.- - -----÷M÷E÷N÷U÷------------------------------------------------------------- --- ----  -------------.
!  WALL ! STATS ! GOODIES ! YARA ! FAQ ! RSS                                                            !
`--------------  - ---  ---------- -------- -------- -------- -------- ----------------- -  ---- ---- --'

                                           ATM MALWARE NOTICE 
                    34e7060e7a0c0ba24fcb55c641e5b586cef744e10ebd5a9f73ecd2ed2f4e9c1f
 
Date...........: 2009-03-21
Family.........: Trojan.Skimer.15
File name......: 01390aeb5c4bbf2eeb
File size......: 21.00 KB
Type file......: EXE/Windows
Virscan........: VT - HA

Entropy:


Binary Histogram:


=== PEDUMP REPORT === 
=== MZ Header === signature: "MZ" bytes_in_last_block: 80 0x50 blocks_in_file: 2 2 num_relocs: 0 0 header_paragraphs: 4 4 min_extra_paragraphs: 15 0xf max_extra_paragraphs: 65535 0xffff ss: 0 0 sp: 184 0xb8 checksum: 0 0 ip: 0 0 cs: 0 0 reloc_table_offset: 64 0x40 overlay_number: 26 0x1a reserved0: 0 0 oem_id: 0 0 oem_info: 0 0 reserved2: 0 0 reserved3: 0 0 reserved4: 0 0 reserved5: 0 0 reserved6: 0 0 lfanew: 256 0x100 === DOS STUB === 00000000: ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 |........!..L.!..| 00000010: 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 |This program mus| 00000020: 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 |t be run under W| 00000030: 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 |in32..$7........| 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| === PE Header === signature: "PE\x00\x00" # IMAGE_FILE_HEADER: Machine: 332 0x14c x86 NumberOfSections: 8 8 TimeDateStamp: "1992-06-19 22:22:17" PointerToSymbolTable: 0 0 NumberOfSymbols: 0 0 SizeOfOptionalHeader: 224 0xe0 Characteristics: 33166 0x818e EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO 32BIT_MACHINE, BYTES_REVERSED_HI # IMAGE_OPTIONAL_HEADER32: Magic: 267 0x10b 32-bit executable LinkerVersion: 2.25 SizeOfCode: 15360 0x3c00 SizeOfInitializedData: 5120 0x1400 SizeOfUninitializedData: 0 0 AddressOfEntryPoint: 19004 0x4a3c BaseOfCode: 4096 0x1000 BaseOfData: 20480 0x5000 ImageBase: 4194304 0x400000 SectionAlignment: 4096 0x1000 FileAlignment: 512 0x200 OperatingSystemVersion: 4.0 ImageVersion: 0.0 SubsystemVersion: 4.0 Reserved1: 0 0 SizeOfImage: 49152 0xc000 SizeOfHeaders: 1024 0x400 CheckSum: 0 0 Subsystem: 2 2 WINDOWS_GUI DllCharacteristics: 0 0 SizeOfStackReserve: 1048576 0x100000 SizeOfStackCommit: 16384 0x4000 SizeOfHeapReserve: 1048576 0x100000 SizeOfHeapCommit: 4096 0x1000 LoaderFlags: 0 0 NumberOfRvaAndSizes: 16 0x10 === DATA DIRECTORY === EXPORT rva:0x 0 size:0x 0 IMPORT rva:0x 7000 size:0x 694 RESOURCE rva:0x b000 size:0x 200 EXCEPTION rva:0x 0 size:0x 0 SECURITY rva:0x 0 size:0x 0 BASERELOC rva:0x a000 size:0x 45c DEBUG rva:0x 0 size:0x 0 ARCHITECTURE rva:0x 0 size:0x 0 GLOBALPTR rva:0x 0 size:0x 0 TLS rva:0x 9000 size:0x 18 LOAD_CONFIG rva:0x 0 size:0x 0 Bound_IAT rva:0x 0 size:0x 0 IAT rva:0x 0 size:0x 0 Delay_IAT rva:0x 0 size:0x 0 CLR_Header rva:0x 0 size:0x 