.- - -----÷M÷E÷N÷U÷------------------------------------------------------------- --- ---- -------------.
! WALL ! STATS ! GOODIES ! YARA ! FAQ ! RSS ! EMV !
`-------------- - --- ---------- -------- -------- -------- -------- ----------------- - ---- ---- --'
ATM MALWARE NOTICE
1065502d7171df7be3776b839410a227c540cd977e5e856bbbcd837b0872bdb6
Date...........: 2016-06-27
Family.........: ATMitch
File name......:
File size......: 12.50 KB
Type file......: EXE/Windows
Virscan........: VT - HA
PDB Path found.: d:\helper\Helper\Release\!a.pdb
Entropy:
Binary Histogram:
=== SCREENSHOT ===
=== PEDUMP REPORT ===
=== MZ Header ===
signature: "MZ"
bytes_in_last_block: 144 0x90
blocks_in_file: 3 3
num_relocs: 0 0
header_paragraphs: 4 4
min_extra_paragraphs: 0 0
max_extra_paragraphs: 65535 0xffff
ss: 0 0
sp: 184 0xb8
checksum: 0 0
ip: 0 0
cs: 0 0
reloc_table_offset: 64 0x40
overlay_number: 0 0
reserved0: 0 0
oem_id: 0 0
oem_info: 0 0
reserved2: 0 0
reserved3: 0 0
reserved4: 0 0
reserved5: 0 0
reserved6: 0 0
lfanew: 240 0xf0
=== DOS STUB ===
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno|
00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
=== RICH Header ===
LIB_ID VERSION TIMES_USED
123 7b 50727 c627 2 2
149 95 21022 521e 1 1
131 83 21022 521e 20 14
132 84 21022 521e 2 2
147 93 21022 521e 5 5
1 1 0 0 68 44
138 8a 21022 521e 1 1
145 91 21022 521e 1 1
=== PE Header ===
signature: "PE\x00\x00"
# IMAGE_FILE_HEADER:
Machine: 332 0x14c x86
NumberOfSections: 5 5
TimeDateStamp: "2016-05-27 13:20:00"
PointerToSymbolTable: 0 0
NumberOfSymbols: 0 0
SizeOfOptionalHeader: 224 0xe0
Characteristics: 258 0x102 EXECUTABLE_IMAGE, 32BIT_MACHINE
# IMAGE_OPTIONAL_HEADER32:
Magic: 267 0x10b 32-bit executable
LinkerVersion: 9.0
SizeOfCode: 5120 0x1400
SizeOfInitializedData: 6656 0x1a00
SizeOfUninitializedData: 0 0
AddressOfEntryPoint: 7282 0x1c72
BaseOfCode: 4096 0x1000
BaseOfData: 12288 0x3000
ImageBase: 4194304 0x400000
SectionAlignment: 4096 0x1000
FileAlignment: 512 0x200
OperatingSystemVersion: 5.0
ImageVersion: 0.0
SubsystemVersion: 5.0
Reserved1: 0 0
SizeOfImage: 28672 0x7000
SizeOfHeaders: 1024 0x400
CheckSum: 45340 0xb11c
Subsystem: 3 3 WINDOWS_CUI
DllCharacteristics: 33088 0x8140 DYNAMIC_BASE, NX_COMPAT
TERMINAL_SERVER_AWARE
SizeOfStackReserve: 1048576 0x100000
SizeOfStackCommit: 4096 0x1000
SizeOfHeapReserve: 1048576 0x100000
SizeOfHeapCommit: 4096 0x1000
LoaderFlags: 0 0
NumberOfRvaAndSizes: 16 0x10
=== DATA DIRECTORY ===
EXPORT rva:0x 0 size:0x 0
IMPORT rva:0x 34d4 size:0x 50
RESOURCE rva:0x 5000 size:0x 2b0
EXCEPTION rva:0x 0 size:0x 0
SECURITY rva:0x 0 size:0x 0
BASERELOC rva:0x 6000 size:0x 268
DEBUG rva:0x 3140 size:0x 1c
ARCHITECTURE rva:0x 0 size:0x 0
GLOBALPTR rva:0x 0 size:0x 0
TLS rva:0x 0 size:0x 0
LOAD_CONFIG rva:0x 3318 size:0x 40
Bound_IAT rva:0x 0 size:0x 0
IAT rva:0x 3000 size:0x 11c
Delay_IAT rva:0x 0 size:0x 0
CLR_Header rva:0x 0 size:0x 0
rva:0x 0 size:0x 0
=== SECTIONS ===
NAME RVA VSZ RAW_SZ RAW_PTR nREL REL_PTR nLINE LINE_PTR FLAGS
.text 1000 125a 1400 400 0 0 0 0 60000020 R-X CODE
.rdata 3000 f5a 1000 1800 0 0 0 0 40000040 R-- IDATA
.data 4000 38c 200 2800 0 0 0 0 c0000040 RW- IDATA
.rsrc 5000 2b0 400 2a00 0 0 0 0 40000040 R-- IDATA
.reloc 6000 2e0 400 2e00 0 0 0 0 42000040 R-- IDATA DISCARDABLE
=== RESOURCES ===
