.- - -----÷M÷E÷N÷U÷------------------------------------------------------------- --- ---- -------------.
! WALL ! STATS ! GOODIES ! YARA ! FAQ ! RSS ! EMV !
`-------------- - --- ---------- -------- -------- -------- -------- ----------------- - ---- ---- --'
ATM MALWARE NOTICE
ea5ebd1e5f98e10b1e7c834dd54707ad06772bccb4179cae7e50c7e6e772a1ab
Date...........: 2016-06-27
Family.........: ATMitch
File name......: tv.dll
File size......: 22.00 KB
Type file......: DLL/Windows
Virscan........: VT - HA
PDB Path found.: d:\last\tester\Release\dll_mfc.pdb
Documentation..: https://securelist.com/blog/sas/77918/atmitch-remote-administration-of-atms/
Entropy:
Binary Histogram:
=== PEDUMP REPORT ===
=== MZ Header ===
signature: "MZ"
bytes_in_last_block: 144 0x90
blocks_in_file: 3 3
num_relocs: 0 0
header_paragraphs: 4 4
min_extra_paragraphs: 0 0
max_extra_paragraphs: 65535 0xffff
ss: 0 0
sp: 184 0xb8
checksum: 0 0
ip: 0 0
cs: 0 0
reloc_table_offset: 64 0x40
overlay_number: 0 0
reserved0: 0 0
oem_id: 0 0
oem_info: 0 0
reserved2: 0 0
reserved3: 0 0
reserved4: 0 0
reserved5: 0 0
reserved6: 0 0
lfanew: 248 0xf8
=== DOS STUB ===
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno|
00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
=== RICH Header ===
LIB_ID VERSION TIMES_USED
123 7b 50727 c627 4 4
150 96 20413 4fbd 1 1
149 95 21022 521e 1 1
131 83 21022 521e 12 c
132 84 21022 521e 6 6
147 93 21022 521e 7 7
1 1 0 0 139 8b
138 8a 21022 521e 3 3
146 92 21022 521e 1 1
148 94 21022 521e 1 1
145 91 21022 521e 1 1
=== PE Header ===
signature: "PE\x00\x00"
# IMAGE_FILE_HEADER:
Machine: 332 0x14c x86
NumberOfSections: 5 5
TimeDateStamp: "2016-05-28 08:47:17"
PointerToSymbolTable: 0 0
NumberOfSymbols: 0 0
SizeOfOptionalHeader: 224 0xe0
Characteristics: 8450 0x2102 EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL
# IMAGE_OPTIONAL_HEADER32:
Magic: 267 0x10b 32-bit executable
LinkerVersion: 9.0
SizeOfCode: 10240 0x2800
SizeOfInitializedData: 11264 0x2c00
SizeOfUninitializedData: 0 0
AddressOfEntryPoint: 12202 0x2faa
BaseOfCode: 4096 0x1000
BaseOfData: 16384 0x4000
ImageBase: 268435456 0x10000000
SectionAlignment: 4096 0x1000
FileAlignment: 512 0x200
OperatingSystemVersion: 5.0
ImageVersion: 0.0
SubsystemVersion: 5.0
Reserved1: 0 0
SizeOfImage: 36864 0x9000
SizeOfHeaders: 1024 0x400
CheckSum: 37884 0x93fc
Subsystem: 2 2 WINDOWS_GUI
DllCharacteristics: 320 0x140 DYNAMIC_BASE, NX_COMPAT
SizeOfStackReserve: 1048576 0x100000
SizeOfStackCommit: 4096 0x1000
SizeOfHeapReserve: 1048576 0x100000
SizeOfHeapCommit: 4096 0x1000
LoaderFlags: 0 0
NumberOfRvaAndSizes: 16 0x10
=== DATA DIRECTORY ===
EXPORT rva:0x 5890 size:0x 34
IMPORT rva:0x 4ea4 size:0x 64
RESOURCE rva:0x 7000 size:0x 738
EXCEPTION rva:0x 0 size:0x 0
SECURITY rva:0x 0 size:0x 0
BASERELOC rva:0x 8000 size:0x 5b4
DEBUG rva:0x 4200 size:0x 1c
ARCHITECTURE rva:0x 0 size:0x 0
GLOBALPTR rva:0x 0 size:0x 0
TLS rva:0x 0 size:0x 0
LOAD_CONFIG rva:0x 4a10 size:0x 40
Bound_IAT rva:0x 0 size:0x 0
IAT rva:0x 4000 size:0x 1d8
Delay_IAT rva:0x 0 size:0x 0
CLR_Header rva:0x 0 size:0x 0
rva:0x 0 size:0x 0
=== SECTIONS ===
NAME RVA VSZ RAW_SZ RAW_PTR nREL REL_PTR nLINE LINE_PTR FLAGS