0 rva:0x 0 size:0x 0 === SECTIONS === NAME RVA VSZ RAW_SZ RAW_PTR nREL REL_PTR nLINE LINE_PTR FLAGS CODE 1000 3a98 3c00 400 0 0 0 0 60000020 R-X CODE DATA 5000 ec 200 4000 0 0 0 0 c0000040 RW- IDATA BSS 6000 6bd 0 4200 0 0 0 0 c0000000 RW- .idata 7000 694 800 4200 0 0 0 0 c0000040 RW- IDATA .tls 8000 8 0 4a00 0 0 0 0 c0000000 RW- .rdata 9000 18 200 4a00 0 0 0 0 50000040 R-- IDATA SHARED .reloc a000 45c 600 4c00 0 0 0 0 50000040 R-- IDATA SHARED .rsrc b000 200 200 5200 0 0 0 0 50000040 R-- IDATA SHARED === TLS === RAW_START RAW_END INDEX CALLBKS ZEROFILL FLAGS 408000 408008 405084 409010 0 0 === RESOURCES === FILE_OFFSET CP LANG SIZE TYPE NAME 0x52b0 0 0 16 RCDATA DVCLAL 0x52c0 0 0 80 RCDATA PACKAGEINFO === IMPORTS === MODULE_NAME HINT ORD FUNCTION_NAME kernel32.dll 0 DeleteCriticalSection kernel32.dll 0 LeaveCriticalSection kernel32.dll 0 EnterCriticalSection kernel32.dll 0 InitializeCriticalSection kernel32.dll 0 VirtualFree kernel32.dll 0 VirtualAlloc kernel32.dll 0 LocalFree kernel32.dll 0 LocalAlloc kernel32.dll 0 GetVersion kernel32.dll 0 GetCurrentThreadId kernel32.dll 0 GetThreadLocale kernel32.dll 0 GetStartupInfoA kernel32.dll 0 GetLocaleInfoA kernel32.dll 0 GetCommandLineA kernel32.dll 0 FreeLibrary kernel32.dll 0 ExitProcess kernel32.dll 0 WriteFile kernel32.dll 0 UnhandledExceptionFilter kernel32.dll 0 RtlUnwind kernel32.dll 0 RaiseException kernel32.dll 0 GetStdHandle user32.dll 0 GetKeyboardType user32.dll 0 MessageBoxA advapi32.dll 0 RegQueryValueExA advapi32.dll 0 RegOpenKeyExA advapi32.dll 0 RegCloseKey kernel32.dll 0 TlsSetValue kernel32.dll 0 TlsGetValue kernel32.dll 0 LocalAlloc kernel32.dll 0 GetModuleHandleA kernel32.dll 0 lstrlenA kernel32.dll 0 lstrcpyA kernel32.dll 0 lstrcmpiA kernel32.dll 0 lstrcatA kernel32.dll 0 WriteFile kernel32.dll 0 WaitForSingleObject kernel32.dll 0 VirtualProtect kernel32.dll 0 VirtualFreeEx kernel32.dll 0 TerminateProcess kernel32.dll 0 Sleep kernel32.dll 0 ReadFile kernel32.dll 0 OpenProcess kernel32.dll 0 LocalFree kernel32.dll 0 LocalAlloc kernel32.dll 0 GetWindowsDirectoryA kernel32.dll 0 GetVolumeInformationA kernel32.dll 0 GetTickCount kernel32.dll 0 GetProcAddress kernel32.dll 0 GetModuleHandleA kernel32.dll 0 GetModuleFileNameA kernel32.dll 0 GetLastError kernel32.dll 0 GetFileSize kernel32.dll 0 GetFileAttributesA kernel32.dll 0 GetExitCodeThread kernel32.dll 0 FormatMessageA kernel32.dll 0 DeleteFileA kernel32.dll 0 CreateFileA kernel32.dll 0 CopyFileA kernel32.dll 0 CloseHandle user32.dll 0 MessageBoxA advapi32.dll 0 StartServiceA advapi32.dll 0 QueryServiceStatus advapi32.dll 0 QueryServiceConfigA advapi32.dll 0 OpenServiceA advapi32.dll 0 OpenSCManagerA advapi32.dll 0 ControlService advapi32.dll 0 CloseServiceHandle === Packer / Compiler === Borland Delphi 2006
=== Strings ===
