.- - -----÷M÷E÷N÷U÷------------------------------------------------------------- --- ----  -------------.
!  WALL ! STATS ! GOODIES ! YARA ! FAQ ! RSS ! EMV                                                      !
`--------------  - ---  ---------- -------- -------- -------- -------- ----------------- -  ---- ---- --'

                                           ATM MALWARE NOTICE 
                    d7ce7b152f0da49e96fa32a9336b35253905d9940b001288d0df55d8f8b3951f
 
Date...........: 2019-05-31
Family.........: NVISOSPIT
File name......: am2.exe
File size......: 14.00 KB
Type file......: EXE/Windows
Virscan........: VT - HA
Documentation..: https://twitter.com/r3c0nst/status/1134403094157115392

Entropy:


Binary Histogram:



=== SCREENSHOT === 



=== PEDUMP REPORT === 
=== MZ Header === signature: "MZ" bytes_in_last_block: 144 0x90 blocks_in_file: 3 3 num_relocs: 0 0 header_paragraphs: 4 4 min_extra_paragraphs: 0 0 max_extra_paragraphs: 65535 0xffff ss: 0 0 sp: 184 0xb8 checksum: 0 0 ip: 0 0 cs: 0 0 reloc_table_offset: 64 0x40 overlay_number: 0 0 reserved0: 0 0 oem_id: 0 0 oem_info: 0 0 reserved2: 0 0 reserved3: 0 0 reserved4: 0 0 reserved5: 0 0 reserved6: 0 0 lfanew: 128 0x80 === DOS STUB === 00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......| === PE Header === signature: "PE\x00\x00" # IMAGE_FILE_HEADER: Machine: 332 0x14c x86 NumberOfSections: 7 7 TimeDateStamp: "1970-01-01 00:00:00" PointerToSymbolTable: 0 0 NumberOfSymbols: 0 0 SizeOfOptionalHeader: 224 0xe0 Characteristics: 783 0x30f RELOCS_STRIPPED, EXECUTABLE_IMAGE LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED 32BIT_MACHINE, DEBUG_STRIPPED # IMAGE_OPTIONAL_HEADER32: Magic: 267 0x10b 32-bit executable LinkerVersion: 2.29 SizeOfCode: 7680 0x1e00 SizeOfInitializedData: 13312 0x3400 SizeOfUninitializedData: 1536 0x600 AddressOfEntryPoint: 5376 0x1500 BaseOfCode: 4096 0x1000 BaseOfData: 12288 0x3000 ImageBase: 4194304 0x400000 SectionAlignment: 4096 0x1000 FileAlignment: 512 0x200 OperatingSystemVersion: 4.0 ImageVersion: 1.0 SubsystemVersion: 4.0 Reserved1: 0 0 SizeOfImage: 36864 0x9000 SizeOfHeaders: 1024 0x400 CheckSum: 56897 0xde41 Subsystem: 3 3 WINDOWS_CUI DllCharacteristics: 0 0 SizeOfStackReserve: 2097152 0x200000 SizeOfStackCommit: 4096 0x1000 SizeOfHeapReserve: 1048576 0x100000 SizeOfHeapCommit: 4096 0x1000 LoaderFlags: 0 0 NumberOfRvaAndSizes: 16 0x10 === DATA DIRECTORY === EXPORT rva:0x 0 size:0x 0 IMPORT rva:0x 6000 size:0x 6ac RESOURCE rva:0x 0 size:0x 0 EXCEPTION rva:0x 0 size:0x 0 SECURITY rva:0x 0 size:0x 0 BASERELOC rva:0x 0 size:0x 0 DEBUG rva:0x 0 size:0x 0 ARCHITECTURE rva:0x 0 size:0x 0 GLOBALPTR rva:0x 0 size:0x 0 TLS rva:0x 8004 size:0x 18 LOAD_CONFIG rva:0x 0 size:0x 0 Bound_IAT rva:0x 0 size:0x 0 IAT rva:0x 6168 size:0x f0 Delay_IAT rva:0x 0 size:0x 0 CLR_Header rva:0x 0 size:0x 0 rva:0x 0 size:0x 0 === SECTIONS === NAME RVA VSZ RAW_SZ RAW_PTR nREL REL_PTR nLINE LINE_PTR FLAGS .text 1000 1d64 1e00 400 0 0 0 0 60500060 R-X CODE IDATA .data 3000 2c 200 2200 0 0 0 0 c0300040 RW- IDATA .rdata 4000 7c4 800 2400 0 0 0 0 