.- - -----÷M ÷E ÷N ÷U ÷------------------------------------------------------------- --- ---- -------------.
! WALL ! STATS ! GOODIES ! YARA ! FAQ ! RSS ! EMV !
`-------------- - --- ---------- -------- -------- -------- -------- ----------------- - ---- ---- --'
ATM MALWARE NOTICE
622d7489208578eaaaae054a07e16b4b8c91a3fde6e61d082a09aee5a1b1f829
Date...........: 2017-03-02
Family.........: ATM.DispCash.3
File name......: CDM_TOOL_EUR.exe
File size......: 42.00 KB
Type file......: EXE/Windows
Virscan........: VT - HA
PDB Path found.: C:\Users\MacGyver\Documents\Visual Studio 2008\Projects\COUNTER_STRIKE\Release\CDM_TOOL_EUR.pdb
Additional note: Believed to be test tools made by bankomatchik.ru forum user MacGyver1100101
Entropy:
Binary Histogram:
=== PEDUMP REPORT ===
Click to see === MZ Header ===
signature: "MZ"
bytes_in_last_block: 144 0x90
blocks_in_file: 3 3
num_relocs: 0 0
header_paragraphs: 4 4
min_extra_paragraphs: 0 0
max_extra_paragraphs: 65535 0xffff
ss: 0 0
sp: 184 0xb8
checksum: 0 0
ip: 0 0
cs: 0 0
reloc_table_offset: 64 0x40
overlay_number: 0 0
reserved0: 0 0
oem_id: 0 0
oem_info: 0 0
reserved2: 0 0
reserved3: 0 0
reserved4: 0 0
reserved5: 0 0
reserved6: 0 0
lfanew: 224 0xe0
=== DOS STUB ===
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno|
00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
=== RICH Header ===
LIB_ID VERSION TIMES_USED
132 84 30729 7809 26 1a
149 95 30729 7809 17 11
131 83 30729 7809 73 49
4 4 8447 20ff 3 3
123 7b 50727 c627 2 2
1 1 0 0 81 51
137 89 30729 7809 1 1
145 91 30729 7809 1 1
=== PE Header ===
signature: "PE\x00\x00"
# IMAGE_FILE_HEADER:
Machine: 332 0x14c x86
NumberOfSections: 5 5
TimeDateStamp: "2012-09-17 08:06:01"
PointerToSymbolTable: 0 0
NumberOfSymbols: 0 0
SizeOfOptionalHeader: 224 0xe0
Characteristics: 258 0x102 EXECUTABLE_IMAGE, 32BIT_MACHINE
# IMAGE_OPTIONAL_HEADER32:
Magic: 267 0x10b 32-bit executable
LinkerVersion: 9.0
SizeOfCode: 26624 0x6800
SizeOfInitializedData: 15360 0x3c00
SizeOfUninitializedData: 0 0
AddressOfEntryPoint: 5563 0x15bb
BaseOfCode: 4096 0x1000
BaseOfData: 32768 0x8000
ImageBase: 4194304 0x400000
SectionAlignment: 4096 0x1000
FileAlignment: 512 0x200
OperatingSystemVersion: 5.0
ImageVersion: 0.0
SubsystemVersion: 5.0
Reserved1: 0 0
SizeOfImage: 57344 0xe000
SizeOfHeaders: 1024 0x400
CheckSum: 94893 0x172ad
Subsystem: 2 2 WINDOWS_GUI
DllCharacteristics: 33088 0x8140 DYNAMIC_BASE, NX_COMPAT
TERMINAL_SERVER_AWARE
SizeOfStackReserve: 1048576 0x100000
SizeOfStackCommit: 4096 0x1000
SizeOfHeapReserve: 1048576 0x100000
SizeOfHeapCommit: 4096 0x1000
LoaderFlags: 0 0
NumberOfRvaAndSizes: 16 0x10
=== DATA DIRECTORY ===
EXPORT rva:0x 0 size:0x 0
IMPORT rva:0x 9644 size:0x 3c
RESOURCE rva:0x c000 size:0x 1b4
EXCEPTION rva:0x 0 size:0x 0
SECURITY rva:0x 0 size:0x 0
BASERELOC rva:0x d000 size:0x 6d4
DEBUG rva:0x 8140 size:0x 1c
ARCHITECTURE rva:0x 0 size:0x 0
GLOBALPTR rva:0x 0 size:0x 0
TLS rva:0x 0 size:0x 0
LOAD_CONFIG rva:0x 92d0 size:0x 40
Bound_IAT rva:0x 0 size:0x 0
IAT rva:0x 8000 size:0x 10c
Delay_IAT rva:0x 0 size:0x 0