FILE_OFFSET CP LANG SIZE TYPE NAME
0x2a58 1252 0x409 598 MANIFEST #1
=== IMPORTS ===
MODULE_NAME HINT ORD FUNCTION_NAME
MSVCP90.dll 316 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
MSVCP90.dll 31d ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
MSVCP90.dll a97 ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
MSVCP90.dll b44 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
MSVCP90.dll 405 ??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
MSVCP90.dll 7a4 ?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
MSVCP90.dll c07 ?width@ios_base@std@@QAEHH@Z
MSVCP90.dll 821 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
MSVCP90.dll 820 ?flags@ios_base@std@@QBEHXZ
MSVCP90.dll 88a ?good@ios_base@std@@QBE_NXZ
MSVCP90.dll 7aa ?eof@?$char_traits@D@std@@SAHXZ
MSVCP90.dll 7c4 ?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
MSVCP90.dll 958 ?length@?$char_traits@D@std@@SAIPBD@Z
MSVCP90.dll 152 ??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
MSVCP90.dll 939 ?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
MSVCP90.dll 9ea ?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
MSVCP90.dll 654 ?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
MSVCP90.dll b73 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
MSVCP90.dll 5d0 ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
MSVCP90.dll 7db ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
MSVCP90.dll 682 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
MSVCP90.dll 557 ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
MSVCP90.dll bbd ?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
MSVCP90.dll 57c ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
MSVCP90.dll b76 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
MSVCP90.dll be4 ?uncaught_exception@std@@YA_NXZ
MSVCP90.dll c08 ?width@ios_base@std@@QBEHXZ
MSVCR90.dll cf __p__fmode
MSVCR90.dll 16a _encode_pointer
MSVCR90.dll e0 __set_app_type
MSVCR90.dll 14b _crt_debugger_hook
MSVCR90.dll 43 ?terminate@@YAXXZ
MSVCR90.dll 3e6 _unlock
MSVCR90.dll 96 __dllonexit
MSVCR90.dll 276 _lock
MSVCR90.dll 31c _onexit
MSVCR90.dll 160 _decode_pointer
MSVCR90.dll 173 _except_handler4_common
MSVCR90.dll 20b _invoke_watson
MSVCR90.dll 13f _controlfp_s
MSVCR90.dll cb __p__commode
MSVCR90.dll 10b _adjust_fdiv
MSVCR90.dll e3 __setusermatherr
MSVCR90.dll 13c _configthreadlocale
MSVCR90.dll 205 _initterm_e
MSVCR90.dll 204 _initterm
MSVCR90.dll 4cc exit
MSVCR90.dll 66 _XcptFilter
MSVCR90.dll 17c _exit
MSVCR90.dll 12c _cexit
MSVCR90.dll 9f __getmainargs
MSVCR90.dll 115 _amsg_exit
MSVCR90.dll 4bf atoi
MSVCR90.dll a0 __initenv
MSVCR90.dll 73 __CxxFrameHandler3
KERNEL32.dll 421 Sleep
KERNEL32.dll 2ba InterlockedCompareExchange
KERNEL32.dll 42d TerminateProcess
KERNEL32.dll 1a9 GetCurrentProcess
KERNEL32.dll 43e UnhandledExceptionFilter
KERNEL32.dll 415 SetUnhandledExceptionFilter
KERNEL32.dll 2d1 IsDebuggerPresent
KERNEL32.dll 354 QueryPerformanceCounter
KERNEL32.dll 266 GetTickCount
KERNEL32.dll 1ad GetCurrentThreadId
KERNEL32.dll 1aa GetCurrentProcessId
KERNEL32.dll 24f GetSystemTimeAsFileTime
KERNEL32.dll 2bd InterlockedExchange
=== Packer / Compiler ===
MS Visual C++ v8.0
=== Strings ===
File pos Mem pos ID Text
======== ======= == ====
00000000004D 00000040004D 0 !This program cannot be run in DOS mode.
