Flattr this analysis!

Tags: None

Analysis

Category Started Completed Duration
FILE 2014-06-01 02:36:18 2014-06-01 02:38:55 157 seconds

File Details

File Name Credit_card_Report.scr
File Size 98304 bytes
File Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 39d4eb867944bb5f8196adc6c262c6e3
SHA1 1ef683a5fe80838dd2a4d7b2855526d78d8c09d0
SHA256 beb8622f90af94117b7431c896a85c0cd2cceaf9ed08c9bf33e9f806cb3f7f27
SHA512 9b4f617e69f7ee4504c80fd61d0e652a6d6b01f219d8d9d83c97f9db96c3535b44c23d4a1d45bf1789aee0d4b46b5eb4f672b9a959cc0ae3d74965c25b88d7e0
CRC32 C5FE640B
Ssdeep 1536:rz6O0n8cOuwHb26Y9J+0JAER+CRy/tt7GF8:/6O0n8xbIXHAER+Xtt7t
Yara None matched
You need to login

Signatures

Starts servers listening on 127.0.0.1:0, 0.0.0.0:0, 0.0.0.0:4609, 0.0.0.0:3955
File has been identified by at least one AntiVirus on VirusTotal as malicious
Performs some HTTP requests
Steals private information from local Internet browsers
process_id: 1088
process_name: Credit_card_Report.scr
file: C:\Documents and Settings\User\Local Settings\History\History.IE5\index.dat
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate)
Creates Zeus (Banking Trojan) mutexes
mutex: MPSWabDataAccessMutex
Zeus P2P (Banking Trojan)
mutex: Global\{2E06BA86-8AE7-D5EB-DBC9-BE58FA349D4A}
mutex: Global\{B0B9FAFD-CA9C-4B54-DBC9-BE58FA349D4A}
mutex: Local\{B0B9FAFD-CA9C-4B54-DBC9-BE58FA349D4A}
mutex: Global\{B0B9FAFC-CA9D-4B54-DBC9-BE58FA349D4A}
mutex: Local\{B0B9FAFC-CA9D-4B54-DBC9-BE58FA349D4A}
mutex: Global\{D15F4CEE-7C8F-2AB2-DBC9-BE58FA349D4A}
mutex: Local\{D15F4CEE-7C8F-2AB2-DBC9-BE58FA349D4A}
mutex: Global\{D15F4CE9-7C88-2AB2-DBC9-BE58FA349D4A}
mutex: Local\{D15F4CE9-7C88-2AB2-DBC9-BE58FA349D4A}
mutex: Global\{0BB5ADEF-9D8E-F058-DBC9-BE58FA349D4A}
mutex: Local\{0BB5ADEF-9D8E-F058-DBC9-BE58FA349D4A}
mutex: Global\{BB67AFC4-9FA5-408A-DBC9-BE58FA349D4A}
mutex: Local\{911F9FCD-AFAC-6AF2-DBC9-BE58FA349D4A}
mutex: Global\{F2FDDC80-ECE1-0910-11EB-B06D3016937F}
mutex: Global\{F2FDDC80-ECE1-0910-75EA-B06D5417937F}
mutex: Global\{F2FDDC80-ECE1-0910-4DE9-B06D6C14937F}
mutex: Global\{F2FDDC80-ECE1-0910-65E9-B06D4414937F}
mutex: Global\{F2FDDC80-ECE1-0910-89E9-B06DA814937F}
mutex: Global\{F2FDDC80-ECE1-0910-BDE9-B06D9C14937F}
mutex: Global\{F2FDDC80-ECE1-0910-51E8-B06D7015937F}
mutex: Global\{F2FDDC80-ECE1-0910-81E8-B06DA015937F}
mutex: Global\{F2FDDC80-ECE1-0910-FDE8-B06DDC15937F}
mutex: Global\{F2FDDC80-ECE1-0910-0DEF-B06D2C12937F}
mutex: Global\{F2FDDC80-ECE1-0910-5DEF-B06D7C12937F}
mutex: Global\{F2FDDC80-ECE1-0910-95EE-B06DB413937F}
mutex: Global\{F2FDDC80-ECE1-0910-F1EE-B06DD013937F}
mutex: Global\{F2FDDC80-ECE1-0910-89EB-B06DA816937F}
mutex: Global\{F2FDDC80-ECE1-0910-F9EF-B06DD812937F}
mutex: Global\{F2FDDC80-ECE1-0910-E5EF-B06DC412937F}
mutex: Global\{F2FDDC80-ECE1-0910-0DEE-B06D2C13937F}
mutex: Global\{F2FDDC80-ECE1-0910-09ED-B06D2810937F}
mutex: Global\{F2FDDC80-ECE1-0910-51EF-B06D7012937F}
mutex: Global\{F2FDDC80-ECE1-0910-35EC-B06D1411937F}
mutex: Global\{F2FDDC80-ECE1-0910-6DEA-B06D4C17937F}
mutex: Global\{DDB39BDC-ABBD-265E-DBC9-BE58FA349D4A}
mutex: Global\{F2FDDC80-ECE1-0910-A9EF-B06D8812937F}
mutex: Global\{2E1C200D-106C-D5F1-DBC9-BE58FA349D4A}
Operates on local firewall's policies and settings
Installs itself for autorun at Windows startup
Generates some ICMP traffic

