.- - -----÷M÷E÷N÷U÷------------------------------------------------------------- --- ---- -------------.
! WALL ! STATS ! GOODIES ! YARA ! FAQ ! RSS ! EMV !
`-------------- - --- ---------- -------- -------- -------- -------- ----------------- - ---- ---- --'
ATM MALWARE NOTICE
265f7a2ae7c931db0da8598ebb496d9e308be549b48909115039120b326ce50e
Date...........: 2013-05-21
Family.........: Trojan.Skimer.38
File name......: netncr.dll
File size......: 47.50 KB
Type file......: EXE/Windows
Virscan........: VT - HA
Entropy:
Binary Histogram:
=== PEDUMP REPORT ===
=== MZ Header ===
signature: "MZ"
bytes_in_last_block: 80 0x50
blocks_in_file: 2 2
num_relocs: 0 0
header_paragraphs: 4 4
min_extra_paragraphs: 15 0xf
max_extra_paragraphs: 65535 0xffff
ss: 0 0
sp: 184 0xb8
checksum: 0 0
ip: 0 0
cs: 0 0
reloc_table_offset: 64 0x40
overlay_number: 26 0x1a
reserved0: 0 0
oem_id: 0 0
oem_info: 0 0
reserved2: 0 0
reserved3: 0 0
reserved4: 0 0
reserved5: 0 0
reserved6: 0 0
lfanew: 256 0x100
=== DOS STUB ===
00000000: ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 |........!..L.!..|
00000010: 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 |This program mus|
00000020: 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 |t be run under W|
00000030: 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 |in32..$7........|
00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
=== PE Header ===
signature: "PE\x00\x00"
# IMAGE_FILE_HEADER:
Machine: 332 0x14c x86
NumberOfSections: 6 6
TimeDateStamp: "1992-06-19 22:22:17"
PointerToSymbolTable: 0 0
NumberOfSymbols: 0 0
SizeOfOptionalHeader: 224 0xe0
Characteristics: 41358 0xa18e EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO
32BIT_MACHINE, DLL, BYTES_REVERSED_HI
# IMAGE_OPTIONAL_HEADER32:
Magic: 267 0x10b 32-bit executable
LinkerVersion: 2.25
SizeOfCode: 36864 0x9000
SizeOfInitializedData: 10752 0x2a00
SizeOfUninitializedData: 0 0
AddressOfEntryPoint: 40188 0x9cfc
BaseOfCode: 4096 0x1000
BaseOfData: 40960 0xa000
ImageBase: 33554432 0x2000000
SectionAlignment: 4096 0x1000
FileAlignment: 512 0x200
OperatingSystemVersion: 4.0
ImageVersion: 0.0
SubsystemVersion: 4.0
Reserved1: 0 0
SizeOfImage: 65536 0x10000
SizeOfHeaders: 1024 0x400
CheckSum: 80135 0x13907
Subsystem: 2 2 WINDOWS_GUI
DllCharacteristics: 1 1 0x01
SizeOfStackReserve: 0 0
SizeOfStackCommit: 0 0
SizeOfHeapReserve: 1048576 0x100000
SizeOfHeapCommit: 4096 0x1000
LoaderFlags: 0 0
NumberOfRvaAndSizes: 16 0x10
=== DATA DIRECTORY ===
EXPORT rva:0x 0 size:0x 0
IMPORT rva:0x d000 size:0x d48
RESOURCE rva:0x f000 size:0x a10
EXCEPTION rva:0x 0 size:0x 0
SECURITY rva:0x 0 size:0x 0
BASERELOC rva:0x e000 size:0x 89c
DEBUG rva:0x 0 size:0x 0
ARCHITECTURE rva:0x 0 size:0x 0
GLOBALPTR rva:0x 0 size:0x 0
TLS rva:0x 0 size:0x 0
LOAD_CONFIG rva:0x 0 size:0x 0
Bound_IAT rva:0x 0 size:0x 0
IAT rva:0x 0 size:0x 0
Delay_IAT rva:0x 0 size:0x 0
CLR_Header rva:0x 0 size:0x 0
rva:0x 0 size:0x 0
=== SECTIONS ===
NAME RVA VSZ RAW_SZ RAW_PTR nREL REL_PTR nLINE LINE_PTR FLAGS
CODE 1000 8ef4 9000 400 0 0 0 0 60000020 R-X CODE
DATA a000 41c 600 9400 0 0 0 0 c0000040 RW- IDATA
BSS b000 19bd 0 9a00 0 0 0 0 c0000000 RW-
.idata d000 d48 e00 9a00 0 0 0 0 c0000040 RW- IDATA
.reloc e000 89c a00 a800 0 0 0 0 50000040 R-- IDATA SHARED
.rsrc f000 a10 c00 b200 0 0 0 0 50000040 R-- IDATA SHARED
[?] ignoring invalid PEdump::BITMAPINFOHEADER
=== RESOURCES ===
FILE_OFFSET CP LANG SIZE TYPE NAME
0xb258 1252 0 2487 ICON #1
=== IMPORTS ===
MODULE_NAME HINT ORD FUNCTION_NAME
kernel32.dll 0 DeleteCriticalSection
kernel32.dll 0 LeaveCriticalSection
kernel32.dll 0 EnterCriticalSection
kernel32.dll 0 InitializeCriticalSection
kernel32.dll 0 VirtualFree
kernel32.dll 0 VirtualAlloc
kernel32.dll 0 LocalFree
kernel32.dll 0 LocalAlloc
kernel32.dll 0 GetVersion
kernel32.dll 0 GetCurrentThreadId
kernel32.dll 0 GetThreadLocale
kernel32.dll 0 GetStartupInfoA
kernel32.dll 0 GetLocaleInfoA
kernel32.dll 0 GetCommandLineA
kernel32.dll 0 FreeLibrary
kernel32.dll 0 ExitProcess
kernel32.dll 0 WriteFile
kernel32.dll 0 UnhandledExceptionFilter
kernel32.dll 0 RtlUnwind
kernel32.dll 0 RaiseException
kernel32.dll 0 GetStdHandle
user32.dll 0 GetKeyboardType
user32.dll 0 MessageBoxA
advapi32.dll 0 RegQueryValueExA
advapi32.dll 0 RegOpenKeyExA
advapi32.dll 0 RegCloseKey
kernel32.dll 0 TlsSetValue
kernel32.dll 0 TlsGetValue
kernel32.dll 0 TlsFree
kernel32.dll 0 TlsAlloc
kernel32.dll 0 LocalFree
kernel32.dll 0 LocalAlloc
advapi32.dll 0 RegQueryValueExA
advapi32.dll 0 RegOpenKeyExA
advapi32.dll 0 RegEnumKeyExA
advapi32.dll 0 RegCloseKey
advapi32.dll 0 OpenProcessToken
advapi32.dll 0 LookupPrivilegeValueA
advapi32.dll 0 InitiateSystemShutdownA
advapi32.dll 0 AdjustTokenPrivileges
kernel32.dll 0 lstrlenA
kernel32.dll 0 lstrcpyA
kernel32.dll 0 lstrcmpiW
kernel32.dll 0 lstrcmpiA
kernel32.dll 0 lstrcmpA
kernel32.dll 0 lstrcatA
kernel32.dll 0 WriteFile
kernel32.dll 0 WaitForSingleObject
kernel32.dll 0 VirtualProtect
kernel32.dll 0 TerminateThread
kernel32.dll 0 TerminateProcess
kernel32.dll 0 SuspendThread
kernel32.dll 0 Sleep
kernel32.dll 0 SizeofResource
kernel32.dll 0 SetFilePointer
kernel32.dll 0 ResumeThread
kernel32.dll 0 ReadFile
kernel32.dll 0 OpenProcess
kernel32.dll 0 MultiByteToWideChar
kernel32.dll 0 LocalFree
kernel32.dll 0 LocalAlloc
kernel32.dll 0 LoadResource
kernel32.dll 0 LoadLibraryA