0000000001E8 0000004001E8 0 .text
000000000210 000000400210 0 .rdata
000000000237 000000400237 0 @.data
000000000260 000000400260 0 .rsrc
000000000287 000000400287 0 @.reloc
000000000448 000000401048 0 Pht1@
00000000061D 00000040121D 0 Qh02@
0000000006F3 0000004012F3 0 Rhd2@
0000000006FF 0000004012FF 0 Phh2@
00000000070B 00000040130B 0 Qhl2@
000000000769 000000401369 0 Php2@
0000000014E6 0000004020E6 0 VVVVV
000000001964 000000403164 0 bad allocation
000000001974 000000403174 0 calling with non params. Exiting.
000000001998 000000403198 0 Info command founded
0000000019B0 0000004031B0 0 command.txt
0000000019C0 0000004031C0 0 Can't open commandfile, exiting
0000000019E0 0000004031E0 0 Dispense command found
0000000019F8 0000004031F8 0 params. Exiting.
000000001A0C 00000040320C 0 params. But receive
000000001A24 000000403224 0 wait for
000000001A30 000000403230 0 Non valid args count for that command.
000000001A58 000000403258 0 command.txt
000000001A70 000000403270 0 Can't open commandfile, exiting
000000001A90 000000403290 0 End session command detected. Stop main Library.
000000001AC4 0000004032C4 0 command.txt
000000001AD4 0000004032D4 0 Can't open commandfile, exiting
000000001AF4 0000004032F4 0 Unknown command, repeat please.
000000001B78 000000403378 0 d:\helper\Helper\Release\!a.pdb
000000001E42 000000403642 0 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
000000001E7E 00000040367E 0 ?uncaught_exception@std@@YA_NXZ
000000001EA0 0000004036A0 0 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
000000001EE4 0000004036E4 0 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
000000001F22 000000403722 0 ?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
000000001F86 000000403786 0 ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
000000001FC6 0000004037C6 0 ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
000000001FFE 0000004037FE 0 ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
000000002040 000000403840 0 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
000000002080 000000403880 0 ?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
0000000020BD 0000004038BD 0 ?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
0000000020FE 0000004038FE 0 9 ?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
000000002142 000000403942 0 ??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
00000000217C 00000040397C 0 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
0000000021BE 0000004039BE 0 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
0000000021FE 0000004039FE 0 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
00000000224E 000000403A4E 0 ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
0000000022B6 000000403AB6 0 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
0000000022F6 000000403AF6 0 ??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
000000002332 000000403B32 0 ?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
000000002378 000000403B78 0 ?width@ios_base@std@@QAEHH@Z
000000002398 000000403B98 0 ?width@ios_base@std@@QBEHXZ
0000000023B6 000000403BB6 0 ?flags@ios_base@std@@QBEHXZ
0000000023D4 000000403BD4 0 ?good@ios_base@std@@QBE_NXZ
0000000023F2 000000403BF2 0 ?eof@?$char_traits@D@std@@SAHXZ
000000002414 000000403C14 0 ?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
000000002442 000000403C42 0 X ?length@?$char_traits@D@std@@SAIPBD@Z
00000000246A 000000403C6A 0 MSVCP90.dll
00000000247E 000000403C7E 0 MSVCR90.dll
00000000248C 000000403C8C 0 _amsg_exit
File pos Mem pos ID Text
======== ======= == ====
