GenPack.Generic.Keylogger.2.E03E458E_0ddc12a94d

by malwarelabrobot on May 28th, 2017 in Malware Descriptions.

GenPack:Generic.Keylogger.2.E03E458E (BitDefender), VirTool:Win32/Injector (Microsoft), HEUR:HackTool.Win32.FlyStudio.gen (Kaspersky), Trojan.Win32.Generic!BT (VIPRE), BackDoor.BlackMoon.12 (DrWeb), GenPack:Generic.Keylogger.2.E03E458E (B) (Emsisoft), Artemis!0DDC12A94DBE (McAfee), Trojan-PWS.Banker6 (Ikarus), GenPack:Generic.Keylogger.2.E03E458E (FSecure), Win32/Heur (AVG), Win32:WrongInf-C [Susp] (Avast), TROJ_GEN.R02LC0DEA17 (TrendMicro), GenPack:Generic.Keylogger.2.E03E458E (AdAware), Trojan-PSW.Win32.MSNPassword.FD, Trojan.Win32.FlyStudio.FD, Trojan.Win32.Swrort.3.FD, GenericEmailWorm.YR, GenericInjector.YR, TrojanFlyStudio.YR (Lavasoft MAS)
Behaviour: Trojan-PSW, Keylogger, Banker, Trojan, Worm, EmailWorm, HackTool, VirTool


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 0ddc12a94dbef7379ceb53eacf7caaf9
SHA1: 96cf5518b201260ff719e2759826eb5b0eb4a13d
SHA256: 71bec7c99c1f648d873dad8bd54ebdccadc4bdb0a55a772e184db108b3074c5c
SSDeep: 49152:MCdwOLdnsUA8l0ZWH5pITiOLMG//0eqw8U7qRCIi9r:cOL1sUzl0gpAiOLvX0u8U7qRta
Size: 1735105 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: PackerUPXCompresorGratuitowwwupxsourceforgenet, UPolyXv05_v6
Company: no certificate found
Created at: 2015-12-30 22:22:49
Analyzed on: Windows7 SP1 32-bit


Summary:

Trojan-PSW. Trojan program intended for stealing users passwords.

Payload

Behaviour Description
EmailWorm Worm can send e-mails.


Process activity

The GenPack creates the following process(es):
No processes have been created.
The GenPack injects its code into the following process(es):

%original file name%.exe:3380

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:3380 makes changes in the file system.
The GenPack creates and/or writes to the following file(s):

C:\555.html (10 bytes)

Registry activity

The process %original file name%.exe:3380 makes changes in the system registry.
The GenPack creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Tracing\0ddc12a94dbef7379ceb53eacf7caaf9_RASAPI32]
"FileDirectory" = "%windir%\tracing"
"EnableFileTracing" = "0"
"FileTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Tracing\0ddc12a94dbef7379ceb53eacf7caaf9_RASMANCS]
"MaxFileSize" = "1048576"
"ConsoleTracingMask" = "4294901760"
"FileTracingMask" = "4294901760"
"EnableFileTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\0ddc12a94dbef7379ceb53eacf7caaf9_RASAPI32]
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Microsoft\Tracing\0ddc12a94dbef7379ceb53eacf7caaf9_RASMANCS]
"FileDirectory" = "%windir%\tracing"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3C 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Tracing\0ddc12a94dbef7379ceb53eacf7caaf9_RASMANCS]
"EnableConsoleTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\0ddc12a94dbef7379ceb53eacf7caaf9_RASAPI32]
"EnableConsoleTracing" = "0"

[HKCU\Software\Microsoft\Multimedia\DrawDib]
"vga.drv 1276x846x32(BGR 0)" = "31,31,31,31"

[HKLM\SOFTWARE\Microsoft\Tracing\0ddc12a94dbef7379ceb53eacf7caaf9_RASAPI32]
"ConsoleTracingMask" = "4294901760"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The GenPack deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

Dropped PE files

There are no dropped PE files.

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: ????
Product Name: ????
Product Version: 1.0.0.0
Legal Copyright: ???? ????
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 1.0.0.0
File Description: ????
Comments: ????
Language: Chinese (Simplified, PRC)

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
UPX0 4096 659456 0 0 d41d8cd98f00b204e9800998ecf8427e
UPX1 663552 315392 312832 5.54432 474be0fed5c30c86ffc69013108d5a22
.rsrc 978944 40960 37376 4.2357 6a494c861d67ab1341ca2c6ddc4d96c1

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL IP
hxxp://www.cpcc000.com/regcode.aspx?rnd=0.006449879250648105 119.28.78.235
hxxp://www.cpcc000.com/ajax/PassWordCode.ashx 119.28.78.235
hxxp://www.cpcc000.com/UserLogin.aspx?RequestLoginPage= 119.28.78.235
dns.msftncsi.com
wwww.tbd110.com


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /regcode.aspx?rnd=0.006449879250648105 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: hXXp://VVV.cpcc000.com/regcode.aspx?rnd=0.006449879250648105
Accept-Language: zh-cn
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Host: VVV.cpcc000.com
Cache-Control: no-cache


HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 1910
Content-Type: image/Jpeg; charset=utf-8
Expires: -1
Server: WWW Server/1.1
Set-Cookie: yunsuo_session_verify=cf63aef3cccfcfd8e3793ca7b2142dc2; expires=Tue, 30-May-17 17:20:36 GMT; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=tnf0ueqdoazb5z5dzahtnn1l; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId_UL=21a82783e61d970b26499d8fa9c582f2; expires=Sat, 27-May-2017 09:30:36 GMT; path=/
X-Powered-By: ASP.NET
X-Safe-Firewall: zhuji.360.cn 1.0.9.47 F1W1
Date: Sat, 27 May 2017 09:20:36 GMT
......JFIF.....`.`.....C................................... $.' ",#..(
7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222
222222222222222222222........2..".....................................
.......................}........!1A..Qa."q.2....#B...R..$3br........%&
'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz...........................
......................................................................
.............................w.......!1..AQ.aq."2...B.....#3R..br...$4
.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................
................................................................?..Kh4
.-5......q6...... (.0:...w...|c.mj.8......Z.....K..........pqQ. .....Q
K.[x.....M...6.w.X.... ..I...5..b.[O......4RX.uc....~.v...1..&..&.5...
.l....E...n...;..i......-.......]..RO..K......$..(4..Y.n..^Y.:N.......
..-.`>O.g..q...9 ...C.n....J..B_-<..1..x$..m..8......j.........Y
...}20..Rw1..@.P@..8..Z..W...k.{..^......~:.u...4}<.$...R..,.g.M...
.pBF6.....5n.:....A~.g....2..w...9.s......?.........8...y7.6.p.@.7#.\3
9......]...o%..N.l../.......0]........\......,...sR,. .......Y........
........uo.h.b6.h....K;B...[.....7......*.6.V..,l-l..\.l.T..d......UsJ
....mE..H-4.>.%.I,v...fc.H...s.t_`.P..-.JK...U.P..y......\.wm..VC..
..b.{.-,..p.. d..1....V..\..[i.....6&.).)K!.i%`.;.8...Q@.....<!DOCT
YPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "hXXp://VVV.w
3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http
://VVV.w3.org/1999/xhtml">..<head><title>..........
<<< skipped >>>

POST /ajax/PassWordCode.ashx HTTP/1.1


Cookie: yunsuo_session_verify=cf63aef3cccfcfd8e3793ca7b2142dc2; ASP.NET_SessionId=tnf0ueqdoazb5z5dzahtnn1l; ASP.NET_SessionId_UL=21a82783e61d970b26499d8fa9c582f2; 
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: hXXp://VVV.cpcc000.com/ajax/PassWordCode.ashx
Accept-Language: zh-cn
Content-Type: application/x-www-form-urlencoded
Content-Length: 12
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Host: VVV.cpcc000.com
Cache-Control: no-cache

RegCode=9037
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache,no-cache
Content-Length: 15
Content-Type: text/plain; charset=utf-8
Expires: -1
Server: WWW Server/1.1
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Safe-Firewall: zhuji.360.cn 1.0.9.47 F1W1
Date: Sat, 27 May 2017 09:20:38 GMT
{"message":"0"}....