File pos Mem pos ID Text ======== ======= == ==== 000000000050 000000400050 0 This program must be run under Win32 000000000270 000000400270 0 .idata 0000000002C0 0000004002C0 0 .rdata 0000000002E7 0000004002E7 0 P.reloc 00000000030F 00000040030F 0 P.rsrc 00000000058C 00000040118C 0 SVWUQ 0000000007AD 0000004013AD 0 w;;t$ 0000000008B8 0000004014B8 0 SVWUQ 00000000179D 00000040239D 0 Uh%$@ 0000000019FF 0000004025FF 0 ~KxI[) 000000001B28 000000402728 0 SOFTWARE\Borland\Delphi\RTL 000000001B44 000000402744 0 FPUMaskValue 000000001B91 000000402791 0 PPRTj 000000001D0B 00000040290B 0 YZXtp 000000001D27 000000402927 0 Ph4)@ 000000001E82 000000402A82 0 t=HtN 000000001F35 000000402B35 0 PhB+@ 000000001FFE 000000402BFE 0 Uh*,@ 000000002401 000000403001 0 Uh\0@ 0000000024E1 0000004030E1 0 Uh&1@ 000000002711 000000403311 0 Uh13@ 000000002749 000000403349 0 Uhi3@ 0000000028E9 0000004034E9 0 Uh 5@ 000000002A78 000000403678 0 kernel32.dll 000000002A88 000000403688 0 CreateToolhelp32Snapshot 000000002AA4 0000004036A4 0 Heap32ListFirst 000000002AB4 0000004036B4 0 Heap32ListNext 000000002AC4 0000004036C4 0 Heap32First 000000002AD0 0000004036D0 0 Heap32Next 000000002ADC 0000004036DC 0 Toolhelp32ReadProcessMemory 000000002AF8 0000004036F8 0 Process32First 000000002B08 000000403708 0 Process32Next 000000002B18 000000403718 0 Process32FirstW 000000002B28 000000403728 0 Process32NextW 000000002B38 000000403738 0 Thread32First 000000002B48 000000403748 0 Thread32Next 000000002B58 000000403758 0 Module32First 000000002B68 000000403768 0 Module32Next 000000002B78 000000403778 0 Module32FirstW 000000002B88 000000403788 0 Module32NextW 000000002C3D 00000040383D 0 Uh]8@ 000000002C70 000000403870 0 APC UPS Service 000000002C80 000000403880 0 Apache Tomcat 000000002C90 000000403890 0 PCD_MODULELauncher 000000002CA4 0000004038A4 0 ntfsvc 000000002CAC 0000004038AC 0 LogWriter 000000002CB8 0000004038B8 0 Diebold XFS 000000002CC4 0000004038C4 0 TagBeginUUUU 000000002CD1 0000004038D1 0 <'! 49 000000002CE6 0000004038E6 0 ':60&& 000000002CED 0000004038ED 0 08:',UU 000000002CF5 0000004038F5 0 '04!0 000000002CFB 0000004038FB 0 08:!0 000000002D01 000000403901 0 ='041UU0-%9:'0'{0-0UUUU%"'&!'{199UU !'9guuUUUUU >9UUUUU '01&!:;0{78%UUU 79 0&!:;0y78%UU 2'00;&!:;0{78%o'01&!:;0{78%UUUU 2'00;&!:;0{78%o79 0&!:;0{78%UUUTagEnd 0000000030D8 000000403CD8 0 LoadLibraryA 0000000030E8 000000403CE8 0 kernel32 0000000030F4 000000403CF4 0 SVWUQ 00000000315C 000000403D5C 0 CreateFile (wr) 0000000031E4 000000403DE4 0 QueryServiceStatus 0000000031F8 000000403DF8 0 Wait Stop Service TimeOut File pos Mem pos ID Text ======== ======= == ==== 0000000032B0 000000403EB0 0 MSCOREE.DLL 000000003328 000000403F28 0 D$<PV 0000000035C0 0000004041C0 0 OpenSCManager 0000000035D0 0000004041D0 0 OpenService 0000000035DC 0000004041DC 0 QueryServiceConfig 0000000035F4 0000004041F4 0 LoadFile 000000003600 000000404200 0 Error 000000003608 000000404208 0 Alredy instaled 000000003618 000000404218 0 mscore.dll in import 000000003630 000000404230 0 Stop 000000003638 000000404238 0 ControlService 000000003650 000000404250 0 StartService 000000003660 000000404260 0 CopyFile 00000000369F 00000040429F 0 8NTFS 000000003838 000000404438 0 CreateToolhelp32Snapshot 000000003854 000000404454 0 Module32First 00000000389C 00000040449C 0 