Flattr this analysis!

Tags: None

Analysis

Category Started Completed Duration
FILE 2013-05-22 07:33:48 2013-05-22 07:36:22 154 seconds

File Details

File Name invoice copy.exe
File Size 332800 bytes
File Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 3fc97be8cf8e7ee60d03eac11ceb3948
SHA1 18e3eae92638a6f90e2764f12f4d8af7efdd907d
SHA256 9fe6dbd46ec472e628fecbbd46a84ac685991bd6cd60b5a81f29b272a6537201
SHA512 ea4b92a6d9592b25afbc01df67973e102e8e10f962383ed3797a7e2a5a467345c6ef5bf58df7cb984b60815eed268b717d1301b3314d3f9b2b41282f03d6a45b
CRC32 10B352C7
Ssdeep 6144:RI6rTFqoZA/ggKGNpyNKivn5ENssiQ7A6339NvO/:evoZA/gzN7s77A6nLvO/
Yara
  • shellcode - Matched shellcode byte patterns
You need to login

Signatures

File has been identified by at least one AntiVirus on VirusTotal as malicious
Starts a server listening on 0.0.0.0:22567
Operates on local firewall's policies and settings
Installs itself for autorun at Windows startup

Screenshots


Hosts

IP
46.21.89.45
203.206.231.94
190.40.241.85
153.96.241.169
74.125.132.147
74.125.132.94

Domains

Domain IP
www.google.com 74.125.132.105
www.google.nl 74.125.132.94
swhcmbyvovkljcuyhonbaairkl.com
tvcprydsrsvcuyprggy.net
uwlrtwvcuktctcxdlvkjvaqdmi.biz
xqhpeufemfmjsofikbzskh.info
xhydtomunflojhtcknridhu.com
depjrjnnvwktguijljtqdfai.ru
thpmznrvgjgybdmpmriztiv.com
onvccmhinvdhemzhtpbizvwkbvmz.biz
kzxyxaxyxpjsdmvinob.org
ijuotcikjxcqhuhwkjobyhsc.net
hanrcmxtojhalrtovcdmnxgmgd.com
bypofkhnflrtgdieihaydimjus.ru
kmfeirseqozpbwzdtcnfxtqszts.biz
bumnhagiemlnptoxhztncehqh.net
xdpozojozdyuoovbatjbwckz.org
qkzlbudfbiqvwsgxxbypfakz.info
ivvctsvcfqnfuibcmgmusedau.com
pvmbpuccaprdilzgexcyhbmwft.ru
daxhijvpfrguxcmbtsmzxnjfe.com
hdrsaunruthguxlnlvt.info
oftkcbapbtdmrxggupzxwzhr.org
ibdjzdusxgpswjvaisibtbu.net
xtmvivpobsggmhiifbqtwtwcizl.biz
mjmnknbitshunjofeucojjfqk.ru
zwhscyirdekjusjzuoeie.com
ypqwwsvshmqjnjhamnmbjkjhmt.net
guylbuofirwgtknxslnxcgitgey.org
whlaiivyyhwrsgyinzpkrrcamgy.biz
nbnvsgeiembmgamzlvwotlce.com
zvrwxpixfezxaerprxlbaukf.ru
datctonfgaoofskjpjzjbvsm.com
phivfemraqijbymrtaylno.info
indidicminljvodmdtcvovckndil.biz
kzmvpzoduiblpjwozjzlfsotaqwg.net
lcyzhjrxsdcqaiaeyhnzbad.com
pxoqwnguyirwswyxphe.ru
vxnjepbmpyhqkdumndwoplvkj.com
kjknjwgqobmvonaqtgaelovp.biz
hpnmzfelinrvsskhwssirgqqwxw.org
aukzjzzplzpjqkxcibausgxghqorp.info
kculvwgqfeifprteukjlhiguflb.com
jreiskdkjcanjkfjvucxsmjmzpz.ru

