Flattr this analysis!

Tags: None

Analysis

Category Started Completed Duration
FILE 2014-04-25 06:16:59 2014-04-25 06:17:25 26 seconds

File Details

File Name IntelRS.exe
File Size 226816 bytes
File Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 d00f26dd1bfa40c2704e20b880bce270
SHA1 ca0b25cdaad9b96664f22d4eed229cf6fa2dfc66
SHA256 2790de50521f404341ce57906a526daa8047d8c507b4137e9849267564c2bf43
SHA512 c8d02555ed7000029377c2ee0c6493d585f8dd081c1d157d23f25d3704e1bcf9c0467fcf604570aebbf52f1166b4c5f852acd7023534e5e706e0b1bc3f1aa28e
CRC32 14447A12
Ssdeep 3072:zjOlYfPIsWLWQ6wLSRh8lABGIxfMumE6n+oBVn1dL/t4ZaK3K7eC61eGUMC6cH/y:POlUPIsWLWQ6wLMquDMuAn+ObE7
Yara None matched
You need to login

Signatures

No signatures


Screenshots


Hosts

No hosts contacted.

Domains

No domains contacted.


Summary

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Version Infos

Translation 0x0000 0x04b0
LegalCopyright Copyright \xa9 2013
Assembly Version 1.0.0.0
InternalName Stealer.exe
FileVersion 1.0.0.0
CompanyName Microsoft
Comments Process for Windows
ProductName Process for Windows
ProductVersion 1.0.0.0
FileDescription Process for Windows
OriginalFilename Stealer.exe

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00036b34 0x00036c00 6.27562854374
.rsrc 0x0003a000 0x000005d8 0x00000600 4.15082483028
.reloc 0x0003c000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x0003a0a0 0x00000344 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0003a3e8 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain

!This program cannot be run in DOS mode.
`.rsrc
@.reloc
V3U(.
X_b}6
c_X<
c_X0
X],)
f_bX*&
f?_bX*&
jZXi}9
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
This program must be run under Win32
.idata
.edata
P.reloc
P.rsrc
String
TObject
YZ]_^[
Ht Ht.
~KxI[)
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
ZTUWVSPRTj
_^[YY]
_^[YY]
tDhLI@
kernel32.dll
GetLongPathNameA
Software\Borland\Locales
Software\Borland\Delphi\Locales
_^[YY]
Exception
EHeapException
EOutOfMemory
EInOutError
EExternal
EExternalException
EIntError
EDivByZero
ERangeErrorTX@
EIntOverflow
EMathError
EInvalidOp
EZeroDivide
EOverflow
EUnderflow
EInvalidPointer
EInvalidCast
EConvertError
EAccessViolation
EPrivilege
EStackOverflow
EControlC
EVariantError
EAssertionFailed
EAbstractError
EIntfCastError
ESafecallException
SysUtils
SysUtils
<*t"<0r=<9w9i
INFNAN
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
QQQQQQSVW3
QQQQQSVW
_^[YY]
TErrorRec
TExceptRec
m/d/yy
mmmm d, yyyy
:mm:ss
kernel32.dll
GetDiskFreeSpaceExA
kernel32.dll
CreateToolhelp32Snapshot
Heap32ListFirst
Heap32ListNext
Heap32First
Heap32Next
Toolhelp32ReadProcessMemory
Process32First
Process32Next
Process32FirstW
Process32NextW
Thread32First
Thread32Next
Module32First
Module32Next
Module32FirstW
Module32NextW
TDDEClient
YZ]_^[
TGUIDArray
DelphiNative
DelphiNative
vaultcli.dll
VaultEnumerateVaults
VaultOpenVault
VaultCloseVault
VaultEnumerateItems
VaultGetItem
VaultFree
%s|%s=%s
DelphiNative
DelphiNative
vaultcli.dll
VaultOpenVault
VaultCloseVault
VaultEnumerateItems
VaultGetItem
VaultFree
%s|%s=%s=%s
IExplore
Mozilla
Firefox
Netscp6
Netscape
Mosaic
chrome.exe
WWW_GetWindowInfo
0xFFFFFFFF,sURL,sTitle
Chrome_WidgetWin_1
Chrome_OmniboxView
QQQQQSVW3
Runtime error at 00000000
0123456789ABCDEF
kernel32.dll
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
WideCharToMultiByte
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
user32.dll
GetKeyboardType
LoadStringA
MessageBoxA
CharNextA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
oleaut32.dll
SysFreeString
SysAllocStringLen
kernel32.dll
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
kernel32.dll
WriteFile
VirtualQuery
OutputDebugStringA
LoadLibraryA
GetVersionExA
GetThreadLocale
GetStringTypeExA
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetDiskFreeSpaceA
GetCPInfo
GetACP
EnumCalendarInfoA
CloseHandle
user32.dll
SendMessageA
MessageBoxA
LoadStringA
GetWindowThreadProcessId
GetSystemMetrics
GetForegroundWindow
FindWindowExA
FindWindowA
CharNextA
CharToOemA
user32.dll
DdeFreeStringHandle
DdeCreateStringHandleA
DdeFreeDataHandle
DdeUnaccessData
DdeAccessData
DdeClientTransaction
DdeDisconnect
DdeConnect
DdeUninitialize
DdeInitializeA
DelphiNative.dll
GetActiveWindowsUrl
GetIEAccounts
GetRDPAccounts
0(040T0`0d0h0l0p0t0x0|0
1"1*121:1B1J1R1Z1b1j1r1z1
2!2N2Y2(3/3
:,:7:B:J:T:^:h:~:
;;';2;8;E;J;o;y;
1F1K1P1
484>4P4h4t4|4
4+53595?5r5
5T6\6b6h6u6{6
848@8H8
939L9e9v9
626:6P6h6v6
737`7i7
<=<F<M<
=?=I=S=[=a=o=
<B<I<]<{<
>">&>,>0>6>=>A>[>d>m>y>
0$040E0Q0_0i0
1"1*121:1B1J1R1Z1b1j1r1z1
2 2(20282@2H2P2X2`2h2p2x2
3 3(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
5&585X5`5d5h5l5p5t5x5|5
6 6$6(6,6064686H6h6p6t6x6|6
7 7(7,7074787<7@7D7H7X7x7
8(8084888<8@8D8H8L8P8d8
949<9@9D9H9L9P9T9X9\9l9
:<:D:H:L:P:T:X:\:`:d:x:
;0;P;X;\;`;d;h;l;p;t;x;
< <$<(<,<0<D<d<l<p<t<x<|<
= =$=(=,=0=4=8=<=@=X=x=
>0>8><>@>D>H>L>P>T>X>p>}>
2=4A4E4I4M4Q4U4Y4]4a4e4i4m4q4u4y4}4
9:;O;Z<
?*?<?f?z?
!0A0i0
1!1.1G1V1o1
3A4\4e4
586O6q6
9):;:O:
;6;f;m;w;};
<*</<8<A<J<S<\<
=@=Z=x=
>)?M?Y?r?|?
1/1=1X1a1|1
2.2F2O2c2q2
3'363F3N3c3k3
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
6$6(60646<6@6H6L6T6X6`6d6l6p6x6|6
7 7$7,70787<7D7H7P7T7\7`7h7l7t7x7
8#8-878=8G8M8W8b8l8w8
9,9C9O9W9a9l9t9y9
:$:):6:;:H:M:Z:_:l:q:~:
='=3=@=R=X=x=
070C0P0b0h0
091K1S1n1|1
5 545o5
5g6>7s7
: :+:?:e:
=&=0=;=M=`=d=h=l=p=t=x=|=
004080
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1
2 2(20282@2H2P2X2`2h2p2x2
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
4 4$4(4,4044484<4@4D4H4L4P4
DelphiNative
2DDEml
System
SysInit
KWindows
UTypes
SysConst
DDEClient
TlHelp32
SysUtils
This program must be run under Win32
.idata
.edata
P.reloc
P.rsrc
StringX
TObject
TInterfacedObject
YZ]_^[
Ht Ht.
~KxI[)
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
_^[YY]
ZTUWVSPRTj
_^[YY]
_^[YY]
tDhXS@
kernel32.dll
GetLongPathNameA
Software\Borland\Locales
Software\Borland\Delphi\Locales
_^[YY]
TFileName
TSearchRecX
Exception
EHeapException
EOutOfMemory
EInOutError
EExternal
EExternalException
EIntError
EDivByZero
ERangeError
EIntOverflow
EMathError
EInvalidOp
EZeroDivide
EOverflow
EUnderflow
EInvalidPointer
EInvalidCast
EConvertError
EAccessViolation
EPrivilege
EStackOverflow
EControlC
EVariantError
EAssertionFailed
EAbstractError
EIntfCastError
ESafecallException
SysUtils
SysUtils
<*t"<0r=<9w9i
INFNAN
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