.text 1000 27ab 2800 400 0 0 0 0 60000020 R-X CODE
.rdata 4000 18c4 1a00 2c00 0 0 0 0 40000040 R-- IDATA
.data 6000 61c 200 4600 0 0 0 0 c0000040 RW- IDATA
.rsrc 7000 738 800 4800 0 0 0 0 40000040 R-- IDATA
.reloc 8000 740 800 5000 0 0 0 0 42000040 R-- IDATA DISCARDABLE
=== RESOURCES ===
FILE_OFFSET CP LANG SIZE TYPE NAME
0x48a0 1252 0x419 836 VERSION #1
0x4be4 1252 0x409 850 MANIFEST #2
=== IMPORTS ===
MODULE_NAME HINT ORD FUNCTION_NAME
mfc90.dll 16db
mfc90.dll 9f3
mfc90.dll 383
mfc90.dll a84
mfc90.dll a83
mfc90.dll 536
mfc90.dll 16cb
mfc90.dll 13c
mfc90.dll 12c
mfc90.dll 136
mfc90.dll 259
mfc90.dll 331
mfc90.dll 19f0
mfc90.dll 9b0
mfc90.dll 174b
mfc90.dll 119b
mfc90.dll 643
mfc90.dll 31e
mfc90.dll 4e4
mfc90.dll 433
mfc90.dll 4fb
mfc90.dll 4f4
mfc90.dll 4fe
mfc90.dll 4d9
mfc90.dll 471
mfc90.dll 141
mfc90.dll 244
mfc90.dll 195e
mfc90.dll 1809
mfc90.dll 30d
mfc90.dll 480
mfc90.dll 479
mfc90.dll 194
mfc90.dll 1590
mfc90.dll c6b
mfc90.dll 1679
mfc90.dll 9dd
mfc90.dll 613
mfc90.dll 297
mfc90.dll 4fd
mfc90.dll 10a
mfc90.dll 4db
mfc90.dll 142
mfc90.dll 25d
mfc90.dll 187
mfc90.dll 321
mfc90.dll 43f
mfc90.dll 49c
mfc90.dll 109
mfc90.dll 4d1
mfc90.dll 320
MSVCR90.dll 96 __dllonexit
MSVCR90.dll 16a _encode_pointer
MSVCR90.dll 276 _lock
MSVCR90.dll 31c _onexit
MSVCR90.dll 160 _decode_pointer
MSVCR90.dll 287 _malloc_crt
MSVCR90.dll 4e4 free
MSVCR90.dll 16b _encoded_null
MSVCR90.dll 204 _initterm
MSVCR90.dll 205 _initterm_e
MSVCR90.dll 115 _amsg_exit
MSVCR90.dll 73 __CxxFrameHandler3
MSVCR90.dll 6a __CppXcptFilter
MSVCR90.dll 43 ?terminate@@YAXXZ
MSVCR90.dll 14b _crt_debugger_hook
MSVCR90.dll 173 _except_handler4_common
MSVCR90.dll 36 ?_type_info_dtor_internal_method@type_info@@QAEXXZ
MSVCR90.dll 8c __clean_type_info_names_internal
MSVCR90.dll 3e6 _unlock
MSVCR90.dll 3ca _time64
MSVCR90.dll 274 _localtime64
MSVCR90.dll 556 strftime
MSVCR90.dll 552 strcpy_s
MSVCR90.dll 4bf atoi
MSVCR90.dll 10b _adjust_fdiv
KERNEL32.dll 1ad GetCurrentThreadId
KERNEL32.dll 2f9 LocalAlloc
KERNEL32.dll 2f1 LoadLibraryA
KERNEL32.dll 220 GetProcAddress
KERNEL32.dll 1e6 GetLastError
KERNEL32.dll 105 ExitThread
KERNEL32.dll 421 Sleep
KERNEL32.dll c0 DeleteFileA
KERNEL32.dll a3 CreateThread
KERNEL32.dll 2bd InterlockedExchange
KERNEL32.dll 2ba InterlockedCompareExchange
KERNEL32.dll 42d TerminateProcess
KERNEL32.dll 1a9 GetCurrentProcess
KERNEL32.dll 43e UnhandledExceptionFilter
KERNEL32.dll 415 SetUnhandledExceptionFilter
KERNEL32.dll 2d1 IsDebuggerPresent
KERNEL32.dll 354 QueryPerformanceCounter
KERNEL32.dll 266 GetTickCount
KERNEL32.dll 2fd LocalFree
KERNEL32.dll 1aa GetCurrentProcessId
KERNEL32.dll 24f GetSystemTimeAsFileTime
MSVCP90.dll 9c6 ?open@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
MSVCP90.dll 64e ?close@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
MSVCP90.dll b73 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
MSVCP90.dll 5d0 ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
MSVCP90.dll 557 ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
MSVCP90.dll 57c ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
MSVCP90.dll b76 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