CLR_Header rva:0x 0 size:0x 0
rva:0x 0 size:0x 0
=== SECTIONS ===
NAME RVA VSZ RAW_SZ RAW_PTR nREL REL_PTR nLINE LINE_PTR FLAGS
.text 1000 6614 6800 400 0 0 0 0 60000020 R-X CODE
.rdata 8000 1c2a 1e00 6c00 0 0 0 0 40000040 R-- IDATA
.data a000 17dc e00 8a00 0 0 0 0 c0000040 RW- IDATA
.rsrc c000 1b4 200 9800 0 0 0 0 40000040 R-- IDATA
.reloc d000 c62 e00 9a00 0 0 0 0 42000040 R-- IDATA DISCARDABLE
=== RESOURCES ===
FILE_OFFSET CP LANG SIZE TYPE NAME
0x9858 1252 0x409 346 MANIFEST #1
=== IMPORTS ===
MODULE_NAME HINT ORD FUNCTION_NAME
MSXFS.dll 14 WFSCleanUp
MSXFS.dll 19 WFSExecute
MSXFS.dll 15 WFSClose
MSXFS.dll 1f WFSOpen
MSXFS.dll 1e WFSLock
MSXFS.dll 24 WFSUnlock
MSXFS.dll 1a WFSFreeResult
MSXFS.dll 22 WFSStartUp
KERNEL32.dll 29f HeapCreate
KERNEL32.dll 16f GetCommandLineA
KERNEL32.dll 239 GetStartupInfoA
KERNEL32.dll 42d TerminateProcess
KERNEL32.dll 1a9 GetCurrentProcess
KERNEL32.dll 43e UnhandledExceptionFilter
KERNEL32.dll 415 SetUnhandledExceptionFilter
KERNEL32.dll 2d1 IsDebuggerPresent
KERNEL32.dll 1f9 GetModuleHandleW
KERNEL32.dll 421 Sleep
KERNEL32.dll 220 GetProcAddress
KERNEL32.dll 104 ExitProcess
KERNEL32.dll 48d WriteFile
KERNEL32.dll 23b GetStdHandle
KERNEL32.dll 1f4 GetModuleFileNameA
KERNEL32.dll 14a FreeEnvironmentStringsA
KERNEL32.dll 1bf GetEnvironmentStrings
KERNEL32.dll 14b FreeEnvironmentStringsW
KERNEL32.dll 47a WideCharToMultiByte
KERNEL32.dll 1e6 GetLastError
KERNEL32.dll 1c1 GetEnvironmentStringsW
KERNEL32.dll 3e8 SetHandleCount
KERNEL32.dll 1d7 GetFileType
KERNEL32.dll be DeleteCriticalSection
KERNEL32.dll 434 TlsGetValue
KERNEL32.dll 432 TlsAlloc
KERNEL32.dll 435 TlsSetValue
KERNEL32.dll 433 TlsFree
KERNEL32.dll 2c0 InterlockedIncrement
KERNEL32.dll 3ec SetLastError
KERNEL32.dll 1ad GetCurrentThreadId
KERNEL32.dll 2bc InterlockedDecrement
KERNEL32.dll 457 VirtualFree
KERNEL32.dll 2a1 HeapFree
KERNEL32.dll 354 QueryPerformanceCounter
KERNEL32.dll 266 GetTickCount
KERNEL32.dll 1aa GetCurrentProcessId
KERNEL32.dll 24f GetSystemTimeAsFileTime
KERNEL32.dll 2ef LeaveCriticalSection
KERNEL32.dll d9 EnterCriticalSection
KERNEL32.dll 2f1 LoadLibraryA
KERNEL32.dll 2b5 InitializeCriticalSectionAndSpinCount
KERNEL32.dll 15b GetCPInfo
KERNEL32.dll 152 GetACP
KERNEL32.dll 213 GetOEMCP
KERNEL32.dll 2db IsValidCodePage
KERNEL32.dll 29d HeapAlloc
KERNEL32.dll 454 VirtualAlloc
KERNEL32.dll 2a4 HeapReAlloc
KERNEL32.dll 392 RtlUnwind
KERNEL32.dll 2a6 HeapSize
KERNEL32.dll 1e8 GetLocaleInfoA
KERNEL32.dll 2e1 LCMapStringA
KERNEL32.dll 31a MultiByteToWideChar
KERNEL32.dll 2e3 LCMapStringW
KERNEL32.dll 23d GetStringTypeA
KERNEL32.dll 240 GetStringTypeW
=== Packer / Compiler ===
MS Visual C++ v8.0
=== Strings ===
Click to see
File pos Mem pos ID Text
======== ======= == ====
00000000004D 00000040004D 0 !This program cannot be run in DOS mode.
0000000001D8 0000004001D8 0 .text
000000000200 000000400200 0 .rdata
000000000227 000000400227 0 @.data
000000000250 000000400250 0 .rsrc
000000000277 000000400277 0 @.reloc
0000000004CB 0000004010CB 0 D$<VW3
000000000549 000000401149 0 D$Xh.