Screenshots


Hosts

IP
69.49.101.57
71.137.202.41
203.253.221.130
99.73.173.219
138.91.20.100
138.91.4.141
174.89.110.91
99.170.110.218
61.244.150.9
130.37.198.90
172.245.217.122
191.236.85.223
221.193.254.122
89.211.73.21
88.250.113.243
77.239.59.243
23.98.64.236
138.91.49.30
159.224.247.17
137.135.218.230
191.234.43.118
75.66.145.116
23.98.43.121
178.127.215.77
109.127.6.157
46.48.240.210
91.214.136.247
74.125.136.106
71.61.43.147
24.16.70.42
165.228.54.78
87.14.173.141
79.9.208.168
178.216.201.245
42.201.136.234

Domains

Domain IP
coffre-outils.qc.ca 69.49.101.57
www.google.com 74.125.136.104

Summary

C:\DOCUME~1\User\LOCALS~1\Temp\mss3.tmp
C:\Documents and Settings\User\Local Settings\Temporary Internet Files
C:\Documents and Settings\User\Local Settings\History
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\
C:\
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\index.dat
C:\Documents and Settings\User\Cookies\
C:\Documents and Settings\User\Cookies\index.dat
C:\Documents and Settings\User\Local Settings\History\History.IE5\
C:\Documents and Settings\User\Local Settings\History\History.IE5\index.dat
PIPE\lsarpc
c:\autoexec.bat
C:\Documents and Settings
C:\Documents and Settings\User\Local Settings
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
C:\WINDOWS\system32\Ras\*.pbk
C:\Documents and Settings\User\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\UXAF8DAF\arsgdvcs1233[1].htm
C:\DOCUME~1\User\LOCALS~1\Temp\mss3.exe
C:\WINDOWS
C:\WINDOWS\
C:
MountPointManager
C:\DOCUME~1
C:\DOCUME~1\User
C:\DOCUME~1\User\LOCALS~1
C:\DOCUME~1\User\LOCALS~1\Temp
C:\Documents and Settings\User\Local Settings\Temp\Huivub\otju.exe
C:\WINDOWS\system32\rsaenh.dll
C:\Documents and Settings\User\Application Data\qejob.huc
C:\Documents and Settings\User\Application Data
C:\Documents and Settings\User\Local Settings\Temp
C:\Documents and Settings\User\Local Settings\Temp\Huivub
C:\Documents and Settings\User\Application Data\qejob.huc.dat
C:\DOCUME~1\User\LOCALS~1\Temp\KRU9678.bat
NtSecureSys
C:\WINDOWS\system32\drivers\1ac217a.sys
C:\Documents and Settings\User\Application Data\*.4efc7bb2
C:\Device\Tcp6
C:\Device\Tcp
C:\Device\NetBT_Tcpip_{B83AF3AB-4FED-45D1-A8B8-9E66F3411813}
Ip6
C:\Documents and Settings\User\Application Data\Microsoft\SystemCertificates\My\Certificates\*
C:\Documents and Settings\User\Application Data\Microsoft\SystemCertificates\My\CRLs\*
C:\Documents and Settings\User\Application Data\Microsoft\SystemCertificates\My\CTLs\*
C:\WINDOWS\Registration\R000000000007.clb
C:\Documents and Settings\User\Application Data\Microsoft\Address Book\User.wab
C:\Documents and Settings\User\Application Data\Microsoft\Address Book
nul
C:\DOCUME~1\User\LOCALS~1\Temp\RSHAIL
HKEY_LOCAL_MACHINE\Software\Microsoft\DownloadManager
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\http\
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\*\
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\System\Setup
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path2
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path3
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path4
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Special Paths
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013041020130411
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AUTOPROXY_CACHE_ANAME_KB921400
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_TEMPORARYFILES_FOR_NOCACHE_840387
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_TEMPORARYFILES_FOR_NOCACHE_840386
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CHUNK_TIMEOUT_KB914453
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CERT_TRUST_VERIFIED_KB936882
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENSURE_FQDN_FOR_NEGOTIATE_KB899417