D$$PW 000000003940 000000404540 0 \lsass.exe 00000000394C 00000040454C 0 lsass.exe 000000003B14 000000404714 0 getProcessEntry 000000003B24 000000404724 0 OpenProcess 000000003B30 000000404730 0 GetExitCodeThread 000000003B44 000000404744 0 VirtualFreeEx 000000003CCC 0000004048CC 0 kernel32.dll 000000003CDC 0000004048DC 0 FindFirstFileA 000000003CEC 0000004048EC 0 FindNextFileA 000000003CFC 0000004048FC 0 FindClose 000000003D08 000000404908 0 lstrcpy 000000003D10 000000404910 0 DeleteFileA 000000003D1C 00000040491C 0 Sleep 000000003D24 000000404924 0 \Prefetch\ 000000003D30 000000404930 0 -*.pf 000000003D38 000000404938 0 SVWUhpI@ 000000003D70 000000404970 0 kernel32.dll 000000003DC4 0000004049C4 0 VirtualProtect 000000003E8C 000000404A8C 0 C:\Diebold 00000000404C 00000040504C 0 Error 000000004054 000000405054 0 Runtime error at 00000000 000000004074 000000405074 0 0123456789ABCDEF 0000000043C8 0000004071C8 0 kernel32.dll 0000000043D8 0000004071D8 0 DeleteCriticalSection 0000000043F0 0000004071F0 0 LeaveCriticalSection 000000004408 000000407208 0 EnterCriticalSection 000000004420 000000407220 0 InitializeCriticalSection 00000000443C 00000040723C 0 VirtualFree 00000000444A 00000040724A 0 VirtualAlloc 00000000445A 00000040725A 0 LocalFree 000000004466 000000407266 0 LocalAlloc 000000004474 000000407274 0 GetVersion 000000004482 000000407282 0 GetCurrentThreadId 000000004498 000000407298 0 GetThreadLocale 0000000044AA 0000004072AA 0 GetStartupInfoA 0000000044BC 0000004072BC 0 GetLocaleInfoA 0000000044CE 0000004072CE 0 GetCommandLineA 0000000044E0 0000004072E0 0 FreeLibrary 0000000044EE 0000004072EE 0 ExitProcess 0000000044FC 0000004072FC 0 WriteFile 000000004508 000000407308 0 UnhandledExceptionFilter 000000004524 000000407324 0 RtlUnwind 000000004530 000000407330 0 RaiseException File pos Mem pos ID Text ======== ======= == ==== 000000004542 000000407342 0 GetStdHandle 000000004550 000000407350 0 user32.dll 00000000455E 00000040735E 0 GetKeyboardType 000000004570 000000407370 0 MessageBoxA 00000000457C 00000040737C 0 advapi32.dll 00000000458C 00000040738C 0 RegQueryValueExA 0000000045A0 0000004073A0 0 RegOpenKeyExA 0000000045B0 0000004073B0 0 RegCloseKey 0000000045BC 0000004073BC 0 kernel32.dll 0000000045CC 0000004073CC 0 TlsSetValue 0000000045DA 0000004073DA 0 TlsGetValue 0000000045E8 0000004073E8 0 LocalAlloc 0000000045F6 0000004073F6 0 GetModuleHandleA 000000004608 000000407408 0 kernel32.dll 000000004618 000000407418 0 lstrlenA 000000004624 000000407424 0 lstrcpyA 000000004630 000000407430 0 lstrcmpiA 00000000463C 00000040743C 0 lstrcatA 000000004648 000000407448 0 WriteFile 000000004654 000000407454 0 WaitForSingleObject 00000000466A 00000040746A 0 VirtualProtect 00000000467C 00000040747C 0 VirtualFreeEx 00000000468C 00000040748C 0 TerminateProcess 0000000046A0 0000004074A0 0 Sleep 0000000046A8 0000004074A8 0 ReadFile 0000000046B4 0000004074B4 0 OpenProcess 0000000046C2 0000004074C2 0 LocalFree 0000000046CE 0000004074CE 0 LocalAlloc 0000000046DC 0000004074DC 0 GetWindowsDirectoryA 