clWebBlanchedAlmond

clWebBlanchedAlmond

clWebBisque

clWebBisque

clWebPeachPuff

clWebPeachPuff

clWebTan

clWebTan

clWebYellow

clWebYellow

clWebDarkOrange

clWebDarkOrange

clWebRed

clWebRed

clWebDarkRed

clWebDarkRed

clWebMaroon

clWebMaroon

clWebIndianRed

clWebIndianRed

clWebSalmon

clWebSalmon

clWebCoral

clWebCoral

clWebGold

clWebGold

clWebTomato

clWebTomato

clWebCrimson

clWebCrimson

clWebBrown

clWebBrown

clWebChocolate

clWebChocolate

clWebSandyBrown

clWebSandyBrown

clWebLightSalmon

clWebLightSalmon

clWebLightCoral

clWebLightCoral

clWebOrange

clWebOrange

clWebOrangeRed

clWebOrangeRed

clWebFirebrick

clWebFirebrick

clWebSaddleBrown

clWebSaddleBrown

clWebSienna

clWebSienna

clWebPeru

clWebPeru

clWebDarkSalmon

clWebDarkSalmon

clWebRosyBrown

clWebRosyBrown

clWebPaleGoldenrod

clWebPaleGoldenrod

clWebLightGoldenrodYellow

clWebLightGoldenrodYellow

clWebOlive

clWebOlive

clWebForestGreen

clWebForestGreen

clWebGreenYellow

clWebGreenYellow

clWebChartreuse

clWebChartreuse

clWebLightGreen

clWebLightGreen

clWebAquamarine

clWebAquamarine

clWebSeaGreen

clWebSeaGreen

clWebGoldenRod

clWebGoldenRod

clWebKhaki

clWebKhaki

clWebOliveDrab

clWebOliveDrab

clWebGreen

clWebGreen

clWebYellowGreen

clWebYellowGreen

clWebLawnGreen

clWebLawnGreen

clWebPaleGreen

clWebPaleGreen

clWebMediumAquamarine

clWebMediumAquamarine

clWebMediumSeaGreen

clWebMediumSeaGreen

clWebDarkGoldenRod

clWebDarkGoldenRod

clWebDarkKhaki

clWebDarkKhaki

clWebDarkOliveGreen

clWebDarkOliveGreen

clWebDarkgreen

clWebDarkgreen

clWebLimeGreen

clWebLimeGreen

clWebLime

clWebLime

clWebSpringGreen

clWebSpringGreen

clWebMediumSpringGreen

clWebMediumSpringGreen

clWebDarkSeaGreen

clWebDarkSeaGreen

clWebLightSeaGreen

clWebLightSeaGreen

clWebPaleTurquoise

clWebPaleTurquoise

clWebLightCyan

clWebLightCyan

clWebLightBlue

clWebLightBlue

clWebLightSkyBlue

clWebLightSkyBlue

clWebCornFlowerBlue

clWebCornFlowerBlue

clWebDarkBlue

clWebDarkBlue

clWebIndigo

clWebIndigo

clWebMediumTurquoise

clWebMediumTurquoise

clWebTurquoise

clWebTurquoise

clWebCyan

clWebCyan

clWebPowderBlue

clWebPowderBlue

clWebSkyBlue

clWebSkyBlue

clWebRoyalBlue

clWebRoyalBlue

clWebMediumBlue

clWebMediumBlue

clWebMidnightBlue

clWebMidnightBlue

clWebDarkTurquoise

clWebDarkTurquoise

clWebCadetBlue

clWebCadetBlue

clWebDarkCyan

clWebDarkCyan

clWebTeal

clWebTeal

clWebDeepskyBlue

clWebDeepskyBlue

clWebDodgerBlue

clWebDodgerBlue

clWebBlue

clWebBlue

clWebNavy

clWebNavy

clWebDarkViolet

clWebDarkViolet

clWebDarkOrchid

clWebDarkOrchid

clWebMagenta

clWebMagenta

clWebDarkMagenta

clWebDarkMagenta

clWebMediumVioletRed

clWebMediumVioletRed

clWebPaleVioletRed

clWebPaleVioletRed

clWebBlueViolet

clWebBlueViolet

clWebMediumOrchid

clWebMediumOrchid

clWebMediumPurple

clWebMediumPurple

clWebPurple

clWebPurple

clWebDeepPink

clWebDeepPink

clWebLightPink

clWebLightPink

clWebViolet

clWebViolet

clWebOrchid

clWebOrchid

clWebPlum

clWebPlum

clWebThistle

clWebThistle

clWebHotPink

clWebHotPink

clWebPink

clWebPink

clWebLightSteelBlue

clWebLightSteelBlue

clWebMediumSlateBlue

clWebMediumSlateBlue

clWebLightSlateGray

clWebLightSlateGray

clWebWhite

clWebWhite

clWebLightgrey

clWebLightgrey

clWebGray

clWebGray

clWebSteelBlue

clWebSteelBlue

clWebSlateBlue

clWebSlateBlue

clWebSlateGray

clWebSlateGray

clWebWhiteSmoke

clWebWhiteSmoke

clWebSilver

clWebSilver

clWebDimGray

clWebDimGray

clWebMistyRose

clWebMistyRose

clWebDarkSlateBlue

clWebDarkSlateBlue

clWebDarkSlategray

clWebDarkSlategray

clWebGainsboro

clWebGainsboro

clWebDarkGray

clWebDarkGray

clWebBlack

clWebBlack

comctl32.dll

comctl32.dll

AutoHotkeysd-C

AutoHotkeysd-C

AutoHotkeys

AutoHotkeys

\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\

\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\

ssHotTrack

ssHotTrack

TWindowState

TWindowState

poProportional

poProportional

TWMKey

TWMKey

KeyPreview

KeyPreview

WindowState

WindowState

OnKeyDownL

OnKeyDownL

OnKeyPress

OnKeyPress

OnKeyUpH