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_DISABLE_NTLM_PREAUTH_IF_ABORTED_KB902409
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WPAD_STORE_URL_AS_FQDN_KB903926
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_KEEP_CACHE_INDEX_OPEN_KB899342
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WAIT_TIME_THREAD_TERMINATE_KB886801
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\UA Tokens
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Pre Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Pre Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\UrlMon Settings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters\RPA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters\RPA
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INCLUDE_PORT_IN_SPN_KB908209
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Ranges\
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\RASAPI32
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
ActiveComputerName
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1547161642-507921405-839522115-1004
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Environment
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Volatile Environment
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_URLHOSTNAME
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Domains\coffre-outils.qc.ca
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coffre-outils.qc.ca
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\ProtocolDefaults\
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESPECT_OBJECTSAFETY_POLICY_KB905547
HKEY_CLASSES_ROOT\MIME\Database\Content Type\text/html
HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Filter\text/html
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DONT_ALLOCATE_STATSTG_NAME_KB936554
HKEY_CURRENT_USER\Software
HKEY_CURRENT_USER\Software\Andokyr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced Cryptographic Provider v1.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Offload
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\DESHashSessionKeyBackward
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}
CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\TreatAs
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocServer32
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocServerX86
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\LocalServer32
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocHandler32
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocHandlerX86
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}
HKEY_CLASSES_ROOT\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\TreatAs
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\SecurityService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
CLSID\{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}
CLSID\{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}\TreatAs
\CLSID\{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}
\CLSID\{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}\InprocServer32
\CLSID\{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}\InprocServerX86
\CLSID\{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}\LocalServer32
\CLSID\{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}\InprocHandler32
\CLSID\{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}\InprocHandlerX86
\CLSID\{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}
HKEY_CLASSES_ROOT\CLSID\{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}\TreatAs
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B83AF3AB-4FED-45D1-A8B8-9E66F3411813}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\MS TCP Loopback interface