0000000046F4 0000004074F4 0 GetVolumeInformationA 00000000470C 00000040750C 0 GetTickCount 00000000471C 00000040751C 0 GetProcAddress 00000000472E 00000040752E 0 GetModuleHandleA 000000004742 000000407542 0 GetModuleFileNameA 000000004758 000000407558 0 GetLastError 000000004768 000000407568 0 GetFileSize 000000004776 000000407576 0 GetFileAttributesA 00000000478C 00000040758C 0 GetExitCodeThread 0000000047A0 0000004075A0 0 FormatMessageA 0000000047B2 0000004075B2 0 DeleteFileA 0000000047C0 0000004075C0 0 CreateFileA 0000000047CE 0000004075CE 0 CopyFileA 0000000047DA 0000004075DA 0 CloseHandle 0000000047E6 0000004075E6 0 user32.dll 0000000047F4 0000004075F4 0 MessageBoxA 000000004800 000000407600 0 advapi32.dll 000000004810 000000407610 0 StartServiceA 000000004820 000000407620 0 QueryServiceStatus 000000004836 000000407636 0 QueryServiceConfigA 00000000484C 00000040764C 0 OpenServiceA 00000000485C 00000040765C 0 OpenSCManagerA 00000000486E 00000040766E 0 ControlService 000000004880 000000407680 0 CloseServiceHandle 000000004C0F 00000040A00F 0 0"0*020:0B0J0R0Z0b0j0r0z0 000000004C55 00000040A055 0 5)5D5 000000004C5B 00000040A05B 0 5&7b7 000000004C7D 00000040A07D 0 8$868B8Q8]8e8p8v8 000000004CA9 00000040A0A9 0 9*9K9c9 000000004CB9 00000040A0B9 0 9G:g: 000000004CCB 00000040A0CB 0 < <+<4<;<J<Q<s< File pos Mem pos ID Text ======== ======= == ==== 000000004CDD 00000040A0DD 0 <Y=w=|= 000000004CED 00000040A0ED 0 >R>[>q> 000000004CFD 00000040A0FD 0 ?"?L?U?e?m?s?|? 000000004D29 00000040A129 0 000<0D0[0j0z0 000000004D47 00000040A147 0 1n1t1|1 000000004D59 00000040A159 0 2e2l2|2 000000004D7D 00000040A17D 0 4?4_4z4 000000004D89 00000040A189 0 4m5Z6 000000004D9B 00000040A19B 0 7Y7n7 000000004DAD 00000040A1AD 0 8"868@8S8 000000004DBF 00000040A1BF 0 8)909R9 000000004DCB 00000040A1CB 0 ;7;>;V;x; 000000004DFB 00000040A1FB 0 ='=D=N=s=}= 000000004E1B 00000040A21B 0 >->A> 000000004E39 00000040A239 0 0!0*060=0x0 000000004E4F 00000040A24F 0 1!121?1F1J1P1T1Z1a1e1 000000004E7D 00000040A27D 0 2F2p2~2 000000004E9D 00000040A29D 0 3,3>3K3W3d3v3~3 000000004ED3 00000040A2D3 0 4&4.464>4F4N4V4 000000004EE3 00000040A2E3 0 4f4{4 000000004F05 00000040A305 0 5,5A5N5S5 000000004F0F 00000040A30F 0 5e5r5w5 000000004F39 00000040A339 0 6&6+686=6J6O6\6g6 000000004F51 00000040A351 0 8+8?8K8X8j8 000000004F5F 00000040A35F 0 9c<i<n< 000000004F8B 00000040A38B 0 00050}0 000000004F97 00000040A397 0 0+101Y1 000000004FA9 00000040A3A9 0 2(3;3 000000004FB7 00000040A3B7 0 5+6O6q6 000000004FD1 00000040A3D1 0 8$8@8 000000004FDB 00000040A3DB 0 8=9I9S9 000000004FFD 00000040A3FD 0 : :$:(:,:0:8:C:M:r:|: 00000000501C 00000040A41C 0 $0(0,0 0000000052CE 00000040B0CE 0 Install1 0000000052D8 00000040B0D8 0 UTypes 0000000052E1 00000040B0E1 0 System 0000000052EA 00000040B0EA 0 SysInit 0000000052F4 00000040B0F4 0 TlHelp32 0000000052FE 00000040B0FE 0 KWindows 000000005309 00000040B109 0 WinSvc 000000005298 00000040B098 0 PACKAGEINFO 000000000050 000000400050 0 This program must be run under Win32 000000000270 000000400270 0 .idata 0000000002C0 0000004002C0 0 .rdata 