kernel32.dll 0 GetVolumeInformationA
kernel32.dll 0 GetTickCount
kernel32.dll 0 GetSystemTimeAsFileTime
kernel32.dll 0 GetProcAddress
kernel32.dll 0 GetModuleHandleA
kernel32.dll 0 GetModuleFileNameA
kernel32.dll 0 GetLastError
kernel32.dll 0 GetFileSize
kernel32.dll 0 GetFileAttributesA
kernel32.dll 0 GetExitCodeThread
kernel32.dll 0 GetCurrentThreadId
kernel32.dll 0 GetCurrentProcess
kernel32.dll 0 FormatMessageA
kernel32.dll 0 FindResourceA
kernel32.dll 0 FileTimeToLocalFileTime
kernel32.dll 0 DeleteFileA
kernel32.dll 0 CreateProcessA
kernel32.dll 0 CreateMutexA
kernel32.dll 0 CreateFileA
kernel32.dll 0 CloseHandle
gdi32.dll 0 SelectObject
gdi32.dll 0 Rectangle
gdi32.dll 0 GetTextMetricsA
gdi32.dll 0 GetDeviceCaps
gdi32.dll 0 DeleteObject
gdi32.dll 0 DeleteDC
gdi32.dll 0 CreateSolidBrush
gdi32.dll 0 CreateDCA
user32.dll 0 CreateWindowExA
user32.dll 0 UnregisterClassA
user32.dll 0 TranslateMessage
user32.dll 0 SetTimer
user32.dll 0 SetFocus
user32.dll 0 SendMessageA
user32.dll 0 RegisterClassA
user32.dll 0 PostMessageA
user32.dll 0 PeekMessageA
user32.dll 0 MessageBoxA
user32.dll 0 LoadIconA
user32.dll 0 LoadCursorA
user32.dll 0 InvalidateRect
user32.dll 0 GetWindowTextA
user32.dll 0 GetWindowDC
user32.dll 0 GetMessageA
user32.dll 0 GetDesktopWindow
user32.dll 0 GetClientRect
user32.dll 0 DrawTextA
user32.dll 0 DispatchMessageA
user32.dll 0 DestroyWindow
user32.dll 0 DefWindowProcA
msxfs.dll 0 WFSCancelAsyncRequest
msxfs.dll 0 WFSDeregister
msxfs.dll 0 WFSRegister
msxfs.dll 0 WFSGetInfo
msxfs.dll 0 WFSAsyncExecute
msxfs.dll 0 WFSExecute
msxfs.dll 0 WFSUnlock
msxfs.dll 0 WFSFreeResult
msxfs.dll 0 WFSLock
msxfs.dll 0 WFSClose
msxfs.dll 0 WFSOpen
msxfs.dll 0 WFSStartUp
uladi2.dll 0 AdiLookupName
uladi2.dll 0 AdiTerminate
uladi2.dll 0 AdiInitialise
uladi2x.dll 0 AdiFreeResponseHandle
uladi2x.dll 0 AdiGetTdata
uladi2x.dll 0 AdiGetTlength
uladi2x.dll 0 AdiExTimedReceiveResponse
uladi2x.dll 0 AdiExSend
imagehlp.dll 0 CheckSumMappedFile
ntdll.dll 0 NtQueryInformationThread
kernel32.dll 0 OpenThread
user32.dll 0 wsprintfA
=== Packer / Compiler ===
Borland Delphi v3.0
File pos Mem pos ID Text
======== ======= == ====
000000000050 000002000050 0 This program must be run under Win32
000000000270 000002000270 0 .idata
000000000298 000002000298 0 .reloc
0000000002BF 0000020002BF 0 P.rsrc
00000000087C 00000200147C 0 wE;\$
000000001E37 000002002A37 0 ~KxI[)
000000001F60 000002002B60 0 SOFTWARE\Borland\Delphi\RTL
000000001F7C 000002002B7C 0 FPUMaskValue
000000001FC9 000002002BC9 0 PPRTj
000000002143 000002002D43 0 YZXtp
0000000022BA 000002002EBA 0 t=HtN
0000000026DC 0000020032DC 0 SVWUQ
000000002958 000002003558 0 SVWRP
000000002A74 000002003674 0 USVW1
0000000034A6 0000020040A6 0 6d%8?
0000000034AD 0000020040AD 0 >=Hr=*
00000000351E 00000200411E 0 7M]z<
0000000035FD 0000020041FD 0 -T3z6
00000000364A 00000200424A 0 )!{sRB
0000000039D0 0000020045D0 0 D$1PV
000000003A04 000002004604 0 .DEFAULT\XFS\LOGICAL_SERVICES
000000003A24 000002004624 0 class
000000003A90 000002004690 0 CreateFile
000000003AD8 0000020046D8 0 WFSStartUp %d
000000003C5C 00000200485C 0 t find EPP
000000003C68 000002004868 0 WFSOpen(%s) %d
000000003C78 000002004878 0 WFSLock %d
000000003C84 000002004884 0 WFSRegister %d
000000003C94 000002004894 0 WFSExecute %d
000000003E0F 000002004A0F 0 D$PxD
000000003EA8 000002004AA8 0 D$TPSj
000000003F45 000002004B45 0 D$tPj
000000004010 000002004C10 0 ATMDialog
00000000401C 000002004C1C 0 hello
000000004024 000002004C24 0 STATIC
00000000406C 000002004C6C 0 Error
000000004208 000002004E08 0 ADI cmd:
000000004234 000002004E34 0 Error:
000000004298 000002004E98 0 Error
0000000042F0 000002004EF0 0 Error
000000004358 000002004F58 0 Error
0000000044C8 0000020050C8 0 WFSOpen( %s ) = %d
0000000044DC 0000020050DC 0 WFSLock(%s)=%d
0000000044EC 0000020050EC 0 WFSExecute(%s,%d)=%d
00000000452C 00000200512C 0 $PShdQ
00000000456C 00000200516C 0 Error
00000000459F 00000200519F 0 $PVSh
0000000045D8 0000020051D8 0 %s %s
0000000045E4 0000020051E4 0 Error
000000004654 000002005254 0 t find SIU
0000000049A8 0000020055A8 0 %s%.2X
0000000049B0 0000020055B0 0 ExchangeKey
000000004B2C 00000200572C 0 t4j*j
000000004CEC 0000020058EC 0 Incorrect COM Key name
000000004D34 000002005934 0 =t AJu
000000004EC4 000002005AC4 0 SVWUQ
000000005585 000002006185 0 ;C&v=
00000000585C 00000200645C 0 t find CardReader
000000005870 000002006470 0 WFSOpen %d
00000000587C 00000200647C 0 STATIC
File pos Mem pos ID Text
======== ======= == ====
000000005884 000002006484 0 WFSRegister %d
000000005894 000002006494 0 WFSLock %d
00000000590C 00000200650C 0 WFSExecute(WFS_CMD_IDC_READ_RAW_DATA) %d
0000000059D8 0000020065D8 0 WFSExecute %d
000000005AC0 0000020066C0 0 WFSExecute(WFS_CMD_IDC_CHIP_IO) %d
000000005AE4 0000020066E4 0 Select:Invalid ResCode Len
000000005BF4 0000020067F4 0 WFSExecute(WFS_CMD_IDC_CHIP_IO) Error=%d
000000005C20 000002006820 0 Select:Invalid ResCode Len
000000005D44 000002006944 0 WFSExecute(WFS_CMD_IDC_CHIP_IO) %d
000000005D68 000002006968 0 WriteRec:Invalid ResCode Len
000000005E88 000002006A88 0 WFSExecute(WFS_CMD_IDC_CHIP_IO) %d
000000005EAC 000002006AAC 0 ReadRec:Invalid ResCode Len
000000006068 000002006C68 0 Select Err: %.4X
00000000607C 000002006C7C 0 GetResponce Err: %.4X
000000006094 000002006C94 0 WriteRec Err: %.4X
0000000060A8 000002006CA8 0 ReadRec Err: %.4X