000000000942 000000401542 0 YQPVh
000000000ED5 000000401AD5 0 VVVVV
000000000F19 000000401B19 0 PPPPP
000000000F5C 000000401B5C 0 VVVVV
000000000F80 000000401B80 0 VVVVV
000000000FA5 000000401BA5 0 VVVVV
0000000011C6 000000401DC6 0 t$<"u 3
00000000125B 000000401E5B 0 >=Yt1j
00000000126E 000000401E6E 0 tNVSP
000000001281 000000401E81 0 PPPPP
0000000013FB 000000401FFB 0 < tK< tG
0000000015B5 0000004021B5 0 @PWSS
000000001712 000000402312 0 [j@j
0000000028A3 0000004034A3 0 PPPPP
000000002C1D 00000040381D 0 0SSSSS
000000002CA6 0000004038A6 0 0SSSSS
000000002DDC 0000004039DC 0 0SSSSS
000000002E55 000000403A55 0 VVVVV
00000000340E 00000040400E 0 0A@@Ju
00000000490F 00000040550F 0 URPQQh
000000004C11 000000405811 0 WWWWW
000000004CD5 0000004058D5 0 u8SS3
000000004D6D 00000040596D 0 9]$SS
000000004EB4 000000405AB4 0 t"SS9]
00000000512D 000000405D2D 0 9] SS
0000000053E4 000000405FE4 0 WWWWW
000000005545 000000406145 0 wIVSP
000000005B86 000000406786 0 PPPPPPPP
000000005C66 000000406866 0 PPPPPPPP
00000000600B 000000406C0B 0 SVWUj
0000000060AC 000000406CAC 0 ;t$,v-
000000006131 000000406D31 0 UQPXY]Y[
00000000649B 00000040709B 0 WWWWV
0000000064BE 0000004070BE 0 t+WWVPV
0000000065B7 0000004071B7 0 WWWWW
0000000068CB 0000004074CB 0 v N+D$
000000006D64 000000408164 0 CorExitProcess
000000006D8C 00000040818C 0 runtime error
000000006DA0 0000004081A0 0 TLOSS error
000000006DB0 0000004081B0 0 SING error
000000006DC0 0000004081C0 0 DOMAIN error
000000006DD0 0000004081D0 0 R6034
000000006DD7 0000004081D7 0 An application has made an attempt to load the C runtime library incorrectly.
000000006E25 000000408225 0 Please contact the application's support team for more information.
000000006E70 000000408270 0 R6033
000000006E77 000000408277 0 - Attempt to use MSIL code from this assembly during native code initialization
000000006EC7 0000004082C7 0 This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
000000006F68 000000408368 0 R6032
000000006F6F 00000040836F 0 - not enough space for locale information
000000006FA0 0000004083A0 0 R6031
000000006FA7 0000004083A7 0 - Attempt to initialize the CRT more than once.
000000006FD7 0000004083D7 0 This indicates a bug in your application.
File pos Mem pos ID Text
======== ======= == ====
000000007004 000000408404 0 R6030
00000000700B 00000040840B 0 - CRT not initialized
000000007024 000000408424 0 R6028
00000000702B 00000040842B 0 - unable to initialize heap
00000000704C 00000040844C 0 R6027
000000007053 000000408453 0 - not enough space for lowio initialization
000000007084 000000408484 0 R6026
00000000708B 00000040848B 0 - not enough space for stdio initialization
0000000070BC 0000004084BC 0 R6025
0000000070C3 0000004084C3 0 - pure virtual function call
0000000070E4 0000004084E4 0 R6024
0000000070EB 0000004084EB 0 - not enough space for _onexit/atexit table
00000000711C 00000040851C 0 R6019
000000007123 000000408523 0 - unable to open console device
000000007148 000000408548 0 R6018
00000000714F 00000040854F 0 - unexpected heap error
00000000716C 00000040856C 0 R6017
000000007173 000000408573 0 - unexpected multithread lock error
00000000719C 00000040859C 0 R6016
0000000071A3 0000004085A3 0 - not enough space for thread data
0000000071CA 0000004085CA 0 This application has requested the Runtime to terminate it in an unusual way.
000000007218 000000408618 0 Please contact the application's support team for more information.
000000007260 000000408660 0 R6009
000000007267 000000408667 0 - not enough space for environment
00000000728C 00000040868C 0 R6008
000000007293 000000408693 0 - not enough space for arguments
0000000072B8 0000004086B8 0 R6002
0000000072BF 0000004086BF 0 - floating point support not loaded
0000000072E8 0000004086E8 0 Microsoft Visual C++ Runtime Library
000000007318 000000408718 0 <program name unknown>
000000007330 000000408730 0 Runtime Error!