40300040 R-- IDATA .bss 5000 404 0 0 0 0 0 0 c0600080 RW- UDATA .idata 6000 6ac 800 2c00 0 0 0 0 c0300040 RW- IDATA .CRT 7000 34 200 3400 0 0 0 0 c0300040 RW- IDATA .tls 8000 20 200 3600 0 0 0 0 c0300040 RW- IDATA === TLS === RAW_START RAW_END INDEX CALLBKS ZEROFILL FLAGS 408000 40801c 405390 407020 0 0 [?] can't find file_offset of VA 0x5390 === IMPORTS === MODULE_NAME HINT ORD FUNCTION_NAME MSXFS.dll 22 WFSStartUp MSXFS.dll 1f WFSOpen MSXFS.dll 19 WFSExecute MSXFS.dll 1a WFSFreeResult MSXFS.dll 1e WFSLock KERNEL32.dll d5 DeleteCriticalSection KERNEL32.dll f1 EnterCriticalSection KERNEL32.dll 1c6 GetCurrentProcess KERNEL32.dll 1c7 GetCurrentProcessId KERNEL32.dll 1cb GetCurrentThreadId KERNEL32.dll 205 GetLastError KERNEL32.dll 266 GetStartupInfoA KERNEL32.dll 27d GetSystemTimeAsFileTime KERNEL32.dll 299 GetTickCount KERNEL32.dll 2ed InitializeCriticalSection KERNEL32.dll 328 LeaveCriticalSection KERNEL32.dll 398 QueryPerformanceCounter KERNEL32.dll 46d SetUnhandledExceptionFilter KERNEL32.dll 47a Sleep KERNEL32.dll 488 TerminateProcess KERNEL32.dll 48f TlsGetValue KERNEL32.dll 49c UnhandledExceptionFilter KERNEL32.dll 4bc VirtualProtect KERNEL32.dll 4bf VirtualQuery msvcrt.dll 39 __dllonexit msvcrt.dll 3c __getmainargs msvcrt.dll 3d __initenv msvcrt.dll 49 __lconv_init msvcrt.dll 6d __set_app_type msvcrt.dll 70 __setusermatherr msvcrt.dll 80 _acmdln msvcrt.dll 95 _amsg_exit msvcrt.dll a6 _cexit msvcrt.dll 116 _fmode msvcrt.dll 161 _initterm msvcrt.dll 165 _iob msvcrt.dll 1ce _lock msvcrt.dll 26d _onexit msvcrt.dll 34a _unlock msvcrt.dll 41e abort msvcrt.dll 427 atoi msvcrt.dll 42d calloc msvcrt.dll 438 exit msvcrt.dll 43e fflush msvcrt.dll 448 fprintf msvcrt.dll 44f free msvcrt.dll 45b fwrite msvcrt.dll 48a malloc msvcrt.dll 492 memcpy msvcrt.dll 49a printf msvcrt.dll 49e puts msvcrt.dll 4ae signal msvcrt.dll 4c0 strlen msvcrt.dll 4c3 strncmp msvcrt.dll 4e4 vfprintf USER32.dll a3 DefWindowProcA
=== Strings ===
File pos Mem pos ID Text ======== ======= == ==== 00000000004D 00000040004D 0 !This program cannot be run in DOS mode. 000000000178 000000400178 0 .text 0000000001A0 0000004001A0 0 .data 0000000001C8 0000004001C8 0 .rdata 0000000001EE 0000004001EE 0 0@.bss 000000000218 000000400218 0 .idata 000000001333 000000401F33 0 D$Xt) 000000001DC7 0000004029C7 0 MZuWVS 000000001F77 000000402B77 0 MZWVS 000000002402 000000404002 0 Calling WFSStartUp() 000000002418 000000404018 0 Start up result = %ld 000000002431 000000404031 0 wVersion: %d 000000002440 000000404040 0 LowVersion: %d 000000002451 000000404051 0 wHighVersion: %d 000000002464 000000404064 0 szDescription: %s 000000002478 000000404078 0 szSystemStatus: %s 000000002492 000000404092 0 Calling WFSOpen() 0000000024A4 0000004040A4 0 Using device %s 0000000024B6 0000004040B6 0 NVISOSPIT 0000000024C0 0000004040C0 0 SrvcVersion Records: 0000000024D6 0000004040D6 0 wVersion: %d 0000000024E5 0000004040E5 0 LowVersion: %d 0000000024F6 0000004040F6 0 wHighVersion: %d 000000002509 000000404109 0 szDescription: %s 00000000251D 00000040411D 0 szSystemStatus: %s 000000002534 