POST /UserLogin.aspx?RequestLoginPage= HTTP/1.1


Cookie: yunsuo_session_verify=cf63aef3cccfcfd8e3793ca7b2142dc2; ASP.NET_SessionId=tnf0ueqdoazb5z5dzahtnn1l; ASP.NET_SessionId_UL=21a82783e61d970b26499d8fa9c582f2; 
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: hXXp://VVV.cpcc000.com/UserLogin.aspx?RequestLoginPage=
Accept-Language: zh-cn
Content-Type: application/x-www-form-urlencoded
Content-Length: 103
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Host: VVV.cpcc000.com
Cache-Control: no-cache

__EVENTTARGET=btnLogin&__EVENTARGUMENT=&__VIEWSTATE=&tbUserName=??888&tbPassWord=zny168168&hLogin=0
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 10464
Content-Type: text/html; charset=utf-8
Server: WWW Server/1.1
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Safe-Firewall: zhuji.360.cn 1.0.9.47 F1W1
Date: Sat, 27 May 2017 09:20:38 GMT
..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "h
ttp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html 
xmlns="hXXp://VVV.w3.org/1999/xhtml">..<head id="Head1"><t
itle>............... -..       ..</title><link href="Style
/login.css" rel="stylesheet" type="text/css" />..    <style type
="text/css">..        #btnLogin{ display:none; }..        #showUser
Name img,#showPassWord img{ display:none; }..    </style>..    &
lt;link rel="shortcut icon" href="favicon.ico" /></head>..<
;body>..    <form name="form1" method="post" action="UserLogin.a
spx?RequestLoginPage=" id="form1">..<input type="hidden" name="_
_EVENTTARGET" id="__EVENTTARGET" value="" />..<input type="hidde
n" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />..<inp
ut type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKMT
cwMjUzMTg5Mg9kFgICAw9kFgICAw8WAh4JaW5uZXJodG1sBRjnlKjmiLflkI3miJblr4bn
oIHplJnor69kZGeW2Giv7Ns5dPFFxvlOsbzac/YO" />..<script type="text
/javascript">..<!--..var theForm = document.forms['form1'];..if 
(!theForm) {..    theForm = document.form1;..}..function __doPostBack(
eventTarget, eventArgument) {..    if (!theForm.onsubmit || (theForm.o
nsubmit() != false)) {..        theForm.__EVENTTARGET.value = eventTar
get;..        theForm.__EVENTARGUMENT.value = eventArgument;..        
theForm.submit();..    }..}..// -->..</script>....<input t
ype="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR"
<<< skipped >>>

The GenPack connects to the servers at the folowing location(s):

%original file name%.exe_3380:

`.rsrc
huG?iu2.iu
CCmdTarget
%*.*f
CNotSupportedException
commctrl_DragListMsg
COMCTL32.DLL
ole32.dll
__MSVCRT_HEAP_SELECT
user32.dll
phlpapi.dll
OLEPRO32.DLL
OLEAUT32.dll
PR.dll
VERSION.dll
comdlg32.dll
TSocket.dll
.text
`.rdata
@.data
.rsrc
@.reloc
operator
GetProcessWindowStation
0.0.0.0
D:\MyWork\Cpp\HP-Socket\Bin\HPSocket4C\x86\HPSocket4C.pdb
CreateIoCompletionPort
KERNEL32.dll
MsgWaitForMultipleObjectsEx
USER32.dll
WINMM.dll
WS2_32.dll
GetProcessHeap
GetCPInfo
HPSocket4C.dll
Create_HP_TcpAgent
Create_HP_TcpAgentListener
Create_HP_TcpClient
Create_HP_TcpClientListener
Create_HP_TcpPullAgent
Create_HP_TcpPullAgentListener
Create_HP_TcpPullClient
Create_HP_TcpPullClientListener
Create_HP_TcpPullServer
Create_HP_TcpPullServerListener
Create_HP_TcpServer
Create_HP_TcpServerListener
Create_HP_UdpCast
Create_HP_UdpCastListener
Create_HP_UdpClient
Create_HP_UdpClientListener
Create_HP_UdpServer
Create_HP_UdpServerListener
Destroy_HP_TcpAgent
Destroy_HP_TcpAgentListener
Destroy_HP_TcpClient
Destroy_HP_TcpClientListener
Destroy_HP_TcpPullAgent
Destroy_HP_TcpPullAgentListener
Destroy_HP_TcpPullClient
Destroy_HP_TcpPullClientListener
Destroy_HP_TcpPullServer
Destroy_HP_TcpPullServerListener
Destroy_HP_TcpServer
Destroy_HP_TcpServerListener
Destroy_HP_UdpCast
Destroy_HP_UdpCastListener
Destroy_HP_UdpClient
Destroy_HP_UdpClientListener
Destroy_HP_UdpServer
Destroy_HP_UdpServerListener
HP_TcpAgent_GetKeepAliveInterval
HP_TcpAgent_GetKeepAliveTime
HP_TcpAgent_GetSocketBufferSize
HP_TcpAgent_IsReuseAddress
HP_TcpAgent_SendSmallFile
HP_TcpAgent_SetKeepAliveInterval
HP_TcpAgent_SetKeepAliveTime
HP_TcpAgent_SetReuseAddress
HP_TcpAgent_SetSocketBufferSize
HP_TcpClient_GetKeepAliveInterval
HP_TcpClient_GetKeepAliveTime
HP_TcpClient_GetSocketBufferSize
HP_TcpClient_SendSmallFile
HP_TcpClient_SetKeepAliveInterval
HP_TcpClient_SetKeepAliveTime
HP_TcpClient_SetSocketBufferSize
HP_TcpPullAgent_Fetch
HP_TcpPullAgent_Peek
HP_TcpPullClient_Fetch
HP_TcpPullClient_Peek
HP_TcpPullServer_Fetch
HP_TcpPullServer_Peek
HP_TcpServer_GetAcceptSocketCount
HP_TcpServer_GetKeepAliveInterval
HP_TcpServer_GetKeepAliveTime
HP_TcpServer_GetSocketBufferSize
HP_TcpServer_GetSocketListenQueue
HP_TcpServer_SendSmallFile
HP_TcpServer_SetAcceptSocketCount
HP_TcpServer_SetKeepAliveInterval
HP_TcpServer_SetKeepAliveTime
HP_TcpServer_SetSocketBufferSize
HP_TcpServer_SetSocketListenQueue
HP_UdpCast_GetBindAdddress
HP_UdpCast_GetCastMode
HP_UdpCast_GetMaxDatagramSize
HP_UdpCast_GetMultiCastTtl
HP_UdpCast_GetRemoteAddress
HP_UdpCast_IsMultiCastLoop
HP_UdpCast_IsReuseAddress
HP_UdpCast_SetBindAdddress
HP_UdpCast_SetCastMode
HP_UdpCast_SetMaxDatagramSize
HP_UdpCast_SetMultiCastLoop
HP_UdpCast_SetMultiCastTtl
HP_UdpCast_SetReuseAddress
HP_UdpClient_GetDetectAttempts
HP_UdpClient_GetDetectInterval
HP_UdpClient_GetMaxDatagramSize
HP_UdpClient_SetDetectAttempts
HP_UdpClient_SetDetectInterval
HP_UdpClient_SetMaxDatagramSize
HP_UdpServer_GetDetectAttempts
HP_UdpServer_GetDetectInterval
HP_UdpServer_GetMaxDatagramSize
HP_UdpServer_GetPostReceiveCount
HP_UdpServer_SetDetectAttempts
HP_UdpServer_SetDetectInterval
HP_UdpServer_SetMaxDatagramSize
HP_UdpServer_SetPostReceiveCount
_Create_HP_TcpAgent@4
_Create_HP_TcpAgentListener@0
_Create_HP_TcpClient@4
_Create_HP_TcpClientListener@0
_Create_HP_TcpPullAgent@4