OnKeyUpH

GlassFrame.Bottom

GlassFrame.Bottom

GlassFrame.Enabled

GlassFrame.Enabled

GlassFrame.Left

GlassFrame.Left

GlassFrame.Right

GlassFrame.Right

GlassFrame.SheetOfGlass

GlassFrame.SheetOfGlass

GlassFrame.Top

GlassFrame.Top

System\CurrentControlSet\Control\Keyboard Layouts\%.8x

System\CurrentControlSet\Control\Keyboard Layouts\%.8x

Uh.ID

Uh.ID

User32.dll

User32.dll

TKeyEvent

TKeyEvent

TKeyPressEvent

TKeyPressEvent

HelpKeyword nA

HelpKeyword nA

crSQLWait

crSQLWait

%s (%s)

%s (%s)

imm32.dll

imm32.dll

TSocketPort

TSocketPort

%d.%d.%d.%d

%d.%d.%d.%d

0.0.0.0

0.0.0.0

PSAPI.dll

PSAPI.dll

TDCWebCam

TDCWebCam

127.0.0.1

127.0.0.1

BuildImportTable: can't load library:

BuildImportTable: can't load library:

BuildImportTable: ReallocMemory failed

BuildImportTable: ReallocMemory failed

BuildImportTable: GetProcAddress failed

BuildImportTable: GetProcAddress failed

BTMemoryLoadLibary: BuildImportTable failed

BTMemoryLoadLibary: BuildImportTable failed

BTMemoryGetProcAddress: no export table found

BTMemoryGetProcAddress: no export table found

BTMemoryGetProcAddress: DLL doesn't export anything

BTMemoryGetProcAddress: DLL doesn't export anything

BTMemoryGetProcAddress: exported symbol not found

BTMemoryGetProcAddress: exported symbol not found

1.2.3

1.2.3

127.0.0.1:1604

127.0.0.1:1604

#KCMDDC51#-

#KCMDDC51#-

5.3.0

5.3.0

cmd.exe

cmd.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\Run

SOFTWARE\Microsoft\Windows\CurrentVersion\Run

hkey

hkey

\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

*.torrent

*.torrent

\Internet Explorer\iexplore.exe

\Internet Explorer\iexplore.exe

explorer.exe

explorer.exe

wlanapi.dll

wlanapi.dll

80211_SHARED_KEY

80211_SHARED_KEY

user32.dll

user32.dll

TUploadFTP

TUploadFTP

notepad.exe

notepad.exe

KEYNAME

KEYNAME

%ShortCut#

%ShortCut#

RELATEDCMD

RELATEDCMD

ping 127.0.0.1 -n 4 > NUL && "

ping 127.0.0.1 -n 4 > NUL && "

DRKey

DRKey

CRKey

CRKey

DelMSKey

DelMSKey

InstallHKEY

InstallHKEY

ActiveOnlineKeylogger

ActiveOnlineKeylogger

UnActiveOnlineKeylogger

UnActiveOnlineKeylogger

KeylogOn

KeylogOn

ActiveOfflineKeylogger

ActiveOfflineKeylogger

UnActiveOfflineKeylogger

UnActiveOfflineKeylogger

ActiveOnlineKeyStrokes

ActiveOnlineKeyStrokes

UnActiveOnlineKeyStrokes

UnActiveOnlineKeyStrokes

OpenWebPage

OpenWebPage

tmpprint.txt

tmpprint.txt

URLUpdate

URLUpdate

MSGBOX

MSGBOX

#BOT#VisitUrl

#BOT#VisitUrl

#BOT#OpenUrl

#BOT#OpenUrl

HTTP://

HTTP://

hXXp://

hXXp://

BTRESULTOpen URL|

BTRESULTOpen URL|

Command successfully executed!|

Command successfully executed!|

#BOT#URLUpdate

#BOT#URLUpdate

BTERRORUpdate from URL| Error on downloading file check if you type the correct url...|

BTERRORUpdate from URL| Error on downloading file check if you type the correct url...|

BTRESULTUpdate from URL|Update : File Downloaded , Executing new one in temp dir...|

BTRESULTUpdate from URL|Update : File Downloaded , Executing new one in temp dir...|

#BOT#URLDownload

#BOT#URLDownload

GetActivePorts

GetActivePorts

out.txt

out.txt

tmp.txt

tmp.txt

DDOSHTTPFLOOD

DDOSHTTPFLOOD

DDOSUDPFLOOD

DDOSUDPFLOOD

%IPPORTSCAN

%IPPORTSCAN

SAPI.SpVoice

SAPI.SpVoice

WEBCAMLIVE

WEBCAMLIVE

WEBCAMSTOP

WEBCAMSTOP

PASSWORD

PASSWORD

FTPFILEUPLOAD

FTPFILEUPLOAD

URLDOWNLOADTOFILE

URLDOWNLOADTOFILE

UPLOADEXEC

UPLOADEXEC

UPANDEXEC

UPANDEXEC

FTPPORT

FTPPORT

FTPPASS

FTPPASS

FTPUSER

FTPUSER

FTPHOST

FTPHOST

FTPROOT

FTPROOT

FTPUPLOADK

FTPUPLOADK

FTPSIZE

FTPSIZE

BTRESULTUDP Flood|UDP Flood task finished!|

BTRESULTUDP Flood|UDP Flood task finished!|

PortScanAdd

PortScanAdd

BTRESULTVisit URL|finished to visit

BTRESULTVisit URL|finished to visit

BTERRORVisit URL|An exception occured in the thread|

BTERRORVisit URL|An exception occured in the thread|

POST /index.php/1.0

POST /index.php/1.0

BTRESULTHTTP Flood|Http Flood task finished!|

BTRESULTHTTP Flood|Http Flood task finished!|

Mozilla

Mozilla

BTRESULTDownload File|Mass Download : File Downloaded , Executing new one in temp dir...|