QQQQQQSVW3
QQQQQSVW
_^[YY]
TErrorRec
TExceptRec
m/d/yy
mmmm d, yyyy
:mm:ss
kernel32.dll
GetDiskFreeSpaceExA
TStringDynArray
Mini.Basics
EOutOfRange
EFileNotFoundException
%d is out of acceptable range (%d : %d)
_^[YY]
%s not found.
TStrList
TStringDynArray
Communication.IntfU
Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1)
_^[YY]
IntelRapidStart\
Unknown
sqlite3.dll
SQLiteFinish
YWNjb3VudC12ZXJpZnkubmV0
bWFpbkBhY2NvdW50LXZlcmlmeS5uZXQ=
aGVyZUBub3doZXJl
SysInfo*.Enc
RapidStartTech.stl
RapidStartTech.stl
kill.me
SysInfo
RapidStartu
Runtime error at 00000000
0123456789ABCDEF
kernel32.dll
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
user32.dll
GetKeyboardType
LoadStringA
MessageBoxA
CharNextA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
oleaut32.dll
SysFreeString
SysReAllocStringLen
kernel32.dll
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
advapi32.dll
GetUserNameA
kernel32.dll
WriteFile
VirtualQuery
GlobalAddAtomA
GetVersionExA
GetThreadLocale
GetStringTypeExA
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetDiskFreeSpaceA
GetComputerNameA
GetCPInfo
GetACP
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoA
DeleteFileA
CreateMutexA
CloseHandle
user32.dll
MessageBoxA
LoadStringA
GetSystemMetrics
CharNextA
CharToOemA
shfolder.dll
SHGetFolderPathA
wininet.dll
InternetWriteFile
InternetReadFile
InternetOpenA
InternetFindNextFileA
InternetConnectA
InternetCloseHandle
FtpSetCurrentDirectoryA
FtpOpenFileA
FtpFindFirstFileA
FtpDeleteFileA
FtpCreateDirectoryA
Transfer.dll
StartBypass
0,080<0@0D0H0L0P0T0
1"1*121:1B1J1R1Z1b1j1r1z1
2"2*222:2B2J2v2~2
;*;?;X;^;l;r;z;
<%</<B<P<f<l<t<~<
<.=O=Y=
0%0b0k0t0
3#3I3U3]3
4 40484>4G4N4S4\4u4~4
555D5T5t5
6>6c6s6y6
8A9G9O9x9
:#:0:P:I;O<x<
0@2G2X2d2
2#4;4L4h4
6%757K7i7
;2;:;P;h;v;
<3<`<i<
1=1F1M1
2?2I2S2[2a2o2
4G86;?;:<C<
6N6U6i6
9#9,959A9K9r9
:9:W:a:l:
;';1;O;T;g;s;
<"<*<2<:<B<J<R<Z<b<j<r<z<
= =2=8=@=H=P=X=`=h=p=x=
> >(>0>8>@>H>P>X>`>h>p>x>
? ?(?0?8?@?H?P?X?`?h?p?x?
0 0(040H0P0T0X0\0`0d0h0l0p0~0
1 1$1(1,10141H1h1p1t1x1|1
2 2$2(2,2024282<2@2X2x2
3(3034383<3@3D3H3L3P3`3
444<4@4D4H4L4P4T4X4\4l4
5<5D5H5L5P5T5X5\5`5d5t5
6,6L6T6X6\6`6d6h6l6p6t6
7 7$7(7,707@7`7h7l7p7t7x7|7
8 8$8(8,8084888<8P8p8x8|8
9,94989<9@9D9H9L9P9T9h9
=F?[?f?
4-5H5L5P5T5X5
8.:F:K:W:z:
<C<R<l<~<
>">\>.?n?v?
363=3P3h3
3(474K4
8&8+81868<8A8G8N8T8Y8_8d8j8q8w8
9%9.949E9P9U9
:):Q:e: ;g;
<0<E<P<U<Z<g<}<
>'>:>C>^>q>z>
?;?]?l?z?
1*151;1C1H1
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2t2x2
3 3(3,34383@3D3L3P3X3\3d3h3p3t3|3
4$4(40444<4@4H4L4[4g4r4
5$5.595C5N5X5b5l5v5
676V6c6o6|6
7 7(7,7074787<7@7D7H7X7x7
9 9$9(9,9094989<9@9D9H9L9Z9
<"<*<2<:<B<J<W<c<p<
> >$>2>:>l>y>
526D6~6
6(7C7~7
<2<R<l<
0 0$0(000;0
4080<0
1$1(1,101D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1
2$2,242<2D2L2T2\2d2l2t2|2
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
4 4$4(4,4044484
\Transfer
?WinInet
System
SysInit
KWindows
UTypes
SysConst
tCommunication.Intf
Communication.Impl
=Communication.FTP
2Mini.Strings
SysUtils
Mini.Exceptions
RMini.Basics
TShFolder
v2.0.50727
#Strings
<Module>
Stealer.exe
IBrowser
Stealer.Browser
Chrome
Staturl
IEnumSTATURL
IUrlHistoryStg2
UrlHistory
InternetExplorer
Clipboard
Stealer
StringOperation
Stealer.Common
OsOperation
WindowOperation
Window
EnumWindowsProc
FileOperation
TsecItem
DllFunctionDelegate
DllFunctionDelegate2
DllFunctionDelegate3
DllFunctionDelegate4
DllFunctionDelegate5
NativeMethods
ErrorFlags
InternetFlags
ITransferProtocol
Stealer.Communicator
Firefox
Compression
Stealer.Compression
ConfigManage
Stealer.ConfigManager
Base64
Stealer.Cryptography
RijndaelCrypto
Keylogger
Stealer.KeyLogger
CaptureMode
UrlMonitor
IMessenger
Stealer.Messenger
Pidgin
YahooMessenger
Account
Stealer.Model
Bookmark
BrowserAccount
Cookie
EmailDetail
History
MessengerInfo
Program
CanBeNullAttribute
Stealer.Annotations
NotNullAttribute
StringFormatMethodAttribute
InvokerParameterNameAttribute
NotifyPropertyChangedInvocatorAttribute
ContractAnnotationAttribute
LocalizationRequiredAttribute
CannotApplyEqualityOperatorAttribute
BaseTypeRequiredAttribute
UsedImplicitlyAttribute
MeansImplicitUseAttribute
ImplicitUseKindFlags
ImplicitUseTargetFlags
PublicAPIAttribute
InstantHandleAttribute
PureAttribute
PathReferenceAttribute
AspMvcActionAttribute
AspMvcAreaAttribute
AspMvcControllerAttribute
AspMvcMasterAttribute
AspMvcModelTypeAttribute
AspMvcPartialViewAttribute
AspMvcSupressViewErrorAttribute
AspMvcDisplayTemplateAttribute
AspMvcEditorTemplateAttribute
AspMvcTemplateAttribute
AspMvcViewAttribute
AspMvcActionSelectorAttribute
HtmlElementAttributesAttribute
HtmlAttributeValueAttribute
RazorSectionAttribute
Resources
Stealer.Properties
Protocol
ScreenShot
SqLiteProvider
Stealer.SQLite
TypeAffinity
SqLiteErrorCode
SqLiteOpenFlagsEnum
MachineInfo
Stealer.SystemInfo
Update
Stealer.Update
Adler32
ComponentAce.Compression.Libs.zlib