Summary

PIPE\lsarpc
C:\WINDOWS
C:\WINDOWS\
C:
MountPointManager
C:\DOCUME~1\User\LOCALS~1\Temp\invoice copy.exe
C:\Documents and Settings\User\Application Data\Dyuv\jayhle.exe
C:\WINDOWS\system32\rsaenh.dll
C:\Documents and Settings\User\Local Settings\Application Data\coco.ryk
C:\Documents and Settings\User\Local Settings\Application Data
C:\Documents and Settings\User\Application Data
C:\Documents and Settings\User\Application Data\Dyuv
C:\Documents and Settings\User\Local Settings\Application Data\coco.ryk.dat
C:\DOCUME~1\User\LOCALS~1\Temp\tmpa7be3c7f.bat
C:\Documents and Settings\User\Local Settings\Application Data\*.b85e70df
C:\
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
C:\WINDOWS\system32\Ras\*.pbk
c:\autoexec.bat
C:\Documents and Settings
C:\Documents and Settings\User\Local Settings
C:\Documents and Settings\User\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\UXAF8DAF\google[1].htm
C:\Documents and Settings\User\Application Data\Microsoft\SystemCertificates\My\Certificates\*
C:\Documents and Settings\User\Application Data\Microsoft\SystemCertificates\My\CRLs\*
C:\Documents and Settings\User\Application Data\Microsoft\SystemCertificates\My\CTLs\*
C:\WINDOWS\Registration\R000000000007.clb
C:\Documents and Settings\User\Application Data\Microsoft\Address Book\User.wab
C:\Documents and Settings\User\Application Data\Microsoft\Address Book
C:\DOCUME~1
C:\DOCUME~1\User
C:\DOCUME~1\User\LOCALS~1
C:\DOCUME~1\User\LOCALS~1\Temp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\Microsoft
HKEY_CURRENT_USER\Software\Microsoft\Uzywleagcefa
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced Cryptographic Provider v1.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Offload
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\DESHashSessionKeyBackward
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}
CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\TreatAs
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocServer32
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocServerX86
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\LocalServer32
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocHandler32
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocHandlerX86
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}
HKEY_CLASSES_ROOT\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\TreatAs
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\SecurityService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
CLSID\{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}
CLSID\{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}\TreatAs
\CLSID\{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}
\CLSID\{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}\InprocServer32
\CLSID\{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}\InprocServerX86
\CLSID\{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}\LocalServer32
\CLSID\{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}\InprocHandler32
\CLSID\{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}\InprocHandlerX86
\CLSID\{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}
HKEY_CLASSES_ROOT\CLSID\{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}\TreatAs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\UA Tokens
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Pre Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Pre Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\RASAPI32
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\windows\CurrentVersion\Internet Settings
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1547161642-507921405-839522115-1004
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Environment
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Volatile Environment
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_URLHOSTNAME
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Domains\google.nl
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\google.nl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\ProtocolDefaults\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CLASSES_ROOT\MIME\Database\Content Type\text/html; charset=UTF-8
HKEY_CLASSES_ROOT\MIME\Database\Content Type\text/html
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\#16
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\Ldap
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 1
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 1\CertDllOpenStoreProv
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\SystemCertificates\MY\PhysicalStores
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\SystemCertificates\MY
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\SystemCertificates\MY\
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\SystemCertificates\MY\\Certificates