000000404134 0 SPIVersion Records: 000000002549 000000404149 0 wVersion: %d 000000002558 000000404158 0 LowVersion: %d 000000002569 000000404169 0 wHighVersion: %d 00000000257C 00000040417C 0 szDescription: %s 000000002590 000000404190 0 szSystemStatus: %s 0000000025A7 0000004041A7 0 HService Address ; %ld 0000000025C0 0000004041C0 0 Calling WFSLock() 0000000025D2 0000004041D2 0 Output from WFSLock: %d 0000000025EE 0000004041EE 0 Calling WFSExecute() to dispense $%d 000000002618 000000404218 0 DEBUG: WFS_ERR_CDM_ITEMSLEFT = %d 00000000263C 00000040423C 0 DEBUG: WFS_ERR_INVALID_DATA = %d 000000002660 000000404260 0 DEBUG: WFS_ERR_CDM_INVALIDDENOMINATION = %d 000000002690 000000404290 0 DEBUG: WFS_ERR_CDM_NOTDISPENSABLE = %d 0000000026B8 0000004042B8 0 DEBUG: WFS_ERR_DEV_NOT_READY = %d 0000000026DC 0000004042DC 0 Execute result = %ld 0000000026F4 0000004042F4 0 lpResult Records: 000000002707 000000404307 0 RequestID: %d 000000002718 000000404318 0 HService Address ; %ld 000000002731 000000404331 0 Command Code ; %d 000000002745 000000404345 0 Event ID ; %d 000000002756 000000404356 0 Event Received from XFS 00000000277C 00000040437C 0 Unknown error 00000000278C 00000040438C 0 _matherr(): %s in %s(%g, %g) (retval=%g) 0000000027B8 0000004043B8 0 Argument domain error (DOMAIN) 0000000027D7 0000004043D7 0 Argument singularity (SIGN) 0000000027F4 0000004043F4 0 Overflow range error (OVERFLOW) 000000002814 000000404414 0 The result is too small to be represented (UNDERFLOW) 00000000284C 00000040444C 0 Total loss of significance (TLOSS) 000000002870 000000404470 0 Partial loss of significance (PLOSS) 0000000028B0 0000004044B0 0 Mingw-w64 runtime failure: 0000000028CC 0000004044CC 0 Address %p has no image-section 0000000028EC 0000004044EC 0 VirtualQuery failed for %d bytes at address %p 000000002920 000000404520 0 VirtualProtect failed with code 0x%x 000000002948 000000404548 0 Unknown pseudo relocation protocol version %d. File pos Mem pos ID Text ======== ======= == ==== 00000000297C 00000040457C 0 Unknown pseudo relocation bit size %d. 0000000029A8 0000004045A8 0 GCC: (GNU) 7.2.0 0000000029BC 0000004045BC 0 GCC: (GNU) 7.2.0 0000000029D0 0000004045D0 0 GCC: (GNU) 7.2.0 0000000029E4 0000004045E4 0 GCC: (GNU) 7.2.0 0000000029F8 0000004045F8 0 GCC: (GNU) 7.2.0 000000002A0C 00000040460C 0 GCC: (GNU) 7.2.0 000000002A20 000000404620 0 GCC: (GNU) 7.2.0 000000002A34 000000404634 0 GCC: (GNU) 7.2.0 000000002A48 000000404648 0 GCC: (GNU) 7.2.0 000000002A5C 00000040465C 0 GCC: (GNU) 7.2.0 000000002A70 000000404670 0 GCC: (GNU) 7.2.0 000000002A84 000000404684 0 GCC: (GNU) 7.2.0 000000002A98 000000404698 0 GCC: (GNU) 7.2.0 000000002AAC 0000004046AC 0 GCC: (GNU) 7.2.0 000000002AC0 0000004046C0 0 GCC: (GNU) 7.2.0 000000002AD4 0000004046D4 0 GCC: (GNU) 7.2.0 000000002AE8 0000004046E8 0 GCC: (GNU) 7.2.0 000000002AFC 0000004046FC 0 GCC: (GNU) 7.2.0 000000002B10 000000404710 0 GCC: (GNU) 7.2.0 000000002B24 000000404724 0 GCC: (GNU) 7.2.0 000000002B38 000000404738 0 GCC: (GNU) 7.2.0 000000002B4C 00000040474C 0 GCC: (GNU) 7.2.0 000000002B60 