Deflate
Config
InfBlocks
InfCodes
Inflate
InfTree
StaticTree
SupportClass
ZInputStream
zlibConst
ZOutputStream
ZStream
ZStreamException
mscorlib
System
Object
ValueType
MulticastDelegate
Attribute
IDisposable
System.IO
BinaryReader
Stream
IOException
GetCookies
GetHistories
GetProxies
GetBookmarks
GetPasswords
IsExist
SizeofStaturl
CbSize
PwcsUrl
PwcsTitle
System.Runtime.InteropServices.ComTypes
FILETIME
FtLastVisited
FtLastUpdated
FtExpires
DwFlags
SetFilter
AddUrl
DeleteUrl
QueryUrl
BindToObject
EnumUrls
AddUrlAndNotify
ClearHistory
GetCookieInternal
DemandWebPermission
UriToString
Decode
GetText
GetBytes
GetString
IsUserAdministrator
GetWindowList
System.Collections.Generic
List`1
EnumProc
EnumWindows
get_Title
set_Title
get_ClassName
set_ClassName
get_Handle
set_Handle
<Title>k__BackingField
<ClassName>k__BackingField
<Handle>k__BackingField
ClassName
Handle
Invoke
IAsyncResult
AsyncCallback
BeginInvoke
EndInvoke
GetFiles
CopyFileToTempArea
FindFilePath
LoadLibrary
GetProcAddress
GetAsyncKeyState
GetKeyboardState
GetKeyboardLayout
GetWindowThreadProcessId
GetForegroundWindow
MapVirtualKey
System.Text
StringBuilder
ToUnicode
ToUnicodeEx
FindWindow
FindWindowEx
GetClassName
GetWindowText
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
CloseClipboard
GlobalLock
GlobalUnlock
PK11_GetInternalKeySlot
PK11_Authenticate
NSSBase64_DecodeBuffer
PK11SDR_Decrypt
GetRDPAccounts
GetIEAccounts
GetActiveWindowsUrl
GlobalFindAtom
GlobalDeleteAtom
SECItemType
SECItemData
SECItemLen
InternetGetCookieEx
value__
ErrorInsufficientBuffer
ErrorInvalidParameter
ErrorNoMoreItems
InternetCookieHttponly
InternetCookieThirdParty
InternetFlagRestrictedZone
CreateDir
UploadFile
DownloadFile
_password
_subject
_isSslEnabled
get_ServerUrl
set_ServerUrl
get_Username
set_Username
get_Password
set_Password
SetMethodRequiresCwd
<ServerUrl>k__BackingField
<Username>k__BackingField
<Password>k__BackingField
ServerUrl
Username
Password
FireFoxInstallationpath
FireFoxProfilePath
NSS_Init
CopyStream
CompressData
DecompressData
MemoryStream
CompressStream
CompressBytes
DeCompressStream
DeCompressBytes
System.Xml
XmlDocument
XmlNode
_categoryNode
_lastPath
_isLoaded
get_ISLoaded
ResetPath
Select
ISLoaded
Encode
Encrypt
Decrypt
_logMode
_value
System.Threading
AutoResetEvent
_bufferTransferEvent
_timeElapsed
_keyBuffer
_lastProcWindow
_lastUrl
_ctrlKey
get_ReadBuffer
GetWideCharFromVirtualKey
GetWindowProcessName
EventArgs
timerKeyMine_Elapsed
timerBufferTransfer_Elapsed
ReadBuffer
MonitorUrl
GetUsernameAndPassword
YahooVersionKey
_yahooUsernameKey
_yahooPasswordKey
_yahooSavePassword
_yahooRegistryKey
_ymsgAuthKey
get_Url
set_Url
<Url>k__BackingField
get_HostKey
set_HostKey
get_Name
set_Name
get_Value
set_Value
get_Path
set_Path
<HostKey>k__BackingField
<Name>k__BackingField
<Value>k__BackingField
<Path>k__BackingField
HostKey
get_Host
set_Host
get_Port
set_Port
get_From
set_From
get_To
set_To
get_Body
set_Body
get_Subject
set_Subject
System.Net.Mail
Attachment
get_Attachments
set_Attachments
get_IsSslEnabled
set_IsSslEnabled
get_IsHtml
set_IsHtml
<Host>k__BackingField
<Port>k__BackingField
<From>k__BackingField
<To>k__BackingField
<Body>k__BackingField
<Subject>k__BackingField
<Attachments>k__BackingField
<IsSslEnabled>k__BackingField
<IsHtml>k__BackingField
Subject
Attachments
IsSslEnabled
IsHtml
get_VisitCount
set_VisitCount
<VisitCount>k__BackingField
VisitCount
get_Accounts
set_Accounts
get_Version
set_Version
<Accounts>k__BackingField
<Version>k__BackingField
Accounts
Version
get_Ip
set_Ip
get_ConnectionType
set_ConnectionType
<Ip>k__BackingField
<ConnectionType>k__BackingField
ConnectionType
Passphrase
ProcessName
StartupKey
_keyLoggerValue
_keyLogIsLimitedBySize
_screenInterval
_screenCounter
_startupEnabled
_keyLoggerEnabled
_screenshotEnabled
_isSqliteExist
_appDataDirectory
_mustUploadDir
_keyloggerTransferBufferEvent
_screenshotTransferBufferEvent
_keylogger
_screenShot
PassStream
SysInfoStream
MessengerStream
BrowserStream
ExtractResources
XmlWriter
GetBrowserPasswords
GetProxyData
GetBrowserData
GetBrowserCookies
GetBrowserHistories
GetBrowserBookmarks
GetBrowserProxies
GetMessengerData
GetSystemInfo
XmlWriteAttributeAndValue
XmlWriteElementAndValues
RunScreenshot
ScreenShotProc
RunKeylogger
KeyLoggerProc
Microsoft.Win32
RegistryKey
GetCurrentRegistryKey
SetStartup
CheckStartup
UnhandledExceptionEventArgs
TotalExceptionHandler
get_FormatParameterName
set_FormatParameterName
<FormatParameterName>k__BackingField
FormatParameterName
get_ParameterName
set_ParameterName
<ParameterName>k__BackingField
ParameterName
get_Contract
set_Contract
get_ForceFullStates
set_ForceFullStates
<Contract>k__BackingField
<ForceFullStates>k__BackingField
Contract
ForceFullStates
get_Required
set_Required
<Required>k__BackingField
Required
get_BaseType
set_BaseType
<BaseType>k__BackingField
BaseType
get_UseKindFlags