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\SystemCertificates\MY\\CRLs
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\SystemCertificates\MY\\CTLs
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\SystemCertificates\MY\\Keys
HKEY_LOCAL_MACHINE\Software\Classes
HKEY_LOCAL_MACHINE\Software\Classes\CLSID
CLSID\{8D4B04E1-1331-11D0-81B8-00C04FD85AB4}
CLSID\{8D4B04E1-1331-11D0-81B8-00C04FD85AB4}\TreatAs
\CLSID\{8D4B04E1-1331-11D0-81B8-00C04FD85AB4}
\CLSID\{8D4B04E1-1331-11D0-81B8-00C04FD85AB4}\InprocServer32
\CLSID\{8D4B04E1-1331-11D0-81B8-00C04FD85AB4}\InprocServerX86
\CLSID\{8D4B04E1-1331-11D0-81B8-00C04FD85AB4}\LocalServer32
\CLSID\{8D4B04E1-1331-11D0-81B8-00C04FD85AB4}\InprocHandler32
\CLSID\{8D4B04E1-1331-11D0-81B8-00C04FD85AB4}\InprocHandlerX86
\CLSID\{8D4B04E1-1331-11D0-81B8-00C04FD85AB4}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{8D4B04E1-1331-11D0-81B8-00C04FD85AB4}
HKEY_CLASSES_ROOT\CLSID\{8D4B04E1-1331-11D0-81B8-00C04FD85AB4}\TreatAs
HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager
HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Account Manager\Preconfigured
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Account Manager\Preconfigured\Active Directory GC
HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts\Active Directory GC
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Account Manager\Preconfigured\Bigfoot
HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts\Bigfoot
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Account Manager\Preconfigured\VeriSign
HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts\VeriSign
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Account Manager\Preconfigured\WhoWhere
HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts\WhoWhere
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Account Manager\Shared
HKEY_LOCAL_MACHINE\Software\Microsoft\Outlook Express
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WAB\DLLPath
HKEY_CURRENT_USER\Software\Microsoft\WAB\WAB4
HKEY_CURRENT_USER\Software\Microsoft\WAB\Wab File Name
HKEY_CURRENT_USER\Software\Microsoft\WAB\WAB4\Wab File Name
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\SystemShared
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
CLSID\{A9AE6C91-1D1B-11D2-B21A-00C04FA357FA}
CLSID\{A9AE6C91-1D1B-11D2-B21A-00C04FA357FA}\TreatAs
\CLSID\{A9AE6C91-1D1B-11D2-B21A-00C04FA357FA}
\CLSID\{A9AE6C91-1D1B-11D2-B21A-00C04FA357FA}\InprocServer32
\CLSID\{A9AE6C91-1D1B-11D2-B21A-00C04FA357FA}\InprocServerX86
\CLSID\{A9AE6C91-1D1B-11D2-B21A-00C04FA357FA}\LocalServer32
\CLSID\{A9AE6C91-1D1B-11D2-B21A-00C04FA357FA}\InprocHandler32
\CLSID\{A9AE6C91-1D1B-11D2-B21A-00C04FA357FA}\InprocHandlerX86
\CLSID\{A9AE6C91-1D1B-11D2-B21A-00C04FA357FA}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{A9AE6C91-1D1B-11D2-B21A-00C04FA357FA}
HKEY_CLASSES_ROOT\CLSID\{A9AE6C91-1D1B-11D2-B21A-00C04FA357FA}\TreatAs
HKEY_CURRENT_USER\Identities
HKEY_CURRENT_USER\Identities\{48FC7AFE-B9DD-4692-B12E-8A59C42FC44D}
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Identities
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Identities
HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Global\{2E06BA86-8AE7-D5EB-DBC9-BE58FA349D4A}
Global\{B0B9FAFD-CA9C-4B54-DBC9-BE58FA349D4A}
Local\{B0B9FAFD-CA9C-4B54-DBC9-BE58FA349D4A}
Global\{B0B9FAFC-CA9D-4B54-DBC9-BE58FA349D4A}
Local\{B0B9FAFC-CA9D-4B54-DBC9-BE58FA349D4A}
Global\{D15F4CEE-7C8F-2AB2-DBC9-BE58FA349D4A}
Local\{D15F4CEE-7C8F-2AB2-DBC9-BE58FA349D4A}
Global\{D15F4CE9-7C88-2AB2-DBC9-BE58FA349D4A}
Local\{D15F4CE9-7C88-2AB2-DBC9-BE58FA349D4A}
Global\{0BB5ADEF-9D8E-F058-DBC9-BE58FA349D4A}
Local\{0BB5ADEF-9D8E-F058-DBC9-BE58FA349D4A}
Global\{BB67AFC4-9FA5-408A-DBC9-BE58FA349D4A}
Local\{911F9FCD-AFAC-6AF2-DBC9-BE58FA349D4A}
Global\{652AFBDF-CBBE-9EC7-11EB-B06D3016937F}
Global\{652AFBDF-CBBE-9EC7-75EA-B06D5417937F}
Global\{652AFBDF-CBBE-9EC7-4DE9-B06D6C14937F}
Global\{652AFBDF-CBBE-9EC7-65E9-B06D4414937F}
Global\{652AFBDF-CBBE-9EC7-89E9-B06DA814937F}
Global\{652AFBDF-CBBE-9EC7-BDE9-B06D9C14937F}
Global\{652AFBDF-CBBE-9EC7-51E8-B06D7015937F}
Global\{652AFBDF-CBBE-9EC7-81E8-B06DA015937F}
Global\{652AFBDF-CBBE-9EC7-FDE8-B06DDC15937F}
Global\{652AFBDF-CBBE-9EC7-0DEF-B06D2C12937F}
Global\{652AFBDF-CBBE-9EC7-5DEF-B06D7C12937F}
Global\{652AFBDF-CBBE-9EC7-95EE-B06DB413937F}
Global\{652AFBDF-CBBE-9EC7-F1EE-B06DD013937F}
Global\{652AFBDF-CBBE-9EC7-89EB-B06DA816937F}
Global\{652AFBDF-CBBE-9EC7-F9EF-B06DD812937F}
Global\{652AFBDF-CBBE-9EC7-E5EF-B06DC412937F}
Global\{652AFBDF-CBBE-9EC7-0DEE-B06D2C13937F}
Global\{652AFBDF-CBBE-9EC7-09ED-B06D2810937F}
Global\{652AFBDF-CBBE-9EC7-51EF-B06D7012937F}
Global\{652AFBDF-CBBE-9EC7-35EC-B06D1411937F}
Global\{652AFBDF-CBBE-9EC7-B1EA-B06D9017937F}
Global\{DDB39BDC-ABBD-265E-DBC9-BE58FA349D4A}
MPSWabDataAccessMutex
MPSWABOlkStoreNotifyMutex