BTRESULTDownload File|Mass Download : File Downloaded , Executing new one in temp dir...|

BTERRORDownload File| Error on downloading file check if you type the correct url...|

BTERRORDownload File| Error on downloading file check if you type the correct url...|

Software\Microsoft\Windows\CurrentVersion\Run

Software\Microsoft\Windows\CurrentVersion\Run

Software\Microsoft\Windows NT\CurrentVersion\Winlogon

Software\Microsoft\Windows NT\CurrentVersion\Winlogon

ERR|Cannot listen to port, try another one..|

ERR|Cannot listen to port, try another one..|

TCaptureWebcam

TCaptureWebcam

taskmgr.exe

taskmgr.exe

\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

DC3_FEXEC

DC3_FEXEC

Windows NT 4.0

Windows NT 4.0

Windows 2000

Windows 2000

Windows XP

Windows XP

Windows Server 2003

Windows Server 2003

Windows Vista

Windows Vista

Windows 7

Windows 7

Windows 95

Windows 95

Windows 98

Windows 98

Windows Me

Windows Me

S-%u-

S-%u-

FAKEMSG

FAKEMSG

MSGICON

MSGICON

MSGTITLE

MSGTITLE

MSGCORE

MSGCORE

deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly

deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly

inflate 1.2.3 Copyright 1995-2005 Mark Adler

inflate 1.2.3 Copyright 1995-2005 Mark Adler

DBv}.Bv

DBv}.Bv

UntKeylogger

UntKeylogger

KWindows

KWindows

UntActivePorts

UntActivePorts

UntControlKey

UntControlKey

UntCaptureWebcam

UntCaptureWebcam

UntWebCam

UntWebCam

UrlMon

UrlMon

(UntUploadFTPThread

(UntUploadFTPThread

UntFTP

UntFTP

_UntUDPFlood

_UntUDPFlood

YUntScanPorts

YUntScanPorts

0UntPasswordAndData

0UntPasswordAndData

XUntHTTPFlood

XUntHTTPFlood

UntCPU

UntCPU

WinExec

WinExec

PeekNamedPipe

PeekNamedPipe

GetWindowsDirectoryA

GetWindowsDirectoryA

GetProcessHeap

GetProcessHeap

GetCPInfo

GetCPInfo

CreatePipe

CreatePipe

RegQueryInfoKeyA

RegQueryInfoKeyA

RegOpenKeyExA

RegOpenKeyExA

RegOpenKeyA

RegOpenKeyA

RegFlushKey

RegFlushKey

RegEnumKeyExA

RegEnumKeyExA

RegDeleteKeyA

RegDeleteKeyA

RegCreateKeyExA

RegCreateKeyExA

RegCreateKeyA

RegCreateKeyA

RegCloseKey

RegCloseKey

SetViewportOrgEx

SetViewportOrgEx

GdiplusShutdown

GdiplusShutdown

ShellExecuteExA

ShellExecuteExA

ShellExecuteA

ShellExecuteA

SHFileOperationA

SHFileOperationA

URLDownloadToFileA

URLDownloadToFileA

keybd_event

keybd_event

VkKeyScanA

VkKeyScanA

UnhookWindowsHookEx

UnhookWindowsHookEx

SetWindowsHookExA

SetWindowsHookExA

MsgWaitForMultipleObjectsEx

MsgWaitForMultipleObjectsEx

MsgWaitForMultipleObjects

MsgWaitForMultipleObjects

MapVirtualKeyA

MapVirtualKeyA

LoadKeyboardLayoutA

LoadKeyboardLayoutA

GetKeyboardState

GetKeyboardState

GetKeyboardLayoutNameA

GetKeyboardLayoutNameA

GetKeyboardLayoutList

GetKeyboardLayoutList

GetKeyboardLayout

GetKeyboardLayout

GetKeyState

GetKeyState

GetKeyNameTextA

GetKeyNameTextA

ExitWindowsEx

ExitWindowsEx

EnumWindows

EnumWindows

EnumThreadWindows

EnumThreadWindows

EnumChildWindows

EnumChildWindows

ActivateKeyboardLayout

ActivateKeyboardLayout

GetKeyboardType

GetKeyboardType

InternetOpenUrlA

InternetOpenUrlA

HttpQueryInfoA

HttpQueryInfoA

FtpPutFileA

FtpPutFileA

.text

.text

`.itext

`.itext

`.data

`.data

.idata

.idata

.rdata

.rdata

@.reloc

@.reloc

B.rsrc

B.rsrc

KERNEL32.DLL

KERNEL32.DLL

advapi32.dll

advapi32.dll

AVICAP32.DLL

AVICAP32.DLL

gdi32.dll

gdi32.dll

gdiplus.dll

gdiplus.dll

msacm32.dll

msacm32.dll

netapi32.dll

netapi32.dll

ntdll.dll

ntdll.dll

shell32.dll

shell32.dll

SHFolder.dll

SHFolder.dll

URLMON.DLL

URLMON.DLL

version.dll

version.dll

wininet.dll

wininet.dll

winmm.dll

winmm.dll

WS2_32.DLL

WS2_32.DLL

wsock32.dll

wsock32.dll

66006666

66006666

No help found for %s#No context-sensitive help installed

No help found for %s#No context-sensitive help installed

No help found for context$No topic-based help system installedNUnable to retrieve a pointer to a running object registered with OLE for %s/%s