MSVCP90.dll be4 ?uncaught_exception@std@@YA_NXZ
MSVCP90.dll 3f9 ??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
MSVCP90.dll 128 ??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
MSVCP90.dll 651 ?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
MSVCP90.dll 11c ??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@XZ
MSVCP90.dll 821 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
MSVCP90.dll b44 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
MSVCP90.dll 25f ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
MSVCP90.dll 176 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
MSVCP90.dll 3f6 ??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
=== EXPORTS ===
# module "dll_mfc.dll"
# flags=0x0 ts="2016-05-28 08:47:17" version=0.0 ord_base=1
# nFuncs=0 nNames=0
=== VERSION INFO ===
# VS_FIXEDFILEINFO:
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
StrucVersion : 0x10000
FileFlagsMask : 0x3f
FileFlags : 0
FileOS : 4
FileType : 2
FileSubtype : 0
# StringTable 041904e3:
CompanyName : "TODO: <\u043D\u0430\u0437\u0432\u0430\u043D\u0438\u0435 \u043A\u043E\u043C\u043F\u0430\u043D\u0438\u0438>"
FileDescription : "TODO: <\u043E\u043F\u0438\u0441\u0430\u043D\u0438\u0435 \u0444\u0430\u0439\u043B\u0430>"
FileVersion : "1.0.0.1"
InternalName : "dll_mfc.dll"
LegalCopyright : "TODO: (c) <\u043D\u0430\u0437\u0432\u0430\u043D\u0438\u0435 \u043A\u043E\u043C\u043F\u0430\u043D\u0438\u0438>. \u0412\u0441\u0435 \u043F\u0440\u0430\u0432\u0430 \u0437\u0430\u0449\u0438\u0449\u0435\u043D\u044B."
OriginalFilename : "dll_mfc.dll"
ProductName : "TODO: <\u041D\u0430\u0437\u0432\u0430\u043D\u0438\u0435 \u043F\u0440\u043E\u0434\u0443\u043A\u0442\u0430>"
ProductVersion : "1.0.0.1"
VarFileInfo : [ 0x419, 0x4e3 ]
=== Packer / Compiler ===
MS Visual C++ v7.0 DLL
File pos Mem pos ID Text
======== ======= == ====
00000000004D 00001000004D 0 !This program cannot be run in DOS mode.
0000000000E7 0000100000E7 0 BRichs
0000000001F0 0000100001F0 0 .text
000000000218 000010000218 0 .rdata
00000000023F 00001000023F 0 @.data
000000000268 000010000268 0 .rsrc
00000000028F 00001000028F 0 @.reloc
00000000047A 00001000107A 0 SUVWu%Q
000000000886 000010001486 0 d$ hdD
000000000B08 000010001708 0 |$(t&
000000001145 000010001D45 0 SUVWj
000000001170 000010001D70 0 l$$WSS
0000000011DA 000010001DDA 0 D$,PQ
00000000135D 000010001F5D 0 T$0RQ
0000000016C0 0000100022C0 0 D$,QRP
000000001823 000010002423 0 uTh(e
00000000187C 00001000247C 0 uEh(e
0000000018B8 0000100024B8 0 D$ Pj
000000001D53 000010002953 0 L1(WR
000000002318 000010002F18 0 u WPS
000000002341 000010002F41 0 uCWVS
00000000235F 000010002F5F 0 t%WVS
000000002E1C 00001000421C 0 Delete
000000002E24 000010004224 0 NoRemove
000000002E30 000010004230 0 ForceRemove
000000002EA4 0000100042A4 0 bad allocation
000000002EB4 0000100042B4 0 CDM30
000000002EBC 0000100042BC 0 command.txt
000000002EC8 0000100042C8 0 Trying to open dispenser by name. Result is %d
000000002EF8 0000100042F8 0 Dispenser instance is %d
000000002F18 000010004318 0 Receive CASH UNIT info first, then LOOK on
000000002F43 000010004343 0 SCREEN and think what does you DO.