Version Infos

LegalCopyright \xa9 1996 Rigo Ina. Alirumo Bymux Sonuri.
InternalName Ugemyhy
FileVersion 5, 3, 10
CompanyName Mabus
LegalTrademarks Holo Pufiwa Bohyhuz Icuqyf Cide Ebyj
ProductName Peq
ProductVersion 5, 3
FileDescription Ixotimo Tuv Ujuz
OriginalFilename Rtymqkf7.exe
Translation 0x0409 0x04b0

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x1000 0x240d3 0x24200 7.82927755722
.rdata 0x26000 0xe68 0x1000 4.69327657619
.data 0x27000 0x202aa 0x12400 7.85820560618
.idata 0x48000 0x10e 0x200 4.77182189762
.rsrc 0x49000 0x195b0 0x19600 5.97911998367

Imports

Library KERNEL32.dll:
0x426000 OutputDebugStringA
0x426004 GlobalLock
0x426008 Process32First
0x42600c TlsAlloc
0x426010 GlobalLock
0x426018 GetTempFileNameW
0x42601c CreateFileMappingW
0x426020 UpdateResourceW
0x426024 GlobalLock
0x426028 GlobalLock
0x42602c IsDBCSLeadByteEx
0x426030 DeleteTimerQueue
0x426034 CreateHardLinkA
0x42603c FindFirstFileExW
0x426040 GlobalLock
0x426048 GetCurrencyFormatW
0x42604c CloseHandle
0x426050 RtlFillMemory
0x426054 GetFileTime
0x426058 lstrcpynW
0x426060 IsBadReadPtr
0x426064 DeviceIoControl
0x426068 GetLogicalDrives
0x42606c OpenFileMappingA
0x426074 EnumResourceTypesW
Library USER32.dll:
0x42607c CreatePopupMenu
0x426080 TrackPopupMenuEx
0x426084 AppendMenuA
0x426088 GetCaretBlinkTime
0x426090 MonitorFromWindow
0x426098 SetClassLongW
0x42609c SetThreadDesktop
0x4260a0 CharPrevW
0x4260a8 GetLastActivePopup
0x4260ac MapVirtualKeyExW
0x4260b0 GetClassInfoExA
0x4260b4 IsDialogMessageA
0x4260b8 DdeEnableCallback
0x4260bc GetSubMenu
0x4260c0 CharUpperW
0x4260c4 SetDebugErrorLevel
0x4260c8 SubtractRect
0x4260cc GetKeyNameTextW
0x4260d0 LoadMenuIndirectA
0x4260d4 SetDlgItemTextW
0x4260d8 SetMenuItemInfoA
0x4260dc DrawFrame
0x4260e0 EnumDisplayDevicesW
0x4260e4 IsRectEmpty
0x4260ec PostMessageW
0x4260f0 ScrollWindow
0x4260f4 GetDlgItemInt
0x4260f8 DrawAnimatedRects
0x4260fc LoadMenuW
0x426100 OemKeyScan
0x426104 GetKeyboardState
0x42610c MapDialogRect
0x426118 GetDoubleClickTime
0x42611c DefMDIChildProcW
0x426120 GetAsyncKeyState
0x426124 UnpackDDElParam
0x426128 SetDeskWallpaper
0x42612c GetClassInfoA
0x426130 CallMsgFilterA
0x426134 GetScrollInfo
0x426138 DdeInitializeA
0x426140 ValidateRect
0x426144 RemovePropW
0x42614c DestroyCursor
0x426150 CharPrevA
0x426154 DefMDIChildProcA
0x426158 LoadStringA
0x42615c SetScrollPos
0x426164 CharLowerW
0x426168 GetShellWindow
0x42616c SetMenu
0x426170 GetGuiResources
0x426174 MonitorFromPoint
0x426178 GetWindowWord
0x426180 LockWorkStation
0x426184 IsDialogMessageW
0x426188 ReplyMessage
0x42618c GetMenuItemInfoA
0x426190 UnregisterClassA
0x426194 ModifyMenuW
0x426198 RemoveMenu
0x4261a0 DialogBoxParamA
0x4261a4 PostThreadMessageW
0x4261a8 ScrollWindowEx
0x4261ac DdeQueryConvInfo
0x4261b0 TileChildWindows
0x4261b4 GetMenuInfo
0x4261b8 SetScrollRange
0x4261bc SendIMEMessageExA
0x4261c4 IMPGetIMEA
0x4261cc EnumPropsExA
0x4261d0 CharNextW
0x4261d4 IsHungAppWindow
0x4261dc TrackPopupMenu
0x4261e0 SendDlgItemMessageW
0x4261e4 DefFrameProcW
0x4261e8 CloseDesktop
0x4261ec DefWindowProcA
0x4261f0 DrawFocusRect
Library PSAPI.dll:
0x4261fc EnumProcessModules
0x426200 EnumDeviceDrivers
Library WINSPOOL.drv:
0x426208 DeletePrinterDataW
0x42620c EnumJobsA
0x426210 DevQueryPrint