000000007340 000000408740 0 Program:
0000000073CC 0000004087CC 0 EncodePointer
0000000073F8 0000004087F8 0 DecodePointer
000000007408 000000408808 0 FlsFree
000000007410 000000408810 0 FlsSetValue
00000000741C 00000040881C 0 FlsGetValue
000000007428 000000408828 0 FlsAlloc
000000007434 000000408834 0 GetProcessWindowStation
00000000744C 00000040884C 0 GetUserObjectInformationA
000000007468 000000408868 0 GetLastActivePopup
00000000747C 00000040887C 0 GetActiveWindow
00000000748C 00000040888C 0 MessageBoxA
000000007498 000000408898 0 USER32.DLL
0000000074C7 0000004088C7 0 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]
000000007508 000000408908 0 abcdefghijklmnopqrstuvwxyz{|}~
000000007AD8 000000408ED8 0 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]
000000007B19 000000408F19 0 abcdefghijklmnopqrstuvwxyz{|}~
000000007C58 000000409058 0 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]
000000007C99 000000409099 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
000000007D38 000000409138 0 HH:mm:ss
000000007D44 000000409144 0 dddd, MMMM dd, yyyy
000000007D58 000000409158 0 MM/dd/yy
000000007D6C 00000040916C 0 December
000000007D78 000000409178 0 November
000000007D84 000000409184 0 October
000000007D8C 00000040918C 0 September
000000007D98 000000409198 0 August
000000007DB0 0000004091B0 0 April
000000007DB8 0000004091B8 0 March
File pos Mem pos ID Text
======== ======= == ====
000000007DC0 0000004091C0 0 February
000000007DCC 0000004091CC 0 January
000000007E04 000000409204 0 Saturday
000000007E10 000000409210 0 Friday
000000007E18 000000409218 0 Thursday
000000007E24 000000409224 0 Wednesday
000000007E30 000000409230 0 Tuesday
000000007E38 000000409238 0 Monday
000000007E40 000000409240 0 Sunday
000000007E64 000000409264 0 SunMonTueWedThuFriSat
000000007E7C 00000040927C 0 JanFebMarAprMayJunJulAugSepOctNovDec
000000007EA4 0000004092A4 0 CurrencyDispenser1
000000007EB8 0000004092B8 0 CDM_TOOL_EUR
000000007F30 000000409330 0 C:\Users\MacGyver\Documents\Visual Studio 2008\Projects\COUNTER_STRIKE\Release\CDM_TOOL_EUR.pdb
00000000838E 00000040978E 0 WFSStartUp
00000000839C 00000040979C 0 WFSFreeResult
0000000083AC 0000004097AC 0 WFSUnlock
0000000083B8 0000004097B8 0 WFSLock
0000000083C2 0000004097C2 0 WFSOpen
0000000083CC 0000004097CC 0 WFSClose
0000000083D8 0000004097D8 0 WFSExecute
0000000083E6 0000004097E6 0 WFSCleanUp
0000000083F2 0000004097F2 0 MSXFS.dll
0000000083FE 0000004097FE 0 GetCommandLineA
000000008410 000000409810 0 GetStartupInfoA
000000008422 000000409822 0 TerminateProcess
000000008436 000000409836 0 GetCurrentProcess
00000000844A 00000040984A 0 UnhandledExceptionFilter
000000008466 000000409866 0 SetUnhandledExceptionFilter
000000008484 000000409884 0 IsDebuggerPresent
000000008498 000000409898 0 GetModuleHandleW
0000000084AC 0000004098AC 0 Sleep
0000000084B4 0000004098B4 0 GetProcAddress
0000000084C6 0000004098C6 0 ExitProcess
0000000084D4 0000004098D4 0 WriteFile
0000000084E0 0000004098E0 0 GetStdHandle
0000000084F0 0000004098F0 0 GetModuleFileNameA
000000008506 000000409906 0 FreeEnvironmentStringsA
000000008520 000000409920 0 GetEnvironmentStrings
000000008538 000000409938 0 FreeEnvironmentStringsW
000000008552 000000409952 0 WideCharToMultiByte
000000008568 000000409968 0 GetLastError
000000008578 000000409978 0 GetEnvironmentStringsW
000000008592 000000409992 0 SetHandleCount
0000000085A4 0000004099A4 0 GetFileType
0000000085B2 0000004099B2 0 DeleteCriticalSection
0000000085CA 0000004099CA 0 TlsGetValue
0000000085D8 0000004099D8 0 TlsAlloc
0000000085E4 0000004099E4 0 TlsSetValue
0000000085F2 0000004099F2 0 TlsFree
0000000085FC 0000004099FC 0 InterlockedIncrement
000000008614 000000409A14 0 SetLastError
000000008624 000000409A24 0 GetCurrentThreadId
00000000863A 000000409A3A 0 InterlockedDecrement
000000008652 000000409A52 0 HeapCreate
000000008660 000000409A60 0 VirtualFree
00000000866E 000000409A6E 0 HeapFree
00000000867A 000000409A7A 0 QueryPerformanceCounter
000000008694 000000409A94 0 GetTickCount
0000000086A4 000000409AA4 0 GetCurrentProcessId
File pos Mem pos ID Text
======== ======= == ====
0000000086BA 000000409ABA 0 GetSystemTimeAsFileTime
0000000086D4 000000409AD4 0 LeaveCriticalSection
0000000086EC 000000409AEC 0 EnterCriticalSection
000000008704 000000409B04 0 LoadLibraryA
000000008714 000000409B14 0 InitializeCriticalSectionAndSpinCount