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\#16
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\Ldap
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 1
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 1\CertDllOpenStoreProv
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\SystemCertificates\MY\PhysicalStores
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\SystemCertificates\MY
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\SystemCertificates\MY\
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\SystemCertificates\MY\\Certificates
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\SystemCertificates\MY\\CRLs
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\SystemCertificates\MY\\CTLs
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\SystemCertificates\MY\\Keys
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004_Classes
HKEY_LOCAL_MACHINE\Software\Classes
\REGISTRY\USER
HKEY_LOCAL_MACHINE\Software\Classes\CLSID
CLSID\{8D4B04E1-1331-11D0-81B8-00C04FD85AB4}
CLSID\{8D4B04E1-1331-11D0-81B8-00C04FD85AB4}\TreatAs
\CLSID\{8D4B04E1-1331-11D0-81B8-00C04FD85AB4}
\CLSID\{8D4B04E1-1331-11D0-81B8-00C04FD85AB4}\InprocServer32
\CLSID\{8D4B04E1-1331-11D0-81B8-00C04FD85AB4}\InprocServerX86
\CLSID\{8D4B04E1-1331-11D0-81B8-00C04FD85AB4}\LocalServer32
\CLSID\{8D4B04E1-1331-11D0-81B8-00C04FD85AB4}\InprocHandler32
\CLSID\{8D4B04E1-1331-11D0-81B8-00C04FD85AB4}\InprocHandlerX86
\CLSID\{8D4B04E1-1331-11D0-81B8-00C04FD85AB4}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{8D4B04E1-1331-11D0-81B8-00C04FD85AB4}
HKEY_CLASSES_ROOT\CLSID\{8D4B04E1-1331-11D0-81B8-00C04FD85AB4}\TreatAs
HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager
HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Account Manager\Preconfigured
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Account Manager\Preconfigured\Active Directory GC
HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts\Active Directory GC
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Account Manager\Preconfigured\Bigfoot
HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts\Bigfoot
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Account Manager\Preconfigured\VeriSign
HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts\VeriSign
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Account Manager\Preconfigured\WhoWhere
HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts\WhoWhere
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Account Manager\Shared
HKEY_LOCAL_MACHINE\Software\Microsoft\Outlook Express
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WAB\DLLPath
HKEY_CURRENT_USER\Software\Microsoft\WAB\WAB4
HKEY_CURRENT_USER\Software\Microsoft\WAB\Wab File Name
HKEY_CURRENT_USER\Software\Microsoft\WAB\WAB4\Wab File Name
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\SystemShared
CLSID\{A9AE6C91-1D1B-11D2-B21A-00C04FA357FA}
CLSID\{A9AE6C91-1D1B-11D2-B21A-00C04FA357FA}\TreatAs
\CLSID\{A9AE6C91-1D1B-11D2-B21A-00C04FA357FA}
\CLSID\{A9AE6C91-1D1B-11D2-B21A-00C04FA357FA}\InprocServer32
\CLSID\{A9AE6C91-1D1B-11D2-B21A-00C04FA357FA}\InprocServerX86
\CLSID\{A9AE6C91-1D1B-11D2-B21A-00C04FA357FA}\LocalServer32
\CLSID\{A9AE6C91-1D1B-11D2-B21A-00C04FA357FA}\InprocHandler32
\CLSID\{A9AE6C91-1D1B-11D2-B21A-00C04FA357FA}\InprocHandlerX86
\CLSID\{A9AE6C91-1D1B-11D2-B21A-00C04FA357FA}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{A9AE6C91-1D1B-11D2-B21A-00C04FA357FA}
HKEY_CLASSES_ROOT\CLSID\{A9AE6C91-1D1B-11D2-B21A-00C04FA357FA}\TreatAs
HKEY_CURRENT_USER\Identities
HKEY_CURRENT_USER\Identities\{48FC7AFE-B9DD-4692-B12E-8A59C42FC44D}
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Identities
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Identities
HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\LevelObjects
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
{dda3f824-d8cb-441b-834d-be2efd2c1a33}
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\UrlZones
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Paths
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Hashes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\UrlZones
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Paths
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Hashes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\UrlZones
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Hashes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\UrlZones
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Hashes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\UrlZones
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\UrlZones
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Paths
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Hashes
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\UrlZones
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Paths
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Hashes
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\UrlZones
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Hashes
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\UrlZones
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Hashes
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\UrlZones
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option
CTF.TimListCache.FMPDefaultS-1-5-21-1547161642-507921405-839522115-1004MUTEX.DefaultS-1-5-21-1547161642-507921405-839522115-1004
_!MSFTHISTORY!_
c:!documents and settings!user!local settings!temporary internet files!content.ie5!
c:!documents and settings!user!cookies!
c:!documents and settings!user!local settings!history!history.ie5!
WininetStartupMutex
WininetConnectionMutex
WininetProxyRegistryMutex
Global\{2E06BA86-8AE7-D5EB-DBC9-BE58FA349D4A}
Global\{B0B9FAFD-CA9C-4B54-DBC9-BE58FA349D4A}
Local\{B0B9FAFD-CA9C-4B54-DBC9-BE58FA349D4A}
Global\{B0B9FAFC-CA9D-4B54-DBC9-BE58FA349D4A}
Local\{B0B9FAFC-CA9D-4B54-DBC9-BE58FA349D4A}
Global\{D15F4CEE-7C8F-2AB2-DBC9-BE58FA349D4A}
Local\{D15F4CEE-7C8F-2AB2-DBC9-BE58FA349D4A}
Global\{D15F4CE9-7C88-2AB2-DBC9-BE58FA349D4A}
Local\{D15F4CE9-7C88-2AB2-DBC9-BE58FA349D4A}
Global\{0BB5ADEF-9D8E-F058-DBC9-BE58FA349D4A}
Local\{0BB5ADEF-9D8E-F058-DBC9-BE58FA349D4A}
Global\{BB67AFC4-9FA5-408A-DBC9-BE58FA349D4A}
Local\{911F9FCD-AFAC-6AF2-DBC9-BE58FA349D4A}
Global\{F2FDDC80-ECE1-0910-11EB-B06D3016937F}
Global\{F2FDDC80-ECE1-0910-75EA-B06D5417937F}
Global\{F2FDDC80-ECE1-0910-4DE9-B06D6C14937F}
Global\{F2FDDC80-ECE1-0910-65E9-B06D4414937F}
Global\{F2FDDC80-ECE1-0910-89E9-B06DA814937F}
Global\{F2FDDC80-ECE1-0910-BDE9-B06D9C14937F}
Global\{F2FDDC80-ECE1-0910-51E8-B06D7015937F}
Global\{F2FDDC80-ECE1-0910-81E8-B06DA015937F}
Global\{F2FDDC80-ECE1-0910-FDE8-B06DDC15937F}
Global\{F2FDDC80-ECE1-0910-0DEF-B06D2C12937F}
Global\{F2FDDC80-ECE1-0910-5DEF-B06D7C12937F}
Global\{F2FDDC80-ECE1-0910-95EE-B06DB413937F}
Global\{F2FDDC80-ECE1-0910-F1EE-B06DD013937F}
Global\{F2FDDC80-ECE1-0910-89EB-B06DA816937F}
Global\{F2FDDC80-ECE1-0910-F9EF-B06DD812937F}
Global\{F2FDDC80-ECE1-0910-E5EF-B06DC412937F}
Global\{F2FDDC80-ECE1-0910-0DEE-B06D2C13937F}
Global\{F2FDDC80-ECE1-0910-09ED-B06D2810937F}
Global\{F2FDDC80-ECE1-0910-51EF-B06D7012937F}
Global\{F2FDDC80-ECE1-0910-35EC-B06D1411937F}
Global\{F2FDDC80-ECE1-0910-6DEA-B06D4C17937F}
Global\{DDB39BDC-ABBD-265E-DBC9-BE58FA349D4A}
Global\{F2FDDC80-ECE1-0910-A9EF-B06D8812937F}
Global\{2E1C200D-106C-D5F1-DBC9-BE58FA349D4A}
MPSWabDataAccessMutex
MPSWABOlkStoreNotifyMutex