!This program cannot be run in DOS mode.
Fq&5e1&
z"&<e1&
e1&Rich
`.rdata
@.data
.idata
)a!&iO
_vC(u'
y}Bp7(
$y4mQB
@}Y I+t
G02u@^(
5JG{AKZ-ez
<8}/Mq
$B! eRE0
*Tq-WG
zhp"oR#
pgjI v
y_H""O
A0gn6]
<Z87!~
65XY_D
W#r/)2
B%c}$`
vam-(W
mZLiKP
5JWc S
*WZhx-
<naA4n
\JjB3K
gIZSsd
G76kAyV
7e~$0F
b-wr]o{
<r^!.-E
CC028,L
(@Y+8O*
6B*QQWH
HI8Z:hK
DQiX0^E
Y9{uV+
2@e8f;
BRdaw3
';SGj8Y
:gRv~N
%tm'.,
SGL^s&
$6%d
?WpID0
rd@%u/
I(D5u`d
I$]FG7
}YX9!I
]{QPW\
MT<mwi
.x*"m@
|*G7X:
lz7*xb
}ii_6x
Ic=0Xl
+\@)&=
}%14VA}
0"&6eI
pGqY\\
uOpdp1f
OO$[IS
!$2+tp
k9mWh4
:&a4en
Pt{Xo6^g
&}Ba5O
iO#rB<
hJAQKW
'e&-4.
0C@(BR
;ABVff
&`sI#l
,z4sAa-
r"#IH~
X@q>8j#
okX`:dt
ON@V?/
9a1bJLL
5;"ru$
4E%!kO @6
t@^Q),H
'<cS6Q
sv_&w&Y
yKOD$B
UtKWr"e
9d\0 1}
^br/07&
{Owva&
lJ]"`$
3YTU@?
8Kt:fH~
|UjceU
NEV#}8UFs-nB
7qfk<e
C-T}<$
?!AF63B
Cq"YGJ
'u@T}x
?AI:\X,
qRXkgPZ
Q$JiV<m
`v$XPYa
W-/<pG
Vz(OeP
-hiaJ(
]ql:p?
ot:|\@
nGX@:~
Vo0s>`FB
@;?7d28
AHF"D-
,rFX5D@K
]D-6X%
M=nTofC
R!T+eh
/$ucggI
c+BO]
pvm{VT
h*M',c
<`iuc_
*pho]T
0|?p{QK
-Ud\:J&
k:F6""@
5=B/5?
[]vSP$
@M,<u\Av
_)R?VW
BD|N3E
8 ;Y=WpO
JdO"yy
A0:bpB
dodPZ~
Ju1rJ!T
F$UG2"
s^n@kd)
s~/Yp$
1+f/*E
]&U^k#&
O7<W^Dv
(A5nd'
`M>WgBc
CE+~m8
3+z${V2
j$(L,n
>?F*Oa
ADx|t55qe
af ;8H9@
9kF=~D
Af|K%I
P1y3'G
_;j*i!
VA1`*v
8R#%@z%
dD!|xp
E^tf C
h>Ha;,x
\B'qb6X
BQ~N#<
?rYn9qB[
d~Z*.> x
]O~5T\moH
QATEnA
L.pJ2Y
@!!Dl~
nWWi6.
_)-9*w
e\<R_*
b1DP;X
{f(((5
sebi4
lI[pIdj
}$>E[J%
=5RRk>
$]'Vpj
G~Y]XE
*4V=j1
O5e,g9#6
F;3<~E
\X^J!
PkI<@Q
h&o,?WE
KERNEL32.dll
OutputDebugStringA
GlobalLock
Process32First
TlsAlloc
GlobalLock
LocalFileTimeToFileTime
GetTempFileNameW
CreateFileMappingW
UpdateResourceW
GlobalLock
GlobalLock
IsDBCSLeadByteEx
DeleteTimerQueue
CreateHardLinkA
InterlockedDecrement
FindFirstFileExW
GlobalLock
GetThreadPriorityBoost
GetCurrencyFormatW
CloseHandle
RtlFillMemory
GetFileTime
lstrcpynW
EnumLanguageGroupLocalesW
IsBadReadPtr
DeviceIoControl
GetLogicalDrives
OpenFileMappingA
GetWindowsDirectoryW
EnumResourceTypesW
USER32.dll
CreatePopupMenu
TrackPopupMenuEx
AppendMenuA
GetCaretBlinkTime
CountClipboardFormats
MonitorFromWindow
SetWindowContextHelpId
SetClassLongW
SetThreadDesktop
CharPrevW
DdeCreateStringHandleW
GetLastActivePopup
MapVirtualKeyExW
GetClassInfoExA
IsDialogMessageA
DdeEnableCallback
GetSubMenu
CharUpperW
SetDebugErrorLevel
SubtractRect
GetKeyNameTextW
LoadMenuIndirectA
SetDlgItemTextW
SetMenuItemInfoA
DrawFrame
EnumDisplayDevicesW
IsRectEmpty
TranslateAcceleratorA
PostMessageW
ScrollWindow
GetDlgItemInt
DrawAnimatedRects
LoadMenuW
OemKeyScan
GetKeyboardState
LockSetForegroundWindow
MapDialogRect
CreateAcceleratorTableW
GetMouseMovePointsEx
GetDoubleClickTime
DefMDIChildProcW
GetAsyncKeyState
UnpackDDElParam
SetDeskWallpaper
GetClassInfoA
CallMsgFilterA