000000002F68 000010004368 0 Unlocking dispenser, result is %d
000000002F8C 00001000438C 0 Catch some money, bitch! %d
000000002FA8 0000100043A8 0 Dispenser instance set to %d
000000002FC8 0000100043C8 0 Dispenser name is: %s
000000002FE0 0000100043E0 0 Dispenser name is not set or default.
000000003008 000010004408 0 Dispenser's name set to: %s
000000003024 000010004424 0 Not initislised. Try to initialise.
000000003048 000010004448 0 Entering process dispense.
000000003064 000010004464 0 Items from parameters converted successfully. %d %d
000000003098 000010004498 0 Dispense success, code is %d
0000000030B8 0000100044B8 0 StartUp()
0000000030C4 0000100044C4 0 Version: %s
0000000030D8 0000100044D8 0 Dispenser instanse id %d
0000000030F4 0000100044F4 0 Unknown command mnemonic, check it and repeat again.
00000000312C 00001000452C 0 msxfs.dll
000000003138 000010004538 0 Could not load the dynamic library. error# %d
000000003168 000010004568 0 msxfs loaded successfully.
000000003184 000010004584 0 WFSUnlock
000000003190 000010004590 0 WFSGetInfo
00000000319C 00001000459C 0 WFSExecute
0000000031A8 0000100045A8 0 WFSFreeResult
0000000031B8 0000100045B8 0 WFSStartUp
0000000031C4 0000100045C4 0 WFSOpen
0000000031CC 0000100045CC 0 WFSUnhookBlockingHook
0000000031E4 0000100045E4 0 WFSClose
0000000031F0 0000100045F0 0 WFSCleanUp
0000000031FC 0000100045FC 0 Can't import "GetInfo()" function
000000003220 000010004620 0 Can't import "Unlock()" function
File pos Mem pos ID Text
======== ======= == ====
000000003244 000010004644 0 Can't import "WfSExecute()" function
00000000326C 00001000466C 0 Can't import "WFSFreeResult()" function
000000003294 000010004694 0 Can't import "StartUp()" function
0000000032B8 0000100046B8 0 Unlocking hook result is %d
0000000032D4 0000100046D4 0 Unlocking result is %d
0000000032EC 0000100046EC 0 %d CU 's found
0000000032FC 0000100046FC 0 CDM HSERVICE NUM IS %d
000000003314 000010004714 0 ======= %s =======================================
000000003348 000010004748 0 + Cash unit # %d
00000000335C 00001000475C 0 + Cash unit type: %s
000000003374 000010004774 0 + Cash unit status: %s
000000003390 000010004790 0 + UnitId: %s
0000000033A0 0000100047A0 0 + Currency ID: %s
0000000033B8 0000100047B8 0 + Values: %d
0000000033C8 0000100047C8 0 + Cash Count: %d
0000000033DC 0000100047DC 0 + Cash initial Count: %d
0000000033F8 0000100047F8 0 + Cash presented count: %d
00000000341C 00001000481C 0 ++ Is locked ? : %s
000000003434 000010004834 0 =======================================================
00000000346C 00001000486C 0 Error, code is:%d
000000003484 000010004884 0 REJECTCASSETTE
000000003494 000010004894 0 BILLCASSETTE
0000000034A4 0000100048A4 0 COINCYLINDER
0000000034B4 0000100048B4 0 COINDISPENSER
0000000034C4 0000100048C4 0 RETRACTCASSETTE
0000000034D4 0000100048D4 0 COUPON
0000000034DC 0000100048DC 0 DOCUMENT
0000000034E8 0000100048E8 0 REPCONTAINER
0000000034F8 0000100048F8 0 RECYCLING
00000000351C 00001000491C 0 EMPTY
00000000352C 00001000492C 0 MISSING
000000003534 000010004934 0 NOVAL
00000000353C 00001000493C 0 NOREF
000000003544 000010004944 0 MANIP
00000000354C 00001000494C 0 Open() calling.
00000000355C 00001000495C 0 Dispenser open successfully, disinstance is %d
00000000358C 00001000498C 0 Thread created successfully.
0000000035AC 0000100049AC 0 Can't create thread.