No help found for context$No topic-based help system installedNUnable to retrieve a pointer to a running object registered with OLE for %s/%s

Invalid clipboard format Clipboard does not support Icons

Invalid clipboard format Clipboard does not support Icons

Cannot open clipboard/Menu '%s' is already being used by another form

Cannot open clipboard/Menu '%s' is already being used by another form

- Dock zone has no controlLError loading dock zone from the stream. Expecting version %d, but found %d.

- Dock zone has no controlLError loading dock zone from the stream. Expecting version %d, but found %d.

OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters

OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters

Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window

Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window

Not enough timers [email protected] cannot be less than a previous menu item's GroupIndex5Cannot create form. No MDI forms are currently active$%s not in a class registration group

Not enough timers [email protected] cannot be less than a previous menu item's GroupIndex5Cannot create form. No MDI forms are currently active$%s not in a class registration group

Property %s does not exist

Property %s does not exist

Thread creation error: %s

Thread creation error: %s

Thread Error: %s (%d)

Thread Error: %s (%d)

Unsupported clipboard format

Unsupported clipboard format

Invalid data type for '%s' List capacity out of bounds (%d)

Invalid data type for '%s' List capacity out of bounds (%d)

List count out of bounds (%d)

List count out of bounds (%d)

List index out of bounds (%d) Out of memory while expanding memory stream

List index out of bounds (%d) Out of memory while expanding memory stream

Error reading %s%s%s: %s

Error reading %s%s%s: %s

Failed to create key %s

Failed to create key %s

Failed to get data for '%s'

Failed to get data for '%s'

Failed to set data for '%s'

Failed to set data for '%s'

Resource %s not found

Resource %s not found

%s.Seek not implemented$Operation not allowed on sorted list

%s.Seek not implemented$Operation not allowed on sorted list

Ancestor for '%s' not found

Ancestor for '%s' not found

Cannot assign a %s to a %s

Cannot assign a %s to a %s

Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread

Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread

Class %s not found

Class %s not found

A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates

A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates

Cannot create file "%s". %s

Cannot create file "%s". %s

Cannot open file "%s". %s

Cannot open file "%s". %s

Invalid stream format$''%s'' is not a valid component name

Invalid stream format$''%s'' is not a valid component name

External exception %x

External exception %x

Interface not supported

Interface not supported

%s (%s, line %d)

%s (%s, line %d)

Abstract Error?Access violation at address %p in module '%s'. %s of address %p

Abstract Error?Access violation at address %p in module '%s'. %s of address %p

System Error. Code: %d.

System Error. Code: %d.

No argument for format '%s'"Variant method calls not supported

No argument for format '%s'"Variant method calls not supported

Invalid variant operation%Invalid variant operation (%s%.8x)

Invalid variant operation%Invalid variant operation (%s%.8x)

%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)

%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)

Operation not supported

Operation not supported

Integer overflow Invalid floating point operation

Integer overflow Invalid floating point operation

Invalid pointer operation

Invalid pointer operation

Invalid class typecast0Access violation at address %p. %s of address %p

Invalid class typecast0Access violation at address %p. %s of address %p

Privileged instruction(Exception %s in module %s at %p.

Privileged instruction(Exception %s in module %s at %p.

Application Error1Format '%s' invalid or incompatible with argument

Application Error1Format '%s' invalid or incompatible with argument

!'%s' is not a valid integer value('%s' is not a valid floating point value!'%s' is not a valid date and time

!'%s' is not a valid integer value('%s' is not a valid floating point value!'%s' is not a valid date and time

'%s' is not a valid GUID value

'%s' is not a valid GUID value

I/O error %d

I/O error %d

1, 0, 0, 1

1, 0, 0, 1

MSRSAAP.EXE

MSRSAAP.EXE

4, 0, 0, 0

4, 0, 0, 0

vbc.exe_2528_rwx_00400000_000C7000:

`.rsrc

`.rsrc

kernel32.dll

kernel32.dll

Windows

Windows

MSWHEEL_ROLLMSG

MSWHEEL_ROLLMSG

MSH_WHEELSUPPORT_MSG

MSH_WHEELSUPPORT_MSG

MSH_SCROLL_LINES_MSG

MSH_SCROLL_LINES_MSG

$*@@@*[email protected]@@$ *@@* [email protected]@($*)@-$*@@$-*@@$*[email protected]@(*$)@-*[email protected]@*[email protected]@*[email protected]@-* [email protected]$ *@* [email protected]$ *[email protected]$ -*@*- [email protected]($ *)(* $)

$*@@@*[email protected]@@$ *@@* [email protected]@($*)@-$*@@$-*@@$*[email protected]@(*$)@-*[email protected]@*[email protected]@*[email protected]@-* [email protected]$ *@* [email protected]$ *[email protected]$ -*@*- [email protected]($ *)(* $)

oleaut32.dll

oleaut32.dll

EVariantBadIndexError

EVariantBadIndexError

ssShift

ssShift

htKeyword

htKeyword

EInvalidOperation

EInvalidOperation

%s_%d

%s_%d

EInvalidGraphicOperation

EInvalidGraphicOperation

SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes

SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes

%s, ClassID: %s

%s, ClassID: %s

%s, ProgID: "%s"