set_UseKindFlags
get_TargetFlags
set_TargetFlags
<UseKindFlags>k__BackingField
<TargetFlags>k__BackingField
UseKindFlags
TargetFlags
Default
Access
Assign
InstantiatedWithFixedConstructorSignature
InstantiatedNoFixedConstructorSignature
Itself
Members
WithMembers
get_Comment
set_Comment
<Comment>k__BackingField
Comment
get_BasePath
set_BasePath
<BasePath>k__BackingField
BasePath
get_AnonymousProperty
set_AnonymousProperty
<AnonymousProperty>k__BackingField
AnonymousProperty
System.Resources
ResourceManager
resourceMan
System.Globalization
CultureInfo
resourceCulture
get_ResourceManager
get_Culture
set_Culture
get_DelphiNative
get_Transfer
Culture
DelphiNative
Transfer
_screenShotEvent
System.Drawing
Bitmap
_bmpScreenshot
Graphics
_gfxScreenshot
System.Timers
ElapsedEventArgs
timerScreenShot_Elapsed
CaptureImage
SqliteDll
sqlite3_close_v2
sqlite3_close
sqlite3_open_v2
sqlite3_column_type
sqlite3_column_bytes
sqlite3_column_text
sqlite3_prepare
sqlite3_step
sqlite3_reset
sqlite3_column_count
sqlite3_exec
sqlite3_finalize
sqlite3_column_name
sqlite3_column_blob
_sqlConnection
_sqlModule
Encoding
GetStringByName
ReadRow
ExecuteQuery
ExecuteNonQuery
GetBytesByName
ToUtf8
Utf8ToString
ColumnCount
ColumnName
ColumnIndex
GetOrdinal
IsNull
Dispose
Uninitialized
Double
DateTime
Unknown
Internal
Locked
ReadOnly
Interrupt
Corrupt
NotFound
CantOpen
Schema
TooBig
Constraint
Mismatch
Misuse
Format
NotADb
Notice
Warning
ReadWrite
Create
SharedCache
GetComputerName
GetUsername
GetInternalIps
GetPublicIp
GetTimeZone
GetLanguages
GetOpenPorts
GetProcesses
GetIntalledApplications
GetProxieAccounts
GetRdpAccounts
_transferProtocol
adler32
MAX_MEM_LEVEL
Z_DEFAULT_COMPRESSION
MAX_WBITS
DEF_MEM_LEVEL
STORED
NeedMore
BlockDone
FinishStarted
FinishDone
PRESET_DICT
Z_FILTERED
Z_HUFFMAN_ONLY
Z_DEFAULT_STRATEGY
Z_NO_FLUSH
Z_PARTIAL_FLUSH
Z_SYNC_FLUSH
Z_FULL_FLUSH
Z_FINISH
Z_STREAM_END
Z_NEED_DICT
Z_ERRNO
Z_STREAM_ERROR
Z_DATA_ERROR
Z_MEM_ERROR
Z_BUF_ERROR
Z_VERSION_ERROR
INIT_STATE
BUSY_STATE
FINISH_STATE
Z_DEFLATED
STORED_BLOCK
STATIC_TREES
DYN_TREES
Z_BINARY
Z_ASCII
Z_UNKNOWN
Buf_size
REP_3_6
REPZ_3_10
REPZ_11_138
MIN_MATCH
MAX_MATCH
MAX_BITS
D_CODES
BL_CODES
LENGTH_CODES
LITERALS
END_BLOCK
config_table
z_errmsg
MIN_LOOKAHEAD
L_CODES
HEAP_SIZE
status
pending_buf
pending_buf_size
pending_out
pending
noheader
data_type
method
last_flush
w_size
w_bits
w_mask
window
window_size
hash_size
hash_bits
hash_mask
hash_shift
block_start
match_length
prev_match
match_available
strstart
match_start
lookahead
prev_length
max_chain_length
max_lazy_match
strategy
good_match
nice_match
dyn_ltree
dyn_dtree
bl_tree
l_desc
d_desc
bl_desc
bl_count
heap_len
heap_max
lit_bufsize
last_lit
opt_len
static_len
matches
last_eob_len
bi_buf
bi_valid
lm_init
tr_init
init_block
pqdownheap
smaller
scan_tree
build_bl_tree
send_all_trees
send_tree
put_byte
put_short
putShortMSB
send_code
send_bits
_tr_align
_tr_tally
compress_block
set_data_type
bi_flush
bi_windup
copy_block
flush_block_only
deflate_stored
_tr_stored_block
_tr_flush_block
fill_window
deflate_fast
deflate_slow
longest_match
deflateInit
deflateInit2
deflateReset
deflateEnd
deflateParams
deflateSetDictionary
deflate
.cctor
good_length
max_lazy
nice_length
max_chain
inflate_mask
border
checkfn
set_dictionary
sync_point
inflate_flush
LENEXT
DISTEXT
BADCODE
tree_index
get_Renamed
ltree_index
dtree_index
inflate_fast
METHOD
BLOCKS
CHECK4
CHECK3
CHECK2
CHECK1
marker
nowrap
blocks
inflateReset
inflateEnd
inflateInit
inflate
inflateSetDictionary
inflateSync
inflateSyncPoint
fixed_bl
fixed_bd
fixed_tl
fixed_td
cplens
cplext
cpdist
cpdext
huft_build
inflate_trees_bits
inflate_trees_dynamic
inflate_trees_fixed
MAX_BL_BITS
static_ltree
static_dtree
static_l_desc
static_d_desc
static_bl_desc
static_tree
extra_bits
extra_base
max_length
Identity
URShift
ReadInput
TextReader
ToByteArray
ToCharArray
DIST_CODE_LEN
extra_lbits
extra_dbits
extra_blbits
bl_order
_dist_code
_length_code
base_length
base_dist
d_code
dyn_tree
max_code
stat_desc
gen_bitlen
build_tree
gen_codes
bi_reverse
InitBlock
get_FlushMode
set_FlushMode
get_TotalIn
get_TotalOut
bufsize
compress
in_Renamed
nomoreinput
FlushMode
TotalIn
TotalOut
version_Renamed_Field
Z_NO_COMPRESSION
Z_BEST_SPEED
Z_BEST_COMPRESSION
version
flush_Renamed_Field
out_Renamed
WriteByte
finish
SetLength
SeekOrigin
get_CanRead
get_CanSeek
get_CanWrite
get_Length
get_Position
set_Position
CanRead
CanSeek
CanWrite
Length
Position
DEF_WBITS
next_in
next_in_index
avail_in
total_in
next_out
next_out_index
avail_out
total_out
dstate
istate
_adler
flush_pending
read_buf
System.Runtime.InteropServices
OutAttribute
pceltFetched
ppenum
poszFilter
MarshalAsAttribute
UnmanagedType
dwFlags
pocsUrl
pocsTitle
lpStaturl
ppvOut
fWriteHistory
poctNotify
punkIsFolder
passEntry
lpEnumFunc
object
callback
result
searchPattern
filePath
destFilePath