00000000249A 000000403C9A 0 __getmainargs
0000000024AA 000000403CAA 0 _cexit
0000000024B4 000000403CB4 0 _exit
0000000024BC 000000403CBC 0 _XcptFilter
0000000024D2 000000403CD2 0 __initenv
0000000024DE 000000403CDE 0 _initterm
0000000024EA 000000403CEA 0 _initterm_e
0000000024F8 000000403CF8 0 _configthreadlocale
00000000250E 000000403D0E 0 __setusermatherr
000000002522 000000403D22 0 _adjust_fdiv
000000002532 000000403D32 0 __p__commode
000000002542 000000403D42 0 __p__fmode
000000002550 000000403D50 0 _encode_pointer
000000002562 000000403D62 0 __set_app_type
000000002574 000000403D74 0 _crt_debugger_hook
00000000258A 000000403D8A 0 ?terminate@@YAXXZ
00000000259E 000000403D9E 0 _unlock
0000000025A8 000000403DA8 0 __dllonexit
0000000025B6 000000403DB6 0 _lock
0000000025BE 000000403DBE 0 _onexit
0000000025C8 000000403DC8 0 _decode_pointer
0000000025DA 000000403DDA 0 _except_handler4_common
0000000025F4 000000403DF4 0 _invoke_watson
000000002606 000000403E06 0 _controlfp_s
000000002616 000000403E16 0 InterlockedExchange
00000000262C 000000403E2C 0 Sleep
000000002634 000000403E34 0 InterlockedCompareExchange
000000002652 000000403E52 0 TerminateProcess
000000002666 000000403E66 0 GetCurrentProcess
00000000267A 000000403E7A 0 UnhandledExceptionFilter
000000002696 000000403E96 0 SetUnhandledExceptionFilter
0000000026B4 000000403EB4 0 IsDebuggerPresent
0000000026C8 000000403EC8 0 QueryPerformanceCounter
0000000026E2 000000403EE2 0 GetTickCount
0000000026F2 000000403EF2 0 GetCurrentThreadId
000000002708 000000403F08 0 GetCurrentProcessId
00000000271E 000000403F1E 0 GetSystemTimeAsFileTime
000000002736 000000403F36 0 KERNEL32.dll
000000002746 000000403F46 0 __CxxFrameHandler3
000000002A58 000000405058 0 <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
000000002AA3 0000004050A3 0 <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
000000002ADB 0000004050DB 0 <security>
000000002AEB 0000004050EB 0 <requestedPrivileges>
000000002B08 000000405108 0 <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
000000002B68 000000405168 0 </requestedPrivileges>
000000002B86 000000405186 0 </security>
000000002B97 000000405197 0 </trustInfo>
000000002BA7 0000004051A7 0 <dependency>
000000002BB7 0000004051B7 0 <dependentAssembly>
000000002BD0 0000004051D0 0 <assemblyIdentity type="win32" name="Microsoft.VC90.CRT" version="9.0.21022.8" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>
000000002C78 000000405278 0 </dependentAssembly>
000000002C92 000000405292 0 </dependency>
000000002CA3 0000004052A3 0 </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
000000002E0B 00000040600B 0 020D0J0P0a0~0
000000002E29 000000406029 0 161B1N1V1\1b1s1
000000002E4F 00000040604F 0 2%262G2X2i2
000000002E6D 00000040606D 0 3$353F3R3
000000002E77 000000406077 0 3e3k3q3
000000002E95 000000406095 0 4(444<4B4H4Y4v4
000000002EB7 0000004060B7 0 5u5}5
File pos Mem pos ID Text
======== ======= == ====
000000002ED3 0000004060D3 0 6 7)7@7W7o7
000000002EE3 0000004060E3 0 8$838J8
000000002EF7 0000004060F7 0 9O9h9t9
000000002F17 000000406117 0 :9:B:]:g:z:
000000002F41 000000406141 0 ;!;.;4;=;\;d;m;s;{;
000000002F69 000000406169 0 <!<'<.<5<E<M<S<_<j<
000000002FA5 0000004061A5 0 ="=-=9=>=N=S=Y=_=u=|=
000000002FC9 0000004061C9 0 > >8>N>[>
000000002FF0 0000004061F0 0 @0F0M0j0
000000002FFD 0000004061FD 0 1$111=1E1M1Y1}1
000000003023 000000406223 0 282Q2
000000003030 000000406230 0 1,101\1
000000003039 000000406239 0 1T3X3
000000003047 000000406247 0 4 4,4L4l4
00000000004D 00000040004D 0 !This program cannot be run in DOS mode.