_Create_HP_TcpPullAgentListener@0
_Create_HP_TcpPullClient@4
_Create_HP_TcpPullClientListener@0
_Create_HP_TcpPullServer@4
_Create_HP_TcpPullServerListener@0
_Create_HP_TcpServer@4
_Create_HP_TcpServerListener@0
_Create_HP_UdpCast@4
_Create_HP_UdpCastListener@0
_Create_HP_UdpClient@4
_Create_HP_UdpClientListener@0
_Create_HP_UdpServer@4
_Create_HP_UdpServerListener@0
_Destroy_HP_TcpAgent@4
_Destroy_HP_TcpAgentListener@4
_Destroy_HP_TcpClient@4
_Destroy_HP_TcpClientListener@4
_Destroy_HP_TcpPullAgent@4
_Destroy_HP_TcpPullAgentListener@4
_Destroy_HP_TcpPullClient@4
_Destroy_HP_TcpPullClientListener@4
_Destroy_HP_TcpPullServer@4
_Destroy_HP_TcpPullServerListener@4
_Destroy_HP_TcpServer@4
_Destroy_HP_TcpServerListener@4
_Destroy_HP_UdpCast@4
_Destroy_HP_UdpCastListener@4
_Destroy_HP_UdpClient@4
_Destroy_HP_UdpClientListener@4
_Destroy_HP_UdpServer@4
_Destroy_HP_UdpServerListener@4
_HP_TcpAgent_GetKeepAliveInterval@4
_HP_TcpAgent_GetKeepAliveTime@4
_HP_TcpAgent_GetSocketBufferSize@4
_HP_TcpAgent_IsReuseAddress@4
_HP_TcpAgent_SendSmallFile@20
_HP_TcpAgent_SetKeepAliveInterval@8
_HP_TcpAgent_SetKeepAliveTime@8
_HP_TcpAgent_SetReuseAddress@8
_HP_TcpAgent_SetSocketBufferSize@8
_HP_TcpClient_GetKeepAliveInterval@4
_HP_TcpClient_GetKeepAliveTime@4
_HP_TcpClient_GetSocketBufferSize@4
_HP_TcpClient_SendSmallFile@16
_HP_TcpClient_SetKeepAliveInterval@8
_HP_TcpClient_SetKeepAliveTime@8
_HP_TcpClient_SetSocketBufferSize@8
_HP_TcpPullAgent_Fetch@16
_HP_TcpPullAgent_Peek@16
_HP_TcpPullClient_Fetch@12
_HP_TcpPullClient_Peek@12
_HP_TcpPullServer_Fetch@16
_HP_TcpPullServer_Peek@16
_HP_TcpServer_GetAcceptSocketCount@4
_HP_TcpServer_GetKeepAliveInterval@4
_HP_TcpServer_GetKeepAliveTime@4
_HP_TcpServer_GetSocketBufferSize@4
_HP_TcpServer_GetSocketListenQueue@4
_HP_TcpServer_SendSmallFile@20
_HP_TcpServer_SetAcceptSocketCount@8
_HP_TcpServer_SetKeepAliveInterval@8
_HP_TcpServer_SetKeepAliveTime@8
_HP_TcpServer_SetSocketBufferSize@8
_HP_TcpServer_SetSocketListenQueue@8
_HP_UdpCast_GetBindAdddress@4
_HP_UdpCast_GetCastMode@4
_HP_UdpCast_GetMaxDatagramSize@4
_HP_UdpCast_GetMultiCastTtl@4
_HP_UdpCast_GetRemoteAddress@16
_HP_UdpCast_IsMultiCastLoop@4
_HP_UdpCast_IsReuseAddress@4
_HP_UdpCast_SetBindAdddress@8
_HP_UdpCast_SetCastMode@8
_HP_UdpCast_SetMaxDatagramSize@8
_HP_UdpCast_SetMultiCastLoop@8
_HP_UdpCast_SetMultiCastTtl@8
_HP_UdpCast_SetReuseAddress@8
_HP_UdpClient_GetDetectAttempts@4
_HP_UdpClient_GetDetectInterval@4
_HP_UdpClient_GetMaxDatagramSize@4
_HP_UdpClient_SetDetectAttempts@8
_HP_UdpClient_SetDetectInterval@8
_HP_UdpClient_SetMaxDatagramSize@8
_HP_UdpServer_GetDetectAttempts@4
_HP_UdpServer_GetDetectInterval@4
_HP_UdpServer_GetMaxDatagramSize@4
_HP_UdpServer_GetPostReceiveCount@4
_HP_UdpServer_SetDetectAttempts@8
_HP_UdpServer_SetDetectInterval@8
_HP_UdpServer_SetMaxDatagramSize@8
_HP_UdpServer_SetPostReceiveCount@8
.?AVC_HP_UdpCast@@
.?AVC_HP_UdpClient@@
.?AVC_HP_TcpPullClient@@
.?AVC_HP_TcpClient@@
.?AVC_HP_TcpPullAgent@@
.?AVC_HP_TcpAgent@@
.?AVC_HP_UdpServer@@
.?AVC_HP_TcpPullServer@@
.?AVC_HP_TcpServer@@
.?AVCUdpCast@@
.?AVCUdpClient@@
.?AVCUdpServer@@
.?AVCTcpPullAgent@@
.?AVCTcpPullClient@@
.?AVCTcpPullServer@@
.?AVCTcpAgent@@
.?AVCTcpClient@@
.?AVCTcpServer@@
.?AVIUdpCast@@
.?AVIUdpClient@@
.?AVITcpClient@@
.?AVITcpAgent@@
.?AVIUdpServer@@
.?AVITcpServer@@
zcÁ
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
=&>5>^>{>
5 5$5(5,5
4%8U8_8j8
2 2$2(24282<2
3 3$3(3,303
kernel32.dll
x:\x.dll
Dwmapi.dll
.rb)6t$`6
wI.VAj
.CR7C- G
!"#$%&'()* ,-./
|.DLL@&
C:\Ks\BLACK\8
.pdbk
KERNEL32.DLL
E_Loader.dll
wVVV.tbd110.com:8090
hXXp://
Windows
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
cmd.exe /c start "" "
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE\PATH
cmd /c del "
SOFTWARE\Microsoft\Windows\Man
Windows NT
Windows 2000
Windows XP
Windows XP x64
Windows 2003
Windows Vista
Windows Server 2008
Windows 7
Windows 95
Windows 98
Windows ME
csdl.dat
PZcPcsdl.txt
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CURRENT_CONFIG
HKEY_CLASSES_ROOT
HKEY_USERS
Kernel32.dll
%System%\
cmd.exe
4@TCP|
PZZPRUDP|
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
GDI32.DLL
USER32.DLL
SHELL32.DLL
ADVAPI32.DLL
MPR.DLL
WINMM.DLL
:VVV.itx86.com QQ:664330793)
application/x-www-form-urlencoded
hXXps://
HTTP/1.1
@{557CF401-1A04-11D3-9A73-0000F81EF32E}
{557CF406-1A04-11D3-9A73-0000F81EF32E}
{1d5be4b5-fa4a-452d-9cdd-5db35105e7eb}
gdiplus.dll
User32.dll
ntdll.dll
ws2_32.dll
shell32.dll
shlwapi.dll
advapi32.dll
Advapi32.dll
winmm.dll
WinINet.dll
wininet.dll
?TSocket.dll
MsgWaitForMultipleObjects
keybd_event
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegCreateKeyA
RegDeleteKeyA
RegOpenKeyA
EnumWindows
WinExec
GetKeyState
GetAsyncKeyState
CreatePipe
OpenWindowStationA
SetProcessWindowStation
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
program internal error number is %d.
:"%s"
:"%s".
1.1.3
;3 #>6.&
'2, / 0&7!4-)1#
%s <%s>
Reply-To: %s
From: %s
To: %s
Subject: %s
Date: %s
Cc: %s
%a, %d %b %Y %H:%M:%S
SMTP
packet.dll
.?AVCCmdTarget@@
.PAVCException@@
.?AVCCmdUI@@
.PAVCObject@@
.PAVCSimpleException@@
.PAVCUserException@@
.PAVCArchiveException@@
.PAVCMemoryException@@
.?AVCNotSupportedException@@
.?AVCTestCmdUI@@
c:\%original file name%.exe
RegCreateKeyExA
SetViewportExtEx
ScaleViewportExtEx
SetViewportOrgEx
OffsetViewportOrgEx
ShellExecuteA
ExitWindowsEx
SetWindowsHookExA
UnhookWindowsHookEx
CreateDialogIndirectParamA
.rdata
version="1.0.0.0"
name="Company.Product.Name"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
ADVAPI32.dll
COMCTL32.dll
GDI32.dll
oledlg.dll
RASAPI32.dll
SHELL32.dll
SHLWAPI.dll
WININET.dll
WINSPOOL.DRV
mscoree.dll
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
WUSER32.DLL
3.3.1
hXXp://VVV.jessma.org
1.0.0.0