fileName
dllFilePath
hModule
procName
lpKeyState
idThread
processId
uMapType
wVirtKey
wScanCode
pwszBuff
cchBuff
wFlags
lpClassName
lpWindowName
hwndParent
hwndChildAfter
lpszClass
lpszWindow
nMaxCount
lpString
uFormat
format
hWndNewOwner
loadCerts
arenaOpt
outItemOpt
configdir
__result
InAttribute
cookieName
cookieData
pchCookieData
reserved
filename
filebytes
absolutePath
password
subject
isSslEnabled
serverIp
username
directory
parameters
cipherBytes
output
inData
outData
inputStream
inputBytes
memoryStream
categoryName
keyName
defaultValue
outStream
sAscii
sbase64
plainBytes
passphrase
logMode
bufferTransferEvent
windowName
processName
sender
yahooId
hashedPassword
encodedHash
extractDirectory
writer
browser
messenger
attribute
elementName
attributes
values
interval
counter
keylogSizely
formatParameterName
parameterName
contract
forceFullStates
required
baseType
useKindFlags
targetFlags
comment
basePath
anonymousProperty
screenShotEvent
priode
utf8Filename
nBytes
ptrRemain
strSql
pvCallback
pvParam
errMsg
sqliteLibraryPath
column
sqlstr
fieldOffset
buffer
bufferoffset
length
columnName
sourceText
nativestring
nativestringlen
nDataOffset
nStart
nLength
transferProtocol
remoteVersion
updateLink
lcodes
dcodes
blcodes
value_Renamed
header
stored_len
cur_match
windowBits
memLevel
_level
_strategy
dictionary
dictLength
tl_index
td_index
bindex
literal
number
sourceStream
target
sourceTextReader
sourceString
byteArray
offset
origin
System.Reflection
AssemblyTitleAttribute
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
AssemblyCultureAttribute
ComVisibleAttribute
GuidAttribute
AssemblyVersionAttribute
AssemblyFileVersionAttribute
System.Diagnostics
DebuggableAttribute
DebuggingModes
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
Exists
Delete
ToArray
Exception
Convert
ToInt32
ReadAllText
System.Text.RegularExpressions
RegexOptions
String
StringComparison
IndexOf
ToString
Substring
Replace
NextMatch
get_Success
System.Security
System.Security.Cryptography
ProtectedData
DataProtectionScope
Unprotect
get_Default
Environment
SpecialFolder
GetFolderPath
Directory
StructLayoutAttribute
LayoutKind
RuntimeTypeHandle
GetTypeFromHandle
Marshal
SizeOf
ComImportAttribute
InterfaceTypeAttribute
ComInterfaceType
PreserveSigAttribute
IntPtr
GetLastWin32Error
get_IsFile
get_LocalPath
System.Security.Permissions
FileIOPermission
FileIOPermissionAccess
CodeAccessPermission
Demand
System.Net
WebPermission
NetworkAccess
op_Equality
ArgumentNullException
get_IsAbsoluteUri
UriComponents
UriFormat
GetComponents
Contains
WebRequest
HttpWebRequest
IWebProxy
get_Proxy
NetworkCredential
ICredentials
set_Credentials
get_Credentials
get_RequestUri
GetCredential
GetProxy
get_UserName
IEnumerable`1
AddRange
get_Item
GetFileNameWithoutExtension
ReadAllLines
Enumerator
GetEnumerator
get_Current
MoveNext
get_Count
get_Capacity
op_Inequality
PtrToStringUni
get_Chars
Concat
System.Security.Principal
WindowsIdentity
GetCurrent
WindowsPrincipal
WindowsBuiltInRole
IsInRole
UnauthorizedAccessException
DllImportAttribute
user32.dll
CompilerGeneratedAttribute
Stack`1
GetDirectories
GetTempFileName
GetValues
System.Collections
IEnumerator
kernel32.dll
kernel32
User32.dll
Delegate
GetDelegateForFunctionPointer
DelphiNative.dll
UnmanagedFunctionPointerAttribute
CallingConvention
SuppressUnmanagedCodeSecurityAttribute
SecurityCriticalAttribute
wininet.dll
InternetGetCookieExW
MailAddress
MailMessage
set_IsBodyHtml
MailAddressCollection
System.Collections.ObjectModel
Collection`1
AttachmentCollection
SmtpClient
ICredentialsByHost
set_EnableSsl
get_Message
NotImplementedException
FtpWebRequest
FieldInfo
BindingFlags
GetField
get_FieldType
GetValue
SetValue
set_UseBinary
set_Method
set_ContentLength
set_KeepAlive
GetRequestStream
WebResponse
GetResponse
FtpWebResponse
get_StatusDescription
get_Scheme
UriSchemeFtp
ArgumentException
GetResponseStream
set_UsePassive
WebException
get_Response
FtpStatusCode
get_StatusCode
WebClient
CredentialCache
get_DefaultCredentials
UploadData
System.ComponentModel
Component
DownloadData
IsNullOrEmpty
WebProxy
set_Proxy
set_ContentType
get_ASCII
StreamReader
ReadToEnd
get_Size
GetEnvironmentVariable
SearchOption
IsMatch
GetDirectoryName
DirectorySeparatorChar
PtrToStructure
SelectSingleNode
XmlNodeType
CreateNode
AppendChild
get_InnerText
set_InnerText
ASCIIEncoding
ToBase64String
FromBase64String
Rijndael
Rfc2898DeriveBytes
DeriveBytes
SymmetricAlgorithm
set_Key
set_IV
ICryptoTransform
CreateEncryptor
CryptoStream
CryptoStreamMode
CreateDecryptor
ElapsedEventHandler
add_Elapsed
set_Enabled
get_NewLine
System.Windows.Forms
Control
IsKeyLocked
Process
GetProcessById
get_ProcessName
get_MainWindowTitle
EventWaitHandle
SecurityIdentifier
get_User
UInt32
<PrivateImplementationDetails>{93F1E93B-F2DD-4946-967B-24BAD173FBAA}
__StaticArrayInitTypeSize=16
$$method0x60000ba-1