0000000065B8 0000020071B8 0 DISPLAY
0000000068F0 0000020074F0 0 ItemVersion
000000006954 000002007554 0 Deco mode %d
000000006965 000002007565 0 Key mode %d
000000006976 000002007576 0 Use locals %d
000000006987 000002007587 0 Auto delete %d
000000006AD4 0000020076D4 0 %d - %.2X%2X%2X
000000006BDC 0000020077DC 0 OpenProcessToken
000000006BF0 0000020077F0 0 LookupPrivilegeValue
000000006C08 000002007808 0 AdjustTokenPrivileges
000000006DBC 0000020079BC 0 getProcessEntry: %s
000000006DD0 0000020079D0 0 SeDebugPrivilege
000000006DE4 0000020079E4 0 OpenProcess
000000006DF0 0000020079F0 0 LoadLibraryA
000000006E00 000002007A00 0 kernel32.dll
000000006E10 000002007A10 0 GetExitCodeThread
000000006E24 000002007A24 0 VirtualFreeEx
000000006E60 000002007A60 0 SeShutdownPrivilege
000000006E78 000002007A78 0 InitiateSystemShutdown
000000006FD8 000002007BD8 0 Invalid Data Size
000000006FEC 000002007BEC 0 Error
000000007330 000002007F30 0 GetProcAddress
000000007340 000002007F40 0 hook.VirtualProtect
00000000740C 00000200800C 0 ApplicationCore.EXE
0000000075D8 0000020081D8 0 kernel32
0000000075E4 0000020081E4 0 DeleteFileA
0000000075F0 0000020081F0 0 FreeLibrary
0000000075FC 0000020081FC 0 GetModuleHandleA
000000007610 000002008210 0 CreateFileA
00000000761C 00000200821C 0 Sleep
000000007624 000002008224 0 WriteFile
000000007630 000002008230 0 CloseHandle
00000000763C 00000200823C 0 LocalFree
000000007648 000002008248 0 LoadLibraryA
000000007658 000002008258 0 user32
000000007660 000002008260 0 ExitWindowsEx
000000007670 000002008270 0 SeShutdownPrivilege
000000007768 000002008368 0 Check sum erro r
00000000777C 00000200837C 0 Not executable file !
0000000079B8 0000020085B8 0 %d -
0000000079CC 0000020085CC 0 SpaceTable
000000007BDC 0000020087DC 0 Raport error enabled
000000007C5C 00000200885C 0 suspendthread
000000007C6C 00000200886C 0 resumethread
File pos Mem pos ID Text
======== ======= == ====
000000007C7C 00000200887C 0 Openthread
000000007D00 000002008900 0 D$ PU
000000007DE5 0000020089E5 0 t<;t$
000000007EC0 000002008AC0 0 ApplicationCore.EXE
000000007F90 000002008B90 0 ApplicationCore.EXE
000000007FA8 000002008BA8 0 Enter Command:
0000000085E3 0000020091E3 0 ,'ta,
0000000086A0 0000020092A0 0 UlySxExec %d - %.2X
000000008850 000002009450 0 UlySxExecCommandAsync
000000008868 000002009468 0 ulcorcom.dll
000000008878 000002009478 0 UlySxRetrieveMessage
000000008962 000002009562 0 8NTFS
000000008AD8 0000020096D8 0 Bound Import %s
000000008AE8 0000020096E8 0 LoadLibrary %s
000000008AF8 0000020096F8 0 GetProcAddress %s
000000008B22 000002009722 0 Pj@SV
000000008B84 000002009784 0 VProtect1
000000008B94 000002009794 0 SVWUQ
000000008C8D 00000200988D 0 33333
000000008CAF 0000020098AF 0 UUUU3
000000008E01 000002009A01 0 VWUSQ
000000008E49 000002009A49 0 33333
000000008E6B 000002009A6B 0 UUUU3
000000008F1F 000002009B1F 0 UUUU3
000000008F7D 000002009B7D 0 VWUSQ
000000009034 000002009C34 0 UUUU3
00000000929C 000002009E9C 0 rtl32syss
0000000092A8 000002009EA8 0 ApplicationCore.EXE
0000000092C0 000002009EC0 0 rtl32syss2
0000000092CC 000002009ECC 0 UlySxExecCommandAsync
0000000092E4 000002009EE4 0 ulcorcom.dll
00000000944C 00000200A04C 0 Error
000000009454 00000200A054 0 Runtime error at 00000000
000000009474 00000200A074 0 0123456789ABCDEF
0000000094CF 00000200A0CF 0 ESeTtInGs3.03.05
0000000094E0 00000200A0E0 0 russian federat
0000000096D0 00000200A2D0 0 <4,$?7/'
000000009716 00000200A316 0 !"#$%&'()*+,-./012345678
000000009761 00000200A361 0 (3-!0
000000009768 00000200A368 0 ,1'8"5
000000009DA0 00000200D3A0 0 kernel32.dll
000000009DB0 00000200D3B0 0 DeleteCriticalSection
000000009DC8 00000200D3C8 0 LeaveCriticalSection
000000009DE0 00000200D3E0 0 EnterCriticalSection
000000009DF8 00000200D3F8 0 InitializeCriticalSection
000000009E14 00000200D414 0 VirtualFree
000000009E22 00000200D422 0 VirtualAlloc
000000009E32 00000200D432 0 LocalFree
000000009E3E 00000200D43E 0 LocalAlloc
000000009E4C 00000200D44C 0 GetVersion
000000009E5A 00000200D45A 0 GetCurrentThreadId
000000009E70 00000200D470 0 GetThreadLocale
000000009E82 00000200D482 0 GetStartupInfoA
000000009E94 00000200D494 0 GetLocaleInfoA
000000009EA6 00000200D4A6 0 GetCommandLineA
000000009EB8 00000200D4B8 0 FreeLibrary
000000009EC6 00000200D4C6 0 ExitProcess
000000009ED4 00000200D4D4 0 WriteFile
000000009EE0 00000200D4E0 0 UnhandledExceptionFilter
000000009EFC 00000200D4FC 0 RtlUnwind
File pos Mem pos ID Text
======== ======= == ====
000000009F08 00000200D508 0 RaiseException
000000009F1A 00000200D51A 0 GetStdHandle
000000009F28 00000200D528 0 user32.dll
000000009F36 00000200D536 0 GetKeyboardType
000000009F48 00000200D548 0 MessageBoxA
000000009F54 00000200D554 0 advapi32.dll
000000009F64 00000200D564 0 RegQueryValueExA
000000009F78 00000200D578 0 RegOpenKeyExA
000000009F88 00000200D588 0 RegCloseKey
000000009F94 00000200D594 0 kernel32.dll
000000009FA4 00000200D5A4 0 TlsSetValue
000000009FB2 00000200D5B2 0 TlsGetValue
000000009FC0 00000200D5C0 0 TlsFree
000000009FCA 00000200D5CA 0 TlsAlloc
000000009FD6 00000200D5D6 0 LocalFree
000000009FE2 00000200D5E2 0 LocalAlloc
000000009FEE 00000200D5EE 0 advapi32.dll
000000009FFE 00000200D5FE 0 RegQueryValueExA
00000000A012 00000200D612 0 RegOpenKeyExA
00000000A022 00000200D622 0 RegEnumKeyExA
00000000A032 00000200D632 0 RegCloseKey
00000000A040 00000200D640 0 OpenProcessToken