%original file name%.exe_3380_rwx_003E0000_00018000:

`.rsrc
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
GetProcessWindowStation
USER32.DLL
operator
C:\Users\BLACK\Desktop\E_Loader 1.0\Release\E_Loader.pdb
E_Loader.dll
c:\%original file name%.exe
GetCPInfo
.text
`.rdata
@.data
.rsrc
@.reloc
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
KERNEL32.DLL
kernel32.dll
mscoree.dll

%original file name%.exe_3380_rwx_00401000_000EC000:

huG?iu2.iu
CCmdTarget
%*.*f
CNotSupportedException
commctrl_DragListMsg
COMCTL32.DLL
ole32.dll
__MSVCRT_HEAP_SELECT
user32.dll
phlpapi.dll
OLEPRO32.DLL
OLEAUT32.dll
PR.dll
VERSION.dll
comdlg32.dll
TSocket.dll
.text
`.rdata
@.data
.rsrc
@.reloc
operator
GetProcessWindowStation
0.0.0.0
D:\MyWork\Cpp\HP-Socket\Bin\HPSocket4C\x86\HPSocket4C.pdb
CreateIoCompletionPort
KERNEL32.dll
MsgWaitForMultipleObjectsEx
USER32.dll
WINMM.dll
WS2_32.dll
GetProcessHeap
GetCPInfo
HPSocket4C.dll
Create_HP_TcpAgent
Create_HP_TcpAgentListener
Create_HP_TcpClient
Create_HP_TcpClientListener
Create_HP_TcpPullAgent
Create_HP_TcpPullAgentListener
Create_HP_TcpPullClient
Create_HP_TcpPullClientListener
Create_HP_TcpPullServer
Create_HP_TcpPullServerListener
Create_HP_TcpServer
Create_HP_TcpServerListener
Create_HP_UdpCast
Create_HP_UdpCastListener
Create_HP_UdpClient
Create_HP_UdpClientListener
Create_HP_UdpServer
Create_HP_UdpServerListener
Destroy_HP_TcpAgent
Destroy_HP_TcpAgentListener
Destroy_HP_TcpClient
Destroy_HP_TcpClientListener
Destroy_HP_TcpPullAgent
Destroy_HP_TcpPullAgentListener
Destroy_HP_TcpPullClient
Destroy_HP_TcpPullClientListener
Destroy_HP_TcpPullServer
Destroy_HP_TcpPullServerListener
Destroy_HP_TcpServer
Destroy_HP_TcpServerListener
Destroy_HP_UdpCast
Destroy_HP_UdpCastListener
Destroy_HP_UdpClient
Destroy_HP_UdpClientListener
Destroy_HP_UdpServer
Destroy_HP_UdpServerListener
HP_TcpAgent_GetKeepAliveInterval
HP_TcpAgent_GetKeepAliveTime
HP_TcpAgent_GetSocketBufferSize
HP_TcpAgent_IsReuseAddress
HP_TcpAgent_SendSmallFile
HP_TcpAgent_SetKeepAliveInterval
HP_TcpAgent_SetKeepAliveTime
HP_TcpAgent_SetReuseAddress
HP_TcpAgent_SetSocketBufferSize
HP_TcpClient_GetKeepAliveInterval
HP_TcpClient_GetKeepAliveTime
HP_TcpClient_GetSocketBufferSize
HP_TcpClient_SendSmallFile
HP_TcpClient_SetKeepAliveInterval
HP_TcpClient_SetKeepAliveTime
HP_TcpClient_SetSocketBufferSize
HP_TcpPullAgent_Fetch
HP_TcpPullAgent_Peek
HP_TcpPullClient_Fetch
HP_TcpPullClient_Peek
HP_TcpPullServer_Fetch
HP_TcpPullServer_Peek
HP_TcpServer_GetAcceptSocketCount
HP_TcpServer_GetKeepAliveInterval
HP_TcpServer_GetKeepAliveTime
HP_TcpServer_GetSocketBufferSize
HP_TcpServer_GetSocketListenQueue
HP_TcpServer_SendSmallFile
HP_TcpServer_SetAcceptSocketCount
HP_TcpServer_SetKeepAliveInterval
HP_TcpServer_SetKeepAliveTime
HP_TcpServer_SetSocketBufferSize
HP_TcpServer_SetSocketListenQueue
HP_UdpCast_GetBindAdddress
HP_UdpCast_GetCastMode
HP_UdpCast_GetMaxDatagramSize
HP_UdpCast_GetMultiCastTtl
HP_UdpCast_GetRemoteAddress
HP_UdpCast_IsMultiCastLoop
HP_UdpCast_IsReuseAddress
HP_UdpCast_SetBindAdddress
HP_UdpCast_SetCastMode
HP_UdpCast_SetMaxDatagramSize
HP_UdpCast_SetMultiCastLoop
HP_UdpCast_SetMultiCastTtl
HP_UdpCast_SetReuseAddress
HP_UdpClient_GetDetectAttempts
HP_UdpClient_GetDetectInterval
HP_UdpClient_GetMaxDatagramSize
HP_UdpClient_SetDetectAttempts
HP_UdpClient_SetDetectInterval
HP_UdpClient_SetMaxDatagramSize
HP_UdpServer_GetDetectAttempts
HP_UdpServer_GetDetectInterval
HP_UdpServer_GetMaxDatagramSize
HP_UdpServer_GetPostReceiveCount
HP_UdpServer_SetDetectAttempts
HP_UdpServer_SetDetectInterval
HP_UdpServer_SetMaxDatagramSize
HP_UdpServer_SetPostReceiveCount
_Create_HP_TcpAgent@4
_Create_HP_TcpAgentListener@0
_Create_HP_TcpClient@4
_Create_HP_TcpClientListener@0
_Create_HP_TcpPullAgent@4
_Create_HP_TcpPullAgentListener@0
_Create_HP_TcpPullClient@4
_Create_HP_TcpPullClientListener@0
_Create_HP_TcpPullServer@4
_Create_HP_TcpPullServerListener@0
_Create_HP_TcpServer@4
_Create_HP_TcpServerListener@0
_Create_HP_UdpCast@4
_Create_HP_UdpCastListener@0
_Create_HP_UdpClient@4
_Create_HP_UdpClientListener@0
_Create_HP_UdpServer@4
_Create_HP_UdpServerListener@0
_Destroy_HP_TcpAgent@4
_Destroy_HP_TcpAgentListener@4
_Destroy_HP_TcpClient@4
_Destroy_HP_TcpClientListener@4
_Destroy_HP_TcpPullAgent@4
_Destroy_HP_TcpPullAgentListener@4
_Destroy_HP_TcpPullClient@4
_Destroy_HP_TcpPullClientListener@4
_Destroy_HP_TcpPullServer@4
_Destroy_HP_TcpPullServerListener@4
_Destroy_HP_TcpServer@4
_Destroy_HP_TcpServerListener@4
_Destroy_HP_UdpCast@4
_Destroy_HP_UdpCastListener@4
_Destroy_HP_UdpClient@4
_Destroy_HP_UdpClientListener@4
_Destroy_HP_UdpServer@4
_Destroy_HP_UdpServerListener@4
_HP_TcpAgent_GetKeepAliveInterval@4
_HP_TcpAgent_GetKeepAliveTime@4
_HP_TcpAgent_GetSocketBufferSize@4
_HP_TcpAgent_IsReuseAddress@4
_HP_TcpAgent_SendSmallFile@20
_HP_TcpAgent_SetKeepAliveInterval@8
_HP_TcpAgent_SetKeepAliveTime@8
_HP_TcpAgent_SetReuseAddress@8
_HP_TcpAgent_SetSocketBufferSize@8
_HP_TcpClient_GetKeepAliveInterval@4
_HP_TcpClient_GetKeepAliveTime@4
_HP_TcpClient_GetSocketBufferSize@4
_HP_TcpClient_SendSmallFile@16
_HP_TcpClient_SetKeepAliveInterval@8
_HP_TcpClient_SetKeepAliveTime@8
_HP_TcpClient_SetSocketBufferSize@8
_HP_TcpPullAgent_Fetch@16
_HP_TcpPullAgent_Peek@16
_HP_TcpPullClient_Fetch@12
_HP_TcpPullClient_Peek@12
_HP_TcpPullServer_Fetch@16
_HP_TcpPullServer_Peek@16
_HP_TcpServer_GetAcceptSocketCount@4
_HP_TcpServer_GetKeepAliveInterval@4
_HP_TcpServer_GetKeepAliveTime@4
_HP_TcpServer_GetSocketBufferSize@4
_HP_TcpServer_GetSocketListenQueue@4
_HP_TcpServer_SendSmallFile@20
_HP_TcpServer_SetAcceptSocketCount@8
_HP_TcpServer_SetKeepAliveInterval@8
_HP_TcpServer_SetKeepAliveTime@8
_HP_TcpServer_SetSocketBufferSize@8
_HP_TcpServer_SetSocketListenQueue@8
_HP_UdpCast_GetBindAdddress@4
_HP_UdpCast_GetCastMode@4
_HP_UdpCast_GetMaxDatagramSize@4
_HP_UdpCast_GetMultiCastTtl@4
_HP_UdpCast_GetRemoteAddress@16
_HP_UdpCast_IsMultiCastLoop@4
_HP_UdpCast_IsReuseAddress@4
_HP_UdpCast_SetBindAdddress@8
_HP_UdpCast_SetCastMode@8
_HP_UdpCast_SetMaxDatagramSize@8
_HP_UdpCast_SetMultiCastLoop@8
_HP_UdpCast_SetMultiCastTtl@8
_HP_UdpCast_SetReuseAddress@8
_HP_UdpClient_GetDetectAttempts@4
_HP_UdpClient_GetDetectInterval@4
_HP_UdpClient_GetMaxDatagramSize@4
_HP_UdpClient_SetDetectAttempts@8
_HP_UdpClient_SetDetectInterval@8
_HP_UdpClient_SetMaxDatagramSize@8
_HP_UdpServer_GetDetectAttempts@4
_HP_UdpServer_GetDetectInterval@4
_HP_UdpServer_GetMaxDatagramSize@4
_HP_UdpServer_GetPostReceiveCount@4
_HP_UdpServer_SetDetectAttempts@8
_HP_UdpServer_SetDetectInterval@8
_HP_UdpServer_SetMaxDatagramSize@8
_HP_UdpServer_SetPostReceiveCount@8
.?AVC_HP_UdpCast@@
.?AVC_HP_UdpClient@@
.?AVC_HP_TcpPullClient@@
.?AVC_HP_TcpClient@@
.?AVC_HP_TcpPullAgent@@
.?AVC_HP_TcpAgent@@
.?AVC_HP_UdpServer@@
.?AVC_HP_TcpPullServer@@
.?AVC_HP_TcpServer@@
.?AVCUdpCast@@
.?AVCUdpClient@@
.?AVCUdpServer@@
.?AVCTcpPullAgent@@
.?AVCTcpPullClient@@
.?AVCTcpPullServer@@
.?AVCTcpAgent@@
.?AVCTcpClient@@
.?AVCTcpServer@@
.?AVIUdpCast@@
.?AVIUdpClient@@
.?AVITcpClient@@
.?AVITcpAgent@@
.?AVIUdpServer@@
.?AVITcpServer@@
zcÁ
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
=&>5>^>{>
5 5$5(5,5
4%8U8_8j8
2 2$2(24282<2
3 3$3(3,303
kernel32.dll
x:\x.dll
Dwmapi.dll
.rb)6t$`6
wI.VAj
.CR7C- G
!"#$%&'()* ,-./
|.DLL@&
C:\Ks\BLACK\8
.pdbk
KERNEL32.DLL
E_Loader.dll
wVVV.tbd110.com:8090
hXXp://
Windows
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
cmd.exe /c start "" "
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE\PATH
cmd /c del "
SOFTWARE\Microsoft\Windows\Man
Windows NT
Windows 2000
Windows XP
Windows XP x64
Windows 2003
Windows Vista
Windows Server 2008
Windows 7
Windows 95
Windows 98
Windows ME
csdl.dat
PZcPcsdl.txt
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CURRENT_CONFIG
HKEY_CLASSES_ROOT
HKEY_USERS
Kernel32.dll
%System%\
cmd.exe
4@TCP|
PZZPRUDP|
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
GDI32.DLL
USER32.DLL
SHELL32.DLL
ADVAPI32.DLL
MPR.DLL
WINMM.DLL
:VVV.itx86.com QQ:664330793)
application/x-www-form-urlencoded
hXXps://
HTTP/1.1
@{557CF401-1A04-11D3-9A73-0000F81EF32E}
{557CF406-1A04-11D3-9A73-0000F81EF32E}
{1d5be4b5-fa4a-452d-9cdd-5db35105e7eb}
gdiplus.dll
User32.dll
ntdll.dll
ws2_32.dll
shell32.dll
shlwapi.dll
advapi32.dll
Advapi32.dll
winmm.dll
WinINet.dll
wininet.dll
?TSocket.dll
MsgWaitForMultipleObjects
keybd_event
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegCreateKeyA
RegDeleteKeyA
RegOpenKeyA
EnumWindows
WinExec
GetKeyState
GetAsyncKeyState
CreatePipe
OpenWindowStationA
SetProcessWindowStation
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
program internal error number is %d.
:"%s"
:"%s".
1.1.3
;3 #>6.&
'2, / 0&7!4-)1#
%s <%s>
Reply-To: %s
From: %s
To: %s
Subject: %s
Date: %s
Cc: %s
%a, %d %b %Y %H:%M:%S
SMTP
packet.dll
.?AVCCmdTarget@@
.PAVCException@@
.?AVCCmdUI@@
.PAVCObject@@
.PAVCSimpleException@@
.PAVCUserException@@
.PAVCArchiveException@@
.PAVCMemoryException@@
.?AVCNotSupportedException@@
.?AVCTestCmdUI@@
c:\%original file name%.exe
RegCreateKeyExA
SetViewportExtEx
ScaleViewportExtEx
SetViewportOrgEx
OffsetViewportOrgEx
ShellExecuteA
ExitWindowsEx
SetWindowsHookExA
UnhookWindowsHookEx
CreateDialogIndirectParamA
.rdata
mscoree.dll
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
WUSER32.DLL
3.3.1
hXXp://VVV.jessma.org