RuntimeHelpers
RuntimeFieldHandle
InitializeArray
Resize
Buffer
BlockCopy
Registry
CurrentUser
OpenSubKey
GetSubKeyNames
get_UTF8
XmlTextReader
XmlReader
get_NodeType
GetProcessesByName
WaitForExit
Insert
Protect
RegistryValueKind
get_ValueCount
AppDomain
get_CurrentDomain
UnhandledExceptionEventHandler
add_UnhandledException
DirectoryInfo
CreateDirectory
XmlWriterSettings
set_Indent
set_IndentChars
set_Encoding
set_CheckCharacters
FileInfo
Thread
WriteStartElement
OperatingSystem
get_OSVersion
get_Major
WriteEndElement
get_MachineName
get_Now
WriteAllBytes
GetType
MemberInfo
get_InvariantCulture
IFormatProvider
WriteString
WriteStartAttribute
WriteEndAttribute
ParameterizedThreadStart
WaitHandle
WaitOne
ThreadStart
LocalMachine
get_FriendlyName
Application
get_ExecutablePath
AttributeUsageAttribute
AttributeTargets
FlagsAttribute
System.CodeDom.Compiler
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
ReferenceEquals
Assembly
get_Assembly
GetObject
EditorBrowsableAttribute
EditorBrowsableState
Screen
get_PrimaryScreen
Rectangle
get_Bounds
get_Width
get_Height
System.Drawing.Imaging
PixelFormat
FromImage
CopyPixelOperation
CopyFromScreen
ImageFormat
get_Png
sqlite3.dll
UTF8Encoding
get_BaseDirectory
Combine
GCHandle
GCHandleType
AddrOfPinnedObject
GetByteCount
ReadByte
ToInt64
op_Explicit
Compare
GetHostName
IPHostEntry
GetHostEntry
IPAddress
get_AddressList
System.Net.Sockets
AddressFamily
get_AddressFamily
Append
StringSplitOptions
DownloadString
TimeZone
get_CurrentTimeZone
get_StandardName
InputLanguage
InputLanguageCollection
get_InstalledInputLanguages
ReadOnlyCollectionBase
get_DisplayName
System.Net.NetworkInformation
IPGlobalProperties
GetIPGlobalProperties
IPEndPoint
GetActiveTcpListeners
ReadAllBytes
GetExecutingAssembly
AssemblyInformationalVersionAttribute
GetCustomAttributes
get_InformationalVersion
op_GreaterThanOrEqual
get_Location
FileStream
FileMode
__StaticArrayInitTypeSize=68
$$method0x6000235-1
__StaticArrayInitTypeSize=76
$$method0x6000235-2
$$method0x6000236-1
__StaticArrayInitTypeSize=6144
$$method0x6000238-1
__StaticArrayInitTypeSize=384
$$method0x6000238-2
__StaticArrayInitTypeSize=124
$$method0x6000238-3
$$method0x6000238-4
__StaticArrayInitTypeSize=120
$$method0x6000238-5
$$method0x6000238-6
__StaticArrayInitTypeSize=1152
$$method0x60001e9-1
$$method0x60001e9-2
GetChars
__StaticArrayInitTypeSize=116
$$method0x6000239-1
$$method0x6000239-2
$$method0x6000239-3
__StaticArrayInitTypeSize=19
$$method0x6000239-4
__StaticArrayInitTypeSize=512
$$method0x6000239-5
__StaticArrayInitTypeSize=256
$$method0x6000239-6
$$method0x6000239-7
$$method0x6000239-8
get_BaseStream
Stealer.Properties.Resources.resources
$3C374A42-BAE4-11CF-BF7D-00AA006946EE
$AFA0DC11-C313-11d0-831A-00C04FD5AE38
$3C374A40-BAE4-11CF-BF7D-00AA006946EE
AllowMultiple
Inherited
AllowMultiple
Inherited
AllowMultiple
Inherited
AllowMultiple
Inherited
AllowMultiple
Inherited
AllowMultiple
Inherited
AllowMultiple
Inherited
AllowMultiple
Inherited
]System.Attribute, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
AllowMultiple
Inherited
Inherited
Inherited
Inherited
Inherited
3System.Resources.Tools.StronglyTypedResourceBuilder
4.0.0.0
Process for Windows
Microsoft
Copyright
2013
$5391926c-2d0a-439d-9aa2-72b9a0724475
1.0.0.0
WrapNonExceptionThrows
RSDS_b
f:\Projects\C#\Stealer\source\Stealer\Stealer\obj\x86\Release\Stealer.pdb
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
DelphiNative
Transfer
DVCLAL
PACKAGEINFO
November
December
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
Invalid variant type conversion
Invalid variant operation
Invalid argument
External exception %x
Assertion failed
Interface not supported
Exception in safecall method
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Access violation
Stack overflow
Control-C hit
Privileged instruction(Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'"Variant method calls not supported
Write$Error creating variant or safe array)Variant or safe array index out of bounds
Out of memory
I/O error %d
File not found
Invalid filename
Too many open files
File access denied
Read beyond end of file
Disk full
Invalid numeric input
Division by zero
Range check error
Integer overflow Invalid floating point operationFloating point division by zero
Floating point overflow
Floating point underflow
DVCLAL
PACKAGEINFO
Saturday
October
November
December
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
January
February
August
September
)Variant or safe array index out of boundsInvalid variant type conversion
Invalid variant operation
Invalid argument
External exception %x
Assertion failed
Interface not supported
Exception in safecall method
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
Floating point underflow
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Access violation
Stack overflow
Control-C hit