%s, ProgID: "%s"

ole32.dll

ole32.dll

USER32.DLL

USER32.DLL

uxtheme.dll

uxtheme.dll

DWMAPI.DLL

DWMAPI.DLL

clWebSnow

clWebSnow

clWebFloralWhite

clWebFloralWhite

clWebLavenderBlush

clWebLavenderBlush

clWebOldLace

clWebOldLace

clWebIvory

clWebIvory

clWebCornSilk

clWebCornSilk

clWebBeige

clWebBeige

clWebAntiqueWhite

clWebAntiqueWhite

clWebWheat

clWebWheat

clWebAliceBlue

clWebAliceBlue

clWebGhostWhite

clWebGhostWhite

clWebLavender

clWebLavender

clWebSeashell

clWebSeashell

clWebLightYellow

clWebLightYellow

clWebPapayaWhip

clWebPapayaWhip

clWebNavajoWhite

clWebNavajoWhite

clWebMoccasin

clWebMoccasin

clWebBurlywood

clWebBurlywood

clWebAzure

clWebAzure

clWebMintcream

clWebMintcream

clWebHoneydew

clWebHoneydew

clWebLinen

clWebLinen

clWebLemonChiffon

clWebLemonChiffon

clWebBlanchedAlmond

clWebBlanchedAlmond

clWebBisque

clWebBisque

clWebPeachPuff

clWebPeachPuff

clWebTan

clWebTan

clWebYellow

clWebYellow

clWebDarkOrange

clWebDarkOrange

clWebRed

clWebRed

clWebDarkRed

clWebDarkRed

clWebMaroon

clWebMaroon

clWebIndianRed

clWebIndianRed

clWebSalmon

clWebSalmon

clWebCoral

clWebCoral

clWebGold

clWebGold

clWebTomato

clWebTomato

clWebCrimson

clWebCrimson

clWebBrown

clWebBrown

clWebChocolate

clWebChocolate

clWebSandyBrown

clWebSandyBrown

clWebLightSalmon

clWebLightSalmon

clWebLightCoral

clWebLightCoral

clWebOrange

clWebOrange

clWebOrangeRed

clWebOrangeRed

clWebFirebrick

clWebFirebrick

clWebSaddleBrown

clWebSaddleBrown

clWebSienna

clWebSienna

clWebPeru

clWebPeru

clWebDarkSalmon

clWebDarkSalmon

clWebRosyBrown

clWebRosyBrown

clWebPaleGoldenrod

clWebPaleGoldenrod

clWebLightGoldenrodYellow

clWebLightGoldenrodYellow

clWebOlive

clWebOlive

clWebForestGreen

clWebForestGreen

clWebGreenYellow

clWebGreenYellow

clWebChartreuse

clWebChartreuse

clWebLightGreen

clWebLightGreen

clWebAquamarine

clWebAquamarine

clWebSeaGreen

clWebSeaGreen

clWebGoldenRod

clWebGoldenRod

clWebKhaki

clWebKhaki

clWebOliveDrab

clWebOliveDrab

clWebGreen

clWebGreen

clWebYellowGreen

clWebYellowGreen

clWebLawnGreen

clWebLawnGreen

clWebPaleGreen

clWebPaleGreen

clWebMediumAquamarine

clWebMediumAquamarine

clWebMediumSeaGreen

clWebMediumSeaGreen

clWebDarkGoldenRod

clWebDarkGoldenRod

clWebDarkKhaki

clWebDarkKhaki

clWebDarkOliveGreen

clWebDarkOliveGreen

clWebDarkgreen

clWebDarkgreen

clWebLimeGreen

clWebLimeGreen

clWebLime

clWebLime

clWebSpringGreen

clWebSpringGreen

clWebMediumSpringGreen

clWebMediumSpringGreen

clWebDarkSeaGreen

clWebDarkSeaGreen

clWebLightSeaGreen

clWebLightSeaGreen

clWebPaleTurquoise

clWebPaleTurquoise

clWebLightCyan

clWebLightCyan

clWebLightBlue

clWebLightBlue

clWebLightSkyBlue

clWebLightSkyBlue

clWebCornFlowerBlue

clWebCornFlowerBlue

clWebDarkBlue

clWebDarkBlue

clWebIndigo

clWebIndigo

clWebMediumTurquoise

clWebMediumTurquoise

clWebTurquoise

clWebTurquoise

clWebCyan

clWebCyan

clWebPowderBlue

clWebPowderBlue

clWebSkyBlue

clWebSkyBlue

clWebRoyalBlue

clWebRoyalBlue

clWebMediumBlue

clWebMediumBlue

clWebMidnightBlue

clWebMidnightBlue

clWebDarkTurquoise

clWebDarkTurquoise

clWebCadetBlue

clWebCadetBlue

clWebDarkCyan

clWebDarkCyan

clWebTeal

clWebTeal

clWebDeepskyBlue

clWebDeepskyBlue

clWebDodgerBlue

clWebDodgerBlue

clWebBlue

clWebBlue

clWebNavy

clWebNavy

clWebDarkViolet

clWebDarkViolet

clWebDarkOrchid

clWebDarkOrchid

clWebMagenta

clWebMagenta

clWebDarkMagenta

clWebDarkMagenta

clWebMediumVioletRed

clWebMediumVioletRed

clWebPaleVioletRed

clWebPaleVioletRed

clWebBlueViolet

clWebBlueViolet

clWebMediumOrchid

clWebMediumOrchid

clWebMediumPurple

clWebMediumPurple

clWebPurple

clWebPurple

clWebDeepPink

clWebDeepPink

clWebLightPink

clWebLightPink

clWebViolet

clWebViolet

clWebOrchid

clWebOrchid

clWebPlum