0000000002E7 0000004002E7 0 P.reloc 00000000030F 00000040030F 0 P.rsrc 00000000058C 00000040118C 0 SVWUQ 0000000007AD 0000004013AD 0 w;;t$ 0000000008B8 0000004014B8 0 SVWUQ 00000000179D 00000040239D 0 Uh%$@ 0000000019FF 0000004025FF 0 ~KxI[) 000000001B28 000000402728 0 SOFTWARE\Borland\Delphi\RTL 000000001B44 000000402744 0 FPUMaskValue 000000001B91 000000402791 0 PPRTj 000000001D0B 00000040290B 0 YZXtp 000000001D27 000000402927 0 Ph4)@ 000000001E82 000000402A82 0 t=HtN 000000001F35 000000402B35 0 PhB+@ 000000001FFE 000000402BFE 0 Uh*,@ 000000002401 000000403001 0 Uh\0@ File pos Mem pos ID Text ======== ======= == ==== 0000000024E1 0000004030E1 0 Uh&1@ 000000002711 000000403311 0 Uh13@ 000000002749 000000403349 0 Uhi3@ 0000000028E9 0000004034E9 0 Uh 5@ 000000002A78 000000403678 0 kernel32.dll 000000002A88 000000403688 0 CreateToolhelp32Snapshot 000000002AA4 0000004036A4 0 Heap32ListFirst 000000002AB4 0000004036B4 0 Heap32ListNext 000000002AC4 0000004036C4 0 Heap32First 000000002AD0 0000004036D0 0 Heap32Next 000000002ADC 0000004036DC 0 Toolhelp32ReadProcessMemory 000000002AF8 0000004036F8 0 Process32First 000000002B08 000000403708 0 Process32Next 000000002B18 000000403718 0 Process32FirstW 000000002B28 000000403728 0 Process32NextW 000000002B38 000000403738 0 Thread32First 000000002B48 000000403748 0 Thread32Next 000000002B58 000000403758 0 Module32First 000000002B68 000000403768 0 Module32Next 000000002B78 000000403778 0 Module32FirstW 000000002B88 000000403788 0 Module32NextW 000000002C3D 00000040383D 0 Uh]8@ 000000002C70 000000403870 0 APC UPS Service 000000002C80 000000403880 0 Apache Tomcat 000000002C90 000000403890 0 PCD_MODULELauncher 000000002CA4 0000004038A4 0 ntfsvc 000000002CAC 0000004038AC 0 LogWriter 000000002CB8 0000004038B8 0 Diebold XFS 000000002CC4 0000004038C4 0 TagBeginUUUU 000000002CD1 0000004038D1 0 <'! 49 000000002CE6 0000004038E6 0 ':60&& 000000002CED 0000004038ED 0 08:',UU 000000002CF5 0000004038F5 0 '04!0 000000002CFB 0000004038FB 0 08:!0 000000002D01 000000403901 0 ='041UU0-%9:'0'{0-0UUUU%"'&!'{199UU !'9guuUUUUU >9UUUUU '01&!:;0{78%UUU 79 0&!:;0y78%UU 2'00;&!:;0{78%o'01&!:;0{78%UUUU 2'00;&!:;0{78%o79 0&!:;0{78%UUUTagEnd 0000000030D8 000000403CD8 0 LoadLibraryA 0000000030E8 000000403CE8 0 kernel32 0000000030F4 000000403CF4 0 SVWUQ 00000000315C 000000403D5C 0 CreateFile (wr) 0000000031E4 000000403DE4 0 QueryServiceStatus 0000000031F8 000000403DF8 0 Wait Stop Service TimeOut 0000000032B0 000000403EB0 0 MSCOREE.DLL 000000003328 000000403F28 0 D$<PV 0000000035C0 0000004041C0 0 OpenSCManager 0000000035D0 0000004041D0 0 OpenService 0000000035DC 0000004041DC 0 QueryServiceConfig 0000000035F4 0000004041F4 0 LoadFile 000000003600 000000404200 0 Error 000000003608 000000404208 0 Alredy instaled 000000003618 000000404218 0 mscore.dll in import 000000003630 000000404230 0 Stop 000000003638 000000404238 0 ControlService 000000003650 000000404250 0 StartService 000000003660 000000404260 0 CopyFile 00000000369F 00000040429F 0 8NTFS 000000003838 000000404438 0 CreateToolhelp32Snapshot 