000000404760 0 GCC: (GNU) 7.2.0 000000002B74 000000404774 0 GCC: (GNU) 7.2.0 000000002B88 000000404788 0 GCC: (GNU) 7.2.0 000000002B9C 00000040479C 0 GCC: (GNU) 7.2.0 000000002BB0 0000004047B0 0 GCC: (GNU) 7.2.0 000000002E58 000000406258 0 MSXFS.dll 000000002E66 000000406266 0 WFSStartUp 000000002E7A 00000040627A 0 WFSOpen 000000002E8A 00000040628A 0 WFSExecute 000000002E9E 00000040629E 0 WFSFreeResult 000000002EB2 0000004062B2 0 WFSLock 000000002EC2 0000004062C2 0 DeleteCriticalSection 000000002EDA 0000004062DA 0 EnterCriticalSection 000000002EF2 0000004062F2 0 GetCurrentProcess 000000002F06 000000406306 0 GetCurrentProcessId 000000002F1C 00000040631C 0 GetCurrentThreadId 000000002F32 000000406332 0 GetLastError 000000002F42 000000406342 0 GetStartupInfoA 000000002F54 000000406354 0 GetSystemTimeAsFileTime 000000002F6E 00000040636E 0 GetTickCount 000000002F7E 00000040637E 0 InitializeCriticalSection 000000002F9A 00000040639A 0 LeaveCriticalSection 000000002FB2 0000004063B2 0 QueryPerformanceCounter 000000002FCC 0000004063CC 0 SetUnhandledExceptionFilter 000000002FEA 0000004063EA 0 Sleep 000000002FF2 0000004063F2 0 TerminateProcess 000000003006 000000406406 0 TlsGetValue 000000003014 000000406414 0 UnhandledExceptionFilter 000000003030 000000406430 0 VirtualProtect 000000003042 000000406442 0 VirtualQuery 000000003052 000000406452 0 __dllonexit 000000003060 000000406460 0 __getmainargs 000000003070 000000406470 0 __initenv 00000000307C 00000040647C 0 __lconv_init 00000000308C 00000040648C 0 __set_app_type 00000000309E 00000040649E 0 __setusermatherr 0000000030B2 0000004064B2 0 _acmdln File pos Mem pos ID Text ======== ======= == ==== 0000000030BC 0000004064BC 0 _amsg_exit 0000000030CA 0000004064CA 0 _cexit 0000000030D4 0000004064D4 0 _fmode 0000000030DE 0000004064DE 0 _initterm 0000000030F2 0000004064F2 0 _lock 0000000030FA 0000004064FA 0 _onexit 000000003104 000000406504 0 _unlock 00000000310E 00000040650E 0 abort 00000000311E 00000040651E 0 calloc 000000003130 000000406530 0 fflush 00000000313A 00000040653A 0 fprintf 00000000314C 00000040654C 0 fwrite 000000003156 000000406556 0 malloc 000000003160 000000406560 0 memcpy 00000000316A 00000040656A 0 printf 00000000317C 00000040657C 0 signal 000000003186 000000406586 0 strlen 000000003190 000000406590 0 strncmp 00000000319A 00000040659A 0 vfprintf 0000000031A6 0000004065A6 0 DefWindowProcA 000000003204 000000406604 0 KERNEL32.dll 000000003290 000000406690 0 msvcrt.dll 0000000032A0 0000004066A0 0 USER32.dll 00000000004D 00000040004D 0 !This program cannot be run in DOS mode. 000000000178 000000400178 0 .text 0000000001A0 0000004001A0 0 .data 0000000001C8 0000004001C8 0 .rdata 0000000001EE 0000004001EE 0 0@.bss 000000000218 000000400218 0 .idata 000000001333 000000401F33 0 D$Xt) 000000001DC7 0000004029C7 0 MZuWVS 000000001F77 000000402B77 0 MZWVS 000000002402 000000404002 0 Calling WFSStartUp() 000000002418 000000404018 0 Start up result = %ld 000000002431 000000404031 0 wVersion: %d 000000002440 000000404040 0 LowVersion: %d 000000002451 000000404051 0 wHighVersion: %d 000000002464 000000404064 0 szDescription: %s 000000002478 000000404078 0 szSystemStatus: %s 000000002492 000000404092 0 Calling WFSOpen() 0000000024A4 0000004040A4 0 Using device %s 0000000024B6 0000004040B6 0 NVISOSPIT 0000000024C0 0000004040C0 0 SrvcVersion Records: 0000000024D6 0000004040D6 0 wVersion: %d 0000000024E5 0000004040E5 0 LowVersion: %d 0000000024F6 0000004040F6 0 wHighVersion: %d 000000002509 000000404109 0 szDescription: %s 00000000251D 00000040411D 0 szSystemStatus: %s 000000002534 000000404134 0 SPIVersion Records: 000000002549 000000404149 0 wVersion: %d 000000002558 000000404158 0 LowVersion: %d 000000002569 000000404169 0 wHighVersion: %d 00000000257C 00000040417C 0 szDescription: %s 000000002590 000000404190 0 szSystemStatus: %s 0000000025A7 0000004041A7 0 HService Address ; %ld 0000000025C0 0000004041C0 0 Calling WFSLock() 0000000025D2 0000004041D2 0 Output from WFSLock: %d 0000000025EE 0000004041EE 0 Calling WFSExecute() to dispense $%d 000000002618 000000404218 0 DEBUG: WFS_ERR_CDM_ITEMSLEFT = %d 00000000263C 00000040423C 0 DEBUG: WFS_ERR_INVALID_DATA = %d File pos Mem pos ID Text ======== ======= == ==== 000000002660 000000404260 0 DEBUG: WFS_ERR_CDM_INVALIDDENOMINATION = %d 000000002690 000000404290 0 DEBUG: WFS_ERR_CDM_NOTDISPENSABLE = %d 0000000026B8 0000004042B8 0 DEBUG: WFS_ERR_DEV_NOT_READY = %d 0000000026DC 0000004042DC 0 Execute result = %ld 0000000026F4 0000004042F4 0 lpResult Records: 000000002707 000000404307 0 RequestID: %d 000000002718 000000404318 0 HService Address ; %ld 000000002731 000000404331 0 Command Code ; %d 000000002745 000000404345 0 Event ID ; %d 000000002756 000000404356 0 Event Received from XFS 00000000277C 00000040437C 0 Unknown error 00000000278C 00000040438C 0 _matherr(): %s in %s(%g, %g) (retval=%g) 0000000027B8 0000004043B8 0 Argument domain error (DOMAIN) 0000000027D7 0000004043D7 0 Argument singularity (SIGN) 0000000027F4 0000004043F4 0 Overflow range error (OVERFLOW) 000000002814 000000404414 0 The result is too small to be represented (UNDERFLOW) 00000000284C 00000040444C 0 Total loss of significance (TLOSS) 000000002870 000000404470 0 Partial loss of significance (PLOSS) 0000000028B0 0000004044B0 0 Mingw-w64 runtime failure: 0000000028CC 0000004044CC 0 Address %p has no image-section 0000000028EC 0000004044EC 0 VirtualQuery failed for %d bytes at address %p 000000002920 000000404520 0 VirtualProtect failed with code 0x%x 000000002948 000000404548 0 Unknown pseudo relocation protocol version %d. 00000000297C 00000040457C 0 Unknown pseudo relocation bit size %d. 0000000029A8 0000004045A8 0 GCC: (GNU) 7.2.0 0000000029BC 0000004045BC 0 GCC: (GNU) 7.2.0 0000000029D0 0000004045D0 0 GCC: (GNU) 7.2.0 0000000029E4 0000004045E4 0 GCC: (GNU) 7.2.0 0000000029F8 0000004045F8 0 GCC: (GNU) 7.2.0 000000002A0C 00000040460C 0 GCC: (GNU) 7.2.0 000000002A20 000000404620 0 GCC: (GNU) 7.2.0 000000002A34 000000404634 0 GCC: (GNU) 7.2.0 000000002A48 000000404648 0 GCC: (GNU) 7.2.0 000000002A5C 00000040465C 0 GCC: (GNU) 7.2.0 000000002A70 000000404670 0 GCC: (GNU) 7.2.0 