clWebPlum

clWebThistle

clWebThistle

clWebHotPink

clWebHotPink

clWebPink

clWebPink

clWebLightSteelBlue

clWebLightSteelBlue

clWebMediumSlateBlue

clWebMediumSlateBlue

clWebLightSlateGray

clWebLightSlateGray

clWebWhite

clWebWhite

clWebLightgrey

clWebLightgrey

clWebGray

clWebGray

clWebSteelBlue

clWebSteelBlue

clWebSlateBlue

clWebSlateBlue

clWebSlateGray

clWebSlateGray

clWebWhiteSmoke

clWebWhiteSmoke

clWebSilver

clWebSilver

clWebDimGray

clWebDimGray

clWebMistyRose

clWebMistyRose

clWebDarkSlateBlue

clWebDarkSlateBlue

clWebDarkSlategray

clWebDarkSlategray

clWebGainsboro

clWebGainsboro

clWebDarkGray

clWebDarkGray

clWebBlack

clWebBlack

comctl32.dll

comctl32.dll

AutoHotkeysd-C

AutoHotkeysd-C

AutoHotkeys

AutoHotkeys

\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\

\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\

ssHotTrack

ssHotTrack

TWindowState

TWindowState

poProportional

poProportional

TWMKey

TWMKey

KeyPreview

KeyPreview

WindowState

WindowState

OnKeyDownL

OnKeyDownL

OnKeyPress

OnKeyPress

OnKeyUpH

OnKeyUpH

GlassFrame.Bottom

GlassFrame.Bottom

GlassFrame.Enabled

GlassFrame.Enabled

GlassFrame.Left

GlassFrame.Left

GlassFrame.Right

GlassFrame.Right

GlassFrame.SheetOfGlass

GlassFrame.SheetOfGlass

GlassFrame.Top

GlassFrame.Top

System\CurrentControlSet\Control\Keyboard Layouts\%.8x

System\CurrentControlSet\Control\Keyboard Layouts\%.8x

Uh.ID

Uh.ID

User32.dll

User32.dll

TKeyEvent

TKeyEvent

TKeyPressEvent

TKeyPressEvent

HelpKeyword nA

HelpKeyword nA

crSQLWait

crSQLWait

%s (%s)

%s (%s)

imm32.dll

imm32.dll

TSocketPort

TSocketPort

%d.%d.%d.%d

%d.%d.%d.%d

0.0.0.0

0.0.0.0

PSAPI.dll

PSAPI.dll

TDCWebCam

TDCWebCam

127.0.0.1

127.0.0.1

BuildImportTable: can't load library:

BuildImportTable: can't load library:

BuildImportTable: ReallocMemory failed

BuildImportTable: ReallocMemory failed

BuildImportTable: GetProcAddress failed

BuildImportTable: GetProcAddress failed

BTMemoryLoadLibary: BuildImportTable failed

BTMemoryLoadLibary: BuildImportTable failed

BTMemoryGetProcAddress: no export table found

BTMemoryGetProcAddress: no export table found

BTMemoryGetProcAddress: DLL doesn't export anything

BTMemoryGetProcAddress: DLL doesn't export anything

BTMemoryGetProcAddress: exported symbol not found

BTMemoryGetProcAddress: exported symbol not found

1.2.3

1.2.3

127.0.0.1:1604

127.0.0.1:1604

#KCMDDC51#-

#KCMDDC51#-

5.3.0

5.3.0

cmd.exe

cmd.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\Run

SOFTWARE\Microsoft\Windows\CurrentVersion\Run

hkey

hkey

\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

*.torrent

*.torrent

\Internet Explorer\iexplore.exe

\Internet Explorer\iexplore.exe

explorer.exe

explorer.exe

wlanapi.dll

wlanapi.dll

80211_SHARED_KEY

80211_SHARED_KEY

user32.dll

user32.dll

TUploadFTP

TUploadFTP

notepad.exe

notepad.exe

KEYNAME

KEYNAME

%ShortCut#

%ShortCut#

RELATEDCMD

RELATEDCMD

ping 127.0.0.1 -n 4 > NUL && "

ping 127.0.0.1 -n 4 > NUL && "

DRKey

DRKey

CRKey

CRKey

DelMSKey

DelMSKey

InstallHKEY

InstallHKEY

ActiveOnlineKeylogger

ActiveOnlineKeylogger

UnActiveOnlineKeylogger

UnActiveOnlineKeylogger

KeylogOn

KeylogOn

ActiveOfflineKeylogger

ActiveOfflineKeylogger

UnActiveOfflineKeylogger

UnActiveOfflineKeylogger

ActiveOnlineKeyStrokes

ActiveOnlineKeyStrokes

UnActiveOnlineKeyStrokes

UnActiveOnlineKeyStrokes

OpenWebPage

OpenWebPage

tmpprint.txt

tmpprint.txt

URLUpdate

URLUpdate

MSGBOX

MSGBOX

#BOT#VisitUrl

#BOT#VisitUrl

#BOT#OpenUrl

#BOT#OpenUrl

HTTP://

HTTP://

hXXp://

hXXp://

BTRESULTOpen URL|

BTRESULTOpen URL|

Command successfully executed!|

Command successfully executed!|

#BOT#URLUpdate

#BOT#URLUpdate

BTERRORUpdate from URL| Error on downloading file check if you type the correct url...|