PE Imphash

15e44afa06b8198169551c56fdde14f1

Version Infos

LegalCopyright Copyright \xa9 2014 Imagine Software Corporation. All rights reserved.
InternalName Badcatch.exe
FileVersion 12.1.995.941
CompanyName Imagine Software
SpecialBuild Public
Comments heard: http://www.moneydecimal.com
ProductName Drawsing Imagine Software ro
FileDescription Drawsing
OriginalFilename Badcatch.exe
Translation 0x0409 0x04e4

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00009b4f 0x00009c00 6.64381569855
.rdata 0x0000b000 0x00006ac8 0x00006c00 3.71165442459
.data 0x00012000 0x0000be60 0x00003400 1.15551207774
.rsrc 0x0001e000 0x00003fe8 0x00004000 4.36014966182

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00021b50 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US GLS_BINARY_LSB_FIRST
RT_ICON 0x00021b50 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US GLS_BINARY_LSB_FIRST
RT_ICON 0x00021b50 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x00021fb8 0x00000030 LANG_ENGLISH SUBLANG_ENGLISH_US MS Windows icon resource - 3 icons, 48x48, 256-colors
RT_VERSION 0x0001e150 0x000003b0 LANG_ENGLISH SUBLANG_ENGLISH_US data

Imports

Library WS2_32.dll:
0x40b184 WSAStartup
0x40b188 recvfrom
0x40b18c getservbyname
0x40b190 htons
0x40b194 WSACleanup
0x40b198 recv
0x40b19c send
0x40b1a0 getsockopt
Library MSACM32.dll:
0x40b11c acmFormatDetailsW
0x40b120 acmDriverMessage
0x40b124 acmDriverOpen
0x40b12c acmFilterChooseW
0x40b134 acmDriverRemove
0x40b138 acmStreamReset
0x40b13c acmFilterDetailsW
0x40b140 acmStreamSize
0x40b144 acmDriverEnum
0x40b148 acmDriverID
0x40b14c acmFilterTagEnumW
0x40b150 acmDriverClose
0x40b154 acmFormatEnumW
0x40b15c acmDriverPriority
0x40b160 acmStreamOpen
0x40b168 acmFormatTagEnumW
0x40b16c acmFormatChooseW
0x40b170 acmStreamMessage
0x40b174 acmDriverAddW
0x40b178 acmFormatSuggest
0x40b17c acmDriverDetailsW
Library KERNEL32.dll:
0x40b000 TlsFree
0x40b004 LCMapStringW
0x40b008 WideCharToMultiByte
0x40b00c LCMapStringA
0x40b010 GetStringTypeW
0x40b014 GetStringTypeA
0x40b018 GetLocaleInfoA
0x40b020 LoadLibraryA
0x40b024 IsValidCodePage
0x40b028 GetOEMCP
0x40b02c GetACP
0x40b030 GetCPInfo
0x40b034 HeapSize
0x40b038 Sleep
0x40b03c HeapReAlloc
0x40b040 VirtualAlloc
0x40b050 GetTickCount
0x40b058 GetModuleHandleW
0x40b05c GetDiskFreeSpaceW
0x40b060 GetProcAddress
0x40b064 GetDriveTypeW
0x40b068 GetCurrentProcessId
0x40b06c GetFileTime
0x40b070 MoveFileExW
0x40b078 TerminateProcess
0x40b07c GetCurrentProcess
0x40b088 IsDebuggerPresent
0x40b08c HeapFree
0x40b090 GetVersionExA
0x40b094 HeapAlloc
0x40b098 GetProcessHeap
0x40b09c GetStartupInfoW
0x40b0a0 RaiseException
0x40b0a4 RtlUnwind
0x40b0a8 GetLastError
0x40b0ac GetModuleHandleA
0x40b0b0 TlsGetValue
0x40b0b4 TlsAlloc
0x40b0b8 TlsSetValue
0x40b0c0 SetLastError
0x40b0c4 GetCurrentThreadId
0x40b0cc ExitProcess
0x40b0d0 WriteFile
0x40b0d4 GetStdHandle
0x40b0d8 GetModuleFileNameA
0x40b0dc GetModuleFileNameW
0x40b0e4 MultiByteToWideChar
0x40b0f4 GetCommandLineA
0x40b0f8 GetCommandLineW
0x40b0fc SetHandleCount
0x40b100 GetFileType
0x40b104 GetStartupInfoA
0x40b10c HeapDestroy
0x40b110 HeapCreate
0x40b114 VirtualFree