0000000001E8 0000004001E8 0 .text
000000000210 000000400210 0 .rdata
000000000237 000000400237 0 @.data
000000000260 000000400260 0 .rsrc
000000000287 000000400287 0 @.reloc
000000000448 000000401048 0 Pht1@
00000000061D 00000040121D 0 Qh02@
0000000006F3 0000004012F3 0 Rhd2@
0000000006FF 0000004012FF 0 Phh2@
00000000070B 00000040130B 0 Qhl2@
000000000769 000000401369 0 Php2@
0000000014E6 0000004020E6 0 VVVVV
000000001964 000000403164 0 bad allocation
000000001974 000000403174 0 calling with non params. Exiting.
000000001998 000000403198 0 Info command founded
0000000019B0 0000004031B0 0 command.txt
0000000019C0 0000004031C0 0 Can't open commandfile, exiting
0000000019E0 0000004031E0 0 Dispense command found
0000000019F8 0000004031F8 0 params. Exiting.
000000001A0C 00000040320C 0 params. But receive
000000001A24 000000403224 0 wait for
000000001A30 000000403230 0 Non valid args count for that command.
000000001A58 000000403258 0 command.txt
000000001A70 000000403270 0 Can't open commandfile, exiting
000000001A90 000000403290 0 End session command detected. Stop main Library.
000000001AC4 0000004032C4 0 command.txt
000000001AD4 0000004032D4 0 Can't open commandfile, exiting
000000001AF4 0000004032F4 0 Unknown command, repeat please.
000000001B78 000000403378 0 d:\helper\Helper\Release\!a.pdb
000000001E42 000000403642 0 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
000000001E7E 00000040367E 0 ?uncaught_exception@std@@YA_NXZ
000000001EA0 0000004036A0 0 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
000000001EE4 0000004036E4 0 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
000000001F22 000000403722 0 ?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
000000001F86 000000403786 0 ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
000000001FC6 0000004037C6 0 ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
000000001FFE 0000004037FE 0 ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
000000002040 000000403840 0 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
000000002080 000000403880 0 ?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
0000000020BD 0000004038BD 0 ?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
0000000020FE 0000004038FE 0 9 ?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
000000002142 000000403942 0 ??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
00000000217C 00000040397C 0 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
0000000021BE 0000004039BE 0 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
0000000021FE 0000004039FE 0 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
File pos Mem pos ID Text
======== ======= == ====
00000000224E 000000403A4E 0 ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
0000000022B6 000000403AB6 0 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
0000000022F6 000000403AF6 0 ??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
000000002332 000000403B32 0 ?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
000000002378 000000403B78 0 ?width@ios_base@std@@QAEHH@Z
000000002398 000000403B98 0 ?width@ios_base@std@@QBEHXZ
0000000023B6 000000403BB6 0 ?flags@ios_base@std@@QBEHXZ
0000000023D4 000000403BD4 0 ?good@ios_base@std@@QBE_NXZ
0000000023F2 000000403BF2 0 ?eof@?$char_traits@D@std@@SAHXZ
000000002414 000000403C14 0 ?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
000000002442 000000403C42 0 X ?length@?$char_traits@D@std@@SAIPBD@Z
00000000246A 000000403C6A 0 MSVCP90.dll
00000000247E 000000403C7E 0 MSVCR90.dll
00000000248C 000000403C8C 0 _amsg_exit