00000000A054 00000200D654 0 LookupPrivilegeValueA
00000000A06C 00000200D66C 0 InitiateSystemShutdownA
00000000A086 00000200D686 0 AdjustTokenPrivileges
00000000A09C 00000200D69C 0 kernel32.dll
00000000A0AC 00000200D6AC 0 lstrlenA
00000000A0B8 00000200D6B8 0 lstrcpyA
00000000A0C4 00000200D6C4 0 lstrcmpiW
00000000A0D0 00000200D6D0 0 lstrcmpiA
00000000A0DC 00000200D6DC 0 lstrcmpA
00000000A0E8 00000200D6E8 0 lstrcatA
00000000A0F4 00000200D6F4 0 WriteFile
00000000A100 00000200D700 0 WaitForSingleObject
00000000A116 00000200D716 0 VirtualProtect
00000000A128 00000200D728 0 TerminateThread
00000000A13A 00000200D73A 0 TerminateProcess
00000000A14E 00000200D74E 0 SuspendThread
00000000A15E 00000200D75E 0 Sleep
00000000A166 00000200D766 0 SizeofResource
00000000A178 00000200D778 0 SetFilePointer
00000000A18A 00000200D78A 0 ResumeThread
00000000A19A 00000200D79A 0 ReadFile
00000000A1A6 00000200D7A6 0 OpenProcess
00000000A1B4 00000200D7B4 0 MultiByteToWideChar
00000000A1CA 00000200D7CA 0 LocalFree
00000000A1D6 00000200D7D6 0 LocalAlloc
00000000A1E4 00000200D7E4 0 LoadResource
00000000A1F4 00000200D7F4 0 LoadLibraryA
00000000A204 00000200D804 0 GetVolumeInformationA
00000000A21C 00000200D81C 0 GetTickCount
00000000A22C 00000200D82C 0 GetSystemTimeAsFileTime
00000000A246 00000200D846 0 GetProcAddress
00000000A258 00000200D858 0 GetModuleHandleA
00000000A26C 00000200D86C 0 GetModuleFileNameA
00000000A282 00000200D882 0 GetLastError
00000000A292 00000200D892 0 GetFileSize
00000000A2A0 00000200D8A0 0 GetFileAttributesA
00000000A2B6 00000200D8B6 0 GetExitCodeThread
00000000A2CA 00000200D8CA 0 GetCurrentThreadId
File pos Mem pos ID Text
======== ======= == ====
00000000A2E0 00000200D8E0 0 GetCurrentProcess
00000000A2F4 00000200D8F4 0 FormatMessageA
00000000A306 00000200D906 0 FindResourceA
00000000A316 00000200D916 0 FileTimeToLocalFileTime
00000000A330 00000200D930 0 DeleteFileA
00000000A33E 00000200D93E 0 CreateProcessA
00000000A350 00000200D950 0 CreateMutexA
00000000A360 00000200D960 0 CreateFileA
00000000A36E 00000200D96E 0 CloseHandle
00000000A37A 00000200D97A 0 gdi32.dll
00000000A386 00000200D986 0 SelectObject
00000000A396 00000200D996 0 Rectangle
00000000A3A2 00000200D9A2 0 GetTextMetricsA
00000000A3B4 00000200D9B4 0 GetDeviceCaps
00000000A3C4 00000200D9C4 0 DeleteObject
00000000A3D4 00000200D9D4 0 DeleteDC
00000000A3E0 00000200D9E0 0 CreateSolidBrush
00000000A3F4 00000200D9F4 0 CreateDCA
00000000A3FE 00000200D9FE 0 user32.dll
00000000A40C 00000200DA0C 0 CreateWindowExA
00000000A41E 00000200DA1E 0 UnregisterClassA
00000000A432 00000200DA32 0 TranslateMessage
00000000A446 00000200DA46 0 SetTimer
00000000A452 00000200DA52 0 SetFocus
00000000A45E 00000200DA5E 0 SendMessageA
00000000A46E 00000200DA6E 0 RegisterClassA
00000000A480 00000200DA80 0 PostMessageA
00000000A490 00000200DA90 0 PeekMessageA
00000000A4A0 00000200DAA0 0 MessageBoxA
00000000A4AE 00000200DAAE 0 LoadIconA
00000000A4BA 00000200DABA 0 LoadCursorA
00000000A4C8 00000200DAC8 0 InvalidateRect
00000000A4DA 00000200DADA 0 GetWindowTextA
00000000A4EC 00000200DAEC 0 GetWindowDC
00000000A4FA 00000200DAFA 0 GetMessageA
00000000A508 00000200DB08 0 GetDesktopWindow
00000000A51C 00000200DB1C 0 GetClientRect
00000000A52C 00000200DB2C 0 DrawTextA
00000000A538 00000200DB38 0 DispatchMessageA
00000000A54C 00000200DB4C 0 DestroyWindow
00000000A55C 00000200DB5C 0 DefWindowProcA
00000000A56C 00000200DB6C 0 msxfs.dll
00000000A578 00000200DB78 0 WFSCancelAsyncRequest
00000000A590 00000200DB90 0 WFSDeregister
00000000A5A0 00000200DBA0 0 WFSRegister
00000000A5AE 00000200DBAE 0 WFSGetInfo
00000000A5BC 00000200DBBC 0 WFSAsyncExecute
00000000A5CE 00000200DBCE 0 WFSExecute
00000000A5DC 00000200DBDC 0 WFSUnlock
00000000A5E8 00000200DBE8 0 WFSFreeResult
00000000A5F8 00000200DBF8 0 WFSLock
00000000A602 00000200DC02 0 WFSClose
00000000A60E 00000200DC0E 0 WFSOpen
00000000A618 00000200DC18 0 WFSStartUp
00000000A624 00000200DC24 0 uladi2.dll
00000000A632 00000200DC32 0 AdiLookupName
00000000A642 00000200DC42 0 AdiTerminate
00000000A652 00000200DC52 0 AdiInitialise
00000000A660 00000200DC60 0 uladi2x.dll
00000000A66E 00000200DC6E 0 AdiFreeResponseHandle
File pos Mem pos ID Text
======== ======= == ====
00000000A686 00000200DC86 0 AdiGetTdata
00000000A694 00000200DC94 0 AdiGetTlength
00000000A6A4 00000200DCA4 0 AdiExTimedReceiveResponse
00000000A6C0 00000200DCC0 0 AdiExSend
00000000A6CA 00000200DCCA 0 imagehlp.dll
00000000A6DA 00000200DCDA 0 CheckSumMappedFile
00000000A6EE 00000200DCEE 0 ntdll.dll
00000000A6FA 00000200DCFA 0 NtQueryInformationThread
00000000A714 00000200DD14 0 kernel32.dll
00000000A724 00000200DD24 0 OpenThread
00000000A730 00000200DD30 0 user32.dll
00000000A73E 00000200DD3E 0 wsprintfA
00000000A80F 00000200E00F 0 0"0*020:0B0J0R0Z0b0j0r0z0
00000000A853 00000200E053 0 6S6b6
00000000A867 00000200E067 0 9$9.989N9T9b9w9
00000000A891 00000200E091 0 :?:I:S:]:g:z:
00000000A8B9 00000200E0B9 0 ;H<h<
00000000A8C3 00000200E0C3 0 =Q>]>
00000000A8F5 00000200E0F5 0 081A1[1
00000000A907 00000200E107 0 2O2X2h2p2v2
00000000A927 00000200E127 0 3 383D3L3m3|3
00000000A941 00000200E141 0 4B4v4
00000000A94D 00000200E14D 0 4$5,52585E5K5
00000000A985 00000200E185 0 858F8[8h8
00000000A99F 00000200E19F 0 ;+;B;W;
00000000A9B3 00000200E1B3 0 ;2<N<Z<n<x<
00000000A9C5 00000200E1C5 0 <#=,=a=h=
00000000A9D3 00000200E1D3 0 =G?o?v?