000000002A84 000000404684 0 GCC: (GNU) 7.2.0 000000002A98 000000404698 0 GCC: (GNU) 7.2.0 000000002AAC 0000004046AC 0 GCC: (GNU) 7.2.0 000000002AC0 0000004046C0 0 GCC: (GNU) 7.2.0 000000002AD4 0000004046D4 0 GCC: (GNU) 7.2.0 000000002AE8 0000004046E8 0 GCC: (GNU) 7.2.0 000000002AFC 0000004046FC 0 GCC: (GNU) 7.2.0 000000002B10 000000404710 0 GCC: (GNU) 7.2.0 000000002B24 000000404724 0 GCC: (GNU) 7.2.0 000000002B38 000000404738 0 GCC: (GNU) 7.2.0 000000002B4C 00000040474C 0 GCC: (GNU) 7.2.0 000000002B60 000000404760 0 GCC: (GNU) 7.2.0 000000002B74 000000404774 0 GCC: (GNU) 7.2.0 000000002B88 000000404788 0 GCC: (GNU) 7.2.0 000000002B9C 00000040479C 0 GCC: (GNU) 7.2.0 000000002BB0 0000004047B0 0 GCC: (GNU) 7.2.0 000000002E58 000000406258 0 MSXFS.dll 000000002E66 000000406266 0 WFSStartUp 000000002E7A 00000040627A 0 WFSOpen 000000002E8A 00000040628A 0 WFSExecute 000000002E9E 00000040629E 0 WFSFreeResult 000000002EB2 0000004062B2 0 WFSLock 000000002EC2 0000004062C2 0 DeleteCriticalSection 000000002EDA 0000004062DA 0 EnterCriticalSection 000000002EF2 0000004062F2 0 GetCurrentProcess File pos Mem pos ID Text ======== ======= == ==== 000000002F06 000000406306 0 GetCurrentProcessId 000000002F1C 00000040631C 0 GetCurrentThreadId 000000002F32 000000406332 0 GetLastError 000000002F42 000000406342 0 GetStartupInfoA 000000002F54 000000406354 0 GetSystemTimeAsFileTime 000000002F6E 00000040636E 0 GetTickCount 000000002F7E 00000040637E 0 InitializeCriticalSection 000000002F9A 00000040639A 0 LeaveCriticalSection 000000002FB2 0000004063B2 0 QueryPerformanceCounter 000000002FCC 0000004063CC 0 SetUnhandledExceptionFilter 000000002FEA 0000004063EA 0 Sleep 000000002FF2 0000004063F2 0 TerminateProcess 000000003006 000000406406 0 TlsGetValue 000000003014 000000406414 0 UnhandledExceptionFilter 000000003030 000000406430 0 VirtualProtect 000000003042 000000406442 0 VirtualQuery 000000003052 000000406452 0 __dllonexit 000000003060 000000406460 0 __getmainargs 000000003070 000000406470 0 __initenv 00000000307C 00000040647C 0 __lconv_init 00000000308C 00000040648C 0 __set_app_type 00000000309E 00000040649E 0 __setusermatherr 0000000030B2 0000004064B2 0 _acmdln 0000000030BC 0000004064BC 0 _amsg_exit 0000000030CA 0000004064CA 0 _cexit 0000000030D4 0000004064D4 0 _fmode 0000000030DE 0000004064DE 0 _initterm 0000000030F2 0000004064F2 0 _lock 0000000030FA 0000004064FA 0 _onexit 000000003104 000000406504 0 _unlock 00000000310E 00000040650E 0 abort 00000000311E 00000040651E 0 calloc 000000003130 000000406530 0 fflush 00000000313A 00000040653A 0 fprintf 00000000314C 00000040654C 0 fwrite 000000003156 000000406556 0 malloc 000000003160 000000406560 0 memcpy 00000000316A 00000040656A 0 printf 00000000317C 00000040657C 0 signal 000000003186 000000406586 0 strlen 000000003190 000000406590 0 strncmp 00000000319A 00000040659A 0 vfprintf 0000000031A6 0000004065A6 0 DefWindowProcA 000000003204 000000406604 0 KERNEL32.dll 000000003290 000000406690 0 msvcrt.dll 0000000032A0 0000004066A0 0 USER32.dll
=== DOWNLOAD === Mirror provided by vx-underground.org, thx!