00000000249A 000000403C9A 0 __getmainargs
0000000024AA 000000403CAA 0 _cexit
0000000024B4 000000403CB4 0 _exit
0000000024BC 000000403CBC 0 _XcptFilter
0000000024D2 000000403CD2 0 __initenv
0000000024DE 000000403CDE 0 _initterm
0000000024EA 000000403CEA 0 _initterm_e
0000000024F8 000000403CF8 0 _configthreadlocale
00000000250E 000000403D0E 0 __setusermatherr
000000002522 000000403D22 0 _adjust_fdiv
000000002532 000000403D32 0 __p__commode
000000002542 000000403D42 0 __p__fmode
000000002550 000000403D50 0 _encode_pointer
000000002562 000000403D62 0 __set_app_type
000000002574 000000403D74 0 _crt_debugger_hook
00000000258A 000000403D8A 0 ?terminate@@YAXXZ
00000000259E 000000403D9E 0 _unlock
0000000025A8 000000403DA8 0 __dllonexit
0000000025B6 000000403DB6 0 _lock
0000000025BE 000000403DBE 0 _onexit
0000000025C8 000000403DC8 0 _decode_pointer
0000000025DA 000000403DDA 0 _except_handler4_common
0000000025F4 000000403DF4 0 _invoke_watson
000000002606 000000403E06 0 _controlfp_s
000000002616 000000403E16 0 InterlockedExchange
00000000262C 000000403E2C 0 Sleep
000000002634 000000403E34 0 InterlockedCompareExchange
000000002652 000000403E52 0 TerminateProcess
000000002666 000000403E66 0 GetCurrentProcess
00000000267A 000000403E7A 0 UnhandledExceptionFilter
000000002696 000000403E96 0 SetUnhandledExceptionFilter
0000000026B4 000000403EB4 0 IsDebuggerPresent
0000000026C8 000000403EC8 0 QueryPerformanceCounter
0000000026E2 000000403EE2 0 GetTickCount
0000000026F2 000000403EF2 0 GetCurrentThreadId
000000002708 000000403F08 0 GetCurrentProcessId
00000000271E 000000403F1E 0 GetSystemTimeAsFileTime
000000002736 000000403F36 0 KERNEL32.dll
000000002746 000000403F46 0 __CxxFrameHandler3
000000002A58 000000405058 0 <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
000000002AA3 0000004050A3 0 <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
000000002ADB 0000004050DB 0 <security>
000000002AEB 0000004050EB 0 <requestedPrivileges>
000000002B08 000000405108 0 <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
000000002B68 000000405168 0 </requestedPrivileges>
000000002B86 000000405186 0 </security>
File pos Mem pos ID Text
======== ======= == ====
000000002B97 000000405197 0 </trustInfo>
000000002BA7 0000004051A7 0 <dependency>
000000002BB7 0000004051B7 0 <dependentAssembly>
000000002BD0 0000004051D0 0 <assemblyIdentity type="win32" name="Microsoft.VC90.CRT" version="9.0.21022.8" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>
000000002C78 000000405278 0 </dependentAssembly>
000000002C92 000000405292 0 </dependency>
000000002CA3 0000004052A3 0 </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
000000002E0B 00000040600B 0 020D0J0P0a0~0
000000002E29 000000406029 0 161B1N1V1\1b1s1
000000002E4F 00000040604F 0 2%262G2X2i2
000000002E6D 00000040606D 0 3$353F3R3
000000002E77 000000406077 0 3e3k3q3
000000002E95 000000406095 0 4(444<4B4H4Y4v4
000000002EB7 0000004060B7 0 5u5}5
000000002ED3 0000004060D3 0 6 7)7@7W7o7
000000002EE3 0000004060E3 0 8$838J8
000000002EF7 0000004060F7 0 9O9h9t9
000000002F17 000000406117 0 :9:B:]:g:z:
000000002F41 000000406141 0 ;!;.;4;=;\;d;m;s;{;
000000002F69 000000406169 0 <!<'<.<5<E<M<S<_<j<
000000002FA5 0000004061A5 0 ="=-=9=>=N=S=Y=_=u=|=
000000002FC9 0000004061C9 0 > >8>N>[>
000000002FF0 0000004061F0 0 @0F0M0j0
000000002FFD 0000004061FD 0 1$111=1E1M1Y1}1
000000003023 000000406223 0 282Q2
000000003030 000000406230 0 1,101\1
000000003039 000000406239 0 1T3X3
000000003047 000000406247 0 4 4,4L4l4
=== DOWNLOAD ===
Mirror provided by vx-underground.org, thx!