GetScrollInfo
DdeInitializeA
TranslateMDISysAccel
ValidateRect
RemovePropW
GetUserObjectSecurity
DestroyCursor
CharPrevA
DefMDIChildProcA
LoadStringA
SetScrollPos
CreateAcceleratorTableA
CharLowerW
GetShellWindow
SetMenu
GetGuiResources
MonitorFromPoint
GetWindowWord
BroadcastSystemMessageA
LockWorkStation
IsDialogMessageW
ReplyMessage
GetMenuItemInfoA
UnregisterClassA
ModifyMenuW
RemoveMenu
RegisterDeviceNotificationA
DialogBoxParamA
PostThreadMessageW
ScrollWindowEx
DdeQueryConvInfo
TileChildWindows
GetMenuInfo
SetScrollRange
SendIMEMessageExA
DialogBoxIndirectParamW
IMPGetIMEA
ImpersonateDdeClientWindow
EnumPropsExA
CharNextW
IsHungAppWindow
CopyAcceleratorTableW
TrackPopupMenu
SendDlgItemMessageW
DefFrameProcW
CloseDesktop
DefWindowProcA
DrawFocusRect
PSAPI.dll
GetProcessMemoryInfo
EnumProcessModules
EnumDeviceDrivers
WINSPOOL.drv
DeletePrinterDataW
EnumJobsA
DevQueryPrint
AddPrinterConnectionA
XVLCxabi6j4hkQRLvexkIjeQhBykJDpWidan2I4XvPXAn
AZj(^c
r8f8adhusrxYYMsi5GH11kjuBhShTBEx
kg2B8KFwQakpNGwaEIXPPIQnQShaDUXgtkN7l8XKChLpL
5pfnGAX76HmSR1tLTDtVjLIwBTwggdX3dw1h
2ArWlo3UY3nsKsuLlPrXNlg11Ipq8wRaPgENKqFv
h@zEOb
@dxxHc1vhbsf7H4oO3XsvWTvxL1MG1IXgJqCPok1
aOEnS2Qr58wSa5BfvdLD1LCB17ECkKRQplV1
RqWPkkmCkbOpeKtke5bQfudIiMLwQPGw8N4xBQROcKOD72CwptRv25df
xaADx6MgbhkjgKLN5j5n4qx7VWawhiWPupfNuN8pAM
LgkCm1UIpaJHSXpKTkqVdwyFucjxNMfyP8amUsGsXV6L
\v?YPTMTUbuFNIF4n4jwUmdHaITVdnAAPQErw3QmtR85chj
GAH/o=
+P0A0c
(j&z `W
ngoaVJvKgEihtpxUAl4S3x2HtAw2v3FEmtOd6kBsMJQN
J4k5BP64FdAr
oOYeRe4Xjk65KdFRrJ6M2nUATchjEQuQl4eewAmyFrDL5ckjTYx
7.ALE`
EKHanruSI8
6oRukHwDX7H6EY
C`#Rlg
VJtnsSRAXnG4kNyFyGANO3vVJpPFYEUEL4F
Ko8qfnkvFSRise
rS2OKVVBbGIcbcNg4F7YRfVYk
givnSjBDa63FsY
GkuwM8ODbaTScJpOh3oWVf5
amv0 .
Uw1DwtIk6UfAY
!P;%'k
FtQUunMh6QdRbPHSEFMwiiMDcxqniwsO
BWqKTrgIiwb8UN6MLaTgQK6kdqS6IVMfMt
FAsSF7F45sOt5RDSAlBy2hw87fRlLu6i5XRlKwVkxbAInXfr7VTakC
3D3pdCbDST67uTAIemx
`hhl'~
>J=aWb$
nP~!g_
fZR0z_l
IyqL5MtqBARlDCoA
J)i6A8
*<|=!ao
?2b @R
/LTfxDa@
tPpPw3SF2cVdKjUj1IrXMgSydfWkC1Bs1knwHtov
TfIDdymW1MJoV8Wsgep7qJnvi
sB NsL
3dTleLJIU3c7btcfiYngQWFVYODXaOT6Fww
ZQ \tQD
4XelCO
J5@0k$
(AcGzg
kFYlWT2IOGBRnV8wdAvG
o.\n',+a
Awju8uwijxNpIWbNmQRQomXtOFL1nc1Dxn5KISNpq7hyX7vW
z[1Yh3^8N=j
u0cSoVqRwsOLbT1QUBHpXABKqTnuxstPkFOQ4n5SJdMllI7
,cy^lqWyGf27JXTnGVDSoc7HEtbMiRo2E6CPdXUFVrpcUVPYNRmMbFSGbWGP
3BwbEBxoVppMVVpYCk
1yxffx8hWWNVO5oSFCQWO3bY3qxK7MkpXdOoIBUWOCIN3NJS
E8ONplUCw3cMfuPHJQt1a
lWp4!K
|K9ig1+
!xj-Q`
C$CeTYPPGrAJotJmqVYDRwLRyp
n PFA_T
FkWqYNJHtQ7tWJUoX2VXN1B
OP3oOIcsrboXUBE1NNmAkUQ3RCY6VYjvOTEP1ANDTbdqX8SpLBPLA
\%(%L.
D8iGeLx3wsseCIoyGjMkrhBk3FSCvpG4Sbrv8SKI
Kil6RATqMKRQDrMnmUNUHedyCd3mB2D
P7KqeoRVAEYRN3a14cjFDcenWq6Ey2Tll
waflCEPU47agbxjkf
J6GXrbGQlUPxHtgYWvpPcttlt1AnKCrlySj
@H0Kd
dnfYf3hgYC
O(}A@,