000000003854 000000404454 0 Module32First 00000000389C 00000040449C 0 D$$PW 000000003940 000000404540 0 \lsass.exe 00000000394C 00000040454C 0 lsass.exe File pos Mem pos ID Text ======== ======= == ==== 000000003B14 000000404714 0 getProcessEntry 000000003B24 000000404724 0 OpenProcess 000000003B30 000000404730 0 GetExitCodeThread 000000003B44 000000404744 0 VirtualFreeEx 000000003CCC 0000004048CC 0 kernel32.dll 000000003CDC 0000004048DC 0 FindFirstFileA 000000003CEC 0000004048EC 0 FindNextFileA 000000003CFC 0000004048FC 0 FindClose 000000003D08 000000404908 0 lstrcpy 000000003D10 000000404910 0 DeleteFileA 000000003D1C 00000040491C 0 Sleep 000000003D24 000000404924 0 \Prefetch\ 000000003D30 000000404930 0 -*.pf 000000003D38 000000404938 0 SVWUhpI@ 000000003D70 000000404970 0 kernel32.dll 000000003DC4 0000004049C4 0 VirtualProtect 000000003E8C 000000404A8C 0 C:\Diebold 00000000404C 00000040504C 0 Error 000000004054 000000405054 0 Runtime error at 00000000 000000004074 000000405074 0 0123456789ABCDEF 0000000043C8 0000004071C8 0 kernel32.dll 0000000043D8 0000004071D8 0 DeleteCriticalSection 0000000043F0 0000004071F0 0 LeaveCriticalSection 000000004408 000000407208 0 EnterCriticalSection 000000004420 000000407220 0 InitializeCriticalSection 00000000443C 00000040723C 0 VirtualFree 00000000444A 00000040724A 0 VirtualAlloc 00000000445A 00000040725A 0 LocalFree 000000004466 000000407266 0 LocalAlloc 000000004474 000000407274 0 GetVersion 000000004482 000000407282 0 GetCurrentThreadId 000000004498 000000407298 0 GetThreadLocale 0000000044AA 0000004072AA 0 GetStartupInfoA 0000000044BC 0000004072BC 0 GetLocaleInfoA 0000000044CE 0000004072CE 0 GetCommandLineA 0000000044E0 0000004072E0 0 FreeLibrary 0000000044EE 0000004072EE 0 ExitProcess 0000000044FC 0000004072FC 0 WriteFile 000000004508 000000407308 0 UnhandledExceptionFilter 000000004524 000000407324 0 RtlUnwind 000000004530 000000407330 0 RaiseException 000000004542 000000407342 0 GetStdHandle 000000004550 000000407350 0 user32.dll 00000000455E 00000040735E 0 GetKeyboardType 000000004570 000000407370 0 MessageBoxA 00000000457C 00000040737C 0 advapi32.dll 00000000458C 00000040738C 0 RegQueryValueExA 0000000045A0 0000004073A0 0 RegOpenKeyExA 0000000045B0 0000004073B0 0 RegCloseKey 0000000045BC 0000004073BC 0 kernel32.dll 0000000045CC 0000004073CC 0 TlsSetValue 0000000045DA 0000004073DA 0 TlsGetValue 0000000045E8 0000004073E8 0 LocalAlloc 0000000045F6 0000004073F6 0 GetModuleHandleA 000000004608 000000407408 0 kernel32.dll 000000004618 000000407418 0 lstrlenA 000000004624 000000407424 0 lstrcpyA 000000004630 000000407430 0 lstrcmpiA 00000000463C 00000040743C 0 lstrcatA 000000004648 000000407448 0 WriteFile File pos Mem pos ID Text ======== ======= == ==== 000000004654 000000407454 0 WaitForSingleObject 00000000466A 00000040746A 0 VirtualProtect 00000000467C 00000040747C 0 VirtualFreeEx 00000000468C 00000040748C 0 TerminateProcess 0000000046A0 0000004074A0 0 Sleep 0000000046A8 0000004074A8 0 ReadFile 0000000046B4 0000004074B4 0 OpenProcess 0000000046C2 