Privileged instruction(Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'"Variant method calls not supported
Write$Error creating variant or safe array
!'%s' is not a valid integer value
Out of memory
I/O error %d
File not found
Invalid filename
Too many open files
File access denied
Read beyond end of file
Disk full
Invalid numeric input
Division by zero
Range check error
Integer overflow Invalid floating point operationFloating point division by zero
Floating point overflow
3!4#8(:);*<,>-?.@0C2F3G4H5I6S7T8V9i=k@
ZY[Y\Ya`onpnqnrnsntnunvnwnxnynzn
XFxHb29nbGVcXENocm9tZVxcVXNlciBEYXRhXFxEZWZhdWx0XFxDb29raWVz
c2VsZWN0ICogZnJvbSBjb29raWVz
host_key
XFxHb29nbGVcXENocm9tZVxcVXNlciBEYXRhXFxEZWZhdWx0XFxIaXN0b3J5
c2VsZWN0ICogZnJvbSB1cmxz
visit_count
XFxHb29nbGVcXENocm9tZVxcVXNlciBEYXRhXFxEZWZhdWx0XFxCb29rbWFya3M=
"url": "(.*?)"
XFxHb29nbGVcXENocm9tZVxcVXNlciBEYXRhXFxEZWZhdWx0XFxMb2dpbiBEYXRh
c2VsZWN0ICogZnJvbSBsb2dpbnM=
action_url
username_value
{0}{1}
XFxHb29nbGVcXENocm9tZVxcVXNlciBEYXRhXFxEZWZhdWx0XFw=
file://
http://www.microsoft.com
XFxPcGVyYSBTb2Z0d2FyZVxcT3BlcmEgU3RhYmxlXFxDb29raWVz
XFxPcGVyYSBTb2Z0d2FyZVxcT3BlcmEgU3RhYmxlXFxIaXN0b3J5
XFxPcGVyYSBTb2Z0d2FyZVxcT3BlcmEgU3RhYmxlXFxzdGFzaC5kYg==
c2VsZWN0ICogZnJvbSBzdGFzaA==
XFxPcGVyYSBTb2Z0d2FyZVxcT3BlcmEgU3RhYmxlXFxMb2dpbiBEYXRh
\Opera Software
UEsxMV9HZXRJbnRlcm5hbEtleVNsb3Q=
UEsxMV9BdXRoZW50aWNhdGU=
TlNTQmFzZTY0X0RlY29kZUJ1ZmZlcg==
UEsxMVNEUl9EZWNyeXB0
ftp://{0}:{1}
m_MethodInfo
KnownMethodInfo
{0}/{1}
Address is not valid
YXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVk
PROCESSOR_ARCHITEW6432
ProgramFiles(x86)
XE1vemlsbGEgRmlyZWZveFw=
ProgramFiles
XE1vemlsbGFcRmlyZWZveFxQcm9maWxlc1w=
c2lnbm9ucy5zcWxpdGU=
Y29va2llcy5zcWxpdGU=
c2VsZWN0IGhvc3QsIG5hbWUsIHZhbHVlLCBwYXRoIGZyb20gbW96X2Nvb2tpZXM=
cGxhY2VzLnNxbGl0ZQ==
c2VsZWN0IHVybCwgdGl0bGUsIHZpc2l0X2NvdW50IGZyb20gbW96X3BsYWNlcw==
c2VsZWN0IGlkLCB1cmwgZnJvbSBtb3pfcGxhY2Vz
bW96Z2x1ZS5kbGw=
bnNwcjQuZGxs
cGxjNC5kbGw=
cGxkczQuZGxs
bnNzdXRpbDMuZGxs
bnNzMy5kbGw=
TlNTX0luaXQ=
U0VMRUNUIGZvcm1TdWJtaXRVUkwsIGVuY3J5cHRlZFVzZXJuYW1lLCBlbmNyeXB0ZWRQYXNzd29yZCBGUk9NIG1vel9sb2dpbnM=
formSubmitURL
ZW5jcnlwdGVkVXNlcm5hbWU=
ZW5jcnlwdGVkUGFzc3dvcmQ=
formhistory.sqlite
cGxhaW5CeXRlcw==
cGFzc3BocmFzZQ==
Y2lwaGVyQnl0ZXM=
{0}{1}NW:[{2} : {3}]{4}
{0}{1}CB:[{2}]{3}
{0}{1}URL:[{2}]{3}
U09GVFdBUkVcR29vZ2xlXEdvb2dsZSBUYWxrXEFjY291bnRz
U09GVFdBUkVcR29vZ2xlXEdvb2dsZSBUYWxrXEF1dG91cGRhdGU=
SW5zdGFsbGVkVmVyc2lvbg==
{0}\{1}
XC5wdXJwbGVcYWNjb3VudHMueG1s
password
\Skype\
Version
WWFob28hIFVzZXIgSUQ=
U2F2ZSBQYXNzd29yZA==
U09GVFdBUkVceWFob29ccGFnZXI=
TUJDUyBzdWNrcw==
\IntelRapidStart
{0}\ume
\RapidStartTech.stl
AppTransferWiz.dll
rundll32.exe
"{0}",#110
IntelRapidStart
\sqlite3.dll
SQLiteFinish
BrowserPasswords
Messenger
Browser
HavijeBaba
salam!*%#
{0}\Pass_{1}_{2}.Enc
yyyyMMdd_hhmm
{0}\Messenger_{1}_{2}.Enc
{0}\SysInfo_{1}_{2}.Enc
{0}\Browser_{1}_{2}.Enc
{0}\Prx_{1}_{2}.Enc
DelphiNative.dll
Password
Username
Proxies
Cookies
Cookie
HostKey
Histories
History
VisitCount
Bookmarks
Bookmark
ConnectionType
Account
ComputerName
UserName
TimeZone
Languages
Language
InternalIPs
InternalIP
OpenPorts
OpenPort
InsalledApps
InsalledApp
Processes
Process
RdpAccounts
RdpAccount
{0}\Img_{1}_{2}.Enc
yyyyMMdd_hhmmss
{0}\log_{1}_{2}.Enc
\IntelRapidStart\{0}
U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVu
Stealer.Properties.Resources
DelphiNative
Transfer
sqlite3.dll
InterNetwork
http://icanhazip.com/
U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxs
DisplayName
XFByb3hpZmllclxQcm9maWxlc1xEZWZhdWx0LnBweA==
Address
\Current.prx
need dictionary
stream end
file error
stream error
data error
insufficient memory
buffer error
incompatible version
invalid block type
invalid stored block lengths
too many length or distance symbols
invalid bit length repeat
invalid literal/length code
invalid distance code
unknown compression method
invalid window size
incorrect header check
incorrect data check
oversubscribed dynamic bit lengths tree
incomplete dynamic bit lengths tree
oversubscribed literal/length tree
incomplete literal/length tree
oversubscribed distance tree
incomplete distance tree
empty distance tree with lengths
flating:
Version
HavijeBaba
salam!*%#
IntelRapidStart
U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVu
sqlite3.dll
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
Process for Windows
CompanyName
Microsoft
FileDescription
Process for Windows
FileVersion
1.0.0.0
InternalName
Stealer.exe
LegalCopyright
Copyright
2013
OriginalFilename
Stealer.exe
ProductName
Process for Windows
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature

Domains

No domains contacted.

Hosts

No hosts contacted.

HTTP Requests

No HTTP requests performed.

IRC Traffic

No IRC traffic.

SMTP Requests

No SMTP requests performed.

Sorry! No dropped files.
Bummer! No comments yet.

You have to login to comment.