00000000873C 000000409B3C 0 GetCPInfo
000000008748 000000409B48 0 GetACP
000000008752 000000409B52 0 GetOEMCP
00000000875E 000000409B5E 0 IsValidCodePage
000000008770 000000409B70 0 HeapAlloc
00000000877C 000000409B7C 0 VirtualAlloc
00000000878C 000000409B8C 0 HeapReAlloc
00000000879A 000000409B9A 0 RtlUnwind
0000000087A6 000000409BA6 0 HeapSize
0000000087B2 000000409BB2 0 GetLocaleInfoA
0000000087C4 000000409BC4 0 LCMapStringA
0000000087D4 000000409BD4 0 MultiByteToWideChar
0000000087EA 000000409BEA 0 LCMapStringW
0000000087FA 000000409BFA 0 GetStringTypeA
00000000880C 000000409C0C 0 GetStringTypeW
00000000881C 000000409C1C 0 KERNEL32.dll
000000008E5E 00000040A45E 0
000000008F3E 00000040A53E 0 abcdefghijklmnopqrstuvwxyz
000000008F5E 00000040A55E 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ
000000009062 00000040A662 0
000000009149 00000040A749 0 abcdefghijklmnopqrstuvwxyz
000000009169 00000040A769 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ
000000009858 00000040C058 0 <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
0000000098A3 00000040C0A3 0 <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
0000000098DB 00000040C0DB 0 <security>
0000000098EB 00000040C0EB 0 <requestedPrivileges>
000000009908 00000040C108 0 <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
000000009968 00000040C168 0 </requestedPrivileges>
000000009986 00000040C186 0 </security>
000000009997 00000040C197 0 </trustInfo>
0000000099A7 00000040C1A7 0 </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
000000009A0B 00000040D00B 0 0#010?0f0z0
000000009A31 00000040D031 0 4@4T4f4m4s4
000000009A61 00000040D061 0 6 6(60686D6M6R6X6b6k6v6
000000009A8B 00000040D08B 0 7)727_7z7
000000009A9F 00000040D09F 0 8,878<8L8V8]8h8q8
000000009ABD 00000040D0BD 0 8%929\9a9l9q9
000000009ACB 00000040D0CB 0 9@:M:j:
000000009ADF 00000040D0DF 0 ;A;F;n;
000000009B05 00000040D105 0 >@>J>
000000009B2B 00000040D12B 0 101;1R1
000000009B33 00000040D133 0 1k1r1
000000009B3D 00000040D13D 0 2=2V2d2x2
000000009B4B 00000040D14B 0 2(303p3z3
000000009B59 00000040D159 0 3,4>4
000000009B6F 00000040D16F 0 5&5;5B5V5]5
000000009B93 00000040D193 0 6#6,686F6L6X6
000000009BA1 00000040D1A1 0 6k6u6|6
000000009BB5 00000040D1B5 0 7U7[7
000000009BD1 00000040D1D1 0 989=9E9K9R9X9_9e9m9t9y9
000000009C0D 00000040D20D 0 :":0:6:C:c:i:
000000009C29 00000040D229 0 <$<<<T<
000000009C3F 00000040D23F 0 =A=I=T=]=
000000009C59 00000040D259 0 >$>=>Q>W>
000000009C67 00000040D267 0 >,?L?\?n?
File pos Mem pos ID Text
======== ======= == ====
000000009C78 00000040D278 0 @0J0W0r0y0
000000009C9F 00000040D29F 0 3=3Q3W3
000000009CB1 00000040D2B1 0 4"4i4n4
000000009CC3 00000040D2C3 0 4?5H5N5
000000009CD3 00000040D2D3 0 6D6e6r6
000000009CEF 00000040D2EF 0 7(717@7E7O7]7
000000009D01 00000040D301 0 7=:D:J:
000000009D25 00000040D325 0 >@>K>U>n>x>
000000009D51 00000040D351 0 1"141O1W1_1v1
000000009D6D 00000040D36D 0 1'282F2X2
000000009D81 00000040D381 0 373@3L3
000000009D91 00000040D391 0 4(4/474<4@4D4m4
000000009DB5 00000040D3B5 0 5$5(5,505
000000009DCF 00000040D3CF 0 6M6T6X6\6
000000009DD9 00000040D3D9 0 6d6h6l6p6
000000009E01 00000040D401 0 :A:F:
000000009E1D 00000040D41D 0 ="=(=-=6=S=Y=d=i=q=w=
000000009E5C 00000040D45C 0 "2.2a2
000000009E6F 00000040D46F 0 5!5-6_6j6
000000009E81 00000040D481 0 7%8h8n8
000000009E95 00000040D495 0 979g9
000000009E9F 00000040D49F 0 :O; <
000000009ED5 00000040D4D5 0 0)0o0u0
000000009EDF 00000040D4DF 0 0 1A1
000000009EE9 00000040D4E9 0 2 2-2P2
000000009F05 00000040D505 0 7'797K7]7o7
000000009F17 00000040D517 0 9'9,90949]9
000000009F51 00000040D551 0 ;=;D;H;L;P;T;X;\;
000000009FA3 00000040D5A3 0 1 1$1\1
000000009FC5 00000040D5C5 0 404<4X4d4|4
000000009FDD 00000040D5DD 0 5 5@5
000000009FED 00000040D5ED 0 6 6<6@6
00000000A001 00000040D601 0 0$0,040<0D0L0T0\0d0l0t0|0
00000000A043 00000040D643 0 9h9x9
00000000A069 00000040D669 0 : :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:
00000000A08B 00000040D68B 0 :d:h:l:p:t:x:|:
000000006D74 000000408174 0 mscoree.dll
0000000073DC 0000004087DC 0 KERNEL32.DLL
00000000004D 00000040004D 0 !This program cannot be run in DOS mode.
0000000001D8 0000004001D8 0 .text
000000000200 000000400200 0 .rdata
000000000227 000000400227 0 @.data
000000000250 000000400250 0 .rsrc
000000000277 000000400277 0 @.reloc
0000000004CB 0000004010CB 0 D$<VW3
000000000549 000000401149 0 D$Xh.