jIMVPCaoo6fE52G4ehMOTxg3YBE
'X"tp(
%-(!W-^
;k,6>
DY'y`|"
Ejp..N
gD3Wv
']?HMU~
jm4UrJ3tBW
fAKmQY1IJcOo1HwSNPHGfXkdMNuYth1t7tIH5UitaR2tUTOItqs
s7ad3oSnOaOiAVYWHVBp8aFXdjun1
ZQXDIcGHNkFiOGLe
PW!I/`FA
2P1eYbKU8pwaM4OHXtAYrgBpWFn
6EoNR1ltD28r1QL4OHsysshlElNsGkDIHM173eVRGPNhfgEGuW8G
J7IVsX1NG
tLYiUVMfSQgGpEfo7GgjjBCqxliuPiejVLjeN7QVKv5bL6jiPvxs
Ic5fE83iX6kG
1bNeYtawMm5yf44QlggItVObb42
B6ibXWujUoRRlBEvkkBjf
9/PThsWT3eO57VIM8D56f58elWIMJRaVf5NC3xWNWaYfl
CjmUjcPwCkiYOdNnnf7GfqNyO8UxAQFEVrjWG1NmVMObC78O6nYa
AaFuHDfAFLOwM7FtxLlMoAiNfQluonVNKQogrlkML
Microsoft Visual C++ Runtime Library
8xUVRMjEeuoadTnOUyqaxmKjQDKabvc8nS6phe8CBiSx6A
b2IGFScUjWwyprl34faWTtsqx4mfCcAPT
6HoBBe6GWpXc7sTrjD4iyaGCBSPKcqWSM
Wv5GGADNSGtqmFjTO5n1IMItmK743MjTtAnKxgKD
a5AONS5FTafbVvroWV11bw2cVLfNuhInsahVwJlGuIhpubEf6KwlD68T
drTnSn8jV8PNPdVyyWhKdFsdlXBea8
ajTAPvUTYX85dv2PcDqaiaSqmMmIJ52NWVjxcJdHRwt8RsvhS1
)vWn$Kg
S=q8Y]2&cm
DTr` ?
qHSdjSVj4S5qDNCcKpDid6wvoMjcUK7Ph3hXgHf
_^<k @w:
C"a^E'
HY$>~L
$o#WEA
lqsCVPonOTAaJUs2hMav35Hj32WFisjWAD2NPcsgLPGahaUa
%9cq4N
Qe1brb2fXNOGU6DDbbTQ1ilwnV87NhIqUEOLIs
7d64RMSCEVaDr
qPrLvSGnyFOcSBItWsE27qq2kjUuwagvWNELEnDyNVVUJPE8Cax
UneXhWbHAN2oK4m18MjAMbCqAwxPugoImlyYFy2GUyudC5bBnE8s
ObqkIqsPpn6LwUxV6WCjagt758Lf7hQEFEEHSqVjlrqNDuYvm36gx
PVQtl1gjiMB5TmqJWEKW2EHUCyfDOMPqpytfr5od3yYLaWae
B$zaDI
8ZOmXh
{$E4T3FnkVWPcfAuHgs511SR3Bn2RR2hvSq4f56dLb7BJIyv6wg
C8xiqrnREpDG5y2uWaUETNiT6kFMQokJAjgVxlxSMAlfNK7
3wo&V}
QpqrBC2Lb7eRW1mhOb6dnPDYhgcberXdLQ18p
kTKlOhGNFN3pbj1RjFluspJ14P46hs
xHRUGuhfBkLlXG46bC6CLGfWOCondBs3pbYMyY16
sHNQLIiH5BqkA85hWffqtLREMRE8jYg38r4regSMYCaUcQQ4BSX6ODa
hM.R\}
CtPb7EDj6yWfIxxdBYwyoEHn61Y
I4GeMGmqiSAkU3UBh15rCiDYjkQpLQGVrDQWxwqwwx8AjVKCvpYYoOdI
36TvEilcRaXACqO2DYV
Yoa8bcjDHuqpjTlpduSsOk4NddLNpmNCAPvopicPnLj
e6m1oogEQf3QMFu7hdfIdivJat5
BywNvmxJxBC
Bq1NOyKR2kbDMKGKDdPEiIOFgmgPldhguanteqULR4x
(;0Xw^
v5nqPtg5QRB8qTIABIMmWTUfbPxCF58lKS4DuPA7YiDHRWkJ
fMPIqPIM6CHxObqE5USioO8ImwNHG
BMinYpej2ODpICoLYGT2RTglp
KlrsIhT2mj6QsxE1VMxCrHbtGWB4qqJqTXyh
o8.#jv3
paMGQIBCwaQDOAPwtDqC5MX5s6wcTVW7hTNTvwy4BLgMpgpSwe
oXEnYExUbNwjCHt8p5ATk
xxOLvVDNorSTUM8cPWOTCvqCJRqMthfaa81wgJ3jrFjnFfeU2pNtPIOq
ca1POz
&2CxaLTmFn
S65WgOygpfWf
vQM$?`
D5q@(/?
e=hRQXHf7cVo6SOyumvIqp7jTwqom
WIw4byxrHXTt
suV5ihDsfwxSE3Vkr6fRC4T47oAPGoBwXgOWTlPyCsraxTij
PqTuweS3q1TKglVVnXjQ8
VJhmilLSl4w3AsiHEfqVveL3WODQAJPjanYFPyf
hb1fwmwevB3dVo
BVIkAhgCu7HLVxcosxbXvPaj1Y5P2JO13BvDAmlkNxVHyYiHVe
yT$QS&
o k'BMD
edJX3[6
7HWxaFhdrC23tciWECvGuG7gLshG
iXmrendindtaBCSTWSLyO
`+KLoDUSVF6n3chV3BPmGVjkowWwl
B="9J&~
fQ6Fh5b2v6jPMBm2LXXOqFRSsv6kOJEmusIEdcWScupa
Thl\7}
_W$Rs,
hvDJr57NjDlhGwNEeitJbQ66a5jxEYFcqpnCd
RHIgxsYGQQUjUXGNRdLis7J4IDtVfRNrLfK3Gs5GhPmG4ookuFSoRc
Y`?D_l
tYSmqr
uAxlekhR3xRr7V2Y7dUvAUqpr1q7FQLfqP6LDVu1Bx2rgol6