BTERRORUpdate from URL| Error on downloading file check if you type the correct url...|

BTRESULTUpdate from URL|Update : File Downloaded , Executing new one in temp dir...|

BTRESULTUpdate from URL|Update : File Downloaded , Executing new one in temp dir...|

#BOT#URLDownload

#BOT#URLDownload

GetActivePorts

GetActivePorts

out.txt

out.txt

tmp.txt

tmp.txt

DDOSHTTPFLOOD

DDOSHTTPFLOOD

DDOSUDPFLOOD

DDOSUDPFLOOD

%IPPORTSCAN

%IPPORTSCAN

SAPI.SpVoice

SAPI.SpVoice

WEBCAMLIVE

WEBCAMLIVE

WEBCAMSTOP

WEBCAMSTOP

PASSWORD

PASSWORD

FTPFILEUPLOAD

FTPFILEUPLOAD

URLDOWNLOADTOFILE

URLDOWNLOADTOFILE

UPLOADEXEC

UPLOADEXEC

UPANDEXEC

UPANDEXEC

FTPPORT

FTPPORT

FTPPASS

FTPPASS

FTPUSER

FTPUSER

FTPHOST

FTPHOST

FTPROOT

FTPROOT

FTPUPLOADK

FTPUPLOADK

FTPSIZE

FTPSIZE

BTRESULTUDP Flood|UDP Flood task finished!|

BTRESULTUDP Flood|UDP Flood task finished!|

PortScanAdd

PortScanAdd

BTRESULTVisit URL|finished to visit

BTRESULTVisit URL|finished to visit

BTERRORVisit URL|An exception occured in the thread|

BTERRORVisit URL|An exception occured in the thread|

POST /index.php/1.0

POST /index.php/1.0

BTRESULTHTTP Flood|Http Flood task finished!|

BTRESULTHTTP Flood|Http Flood task finished!|

Mozilla

Mozilla

BTRESULTDownload File|Mass Download : File Downloaded , Executing new one in temp dir...|

BTRESULTDownload File|Mass Download : File Downloaded , Executing new one in temp dir...|

BTERRORDownload File| Error on downloading file check if you type the correct url...|

BTERRORDownload File| Error on downloading file check if you type the correct url...|