00000000A9FB 00000200E1FB 0 1"1'1-161F1K1P1U1Z1h1r1
00000000AA1F 00000200E21F 0 2$2.2S2]2g2o2u2
00000000AA3F 00000200E23F 0 3)3B3
00000000AA4D 00000200E24D 0 3=7N7
00000000AA5F 00000200E25F 0 708y8
00000000AA81 00000200E281 0 979@9I9U9_9
00000000AAA1 00000200E2A1 0 :M:k:u:
00000000AAB9 00000200E2B9 0 ;!;-;;;E;c;h;{;
00000000AAE5 00000200E2E5 0 <&<.<6<
00000000AAED 00000200E2ED 0 <f<n<v<~<
00000000AB1D 00000200E31D 0 =&=.=6=>=F=N=V=
00000000AB2D 00000200E32D 0 =f=n=v=~=
00000000AB5D 00000200E35D 0 >&>.>6>>>F>N>V>
00000000AB6D 00000200E36D 0 >f>n>v>~>
00000000AB77 00000200E377 0 >S?_?l?~?
00000000ABA9 00000200E3A9 0 0#0/0<0N0V0
00000000ABB5 00000200E3B5 0 0f0n0v0~0
00000000ABD7 00000200E3D7 0 4 5g5}6
00000000ABED 00000200E3ED 0 777L7Z7_7
00000000AC1D 00000200E41D 0 ;><O<]<
00000000AC27 00000200E427 0 =O=Z=w=|=
00000000AC43 00000200E443 0 ?*?E?v?
00000000AC59 00000200E459 0 001F1
00000000AC6B 00000200E46B 0 292q2
00000000AC75 00000200E475 0 3(3.3Y4
00000000AC7D 00000200E47D 0 5F5h5v5
00000000AC95 00000200E495 0 7.8S8a8
00000000ACBB 00000200E4BB 0 3e3j3u3}3
00000000ACD3 00000200E4D3 0 4z5e6
00000000AD11 00000200E511 0 1!1=1H1R1Y1d1k1v1
00000000AD45 00000200E545 0 4D4S4
00000000AD55 00000200E555 0 5"5(5<5
File pos Mem pos ID Text
======== ======= == ====
00000000AD6B 00000200E56B 0 707d7
00000000AD83 00000200E583 0 9F9s9
00000000AD8B 00000200E58B 0 95:V:
00000000AD93 00000200E593 0 ;!;(;-;
00000000AD9B 00000200E59B 0 ;"<7<<<G<Z<z<
00000000ADD0 00000200E5D0 0 :0K0X0
00000000ADED 00000200E5ED 0 1#1/1B1U1
00000000AE0D 00000200E60D 0 4/444D4e4}4
00000000AE19 00000200E619 0 4#5Q5r5
00000000AE2B 00000200E62B 0 6j6n6r6v6z6~6
00000000AE51 00000200E651 0 7C7S7c7s7
00000000AE69 00000200E669 0 7!888D8
00000000AE7D 00000200E67D 0 :N:j:p:
00000000AEB1 00000200E6B1 0 =&=1=>=S=o=
00000000AED9 00000200E6D9 0 >.>4>g>
00000000AEF5 00000200E6F5 0 1)161t1y1
00000000AF0D 00000200E70D 0 2#202=2B2P2Y2h2w2
00000000AF47 00000200E747 0 4$4)43484=4
00000000AF65 00000200E765 0 505P5j5p5x5
00000000AF83 00000200E783 0 63787
00000000AF9D 00000200E79D 0 9$939=9F9Q9Z9c9o9}9
00000000B013 00000200E813 0 =&=5=:=J=V=[=
00000000B03B 00000200E83B 0 > >8>>>C>H>M>\>g>
00000000B058 00000200E858 0 $0(0,0
00000000B073 00000200E873 0 1 1$1(1,1014181<1@1D1H1L1P1T1X1\1d1
00000000B902 00000200F702 0 ,C._%a
00000000B90D 00000200F70D 0 Gv;-@
00000000BC0F 00000200FA0F 0 PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
0000000046BD 0000020052BD 0 MyProg
000000004774 000002005374 0 MyProg
000000004874 000002005474 0 MyProg
000000004994 000002005594 0 MyProg
000000004AA4 0000020056A4 0 MyProg
000000004B7C 00000200577C 0 MyProg
000000006AC0 0000020076C0 0 MyProg
000000007818 000002008418 0 MyProg
0000000079D8 0000020085D8 0 MyProg
000000008550 000002009150 0 MyProg
000000000050 000002000050 0 This program must be run under Win32
000000000270 000002000270 0 .idata
000000000298 000002000298 0 .reloc
0000000002BF 0000020002BF 0 P.rsrc
00000000087C 00000200147C 0 wE;\$
000000001E37 000002002A37 0 ~KxI[)
000000001F60 000002002B60 0 SOFTWARE\Borland\Delphi\RTL
000000001F7C 000002002B7C 0 FPUMaskValue
000000001FC9 000002002BC9 0 PPRTj
000000002143 000002002D43 0 YZXtp
0000000022BA 000002002EBA 0 t=HtN
0000000026DC 0000020032DC 0 SVWUQ
000000002958 000002003558 0 SVWRP
000000002A74 000002003674 0 USVW1
0000000034A6 0000020040A6 0 6d%8?