%original file name%.exe_3380_rwx_01340000_0003E000:

`.rsrc
L$(h%f
SSh0j
hu2.iu
msctls_hotkey32
TVCLHotKey
THotKey
\skinh.she
}uo,x6l5k%x-l h
9p%s m)t4`#b
e"m?c&y1`Ð<
SetViewportOrgEx
SetViewportExtEx
SetWindowsHookExA
UnhookWindowsHookEx
EnumThreadWindows
EnumChildWindows
`c%US.4/
!#$<#$#=
.text
`.rdata
@.data
.rsrc
@.UPX0
`.UPX1
`.reloc
hJK.ZH
O.qt0
KERNEL32.DLL
COMCTL32.dll
GDI32.dll
MSIMG32.dll
MSVCRT.dll
MSVFW32.dll
USER32.dll
SkinH_EL.dll
1, 0, 6, 6
- Skin.dll

%original file name%.exe_3380_rwx_01430000_0004B000:

`.rsrc
LEAUT32.dll
Local Settings\Temporary Internet Files\Content.IE5
$@15638236
{557CF400-1A04-11D3-9A73-0000F81EF32E}
{557CF401-1A04-11D3-9A73-0000F81EF32E}
{557CF402-1A04-11D3-9A73-0000F81EF32E}
{557CF405-1A04-11D3-9A73-0000F81EF32E}
{557CF406-1A04-11D3-9A73-0000F81EF32E}
{6AEDBD6D-3FB5-418A-83A6-7F45229DC872}
program internal error number is %d. (0x%Xh)
GetProcessHeap
GdiplusShutdown
GetUrlCacheEntryInfoA
.RH(H1
&33827272
.text
`.rdata
@.data
.rsrc
.reloc
<V2WO.XjW2%
EAUT32.dllI
7*s %d. (0x%X
IsBad.adPtr,9
lvrcpyn.nbal
.tiBy
t1lusShuI
AUrl
KERNEL32.DLL
GDI32.dll
gdiplus.dll
MSVCRT.dll
ole32.dll
SHELL32.dll
SHLWAPI.dll
USER32.dll
WININET.dll
AntiVC.dll
2,3,1,1208
yadinae@qq.com

%original file name%.exe_3380_rwx_014C0000_00018000:

`.rsrc
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
GetProcessWindowStation
USER32.DLL
operator
C:\Users\BLACK\Desktop\E_Loader 1.0\Release\E_Loader.pdb
E_Loader.dll
c:\%original file name%.exe
GetCPInfo
.text
`.rdata
@.data
.rsrc
@.reloc
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
KERNEL32.DLL
kernel32.dll
mscoree.dll

%original file name%.exe_3380_rwx_01D20000_00034000:

.text
`.rdata
@.data
.rsrc
@.reloc
iu2.iui
operator
GetProcessWindowStation
0.0.0.0
D:\MyWork\Cpp\HP-Socket\Bin\HPSocket4C\x86\HPSocket4C.pdb
CreateIoCompletionPort
KERNEL32.dll
MsgWaitForMultipleObjectsEx
USER32.dll
WINMM.dll
WS2_32.dll
GetProcessHeap
GetCPInfo
HPSocket4C.dll
Create_HP_TcpAgent
Create_HP_TcpAgentListener
Create_HP_TcpClient
Create_HP_TcpClientListener
Create_HP_TcpPullAgent
Create_HP_TcpPullAgentListener
Create_HP_TcpPullClient
Create_HP_TcpPullClientListener
Create_HP_TcpPullServer
Create_HP_TcpPullServerListener
Create_HP_TcpServer
Create_HP_TcpServerListener
Create_HP_UdpCast
Create_HP_UdpCastListener
Create_HP_UdpClient
Create_HP_UdpClientListener
Create_HP_UdpServer
Create_HP_UdpServerListener
Destroy_HP_TcpAgent
Destroy_HP_TcpAgentListener
Destroy_HP_TcpClient
Destroy_HP_TcpClientListener
Destroy_HP_TcpPullAgent
Destroy_HP_TcpPullAgentListener
Destroy_HP_TcpPullClient
Destroy_HP_TcpPullClientListener
Destroy_HP_TcpPullServer
Destroy_HP_TcpPullServerListener
Destroy_HP_TcpServer
Destroy_HP_TcpServerListener
Destroy_HP_UdpCast
Destroy_HP_UdpCastListener
Destroy_HP_UdpClient
Destroy_HP_UdpClientListener
Destroy_HP_UdpServer
Destroy_HP_UdpServerListener
HP_TcpAgent_GetKeepAliveInterval
HP_TcpAgent_GetKeepAliveTime
HP_TcpAgent_GetSocketBufferSize
HP_TcpAgent_IsReuseAddress
HP_TcpAgent_SendSmallFile
HP_TcpAgent_SetKeepAliveInterval
HP_TcpAgent_SetKeepAliveTime
HP_TcpAgent_SetReuseAddress
HP_TcpAgent_SetSocketBufferSize
HP_TcpClient_GetKeepAliveInterval
HP_TcpClient_GetKeepAliveTime
HP_TcpClient_GetSocketBufferSize
HP_TcpClient_SendSmallFile
HP_TcpClient_SetKeepAliveInterval
HP_TcpClient_SetKeepAliveTime
HP_TcpClient_SetSocketBufferSize
HP_TcpPullAgent_Fetch
HP_TcpPullAgent_Peek
HP_TcpPullClient_Fetch
HP_TcpPullClient_Peek
HP_TcpPullServer_Fetch
HP_TcpPullServer_Peek
HP_TcpServer_GetAcceptSocketCount
HP_TcpServer_GetKeepAliveInterval
HP_TcpServer_GetKeepAliveTime
HP_TcpServer_GetSocketBufferSize
HP_TcpServer_GetSocketListenQueue
HP_TcpServer_SendSmallFile
HP_TcpServer_SetAcceptSocketCount
HP_TcpServer_SetKeepAliveInterval
HP_TcpServer_SetKeepAliveTime
HP_TcpServer_SetSocketBufferSize
HP_TcpServer_SetSocketListenQueue
HP_UdpCast_GetBindAdddress
HP_UdpCast_GetCastMode
HP_UdpCast_GetMaxDatagramSize
HP_UdpCast_GetMultiCastTtl
HP_UdpCast_GetRemoteAddress
HP_UdpCast_IsMultiCastLoop
HP_UdpCast_IsReuseAddress
HP_UdpCast_SetBindAdddress
HP_UdpCast_SetCastMode
HP_UdpCast_SetMaxDatagramSize
HP_UdpCast_SetMultiCastLoop
HP_UdpCast_SetMultiCastTtl
HP_UdpCast_SetReuseAddress
HP_UdpClient_GetDetectAttempts
HP_UdpClient_GetDetectInterval
HP_UdpClient_GetMaxDatagramSize
HP_UdpClient_SetDetectAttempts
HP_UdpClient_SetDetectInterval
HP_UdpClient_SetMaxDatagramSize
HP_UdpServer_GetDetectAttempts
HP_UdpServer_GetDetectInterval
HP_UdpServer_GetMaxDatagramSize
HP_UdpServer_GetPostReceiveCount
HP_UdpServer_SetDetectAttempts
HP_UdpServer_SetDetectInterval
HP_UdpServer_SetMaxDatagramSize
HP_UdpServer_SetPostReceiveCount
_Create_HP_TcpAgent@4
_Create_HP_TcpAgentListener@0
_Create_HP_TcpClient@4
_Create_HP_TcpClientListener@0
_Create_HP_TcpPullAgent@4
_Create_HP_TcpPullAgentListener@0
_Create_HP_TcpPullClient@4
_Create_HP_TcpPullClientListener@0
_Create_HP_TcpPullServer@4
_Create_HP_TcpPullServerListener@0
_Create_HP_TcpServer@4
_Create_HP_TcpServerListener@0
_Create_HP_UdpCast@4
_Create_HP_UdpCastListener@0
_Create_HP_UdpClient@4
_Create_HP_UdpClientListener@0
_Create_HP_UdpServer@4
_Create_HP_UdpServerListener@0
_Destroy_HP_TcpAgent@4
_Destroy_HP_TcpAgentListener@4
_Destroy_HP_TcpClient@4
_Destroy_HP_TcpClientListener@4
_Destroy_HP_TcpPullAgent@4
_Destroy_HP_TcpPullAgentListener@4
_Destroy_HP_TcpPullClient@4
_Destroy_HP_TcpPullClientListener@4
_Destroy_HP_TcpPullServer@4
_Destroy_HP_TcpPullServerListener@4
_Destroy_HP_TcpServer@4
_Destroy_HP_TcpServerListener@4
_Destroy_HP_UdpCast@4
_Destroy_HP_UdpCastListener@4
_Destroy_HP_UdpClient@4
_Destroy_HP_UdpClientListener@4
_Destroy_HP_UdpServer@4
_Destroy_HP_UdpServerListener@4
_HP_TcpAgent_GetKeepAliveInterval@4
_HP_TcpAgent_GetKeepAliveTime@4
_HP_TcpAgent_GetSocketBufferSize@4
_HP_TcpAgent_IsReuseAddress@4
_HP_TcpAgent_SendSmallFile@20
_HP_TcpAgent_SetKeepAliveInterval@8
_HP_TcpAgent_SetKeepAliveTime@8
_HP_TcpAgent_SetReuseAddress@8
_HP_TcpAgent_SetSocketBufferSize@8
_HP_TcpClient_GetKeepAliveInterval@4
_HP_TcpClient_GetKeepAliveTime@4
_HP_TcpClient_GetSocketBufferSize@4
_HP_TcpClient_SendSmallFile@16
_HP_TcpClient_SetKeepAliveInterval@8
_HP_TcpClient_SetKeepAliveTime@8
_HP_TcpClient_SetSocketBufferSize@8
_HP_TcpPullAgent_Fetch@16
_HP_TcpPullAgent_Peek@16
_HP_TcpPullClient_Fetch@12
_HP_TcpPullClient_Peek@12
_HP_TcpPullServer_Fetch@16
_HP_TcpPullServer_Peek@16
_HP_TcpServer_GetAcceptSocketCount@4
_HP_TcpServer_GetKeepAliveInterval@4
_HP_TcpServer_GetKeepAliveTime@4
_HP_TcpServer_GetSocketBufferSize@4
_HP_TcpServer_GetSocketListenQueue@4
_HP_TcpServer_SendSmallFile@20
_HP_TcpServer_SetAcceptSocketCount@8
_HP_TcpServer_SetKeepAliveInterval@8
_HP_TcpServer_SetKeepAliveTime@8
_HP_TcpServer_SetSocketBufferSize@8
_HP_TcpServer_SetSocketListenQueue@8
_HP_UdpCast_GetBindAdddress@4
_HP_UdpCast_GetCastMode@4
_HP_UdpCast_GetMaxDatagramSize@4
_HP_UdpCast_GetMultiCastTtl@4
_HP_UdpCast_GetRemoteAddress@16
_HP_UdpCast_IsMultiCastLoop@4
_HP_UdpCast_IsReuseAddress@4
_HP_UdpCast_SetBindAdddress@8
_HP_UdpCast_SetCastMode@8
_HP_UdpCast_SetMaxDatagramSize@8
_HP_UdpCast_SetMultiCastLoop@8
_HP_UdpCast_SetMultiCastTtl@8
_HP_UdpCast_SetReuseAddress@8
_HP_UdpClient_GetDetectAttempts@4
_HP_UdpClient_GetDetectInterval@4
_HP_UdpClient_GetMaxDatagramSize@4
_HP_UdpClient_SetDetectAttempts@8
_HP_UdpClient_SetDetectInterval@8
_HP_UdpClient_SetMaxDatagramSize@8
_HP_UdpServer_GetDetectAttempts@4
_HP_UdpServer_GetDetectInterval@4
_HP_UdpServer_GetMaxDatagramSize@4
_HP_UdpServer_GetPostReceiveCount@4
_HP_UdpServer_SetDetectAttempts@8
_HP_UdpServer_SetDetectInterval@8
_HP_UdpServer_SetMaxDatagramSize@8
_HP_UdpServer_SetPostReceiveCount@8
.?AVC_HP_UdpCast@@
.?AVC_HP_UdpClient@@
.?AVC_HP_TcpPullClient@@
.?AVC_HP_TcpClient@@
.?AVC_HP_TcpPullAgent@@
.?AVC_HP_TcpAgent@@
.?AVC_HP_UdpServer@@
.?AVC_HP_TcpPullServer@@
.?AVC_HP_TcpServer@@
.?AVCUdpCast@@
.?AVCUdpClient@@
.?AVCUdpServer@@
.?AVCTcpPullAgent@@
.?AVCTcpPullClient@@
.?AVCTcpPullServer@@
.?AVCTcpAgent@@
.?AVCTcpClient@@
.?AVCTcpServer@@
.?AVIUdpCast@@
.?AVIUdpClient@@
.?AVITcpClient@@
.?AVITcpAgent@@
.?AVIUdpServer@@
.?AVITcpServer@@
zcÁ
c:\%original file name%.exe
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
=&>5>^>{>
5 5$5(5,5
4%8U8_8j8
2 2$2(24282<2
3 3$3(3,303
mscoree.dll
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
KERNEL32.DLL
WUSER32.DLL
3.3.1
hXXp://VVV.jessma.org

%original file name%.exe_3380_rwx_17230000_00321000:

.text
.rdata
@.data
.rsrc
t$(SSh
~%UVW
u$SShe
kernel32.dll
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
Uh%F>
eLib  HotKey
MsgCount=
InetrceptMsg
\eLIBpp\UnitMain.pas
iu2.iu
K(.wS
Kernel32.dll
ntdll.dll
ole32.dll
oleaut32.dll
wininet.dll
shlwapi.dll
User32.dll
user32.dll
WinINet.dll
GetProcessHeap
MsgWaitForMultipleObjects
EnumChildWindows
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
HttpQueryInfoA
{B6F7542F-B8FE-46a8-9605-98856A687097}
{18C0788E-59AE-4112-B452-6BF0C1B727FB}
42305932-06E6-47a5-AC79-8BDCDC58DF61
{A068799B-7551-46b9-8CA8-EEF8357AFEA4}
TSocket.dll
`.rdata
@.reloc
operator
GetProcessWindowStation
0.0.0.0
D:\MyWork\Cpp\HP-Socket\Bin\HPSocket4C\x86\HPSocket4C.pdb
CreateIoCompletionPort
KERNEL32.dll
MsgWaitForMultipleObjectsEx
USER32.dll
WINMM.dll
WS2_32.dll
GetCPInfo
HPSocket4C.dll
Create_HP_TcpAgent
Create_HP_TcpAgentListener
Create_HP_TcpClient
Create_HP_TcpClientListener
Create_HP_TcpPullAgent
Create_HP_TcpPullAgentListener
Create_HP_TcpPullClient
Create_HP_TcpPullClientListener
Create_HP_TcpPullServer
Create_HP_TcpPullServerListener
Create_HP_TcpServer
Create_HP_TcpServerListener
Create_HP_UdpCast
Create_HP_UdpCastListener
Create_HP_UdpClient
Create_HP_UdpClientListener
Create_HP_UdpServer
Create_HP_UdpServerListener
Destroy_HP_TcpAgent
Destroy_HP_TcpAgentListener
Destroy_HP_TcpClient
Destroy_HP_TcpClientListener
Destroy_HP_TcpPullAgent
Destroy_HP_TcpPullAgentListener
Destroy_HP_TcpPullClient
Destroy_HP_TcpPullClientListener
Destroy_HP_TcpPullServer
Destroy_HP_TcpPullServerListener
Destroy_HP_TcpServer
Destroy_HP_TcpServerListener
Destroy_HP_UdpCast
Destroy_HP_UdpCastListener
Destroy_HP_UdpClient
Destroy_HP_UdpClientListener
Destroy_HP_UdpServer
Destroy_HP_UdpServerListener
HP_TcpAgent_GetKeepAliveInterval
HP_TcpAgent_GetKeepAliveTime
HP_TcpAgent_GetSocketBufferSize
HP_TcpAgent_IsReuseAddress
HP_TcpAgent_SendSmallFile
HP_TcpAgent_SetKeepAliveInterval
HP_TcpAgent_SetKeepAliveTime
HP_TcpAgent_SetReuseAddress
HP_TcpAgent_SetSocketBufferSize
HP_TcpClient_GetKeepAliveInterval
HP_TcpClient_GetKeepAliveTime
HP_TcpClient_GetSocketBufferSize
HP_TcpClient_SendSmallFile
HP_TcpClient_SetKeepAliveInterval
HP_TcpClient_SetKeepAliveTime
HP_TcpClient_SetSocketBufferSize
HP_TcpPullAgent_Fetch
HP_TcpPullAgent_Peek
HP_TcpPullClient_Fetch
HP_TcpPullClient_Peek
HP_TcpPullServer_Fetch
HP_TcpPullServer_Peek
HP_TcpServer_GetAcceptSocketCount
HP_TcpServer_GetKeepAliveInterval
HP_TcpServer_GetKeepAliveTime
HP_TcpServer_GetSocketBufferSize
HP_TcpServer_GetSocketListenQueue
HP_TcpServer_SendSmallFile
HP_TcpServer_SetAcceptSocketCount
HP_TcpServer_SetKeepAliveInterval
HP_TcpServer_SetKeepAliveTime
HP_TcpServer_SetSocketBufferSize
HP_TcpServer_SetSocketListenQueue
HP_UdpCast_GetBindAdddress
HP_UdpCast_GetCastMode
HP_UdpCast_GetMaxDatagramSize
HP_UdpCast_GetMultiCastTtl
HP_UdpCast_GetRemoteAddress
HP_UdpCast_IsMultiCastLoop
HP_UdpCast_IsReuseAddress
HP_UdpCast_SetBindAdddress
HP_UdpCast_SetCastMode
HP_UdpCast_SetMaxDatagramSize
HP_UdpCast_SetMultiCastLoop
HP_UdpCast_SetMultiCastTtl
HP_UdpCast_SetReuseAddress
HP_UdpClient_GetDetectAttempts
HP_UdpClient_GetDetectInterval
HP_UdpClient_GetMaxDatagramSize
HP_UdpClient_SetDetectAttempts
HP_UdpClient_SetDetectInterval
HP_UdpClient_SetMaxDatagramSize
HP_UdpServer_GetDetectAttempts
HP_UdpServer_GetDetectInterval
HP_UdpServer_GetMaxDatagramSize
HP_UdpServer_GetPostReceiveCount
HP_UdpServer_SetDetectAttempts
HP_UdpServer_SetDetectInterval
HP_UdpServer_SetMaxDatagramSize
HP_UdpServer_SetPostReceiveCount
_Create_HP_TcpAgent@4
_Create_HP_TcpAgentListener@0
_Create_HP_TcpClient@4
_Create_HP_TcpClientListener@0
_Create_HP_TcpPullAgent@4
_Create_HP_TcpPullAgentListener@0
_Create_HP_TcpPullClient@4
_Create_HP_TcpPullClientListener@0
_Create_HP_TcpPullServer@4
_Create_HP_TcpPullServerListener@0
_Create_HP_TcpServer@4
_Create_HP_TcpServerListener@0
_Create_HP_UdpCast@4
_Create_HP_UdpCastListener@0
_Create_HP_UdpClient@4
_Create_HP_UdpClientListener@0
_Create_HP_UdpServer@4
_Create_HP_UdpServerListener@0
_Destroy_HP_TcpAgent@4
_Destroy_HP_TcpAgentListener@4
_Destroy_HP_TcpClient@4
_Destroy_HP_TcpClientListener@4
_Destroy_HP_TcpPullAgent@4
_Destroy_HP_TcpPullAgentListener@4
_Destroy_HP_TcpPullClient@4
_Destroy_HP_TcpPullClientListener@4
_Destroy_HP_TcpPullServer@4
_Destroy_HP_TcpPullServerListener@4
_Destroy_HP_TcpServer@4
_Destroy_HP_TcpServerListener@4
_Destroy_HP_UdpCast@4
_Destroy_HP_UdpCastListener@4
_Destroy_HP_UdpClient@4
_Destroy_HP_UdpClientListener@4
_Destroy_HP_UdpServer@4
_Destroy_HP_UdpServerListener@4
_HP_TcpAgent_GetKeepAliveInterval@4
_HP_TcpAgent_GetKeepAliveTime@4
_HP_TcpAgent_GetSocketBufferSize@4
_HP_TcpAgent_IsReuseAddress@4
_HP_TcpAgent_SendSmallFile@20
_HP_TcpAgent_SetKeepAliveInterval@8
_HP_TcpAgent_SetKeepAliveTime@8
_HP_TcpAgent_SetReuseAddress@8
_HP_TcpAgent_SetSocketBufferSize@8
_HP_TcpClient_GetKeepAliveInterval@4
_HP_TcpClient_GetKeepAliveTime@4
_HP_TcpClient_GetSocketBufferSize@4
_HP_TcpClient_SendSmallFile@16
_HP_TcpClient_SetKeepAliveInterval@8
_HP_TcpClient_SetKeepAliveTime@8
_HP_TcpClient_SetSocketBufferSize@8
_HP_TcpPullAgent_Fetch@16
_HP_TcpPullAgent_Peek@16
_HP_TcpPullClient_Fetch@12
_HP_TcpPullClient_Peek@12
_HP_TcpPullServer_Fetch@16
_HP_TcpPullServer_Peek@16
_HP_TcpServer_GetAcceptSocketCount@4
_HP_TcpServer_GetKeepAliveInterval@4
_HP_TcpServer_GetKeepAliveTime@4
_HP_TcpServer_GetSocketBufferSize@4
_HP_TcpServer_GetSocketListenQueue@4
_HP_TcpServer_SendSmallFile@20
_HP_TcpServer_SetAcceptSocketCount@8
_HP_TcpServer_SetKeepAliveInterval@8
_HP_TcpServer_SetKeepAliveTime@8
_HP_TcpServer_SetSocketBufferSize@8
_HP_TcpServer_SetSocketListenQueue@8
_HP_UdpCast_GetBindAdddress@4
_HP_UdpCast_GetCastMode@4
_HP_UdpCast_GetMaxDatagramSize@4
_HP_UdpCast_GetMultiCastTtl@4
_HP_UdpCast_GetRemoteAddress@16
_HP_UdpCast_IsMultiCastLoop@4
_HP_UdpCast_IsReuseAddress@4
_HP_UdpCast_SetBindAdddress@8
_HP_UdpCast_SetCastMode@8
_HP_UdpCast_SetMaxDatagramSize@8
_HP_UdpCast_SetMultiCastLoop@8
_HP_UdpCast_SetMultiCastTtl@8
_HP_UdpCast_SetReuseAddress@8
_HP_UdpClient_GetDetectAttempts@4
_HP_UdpClient_GetDetectInterval@4
_HP_UdpClient_GetMaxDatagramSize@4
_HP_UdpClient_SetDetectAttempts@8
_HP_UdpClient_SetDetectInterval@8
_HP_UdpClient_SetMaxDatagramSize@8
_HP_UdpServer_GetDetectAttempts@4
_HP_UdpServer_GetDetectInterval@4
_HP_UdpServer_GetMaxDatagramSize@4
_HP_UdpServer_GetPostReceiveCount@4
_HP_UdpServer_SetDetectAttempts@8
_HP_UdpServer_SetDetectInterval@8
_HP_UdpServer_SetMaxDatagramSize@8
_HP_UdpServer_SetPostReceiveCount@8
.?AVC_HP_UdpCast@@
.?AVC_HP_UdpClient@@
.?AVC_HP_TcpPullClient@@
.?AVC_HP_TcpClient@@
.?AVC_HP_TcpPullAgent@@
.?AVC_HP_TcpAgent@@
.?AVC_HP_UdpServer@@
.?AVC_HP_TcpPullServer@@
.?AVC_HP_TcpServer@@
.?AVCUdpCast@@
.?AVCUdpClient@@
.?AVCUdpServer@@
.?AVCTcpPullAgent@@
.?AVCTcpPullClient@@
.?AVCTcpPullServer@@
.?AVCTcpAgent@@
.?AVCTcpClient@@
.?AVCTcpServer@@
.?AVIUdpCast@@
.?AVIUdpClient@@
.?AVITcpClient@@
.?AVITcpAgent@@
.?AVIUdpServer@@
.?AVITcpServer@@
zcÁ
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
=&>5>^>{>
5 5$5(5,5
4%8U8_8j8
2 2$2(24282<2
3 3$3(3,303
x:\x.dll
kernelBase.dll
VVV.cpcc000.com
\data.dat|\data\|.ini|
0'-?2&@=["
\data.dat
%y-%m-%d
hXXp://
>WinHttp.WinHttpRequest.5.1
%d-%d-%d %d:%d:%d
ø__
<V2WO.XjW2%
EAUT32.dllI
$@15638236
7*s %d. (0x%X
IsBad.adPtr,9
lvrcpyn.nbal
.tiBy
t1lusShuI
AUrl
.RH(H1
KERNEL32.DLL
GDI32.dll
gdiplus.dll
MSVCRT.dll
SHELL32.dll
SHLWAPI.dll
WININET.dll
GetUrlCacheEntryInfoA
AntiVC.dll
%S4WD
hg%fpM
S.Ac9SR
0.I%3s
,wAe.kI
aiUy'4xu
%c*@j
.eH'y
{&%U)
lj%4U
xe%CNs
9F.cLe
hJK.ZH
O.qt0
COMCTL32.dll
MSIMG32.dll
MSVFW32.dll
SkinH_EL.dll
.rb)6t$`6
wI.VAj
.CR7C- G
!"#$%&'()* ,-./
|.DLL@&
C:\Ks\BLACK\8
.pdbk
E_Loader.dll
/UserLogin.aspx?RequestLoginPage=
/regcode.aspx?rnd=0.006449879250648105
/ajax/PassWordCode.ashx
&hLogin=0
&tbPassWord=
__EVENTTARGET=btnLogin&__EVENTARGUMENT=&__VIEWSTATE=
Adodb.Stream
/ajax/DefaultPageIssue_ChaseInfo.ashx
|6104|
/Ajax/JXSSCBuy.ashx
/Home/Room/Scheme.aspx?id=
] (\[|{|'')
)|6103|
|6106|
|6113|
|6111|
|6114|
 , 
|6112|
|6119|
K@|6121|
)|6116|
)|6117|
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
http=
HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Content-Type: application/x-www-form-urlencoded
hXXps://
@https
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)
application/x-www-form-urlencoded
msxml2.serverXMLHTTP.6.0
SetClientCertificate
XMLHttpRequest
|2804|
)|2803|
|2806|
|2813|
|2811|
|2814|
|2812|
|2819|
|2821|
|7009|2|1