0000004074C2 0 LocalFree 0000000046CE 0000004074CE 0 LocalAlloc 0000000046DC 0000004074DC 0 GetWindowsDirectoryA 0000000046F4 0000004074F4 0 GetVolumeInformationA 00000000470C 00000040750C 0 GetTickCount 00000000471C 00000040751C 0 GetProcAddress 00000000472E 00000040752E 0 GetModuleHandleA 000000004742 000000407542 0 GetModuleFileNameA 000000004758 000000407558 0 GetLastError 000000004768 000000407568 0 GetFileSize 000000004776 000000407576 0 GetFileAttributesA 00000000478C 00000040758C 0 GetExitCodeThread 0000000047A0 0000004075A0 0 FormatMessageA 0000000047B2 0000004075B2 0 DeleteFileA 0000000047C0 0000004075C0 0 CreateFileA 0000000047CE 0000004075CE 0 CopyFileA 0000000047DA 0000004075DA 0 CloseHandle 0000000047E6 0000004075E6 0 user32.dll 0000000047F4 0000004075F4 0 MessageBoxA 000000004800 000000407600 0 advapi32.dll 000000004810 000000407610 0 StartServiceA 000000004820 000000407620 0 QueryServiceStatus 000000004836 000000407636 0 QueryServiceConfigA 00000000484C 00000040764C 0 OpenServiceA 00000000485C 00000040765C 0 OpenSCManagerA 00000000486E 00000040766E 0 ControlService 000000004880 000000407680 0 CloseServiceHandle 000000004C0F 00000040A00F 0 0"0*020:0B0J0R0Z0b0j0r0z0 000000004C55 00000040A055 0 5)5D5 000000004C5B 00000040A05B 0 5&7b7 000000004C7D 00000040A07D 0 8$868B8Q8]8e8p8v8 000000004CA9 00000040A0A9 0 9*9K9c9 000000004CB9 00000040A0B9 0 9G:g: 000000004CCB 00000040A0CB 0 < <+<4<;<J<Q<s< 000000004CDD 00000040A0DD 0 <Y=w=|= 000000004CED 00000040A0ED 0 >R>[>q> 000000004CFD 00000040A0FD 0 ?"?L?U?e?m?s?|? 000000004D29 00000040A129 0 000<0D0[0j0z0 000000004D47 00000040A147 0 1n1t1|1 000000004D59 00000040A159 0 2e2l2|2 000000004D7D 00000040A17D 0 4?4_4z4 000000004D89 00000040A189 0 4m5Z6 000000004D9B 00000040A19B 0 7Y7n7 000000004DAD 00000040A1AD 0 8"868@8S8 000000004DBF 00000040A1BF 0 8)909R9 000000004DCB 00000040A1CB 0 ;7;>;V;x; 000000004DFB 00000040A1FB 0 ='=D=N=s=}= 000000004E1B 00000040A21B 0 >->A> 000000004E39 00000040A239 0 0!0*060=0x0 000000004E4F 00000040A24F 0 1!121?1F1J1P1T1Z1a1e1 000000004E7D 00000040A27D 0 2F2p2~2 000000004E9D 00000040A29D 0 3,3>3K3W3d3v3~3 000000004ED3 00000040A2D3 0 4&4.464>4F4N4V4 File pos Mem pos ID Text ======== ======= == ==== 000000004EE3 00000040A2E3 0 4f4{4 000000004F05 00000040A305 0 5,5A5N5S5 000000004F0F 00000040A30F 0 5e5r5w5 000000004F39 00000040A339 0 6&6+686=6J6O6\6g6 000000004F51 00000040A351 0 8+8?8K8X8j8 000000004F5F 00000040A35F 0 9c<i<n< 000000004F8B 00000040A38B 0 00050}0 000000004F97 00000040A397 0 0+101Y1 000000004FA9 00000040A3A9 0 2(3;3 000000004FB7 00000040A3B7 0 5+6O6q6 000000004FD1 00000040A3D1 0 8$8@8 000000004FDB 00000040A3DB 0 8=9I9S9 000000004FFD 00000040A3FD 0 : :$:(:,:0:8:C:M:r:|: 00000000501C 00000040A41C 0 $0(0,0 0000000052CE 00000040B0CE 0 Install1 0000000052D8 00000040B0D8 0 UTypes 0000000052E1 00000040B0E1 0 System 0000000052EA 00000040B0EA 0 SysInit 0000000052F4 00000040B0F4 0 TlHelp32 0000000052FE 00000040B0FE 0 KWindows 000000005309 00000040B109 0 WinSvc 000000005298 00000040B098 0 PACKAGEINFO
=== DOWNLOAD ===