0000000034AD 0000020040AD 0 >=Hr=*
00000000351E 00000200411E 0 7M]z<
0000000035FD 0000020041FD 0 -T3z6
00000000364A 00000200424A 0 )!{sRB
0000000039D0 0000020045D0 0 D$1PV
000000003A04 000002004604 0 .DEFAULT\XFS\LOGICAL_SERVICES
000000003A24 000002004624 0 class
File pos Mem pos ID Text
======== ======= == ====
000000003A90 000002004690 0 CreateFile
000000003AD8 0000020046D8 0 WFSStartUp %d
000000003C5C 00000200485C 0 t find EPP
000000003C68 000002004868 0 WFSOpen(%s) %d
000000003C78 000002004878 0 WFSLock %d
000000003C84 000002004884 0 WFSRegister %d
000000003C94 000002004894 0 WFSExecute %d
000000003E0F 000002004A0F 0 D$PxD
000000003EA8 000002004AA8 0 D$TPSj
000000003F45 000002004B45 0 D$tPj
000000004010 000002004C10 0 ATMDialog
00000000401C 000002004C1C 0 hello
000000004024 000002004C24 0 STATIC
00000000406C 000002004C6C 0 Error
000000004208 000002004E08 0 ADI cmd:
000000004234 000002004E34 0 Error:
000000004298 000002004E98 0 Error
0000000042F0 000002004EF0 0 Error
000000004358 000002004F58 0 Error
0000000044C8 0000020050C8 0 WFSOpen( %s ) = %d
0000000044DC 0000020050DC 0 WFSLock(%s)=%d
0000000044EC 0000020050EC 0 WFSExecute(%s,%d)=%d
00000000452C 00000200512C 0 $PShdQ
00000000456C 00000200516C 0 Error
00000000459F 00000200519F 0 $PVSh
0000000045D8 0000020051D8 0 %s %s
0000000045E4 0000020051E4 0 Error
000000004654 000002005254 0 t find SIU
0000000049A8 0000020055A8 0 %s%.2X
0000000049B0 0000020055B0 0 ExchangeKey
000000004B2C 00000200572C 0 t4j*j
000000004CEC 0000020058EC 0 Incorrect COM Key name
000000004D34 000002005934 0 =t AJu
000000004EC4 000002005AC4 0 SVWUQ
000000005585 000002006185 0 ;C&v=
00000000585C 00000200645C 0 t find CardReader
000000005870 000002006470 0 WFSOpen %d
00000000587C 00000200647C 0 STATIC
000000005884 000002006484 0 WFSRegister %d
000000005894 000002006494 0 WFSLock %d
00000000590C 00000200650C 0 WFSExecute(WFS_CMD_IDC_READ_RAW_DATA) %d
0000000059D8 0000020065D8 0 WFSExecute %d
000000005AC0 0000020066C0 0 WFSExecute(WFS_CMD_IDC_CHIP_IO) %d
000000005AE4 0000020066E4 0 Select:Invalid ResCode Len
000000005BF4 0000020067F4 0 WFSExecute(WFS_CMD_IDC_CHIP_IO) Error=%d
000000005C20 000002006820 0 Select:Invalid ResCode Len
000000005D44 000002006944 0 WFSExecute(WFS_CMD_IDC_CHIP_IO) %d
000000005D68 000002006968 0 WriteRec:Invalid ResCode Len
000000005E88 000002006A88 0 WFSExecute(WFS_CMD_IDC_CHIP_IO) %d
000000005EAC 000002006AAC 0 ReadRec:Invalid ResCode Len
000000006068 000002006C68 0 Select Err: %.4X
00000000607C 000002006C7C 0 GetResponce Err: %.4X
000000006094 000002006C94 0 WriteRec Err: %.4X
0000000060A8 000002006CA8 0 ReadRec Err: %.4X
0000000065B8 0000020071B8 0 DISPLAY
0000000068F0 0000020074F0 0 ItemVersion
000000006954 000002007554 0 Deco mode %d
000000006965 000002007565 0 Key mode %d
000000006976 000002007576 0 Use locals %d
000000006987 000002007587 0 Auto delete %d
File pos Mem pos ID Text
======== ======= == ====
000000006AD4 0000020076D4 0 %d - %.2X%2X%2X
000000006BDC 0000020077DC 0 OpenProcessToken
000000006BF0 0000020077F0 0 LookupPrivilegeValue
000000006C08 000002007808 0 AdjustTokenPrivileges
000000006DBC 0000020079BC 0 getProcessEntry: %s
000000006DD0 0000020079D0 0 SeDebugPrivilege
000000006DE4 0000020079E4 0 OpenProcess
000000006DF0 0000020079F0 0 LoadLibraryA
000000006E00 000002007A00 0 kernel32.dll
000000006E10 000002007A10 0 GetExitCodeThread
000000006E24 000002007A24 0 VirtualFreeEx
000000006E60 000002007A60 0 SeShutdownPrivilege
000000006E78 000002007A78 0 InitiateSystemShutdown
000000006FD8 000002007BD8 0 Invalid Data Size
000000006FEC 000002007BEC 0 Error
000000007330 000002007F30 0 GetProcAddress
000000007340 000002007F40 0 hook.VirtualProtect
00000000740C 00000200800C 0 ApplicationCore.EXE
0000000075D8 0000020081D8 0 kernel32
0000000075E4 0000020081E4 0 DeleteFileA
0000000075F0 0000020081F0 0 FreeLibrary
0000000075FC 0000020081FC 0 GetModuleHandleA
000000007610 000002008210 0 CreateFileA
00000000761C 00000200821C 0 Sleep
000000007624 000002008224 0 WriteFile
000000007630 000002008230 0 CloseHandle
00000000763C 00000200823C 0 LocalFree
000000007648 000002008248 0 LoadLibraryA
000000007658 000002008258 0 user32
000000007660 000002008260 0 ExitWindowsEx
000000007670 000002008270 0 SeShutdownPrivilege
000000007768 000002008368 0 Check sum erro r
00000000777C 00000200837C 0 Not executable file !
0000000079B8 0000020085B8 0 %d -
0000000079CC 0000020085CC 0 SpaceTable
000000007BDC 0000020087DC 0 Raport error enabled
000000007C5C 00000200885C 0 suspendthread
000000007C6C 00000200886C 0 resumethread
000000007C7C 00000200887C 0 Openthread
000000007D00 000002008900 0 D$ PU
000000007DE5 0000020089E5 0 t<;t$
000000007EC0 000002008AC0 0 ApplicationCore.EXE
000000007F90 000002008B90 0 ApplicationCore.EXE
000000007FA8 000002008BA8 0 Enter Command:
0000000085E3 0000020091E3 0 ,'ta,
0000000086A0 0000020092A0 0 UlySxExec %d - %.2X
000000008850 000002009450 0 UlySxExecCommandAsync
000000008868 000002009468 0 ulcorcom.dll
000000008878 000002009478 0 UlySxRetrieveMessage
000000008962 000002009562 0 8NTFS
000000008AD8 0000020096D8 0 Bound Import %s
000000008AE8 0000020096E8 0 LoadLibrary %s
000000008AF8 0000020096F8 0 GetProcAddress %s
000000008B22 000002009722 0 Pj@SV
000000008B84 000002009784 0 VProtect1
000000008B94 000002009794 0 SVWUQ
000000008C8D 00000200988D 0 33333
000000008CAF 0000020098AF 0 UUUU3
000000008E01 000002009A01 0 VWUSQ