000000000942 000000401542 0 YQPVh
000000000ED5 000000401AD5 0 VVVVV
000000000F19 000000401B19 0 PPPPP
000000000F5C 000000401B5C 0 VVVVV
000000000F80 000000401B80 0 VVVVV
000000000FA5 000000401BA5 0 VVVVV
0000000011C6 000000401DC6 0 t$<"u 3
00000000125B 000000401E5B 0 >=Yt1j
00000000126E 000000401E6E 0 tNVSP
000000001281 000000401E81 0 PPPPP
0000000013FB 000000401FFB 0 < tK< tG
0000000015B5 0000004021B5 0 @PWSS
000000001712 000000402312 0 [j@j
0000000028A3 0000004034A3 0 PPPPP
File pos Mem pos ID Text
======== ======= == ====
000000002C1D 00000040381D 0 0SSSSS
000000002CA6 0000004038A6 0 0SSSSS
000000002DDC 0000004039DC 0 0SSSSS
000000002E55 000000403A55 0 VVVVV
00000000340E 00000040400E 0 0A@@Ju
00000000490F 00000040550F 0 URPQQh
000000004C11 000000405811 0 WWWWW
000000004CD5 0000004058D5 0 u8SS3
000000004D6D 00000040596D 0 9]$SS
000000004EB4 000000405AB4 0 t"SS9]
00000000512D 000000405D2D 0 9] SS
0000000053E4 000000405FE4 0 WWWWW
000000005545 000000406145 0 wIVSP
000000005B86 000000406786 0 PPPPPPPP
000000005C66 000000406866 0 PPPPPPPP
00000000600B 000000406C0B 0 SVWUj
0000000060AC 000000406CAC 0 ;t$,v-
000000006131 000000406D31 0 UQPXY]Y[
00000000649B 00000040709B 0 WWWWV
0000000064BE 0000004070BE 0 t+WWVPV
0000000065B7 0000004071B7 0 WWWWW
0000000068CB 0000004074CB 0 v N+D$
000000006D64 000000408164 0 CorExitProcess
000000006D8C 00000040818C 0 runtime error
000000006DA0 0000004081A0 0 TLOSS error
000000006DB0 0000004081B0 0 SING error
000000006DC0 0000004081C0 0 DOMAIN error
000000006DD0 0000004081D0 0 R6034
000000006DD7 0000004081D7 0 An application has made an attempt to load the C runtime library incorrectly.
000000006E25 000000408225 0 Please contact the application's support team for more information.
000000006E70 000000408270 0 R6033
000000006E77 000000408277 0 - Attempt to use MSIL code from this assembly during native code initialization
000000006EC7 0000004082C7 0 This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
000000006F68 000000408368 0 R6032
000000006F6F 00000040836F 0 - not enough space for locale information
000000006FA0 0000004083A0 0 R6031
000000006FA7 0000004083A7 0 - Attempt to initialize the CRT more than once.
000000006FD7 0000004083D7 0 This indicates a bug in your application.
000000007004 000000408404 0 R6030
00000000700B 00000040840B 0 - CRT not initialized
000000007024 000000408424 0 R6028
00000000702B 00000040842B 0 - unable to initialize heap
00000000704C 00000040844C 0 R6027
000000007053 000000408453 0 - not enough space for lowio initialization
000000007084 000000408484 0 R6026
00000000708B 00000040848B 0 - not enough space for stdio initialization
0000000070BC 0000004084BC 0 R6025
0000000070C3 0000004084C3 0 - pure virtual function call
0000000070E4 0000004084E4 0 R6024
0000000070EB 0000004084EB 0 - not enough space for _onexit/atexit table
00000000711C 00000040851C 0 R6019
000000007123 000000408523 0 - unable to open console device
000000007148 000000408548 0 R6018
00000000714F 00000040854F 0 - unexpected heap error
00000000716C 00000040856C 0 R6017
000000007173 000000408573 0 - unexpected multithread lock error
00000000719C 00000040859C 0 R6016
0000000071A3 0000004085A3 0 - not enough space for thread data
0000000071CA 0000004085CA 0 This application has requested the Runtime to terminate it in an unusual way.
000000007218 000000408618 0 Please contact the application's support team for more information.
File pos Mem pos ID Text
======== ======= == ====
000000007260 000000408660 0 R6009
000000007267 000000408667 0 - not enough space for environment
00000000728C 00000040868C 0 R6008
000000007293 000000408693 0 - not enough space for arguments
0000000072B8 0000004086B8 0 R6002
0000000072BF 0000004086BF 0 - floating point support not loaded
0000000072E8 0000004086E8 0 Microsoft Visual C++ Runtime Library
000000007318 000000408718 0 <program name unknown>
000000007330 000000408730 0 Runtime Error!