KJAONr8IPu3MRnQSs4eNwn5u6AML51offujHUw61hWvoqjpetk
n)8I>1
QPyXP-
V4ljju
qAyJjyn6yDKXIit6e5xDQYmq8YL3gsGbSnr1UW5jQ7VIPm
bXp%if
J7pvAiCFuGP
uejGLX5mMaSQrxy
8W5ELRToL4JmLHNajC
Fy7FW8c8NIy1jUpmBYYw2CwQfN
3slDx2HdiGQwlX1k5qRiRLv7pqJ6Wnm6k6mIP4e2JIg
6FlOcwjNvbjKGbntX75aP1mjIBTip83jnmobxVSNfT
PfVC4pgOYYIHPyMX24t3NsYkx5o1MbVplBa53pNwHmOxTJGe4ONiOm
ZpXHM c
z?l@R
hxjTNFE3ROCS6yamBpDxtm5VEGhNFqQJPCaDtjS
1@&GB
t4YGnlLbvSW4T3HNa2WpCudP
3VJKEtlSIGrJm88pjMpitF7me2uSAUV7eeE5x8c
lFWKhgjByHqd7tDxopLaUnCPPj5Ski4h
Yw,fxI
bB}z@S"G
|Wb(Ae
/{Xiv%
h;bw2G
*A+9(U
U-!Y`U
w=?AAW
BXwFl3
s)G+5S
K/%@Zm4?
Ck^P)0
hr)Miy;/
SNeQPHSxS522sVpPN2yk6BG3D4x5uKnWtcpA87be4We
hSSWyFfvOVNY3
#1aIPq
7 OFfOq
NpU5eTlW4TNq7JPkLRXAIBvAJ8No2LgckXaMl6Or65fQMDpN6u3eP
w:%W3I
#6c2K
U4jXanTpxmbP4DtAhMyfRbUdTVm8ovxEMcyyhFRroPf
IHGGydh8cDoulM2y3ke
LyPrqkpYy65FiMLRHrwLba2xRO6HmehRvaS2URmPsHb
3g4yyK54yooinV
gT%AE8S
2{?J\ust%
:lUa]iiR
.Gb1UjUCg7XoOaf2A3jjMGKf3WMDaW8GvSAdk2FB
VunWKMQtQPY7vDnIK7FnKnkLacCivPwRlRHVtW
pUu3EPfwtePTifceEcR45jxiNvldFv3kIF8DRMYXPHWw
PDN6'1:QJeQ89I
K.\~>&M
rQcHQA
1WEDZ!$jF`3
uguV`}
+&tCwOmRgiXaH5nkN4kMHY4IdhAIQXerDYONJnXBGbDm
MUJpt5
rjH/g^4
"o!F?b
mtGb2qt1duU7LwhrS7lVpwrkHTVB4Wk1aiqnXOjvOTJlgIen1dA6VB
`tA;|(
UxqDFjbR1KWaErC7VeoiMlKMd7MtsTnVyxwBmXvQa3bOJwpYNjLOfbR
I0:g +P
mpRrVINUFnra1Hd
Yvu.p:
r1EYN5hEigE7kMuD7mXeeyfmpscSY
(Ab!FP
LJ?o5'
dTrvjil2XMM
wIIXKftUgirJvFxxHX7oEP5VPyHoySbUgBEcUISEbu5KGpN4Ib
$RI1Ct6
,5h8P4XX8QJk8S7nXxtrqp83NqcnehCCdHwpKXduLyV13
4yVOx9s
3hdKunG2iCThSmAabJi1kBxYWhV23PpCJ
H$e^Ti
=u*pn6
<?xml version = "1.0" encoding = "UTF-8" standalone = "yes"?><assembly xmlns = "urn:schemas-microsoft-com:asm.v1" manifestVersion = "1.0"><trustInfo xmlns = "urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level = "asInvoker" uiAccess = "false"/></requestedPrivileges></security></trustInfo></assembly>
Antivirus Signature
MicroWorld-eScan Clean
nProtect Clean
CAT-QuickHeal Clean
McAfee RDN/PWS-Zbot.aov!a
Malwarebytes Clean
K7AntiVirus Clean
K7GW Clean
TheHacker Clean
NANO-Antivirus Clean
F-Prot W32/Trojan3.CHE
Symantec Clean
Norman Clean
TotalDefense Clean
TrendMicro-HouseCall Clean
Avast Clean
eSafe Clean
ClamAV Clean
Kaspersky Trojan-Spy.Win32.Zbot.lujq
BitDefender Clean
Agnitum Clean
SUPERAntiSpyware Clean
Emsisoft Trojan.Win32.Spy.Zbot.AMN (A)
Comodo Clean
F-Secure Clean
DrWeb Trojan.DownLoader9.17531
VIPRE Clean
AntiVir Clean
TrendMicro Clean
McAfee-GW-Edition Artemis!3FC97BE8CF8E
Sophos Clean
Jiangmin Clean
Antiy-AVL Clean
Kingsoft Clean
Microsoft Clean
ViRobot Clean
AhnLab-V3 Clean
GData Clean
Commtouch W32/Trojan.YCTM-8775
ByteHero Trojan.Malware.Obscu.Gen.002
VBA32 Clean
PCTools Clean
ESET-NOD32 Win32/Spy.Zbot.AAU
Rising Clean
Ikarus Trojan.Injector
Fortinet Clean
AVG Clean
Panda Clean