000000008E49 000002009A49 0 33333
File pos Mem pos ID Text
======== ======= == ====
000000008E6B 000002009A6B 0 UUUU3
000000008F1F 000002009B1F 0 UUUU3
000000008F7D 000002009B7D 0 VWUSQ
000000009034 000002009C34 0 UUUU3
00000000929C 000002009E9C 0 rtl32syss
0000000092A8 000002009EA8 0 ApplicationCore.EXE
0000000092C0 000002009EC0 0 rtl32syss2
0000000092CC 000002009ECC 0 UlySxExecCommandAsync
0000000092E4 000002009EE4 0 ulcorcom.dll
00000000944C 00000200A04C 0 Error
000000009454 00000200A054 0 Runtime error at 00000000
000000009474 00000200A074 0 0123456789ABCDEF
0000000094CF 00000200A0CF 0 ESeTtInGs3.03.05
0000000094E0 00000200A0E0 0 russian federat
0000000096D0 00000200A2D0 0 <4,$?7/'
000000009716 00000200A316 0 !"#$%&'()*+,-./012345678
000000009761 00000200A361 0 (3-!0
000000009768 00000200A368 0 ,1'8"5
000000009DA0 00000200D3A0 0 kernel32.dll
000000009DB0 00000200D3B0 0 DeleteCriticalSection
000000009DC8 00000200D3C8 0 LeaveCriticalSection
000000009DE0 00000200D3E0 0 EnterCriticalSection
000000009DF8 00000200D3F8 0 InitializeCriticalSection
000000009E14 00000200D414 0 VirtualFree
000000009E22 00000200D422 0 VirtualAlloc
000000009E32 00000200D432 0 LocalFree
000000009E3E 00000200D43E 0 LocalAlloc
000000009E4C 00000200D44C 0 GetVersion
000000009E5A 00000200D45A 0 GetCurrentThreadId
000000009E70 00000200D470 0 GetThreadLocale
000000009E82 00000200D482 0 GetStartupInfoA
000000009E94 00000200D494 0 GetLocaleInfoA
000000009EA6 00000200D4A6 0 GetCommandLineA
000000009EB8 00000200D4B8 0 FreeLibrary
000000009EC6 00000200D4C6 0 ExitProcess
000000009ED4 00000200D4D4 0 WriteFile
000000009EE0 00000200D4E0 0 UnhandledExceptionFilter
000000009EFC 00000200D4FC 0 RtlUnwind
000000009F08 00000200D508 0 RaiseException
000000009F1A 00000200D51A 0 GetStdHandle
000000009F28 00000200D528 0 user32.dll
000000009F36 00000200D536 0 GetKeyboardType
000000009F48 00000200D548 0 MessageBoxA
000000009F54 00000200D554 0 advapi32.dll
000000009F64 00000200D564 0 RegQueryValueExA
000000009F78 00000200D578 0 RegOpenKeyExA
000000009F88 00000200D588 0 RegCloseKey
000000009F94 00000200D594 0 kernel32.dll
000000009FA4 00000200D5A4 0 TlsSetValue
000000009FB2 00000200D5B2 0 TlsGetValue
000000009FC0 00000200D5C0 0 TlsFree
000000009FCA 00000200D5CA 0 TlsAlloc
000000009FD6 00000200D5D6 0 LocalFree
000000009FE2 00000200D5E2 0 LocalAlloc
000000009FEE 00000200D5EE 0 advapi32.dll
000000009FFE 00000200D5FE 0 RegQueryValueExA
00000000A012 00000200D612 0 RegOpenKeyExA
00000000A022 00000200D622 0 RegEnumKeyExA
00000000A032 00000200D632 0 RegCloseKey
00000000A040 00000200D640 0 OpenProcessToken
File pos Mem pos ID Text
======== ======= == ====
00000000A054 00000200D654 0 LookupPrivilegeValueA
00000000A06C 00000200D66C 0 InitiateSystemShutdownA
00000000A086 00000200D686 0 AdjustTokenPrivileges
00000000A09C 00000200D69C 0 kernel32.dll
00000000A0AC 00000200D6AC 0 lstrlenA
00000000A0B8 00000200D6B8 0 lstrcpyA
00000000A0C4 00000200D6C4 0 lstrcmpiW
00000000A0D0 00000200D6D0 0 lstrcmpiA
00000000A0DC 00000200D6DC 0 lstrcmpA
00000000A0E8 00000200D6E8 0 lstrcatA
00000000A0F4 00000200D6F4 0 WriteFile
00000000A100 00000200D700 0 WaitForSingleObject
00000000A116 00000200D716 0 VirtualProtect
00000000A128 00000200D728 0 TerminateThread
00000000A13A 00000200D73A 0 TerminateProcess
00000000A14E 00000200D74E 0 SuspendThread
00000000A15E 00000200D75E 0 Sleep
00000000A166 00000200D766 0 SizeofResource
00000000A178 00000200D778 0 SetFilePointer
00000000A18A 00000200D78A 0 ResumeThread
00000000A19A 00000200D79A 0 ReadFile
00000000A1A6 00000200D7A6 0 OpenProcess
00000000A1B4 00000200D7B4 0 MultiByteToWideChar
00000000A1CA 00000200D7CA 0 LocalFree
00000000A1D6 00000200D7D6 0 LocalAlloc
00000000A1E4 00000200D7E4 0 LoadResource
00000000A1F4 00000200D7F4 0 LoadLibraryA
00000000A204 00000200D804 0 GetVolumeInformationA
00000000A21C 00000200D81C 0 GetTickCount
00000000A22C 00000200D82C 0 GetSystemTimeAsFileTime
00000000A246 00000200D846 0 GetProcAddress
00000000A258 00000200D858 0 GetModuleHandleA
00000000A26C 00000200D86C 0 GetModuleFileNameA
00000000A282 00000200D882 0 GetLastError
00000000A292 00000200D892 0 GetFileSize
00000000A2A0 00000200D8A0 0 GetFileAttributesA
00000000A2B6 00000200D8B6 0 GetExitCodeThread
00000000A2CA 00000200D8CA 0 GetCurrentThreadId
00000000A2E0 00000200D8E0 0 GetCurrentProcess
00000000A2F4 00000200D8F4 0 FormatMessageA
00000000A306 00000200D906 0 FindResourceA
00000000A316 00000200D916 0 FileTimeToLocalFileTime
00000000A330 00000200D930 0 DeleteFileA
00000000A33E 00000200D93E 0 CreateProcessA
00000000A350 00000200D950 0 CreateMutexA
00000000A360 00000200D960 0 CreateFileA
00000000A36E 00000200D96E 0 CloseHandle
00000000A37A 00000200D97A 0 gdi32.dll
00000000A386 00000200D986 0 SelectObject
00000000A396 00000200D996 0 Rectangle
00000000A3A2 00000200D9A2 0 GetTextMetricsA
00000000A3B4 00000200D9B4 0 GetDeviceCaps
00000000A3C4 00000200D9C4 0 DeleteObject
00000000A3D4 00000200D9D4 0 DeleteDC
00000000A3E0 00000200D9E0 0 CreateSolidBrush
00000000A3F4 00000200D9F4 0 CreateDCA
00000000A3FE 00000200D9FE 0 user32.dll
00000000A40C 00000200DA0C 0 CreateWindowExA
00000000A41E 00000200DA1E 0 UnregisterClassA
00000000A432 00000200DA32 0 TranslateMessage
File pos Mem pos ID Text
======== ======= == ====
00000000A446 00000200DA46 0 SetTimer
00000000A452 00000200DA52 0 SetFocus
00000000A45E 00000200DA5E 0 SendMessageA