000000007340 000000408740 0 Program:
0000000073CC 0000004087CC 0 EncodePointer
0000000073F8 0000004087F8 0 DecodePointer
000000007408 000000408808 0 FlsFree
000000007410 000000408810 0 FlsSetValue
00000000741C 00000040881C 0 FlsGetValue
000000007428 000000408828 0 FlsAlloc
000000007434 000000408834 0 GetProcessWindowStation
00000000744C 00000040884C 0 GetUserObjectInformationA
000000007468 000000408868 0 GetLastActivePopup
00000000747C 00000040887C 0 GetActiveWindow
00000000748C 00000040888C 0 MessageBoxA
000000007498 000000408898 0 USER32.DLL
0000000074C7 0000004088C7 0 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]
000000007508 000000408908 0 abcdefghijklmnopqrstuvwxyz{|}~
000000007AD8 000000408ED8 0 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]
000000007B19 000000408F19 0 abcdefghijklmnopqrstuvwxyz{|}~
000000007C58 000000409058 0 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]
000000007C99 000000409099 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
000000007D38 000000409138 0 HH:mm:ss
000000007D44 000000409144 0 dddd, MMMM dd, yyyy
000000007D58 000000409158 0 MM/dd/yy
000000007D6C 00000040916C 0 December
000000007D78 000000409178 0 November
000000007D84 000000409184 0 October
000000007D8C 00000040918C 0 September
000000007D98 000000409198 0 August
000000007DB0 0000004091B0 0 April
000000007DB8 0000004091B8 0 March
000000007DC0 0000004091C0 0 February
000000007DCC 0000004091CC 0 January
000000007E04 000000409204 0 Saturday
000000007E10 000000409210 0 Friday
000000007E18 000000409218 0 Thursday
000000007E24 000000409224 0 Wednesday
000000007E30 000000409230 0 Tuesday
000000007E38 000000409238 0 Monday
000000007E40 000000409240 0 Sunday
000000007E64 000000409264 0 SunMonTueWedThuFriSat
000000007E7C 00000040927C 0 JanFebMarAprMayJunJulAugSepOctNovDec
000000007EA4 0000004092A4 0 CurrencyDispenser1
000000007EB8 0000004092B8 0 CDM_TOOL_EUR
000000007F30 000000409330 0 C:\Users\MacGyver\Documents\Visual Studio 2008\Projects\COUNTER_STRIKE\Release\CDM_TOOL_EUR.pdb
00000000838E 00000040978E 0 WFSStartUp
00000000839C 00000040979C 0 WFSFreeResult
0000000083AC 0000004097AC 0 WFSUnlock
0000000083B8 0000004097B8 0 WFSLock
0000000083C2 0000004097C2 0 WFSOpen
0000000083CC 0000004097CC 0 WFSClose
0000000083D8 0000004097D8 0 WFSExecute
0000000083E6 0000004097E6 0 WFSCleanUp
File pos Mem pos ID Text
======== ======= == ====
0000000083F2 0000004097F2 0 MSXFS.dll
0000000083FE 0000004097FE 0 GetCommandLineA
000000008410 000000409810 0 GetStartupInfoA
000000008422 000000409822 0 TerminateProcess
000000008436 000000409836 0 GetCurrentProcess
00000000844A 00000040984A 0 UnhandledExceptionFilter
000000008466 000000409866 0 SetUnhandledExceptionFilter
000000008484 000000409884 0 IsDebuggerPresent
000000008498 000000409898 0 GetModuleHandleW
0000000084AC 0000004098AC 0 Sleep
0000000084B4 0000004098B4 0 GetProcAddress
0000000084C6 0000004098C6 0 ExitProcess
0000000084D4 0000004098D4 0 WriteFile
0000000084E0 0000004098E0 0 GetStdHandle
0000000084F0 0000004098F0 0 GetModuleFileNameA
000000008506 000000409906 0 FreeEnvironmentStringsA
000000008520 000000409920 0 GetEnvironmentStrings
000000008538 000000409938 0 FreeEnvironmentStringsW
000000008552 000000409952 0 WideCharToMultiByte
000000008568 000000409968 0 GetLastError
000000008578 000000409978 0 GetEnvironmentStringsW
000000008592 000000409992 0 SetHandleCount
0000000085A4 0000004099A4 0 GetFileType
0000000085B2 0000004099B2 0 DeleteCriticalSection
0000000085CA 0000004099CA 0 TlsGetValue
0000000085D8 0000004099D8 0 TlsAlloc
0000000085E4 0000004099E4 0 TlsSetValue
0000000085F2 0000004099F2 0 TlsFree
0000000085FC 0000004099FC 0 InterlockedIncrement
000000008614 000000409A14 0 SetLastError
000000008624 000000409A24 0 GetCurrentThreadId
00000000863A 000000409A3A 0 InterlockedDecrement
000000008652 000000409A52 0 HeapCreate
000000008660 000000409A60 0 VirtualFree
00000000866E 000000409A6E 0 HeapFree
00000000867A 000000409A7A 0 QueryPerformanceCounter
000000008694 000000409A94 0 GetTickCount
0000000086A4 000000409AA4 0 GetCurrentProcessId
0000000086BA 000000409ABA 0 GetSystemTimeAsFileTime
0000000086D4 000000409AD4 0 LeaveCriticalSection
0000000086EC 000000409AEC 0 EnterCriticalSection