Software\Microsoft\Windows\CurrentVersion\Run

Software\Microsoft\Windows\CurrentVersion\Run

Software\Microsoft\Windows NT\CurrentVersion\Winlogon

Software\Microsoft\Windows NT\CurrentVersion\Winlogon

ERR|Cannot listen to port, try another one..|

ERR|Cannot listen to port, try another one..|

TCaptureWebcam

TCaptureWebcam

taskmgr.exe

taskmgr.exe

\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

DC3_FEXEC

DC3_FEXEC

Windows NT 4.0

Windows NT 4.0

Windows 2000

Windows 2000

Windows XP

Windows XP

Windows Server 2003

Windows Server 2003

Windows Vista

Windows Vista

Windows 7

Windows 7

Windows 95

Windows 95

Windows 98

Windows 98

Windows Me

Windows Me

S-%u-

S-%u-

FAKEMSG

FAKEMSG

MSGICON

MSGICON

MSGTITLE

MSGTITLE

MSGCORE

MSGCORE

deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly

deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly

inflate 1.2.3 Copyright 1995-2005 Mark Adler

inflate 1.2.3 Copyright 1995-2005 Mark Adler

DBv}.Bv

DBv}.Bv

UntKeylogger

UntKeylogger

KWindows

KWindows

UntActivePorts

UntActivePorts

UntControlKey

UntControlKey

UntCaptureWebcam

UntCaptureWebcam

UntWebCam

UntWebCam

UrlMon

UrlMon

(UntUploadFTPThread

(UntUploadFTPThread

UntFTP

UntFTP

_UntUDPFlood

_UntUDPFlood

YUntScanPorts

YUntScanPorts

0UntPasswordAndData

0UntPasswordAndData

XUntHTTPFlood

XUntHTTPFlood

UntCPU

UntCPU

WinExec

WinExec

PeekNamedPipe

PeekNamedPipe

GetWindowsDirectoryA

GetWindowsDirectoryA

GetProcessHeap

GetProcessHeap

GetCPInfo

GetCPInfo

CreatePipe

CreatePipe

RegQueryInfoKeyA

RegQueryInfoKeyA

RegOpenKeyExA

RegOpenKeyExA

RegOpenKeyA

RegOpenKeyA

RegFlushKey

RegFlushKey

RegEnumKeyExA

RegEnumKeyExA

RegDeleteKeyA

RegDeleteKeyA

RegCreateKeyExA

RegCreateKeyExA

RegCreateKeyA

RegCreateKeyA

RegCloseKey

RegCloseKey

SetViewportOrgEx

SetViewportOrgEx

GdiplusShutdown

GdiplusShutdown

ShellExecuteExA

ShellExecuteExA

ShellExecuteA

ShellExecuteA

SHFileOperationA

SHFileOperationA

URLDownloadToFileA

URLDownloadToFileA

keybd_event

keybd_event

VkKeyScanA

VkKeyScanA

UnhookWindowsHookEx

UnhookWindowsHookEx

SetWindowsHookExA

SetWindowsHookExA

MsgWaitForMultipleObjectsEx

MsgWaitForMultipleObjectsEx

MsgWaitForMultipleObjects

MsgWaitForMultipleObjects

MapVirtualKeyA

MapVirtualKeyA

LoadKeyboardLayoutA

LoadKeyboardLayoutA

GetKeyboardState

GetKeyboardState

GetKeyboardLayoutNameA

GetKeyboardLayoutNameA

GetKeyboardLayoutList

GetKeyboardLayoutList

GetKeyboardLayout

GetKeyboardLayout

GetKeyState

GetKeyState

GetKeyNameTextA

GetKeyNameTextA

ExitWindowsEx

ExitWindowsEx

EnumWindows

EnumWindows

EnumThreadWindows

EnumThreadWindows

EnumChildWindows

EnumChildWindows

ActivateKeyboardLayout

ActivateKeyboardLayout

GetKeyboardType

GetKeyboardType

InternetOpenUrlA

InternetOpenUrlA

HttpQueryInfoA

HttpQueryInfoA

FtpPutFileA

FtpPutFileA

.text

.text

`.itext

`.itext

`.data

`.data

.idata

.idata

.rdata

.rdata

@.reloc

@.reloc

B.rsrc

B.rsrc

KERNEL32.DLL

KERNEL32.DLL

advapi32.dll

advapi32.dll

AVICAP32.DLL

AVICAP32.DLL

gdi32.dll

gdi32.dll

gdiplus.dll

gdiplus.dll

msacm32.dll

msacm32.dll

netapi32.dll

netapi32.dll

ntdll.dll

ntdll.dll

shell32.dll

shell32.dll

SHFolder.dll

SHFolder.dll

URLMON.DLL

URLMON.DLL

version.dll

version.dll

wininet.dll

wininet.dll

winmm.dll

winmm.dll

WS2_32.DLL

WS2_32.DLL

wsock32.dll

wsock32.dll

66006666

66006666

No help found for %s#No context-sensitive help installed

No help found for %s#No context-sensitive help installed

No help found for context$No topic-based help system installedNUnable to retrieve a pointer to a running object registered with OLE for %s/%s

No help found for context$No topic-based help system installedNUnable to retrieve a pointer to a running object registered with OLE for %s/%s

Invalid clipboard format Clipboard does not support Icons

Invalid clipboard format Clipboard does not support Icons

Cannot open clipboard/Menu '%s' is already being used by another form

Cannot open clipboard/Menu '%s' is already being used by another form

- Dock zone has no controlLError loading dock zone from the stream. Expecting version %d, but found %d.

- Dock zone has no controlLError loading dock zone from the stream. Expecting version %d, but found %d.

OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters

OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters

Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window

Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window

Not enough timers [email protected] cannot be less than a previous menu item's GroupIndex5Cannot create form. No MDI forms are currently active$%s not in a class registration group

Not enough timers [email protected] cannot be less than a previous menu item's GroupIndex5Cannot create form. No MDI forms are currently active$%s not in a class registration group

Property %s does not exist

Property %s does not exist

Thread creation error: %s

Thread creation error: %s

Thread Error: %s (%d)

Thread Error: %s (%d)

Unsupported clipboard format

Unsupported clipboard format

Invalid data type for '%s' List capacity out of bounds (%d)

Invalid data type for '%s' List capacity out of bounds (%d)

List count out of bounds (%d)

List count out of bounds (%d)

List index out of bounds (%d) Out of memory while expanding memory stream

List index out of bounds (%d) Out of memory while expanding memory stream

Error reading %s%s%s: %s

Error reading %s%s%s: %s

Failed to create key %s

Failed to create key %s

Failed to get data for '%s'

Failed to get data for '%s'

Failed to set data for '%s'

Failed to set data for '%s'

Resource %s not found

Resource %s not found

%s.Seek not implemented$Operation not allowed on sorted list

%s.Seek not implemented$Operation not allowed on sorted list

Ancestor for '%s' not found

Ancestor for '%s' not found

Cannot assign a %s to a %s

Cannot assign a %s to a %s

Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread

Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread

Class %s not found

Class %s not found

A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates

A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates

Cannot create file "%s". %s

Cannot create file "%s". %s

Cannot open file "%s". %s

Cannot open file "%s". %s

Invalid stream format$''%s'' is not a valid component name

Invalid stream format$''%s'' is not a valid component name

External exception %x

External exception %x

Interface not supported

Interface not supported

%s (%s, line %d)

%s (%s, line %d)

Abstract Error?Access violation at address %p in module '%s'. %s of address %p

Abstract Error?Access violation at address %p in module '%s'. %s of address %p

System Error. Code: %d.

System Error. Code: %d.

No argument for format '%s'"Variant method calls not supported

No argument for format '%s'"Variant method calls not supported

Invalid variant operation%Invalid variant operation (%s%.8x)

Invalid variant operation%Invalid variant operation (%s%.8x)

%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)

%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)

Operation not supported

Operation not supported

Integer overflow Invalid floating point operation

Integer overflow Invalid floating point operation

Invalid pointer operation

Invalid pointer operation

Invalid class typecast0Access violation at address %p. %s of address %p

Invalid class typecast0Access violation at address %p. %s of address %p

Privileged instruction(Exception %s in module %s at %p.

Privileged instruction(Exception %s in module %s at %p.

Application Error1Format '%s' invalid or incompatible with argument

Application Error1Format '%s' invalid or incompatible with argument

!'%s' is not a valid integer value('%s' is not a valid floating point value!'%s' is not a valid date and time

!'%s' is not a valid integer value('%s' is not a valid floating point value!'%s' is not a valid date and time

'%s' is not a valid GUID value

'%s' is not a valid GUID value

I/O error %d

I/O error %d

1, 0, 0, 1

1, 0, 0, 1

MSRSAAP.EXE

MSRSAAP.EXE

4, 0, 0, 0

4, 0, 0, 0