|7011|
|7010|2|1

|7014|
|7012|
|7005|
|7018|
|7809|2|1

|7811|
|7810|2|1

|7814|
|7812|
|7805|
|7818|
|6209|2|1

|6211|
|6210|2|1

|6214|
|6212|
|6205|
|6218|
555.html
|9204|
)|9203|
|9218|
|9206|
|9208|
|9211|
|9212|
)|9303|
|9306|
|9312|
|9311|
)|6603|
|6606|
|6612|
|6611|
%F,9"d
]5%Uq
#$%&'()* ,-./
C:\DI
.Ipzked
PeLoader.dll
{$$||$$}
\^$ .{}[]=()-"
\^$ .{}[]=()?*|"
\^$ .{}[]=()?*"
\^$ .{}[]=?*"
VBScript.RegExp
dk1.7.0_01\
%d&&'
123456789
00003333
deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly
inflate 1.1.3 Copyright 1995-1998 Mark Adler
1.2.18
%*.*f
CNotSupportedException
commctrl_DragListMsg
Afx:%x:%x:%x:%x:%x
Afx:%x:%x
COMCTL32.DLL
CCmdTarget
MSH_SCROLL_LINES_MSG
MSWHEEL_ROLLMSG
__MSVCRT_HEAP_SELECT
Broken pipe
Inappropriate I/O control operation
Operation not permitted
AVIFIL32.dll
iphlpapi.dll
MPR.dll
VERSION.dll
RASAPI32.dll
WinExec
GetKeyState
SetWindowsHookExA
UnhookWindowsHookEx
GetKeyboardType
UnregisterHotKey
RegisterHotKey
CreateDialogIndirectParamA
GetViewportOrgEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
GetViewportExtEx
WINSPOOL.DRV
comdlg32.dll
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
ADVAPI32.dll
ShellExecuteA
OLEAUT32.dll
oledlg.dll
.PAVCException@@
Shell32.dll
Mpr.dll
Advapi32.dll
Gdi32.dll
(&07-034/)7 '
?? / %d]
%d / %d]
.PAVCFileException@@
: %d]
(*.*)|*.*||
(*.WAV;*.MID)|*.WAV;*.MID|WAV
(*.WAV)|*.WAV|MIDI
(*.MID)|*.MID|
(*.txt)|*.txt|
(*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
(*.JPG)|*.JPG|PNG
(*.PNG)|*.PNG|BMP
(*.BMP)|*.BMP|GIF
(*.GIF)|*.GIF|
(*.ICO)|*.ICO|
(*.CUR)|*.CUR|
%s:%d
windows
.PAVCNotSupportedException@@
out.prn
(*.prn)|*.prn|
%d.%d
%d/%d
1.6.9
unsupported zlib version
png_read_image: unsupported transformation
%d / %d
Bogus message code %d
libpng error: %s
libpng warning: %s
1.1.3
bad keyword
libpng does not support gamma background rgb_to_gray
Palette is NULL in indexed image
(%d-%d):
%ld%c
:%d) |
%I64d%s
:0{}%s
:%d)%s
;3 #>6.&
'2, / 0&7!4-)1#
(*.avi)|*.avi
RICHED32.DLL
RICHED20.DLL
WPFT532.CNV
WPFT632.CNV
EXCEL32.CNV
write32.wpc
Windows Write
mswrd632.wpc
Word for Windows 6.0
wword5.cnv
Word for Windows 5.0
mswrd832.cnv
mswrd632.cnv
Word 6.0/95 for Windows & Macintosh
html32.cnv
(%S)%M%D %y-%m-%d
After RemoveDC(), pen counter: %d, bursh counter: %d, font counter: %d
!!! Create pen ERROR! ErrNo.[%d]
  Create pen No.%d
!!! Create brush ERROR! ErrNo.[%d]
  Create brush No.%d
!!! Create font ERROR! ErrNo.[%d]
  Create font No.%d
- Delete pen No.%d
- Delete brush No.%d
- Delete font No.%d
%d%d%d
rundll32.exe shell32.dll,
%s <%s>
Reply-To: %s
From: %s
To: %s
Subject: %s
Date: %s
Cc: %s
%a, %d %b %Y %H:%M:%S
SMTP
.PAVCOleException@@
.PAVCObject@@
.PAVCSimpleException@@
.PAVCMemoryException@@
.?AVCNotSupportedException@@
.PAVCResourceException@@
.PAVCUserException@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.PAVCOleDispatchException@@
.PAVCArchiveException@@
right-curly-bracket
left-curly-bracket
c:\%original file name%.exe
#include "l.chs\afxres.rc" // Standard components
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity name="E.App" processorArchitecture="x86" version="5.2.0.0" type="win32"/><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency></assembly>PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
mscoree.dll
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
WUSER32.DLL
3.3.1
hXXp://VVV.jessma.org
2,3,1,1208
yadinae@qq.com
1, 0, 6, 6
- Skin.dll
1.0.0.0


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
  2. Delete the original GenPack file.
  3. Delete or disinfect the following files created/modified by the GenPack:

    C:\555.html (10 bytes)

  4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  5. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2025 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now