000000008704 000000409B04 0 LoadLibraryA
000000008714 000000409B14 0 InitializeCriticalSectionAndSpinCount
00000000873C 000000409B3C 0 GetCPInfo
000000008748 000000409B48 0 GetACP
000000008752 000000409B52 0 GetOEMCP
00000000875E 000000409B5E 0 IsValidCodePage
000000008770 000000409B70 0 HeapAlloc
00000000877C 000000409B7C 0 VirtualAlloc
00000000878C 000000409B8C 0 HeapReAlloc
00000000879A 000000409B9A 0 RtlUnwind
0000000087A6 000000409BA6 0 HeapSize
0000000087B2 000000409BB2 0 GetLocaleInfoA
0000000087C4 000000409BC4 0 LCMapStringA
0000000087D4 000000409BD4 0 MultiByteToWideChar
0000000087EA 000000409BEA 0 LCMapStringW
0000000087FA 000000409BFA 0 GetStringTypeA
00000000880C 000000409C0C 0 GetStringTypeW
00000000881C 000000409C1C 0 KERNEL32.dll
000000008E5E 00000040A45E 0
File pos Mem pos ID Text
======== ======= == ====
000000008F3E 00000040A53E 0 abcdefghijklmnopqrstuvwxyz
000000008F5E 00000040A55E 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ
000000009062 00000040A662 0
000000009149 00000040A749 0 abcdefghijklmnopqrstuvwxyz
000000009169 00000040A769 0 ABCDEFGHIJKLMNOPQRSTUVWXYZ
000000009858 00000040C058 0 <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
0000000098A3 00000040C0A3 0 <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
0000000098DB 00000040C0DB 0 <security>
0000000098EB 00000040C0EB 0 <requestedPrivileges>
000000009908 00000040C108 0 <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
000000009968 00000040C168 0 </requestedPrivileges>
000000009986 00000040C186 0 </security>
000000009997 00000040C197 0 </trustInfo>
0000000099A7 00000040C1A7 0 </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
000000009A0B 00000040D00B 0 0#010?0f0z0
000000009A31 00000040D031 0 4@4T4f4m4s4
000000009A61 00000040D061 0 6 6(60686D6M6R6X6b6k6v6
000000009A8B 00000040D08B 0 7)727_7z7
000000009A9F 00000040D09F 0 8,878<8L8V8]8h8q8
000000009ABD 00000040D0BD 0 8%929\9a9l9q9
000000009ACB 00000040D0CB 0 9@:M:j:
000000009ADF 00000040D0DF 0 ;A;F;n;
000000009B05 00000040D105 0 >@>J>
000000009B2B 00000040D12B 0 101;1R1
000000009B33 00000040D133 0 1k1r1
000000009B3D 00000040D13D 0 2=2V2d2x2
000000009B4B 00000040D14B 0 2(303p3z3
000000009B59 00000040D159 0 3,4>4
000000009B6F 00000040D16F 0 5&5;5B5V5]5
000000009B93 00000040D193 0 6#6,686F6L6X6
000000009BA1 00000040D1A1 0 6k6u6|6
000000009BB5 00000040D1B5 0 7U7[7
000000009BD1 00000040D1D1 0 989=9E9K9R9X9_9e9m9t9y9
000000009C0D 00000040D20D 0 :":0:6:C:c:i:
000000009C29 00000040D229 0 <$<<<T<
000000009C3F 00000040D23F 0 =A=I=T=]=
000000009C59 00000040D259 0 >$>=>Q>W>
000000009C67 00000040D267 0 >,?L?\?n?
000000009C78 00000040D278 0 @0J0W0r0y0
000000009C9F 00000040D29F 0 3=3Q3W3
000000009CB1 00000040D2B1 0 4"4i4n4
000000009CC3 00000040D2C3 0 4?5H5N5
000000009CD3 00000040D2D3 0 6D6e6r6
000000009CEF 00000040D2EF 0 7(717@7E7O7]7
000000009D01 00000040D301 0 7=:D:J:
000000009D25 00000040D325 0 >@>K>U>n>x>
000000009D51 00000040D351 0 1"141O1W1_1v1
000000009D6D 00000040D36D 0 1'282F2X2
000000009D81 00000040D381 0 373@3L3
000000009D91 00000040D391 0 4(4/474<4@4D4m4
000000009DB5 00000040D3B5 0 5$5(5,505
000000009DCF 00000040D3CF 0 6M6T6X6\6
000000009DD9 00000040D3D9 0 6d6h6l6p6
000000009E01 00000040D401 0 :A:F:
000000009E1D 00000040D41D 0 ="=(=-=6=S=Y=d=i=q=w=
000000009E5C 00000040D45C 0 "2.2a2
000000009E6F 00000040D46F 0 5!5-6_6j6
000000009E81 00000040D481 0 7%8h8n8
000000009E95 00000040D495 0 979g9
000000009E9F 00000040D49F 0 :O; <
File pos Mem pos ID Text
======== ======= == ====
000000009ED5 00000040D4D5 0 0)0o0u0
000000009EDF 00000040D4DF 0 0 1A1
000000009EE9 00000040D4E9 0 2 2-2P2
000000009F05 00000040D505 0 7'797K7]7o7
000000009F17 00000040D517 0 9'9,90949]9
000000009F51 00000040D551 0 ;=;D;H;L;P;T;X;\;
000000009FA3 00000040D5A3 0 1 1$1\1
000000009FC5 00000040D5C5 0 404<4X4d4|4
000000009FDD 00000040D5DD 0 5 5@5
000000009FED 00000040D5ED 0 6 6<6@6
00000000A001 00000040D601 0 0$0,040<0D0L0T0\0d0l0t0|0
00000000A043 00000040D643 0 9h9x9
00000000A069 00000040D669 0 : :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:
00000000A08B 00000040D68B 0 :d:h:l:p:t:x:|:
000000006D74 000000408174 0 mscoree.dll
0000000073DC 0000004087DC 0 KERNEL32.DLL
=== DOWNLOAD ===
Mirror provided by vx-underground.org, thx!