!This program cannot be run in DOS mode.
`.rdata
@.data
D$Lv&V
F;t$Pr
9t$<v+V
F;t$<r
0WWWWW
0WWWWW
QQSVWd
0SSSSS
YYuTVWh
>=Yt/j
4~f9.u
QQSVWh
@@f98u
@@f98u
j@j ^V
HtHu4j
s[S;7|G;w
tR99u2
YYu-9D$
t^9(uZ
tD9(u@
0A@@Ju
0SSSSS
0SSSSS
0WWWWW
BBFFf;
URPQQh
;t$,v-
UQPXY]Y[
PPPPPPPP
PPPPPPPP
t+WWVPV
string too long
invalid string position
Unknown exception
.mixcrt
EncodePointer
KERNEL32.DLL
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
mscoree.dll
runtime error
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
bad exception
Complete Object Locator'
Class Hierarchy Descriptor'
Base Class Array'
Base Class Descriptor at (
Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
delete[]
new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
delete
__unaligned
__restrict
__ptr64
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
InitializeCriticalSectionAndSpinCount
kernel32.dll
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
bad allocation
MtAF>Zx
|+v<&U
'(xv;^q
3pf+GGV
@Vu9B
VirtualProtect
vector<T> too long
vector<bool> too long
WSAWaitForMultipleEvents
WS2_32.dll
acmDriverDetailsW
acmFormatSuggest
acmDriverAddW
acmStreamMessage
acmFormatChooseW
acmFormatTagEnumW
acmStreamUnprepareHeader
acmStreamOpen
acmDriverPriority
acmFilterTagDetailsW
acmFormatEnumW
acmDriverClose
acmFilterTagEnumW
acmDriverID
acmDriverEnum
acmStreamSize
acmFilterDetailsW
acmStreamReset
acmDriverRemove
acmStreamPrepareHeader
acmFilterChooseW
acmFormatTagDetailsW
acmDriverOpen
acmDriverMessage
acmFormatDetailsW
MSACM32.dll
GetModuleHandleW
GetDiskFreeSpaceW
GetProcAddress
GetDriveTypeW
GetCurrentProcessId
GetFileTime
MoveFileExW
SetSystemTimeAdjustment
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
RaiseException
RtlUnwind
GetLastError
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSection
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
WideCharToMultiByte
LCMapStringW
KERNEL32.dll
.?AVout_of_range@std@@
.?AVtype_info@@
.?AVbad_exception@std@@
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
PN |x
lniMilTt
Name="ProductVers" Valu
.?AVexception@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVbad_alloc@std@@
((((( H
h(((( H
H
kernel32
shouthad protect gentle
tie silver ten past
VS_VERSION_INFO
StringFileInfo
040904E4
Comments
heard: http://www.moneydecimal.com
CompanyName
Imagine Software
FileDescription
Drawsing
FileVersion
12.1.995.941
InternalName
Badcatch.exe
LegalCopyright
Copyright
2014 Imagine Software Corporation. All rights reserved.
OriginalFilename
Badcatch.exe
ProductName
Drawsing Imagine Software ro
SpecialBuild
Public
VarFileInfo
Translation
Antivirus Signature
Bkav Clean
MicroWorld-eScan Trojan.GenericKD.1699456
nProtect Clean
CMC Clean
CAT-QuickHeal Clean
McAfee Artemis!39D4EB867944
Malwarebytes Trojan.Dropper
AegisLab Clean
TheHacker Clean
K7GW Clean
K7AntiVirus Clean
Agnitum Clean
F-Prot Clean
Symantec Downloader
Norman Clean
TotalDefense Clean
TrendMicro-HouseCall TROJ_UPATRE.YYLV
Avast Win32:Malware-gen
ClamAV Clean
Kaspersky Trojan.Win32.Yakes.ezkz
BitDefender Trojan.GenericKD.1699456
NANO-Antivirus Clean
ViRobot Dropper.S.Agent.98304.BO
Rising Clean
Ad-Aware Trojan.GenericKD.1699456
Emsisoft Trojan.Win32.Injector (A)
Comodo Clean
F-Secure Trojan.GenericKD.1699456
DrWeb Trojan.DownLoad3.33498
VIPRE Win32.Malware!Drop
AntiVir TR/Rogue.AD.96096
TrendMicro TROJ_UPATRE.YYLV
McAfee-GW-Edition Artemis!39D4EB867944
Sophos Troj/DwnLdr-LPR
Jiangmin Clean
Antiy-AVL Clean
Kingsoft Win32.Troj.Yakes.ez.(kcloud)
Microsoft Trojan:Win32/Danglo!gmb
SUPERAntiSpyware Clean
AhnLab-V3 Spyware/Win32.Zbot
GData Trojan.GenericKD.1699456
Commtouch Clean
ByteHero Clean
VBA32 Clean
Baidu-International Clean
ESET-NOD32 Win32/TrojanDownloader.Small.PSD
Tencent Win32.Trojan.Yakes.Lneq
Ikarus Win32.Outbreak
Fortinet Clean
AVG Generic_r.DWG
Panda Generic Malware
Qihoo-360 Win32/Trojan.Multi.daf