00000000A46E 00000200DA6E 0 RegisterClassA
00000000A480 00000200DA80 0 PostMessageA
00000000A490 00000200DA90 0 PeekMessageA
00000000A4A0 00000200DAA0 0 MessageBoxA
00000000A4AE 00000200DAAE 0 LoadIconA
00000000A4BA 00000200DABA 0 LoadCursorA
00000000A4C8 00000200DAC8 0 InvalidateRect
00000000A4DA 00000200DADA 0 GetWindowTextA
00000000A4EC 00000200DAEC 0 GetWindowDC
00000000A4FA 00000200DAFA 0 GetMessageA
00000000A508 00000200DB08 0 GetDesktopWindow
00000000A51C 00000200DB1C 0 GetClientRect
00000000A52C 00000200DB2C 0 DrawTextA
00000000A538 00000200DB38 0 DispatchMessageA
00000000A54C 00000200DB4C 0 DestroyWindow
00000000A55C 00000200DB5C 0 DefWindowProcA
00000000A56C 00000200DB6C 0 msxfs.dll
00000000A578 00000200DB78 0 WFSCancelAsyncRequest
00000000A590 00000200DB90 0 WFSDeregister
00000000A5A0 00000200DBA0 0 WFSRegister
00000000A5AE 00000200DBAE 0 WFSGetInfo
00000000A5BC 00000200DBBC 0 WFSAsyncExecute
00000000A5CE 00000200DBCE 0 WFSExecute
00000000A5DC 00000200DBDC 0 WFSUnlock
00000000A5E8 00000200DBE8 0 WFSFreeResult
00000000A5F8 00000200DBF8 0 WFSLock
00000000A602 00000200DC02 0 WFSClose
00000000A60E 00000200DC0E 0 WFSOpen
00000000A618 00000200DC18 0 WFSStartUp
00000000A624 00000200DC24 0 uladi2.dll
00000000A632 00000200DC32 0 AdiLookupName
00000000A642 00000200DC42 0 AdiTerminate
00000000A652 00000200DC52 0 AdiInitialise
00000000A660 00000200DC60 0 uladi2x.dll
00000000A66E 00000200DC6E 0 AdiFreeResponseHandle
00000000A686 00000200DC86 0 AdiGetTdata
00000000A694 00000200DC94 0 AdiGetTlength
00000000A6A4 00000200DCA4 0 AdiExTimedReceiveResponse
00000000A6C0 00000200DCC0 0 AdiExSend
00000000A6CA 00000200DCCA 0 imagehlp.dll
00000000A6DA 00000200DCDA 0 CheckSumMappedFile
00000000A6EE 00000200DCEE 0 ntdll.dll
00000000A6FA 00000200DCFA 0 NtQueryInformationThread
00000000A714 00000200DD14 0 kernel32.dll
00000000A724 00000200DD24 0 OpenThread
00000000A730 00000200DD30 0 user32.dll
00000000A73E 00000200DD3E 0 wsprintfA
00000000A80F 00000200E00F 0 0"0*020:0B0J0R0Z0b0j0r0z0
00000000A853 00000200E053 0 6S6b6
00000000A867 00000200E067 0 9$9.989N9T9b9w9
00000000A891 00000200E091 0 :?:I:S:]:g:z:
00000000A8B9 00000200E0B9 0 ;H<h<
00000000A8C3 00000200E0C3 0 =Q>]>
00000000A8F5 00000200E0F5 0 081A1[1
00000000A907 00000200E107 0 2O2X2h2p2v2
00000000A927 00000200E127 0 3 383D3L3m3|3
00000000A941 00000200E141 0 4B4v4
File pos Mem pos ID Text
======== ======= == ====
00000000A94D 00000200E14D 0 4$5,52585E5K5
00000000A985 00000200E185 0 858F8[8h8
00000000A99F 00000200E19F 0 ;+;B;W;
00000000A9B3 00000200E1B3 0 ;2<N<Z<n<x<
00000000A9C5 00000200E1C5 0 <#=,=a=h=
00000000A9D3 00000200E1D3 0 =G?o?v?
00000000A9FB 00000200E1FB 0 1"1'1-161F1K1P1U1Z1h1r1
00000000AA1F 00000200E21F 0 2$2.2S2]2g2o2u2
00000000AA3F 00000200E23F 0 3)3B3
00000000AA4D 00000200E24D 0 3=7N7
00000000AA5F 00000200E25F 0 708y8
00000000AA81 00000200E281 0 979@9I9U9_9
00000000AAA1 00000200E2A1 0 :M:k:u:
00000000AAB9 00000200E2B9 0 ;!;-;;;E;c;h;{;
00000000AAE5 00000200E2E5 0 <&<.<6<
00000000AAED 00000200E2ED 0 <f<n<v<~<
00000000AB1D 00000200E31D 0 =&=.=6=>=F=N=V=
00000000AB2D 00000200E32D 0 =f=n=v=~=
00000000AB5D 00000200E35D 0 >&>.>6>>>F>N>V>
00000000AB6D 00000200E36D 0 >f>n>v>~>
00000000AB77 00000200E377 0 >S?_?l?~?
00000000ABA9 00000200E3A9 0 0#0/0<0N0V0
00000000ABB5 00000200E3B5 0 0f0n0v0~0
00000000ABD7 00000200E3D7 0 4 5g5}6
00000000ABED 00000200E3ED 0 777L7Z7_7
00000000AC1D 00000200E41D 0 ;><O<]<
00000000AC27 00000200E427 0 =O=Z=w=|=
00000000AC43 00000200E443 0 ?*?E?v?
00000000AC59 00000200E459 0 001F1
00000000AC6B 00000200E46B 0 292q2
00000000AC75 00000200E475 0 3(3.3Y4
00000000AC7D 00000200E47D 0 5F5h5v5
00000000AC95 00000200E495 0 7.8S8a8
00000000ACBB 00000200E4BB 0 3e3j3u3}3
00000000ACD3 00000200E4D3 0 4z5e6
00000000AD11 00000200E511 0 1!1=1H1R1Y1d1k1v1
00000000AD45 00000200E545 0 4D4S4
00000000AD55 00000200E555 0 5"5(5<5
00000000AD6B 00000200E56B 0 707d7
00000000AD83 00000200E583 0 9F9s9
00000000AD8B 00000200E58B 0 95:V:
00000000AD93 00000200E593 0 ;!;(;-;
00000000AD9B 00000200E59B 0 ;"<7<<<G<Z<z<
00000000ADD0 00000200E5D0 0 :0K0X0
00000000ADED 00000200E5ED 0 1#1/1B1U1
00000000AE0D 00000200E60D 0 4/444D4e4}4
00000000AE19 00000200E619 0 4#5Q5r5
00000000AE2B 00000200E62B 0 6j6n6r6v6z6~6
00000000AE51 00000200E651 0 7C7S7c7s7
00000000AE69 00000200E669 0 7!888D8
00000000AE7D 00000200E67D 0 :N:j:p:
00000000AEB1 00000200E6B1 0 =&=1=>=S=o=
00000000AED9 00000200E6D9 0 >.>4>g>
00000000AEF5 00000200E6F5 0 1)161t1y1
00000000AF0D 00000200E70D 0 2#202=2B2P2Y2h2w2
00000000AF47 00000200E747 0 4$4)43484=4
00000000AF65 00000200E765 0 505P5j5p5x5
00000000AF83 00000200E783 0 63787
00000000AF9D 00000200E79D 0 9$939=9F9Q9Z9c9o9}9
00000000B013 00000200E813 0 =&=5=:=J=V=[=
File pos Mem pos ID Text
======== ======= == ====
00000000B03B 00000200E83B 0 > >8>>>C>H>M>\>g>
00000000B058 00000200E858 0 $0(0,0
00000000B073 00000200E873 0 1 1$1(1,1014181<1@1D1H1L1P1T1X1\1d1
00000000B902 00000200F702 0 ,C._%a
00000000B90D 00000200F70D 0 Gv;-@
00000000BC0F 00000200FA0F 0 PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
0000000046BD 0000020052BD 0 MyProg
000000004774 000002005374 0 MyProg
000000004874 000002005474 0 MyProg
000000004994 000002005594 0 MyProg
000000004AA4 0000020056A4 0 MyProg
000000004B7C 00000200577C 0 MyProg
000000006AC0 0000020076C0 0 MyProg
000000007818 000002008418 0 MyProg
0000000079D8 0000020085D8 0 MyProg
000000008550 000002009150 0 MyProg