0000000035CC 0000100049CC 0 logfile.log
0000000035D8 0000100049D8 0 %d %m %Y - %H : %M : %S >
0000000035F4 0000100049F4 0 C:\windows\temp\kl.txt
000000003670 000010004A70 0 d:\last\tester\Release\dll_mfc.pdb
000000003CE0 0000100050E0 0 mfc90.dll
000000003CF4 0000100050F4 0 strcpy_s
000000003D00 000010005100 0 strftime
000000003D0C 00001000510C 0 _localtime64
000000003D1C 00001000511C 0 _time64
000000003D24 000010005124 0 MSVCR90.dll
000000003D32 000010005132 0 _unlock
000000003D3C 00001000513C 0 __dllonexit
000000003D4A 00001000514A 0 _encode_pointer
000000003D5C 00001000515C 0 _lock
000000003D64 000010005164 0 _onexit
000000003D6E 00001000516E 0 _decode_pointer
000000003D80 000010005180 0 _malloc_crt
000000003D96 000010005196 0 _encoded_null
000000003DA6 0000100051A6 0 _initterm
000000003DB2 0000100051B2 0 _initterm_e
000000003DC0 0000100051C0 0 _amsg_exit
000000003DCE 0000100051CE 0 _adjust_fdiv
File pos Mem pos ID Text
======== ======= == ====
000000003DDE 0000100051DE 0 __CppXcptFilter
000000003DF0 0000100051F0 0 ?terminate@@YAXXZ
000000003E04 000010005204 0 _crt_debugger_hook
000000003E1A 00001000521A 0 _except_handler4_common
000000003E34 000010005234 0 ?_type_info_dtor_internal_method@type_info@@QAEXXZ
000000003E6A 00001000526A 0 __clean_type_info_names_internal
000000003E8E 00001000528E 0 Sleep
000000003E96 000010005296 0 ExitThread
000000003EA4 0000100052A4 0 GetLastError
000000003EB4 0000100052B4 0 GetProcAddress
000000003EC6 0000100052C6 0 LoadLibraryA
000000003ED6 0000100052D6 0 LocalAlloc
000000003EE4 0000100052E4 0 LocalFree
000000003EF0 0000100052F0 0 DeleteFileA
000000003EFE 0000100052FE 0 CreateThread
000000003F0E 00001000530E 0 InterlockedExchange
000000003F24 000010005324 0 InterlockedCompareExchange
000000003F42 000010005342 0 TerminateProcess
000000003F56 000010005356 0 GetCurrentProcess
000000003F6A 00001000536A 0 UnhandledExceptionFilter
000000003F86 000010005386 0 SetUnhandledExceptionFilter
000000003FA4 0000100053A4 0 IsDebuggerPresent
000000003FB8 0000100053B8 0 QueryPerformanceCounter
000000003FD2 0000100053D2 0 GetTickCount
000000003FE2 0000100053E2 0 GetCurrentThreadId
000000003FF8 0000100053F8 0 GetCurrentProcessId
00000000400E 00001000540E 0 GetSystemTimeAsFileTime
000000004026 000010005426 0 KERNEL32.dll
000000004036 000010005436 0 ?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
000000004074 000010005474 0 ??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
0000000040B4 0000100054B4 0 ??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
0000000040F0 0000100054F0 0 ?uncaught_exception@std@@YA_NXZ
000000004112 000010005512 0 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
000000004156 000010005556 0 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
000000004194 000010005594 0 ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
0000000041D4 0000100055D4 0 ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
000000004216 000010005616 0 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
000000004256 000010005656 0 ?close@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
000000004293 000010005693 0 ?open@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
0000000042D6 0000100056D6 0 ??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@XZ
000000004310 000010005710 0 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
000000004352 000010005752 0 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
000000004392 000010005792 0 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
0000000043DC 0000100057DC 0 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
000000004428 000010005828 0 ??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
000000004460 000010005860 0 MSVCP90.dll
00000000446E 00001000586E 0 __CxxFrameHandler3
0000000044B8 0000100058B8 0 dll_mfc.dll
000000004608 000010006008 0 .?AVtype_info@@
000000004630 000010006030 0 .?AVCNoTrackObject@@
000000004650 000010006050 0 .?AVAFX_MODULE_STATE@@
000000004670 000010006070 0 .?AV_AFX_DLL_MODULE_STATE@@
000000004BE4 0000100073E4 0 <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
000000004C2F 00001000742F 0 <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
000000004C67 000010007467 0 <security>
000000004C77 000010007477 0 <requestedPrivileges>
000000004C94 000010007494 0 <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
000000004CF4 0000100074F4 0 </requestedPrivileges>
000000004D12 000010007512 0 </security>
000000004D23 000010007523 0 </trustInfo>
File pos Mem pos ID Text
======== ======= == ====
000000004D33 000010007533 0 <dependency>
000000004D43 000010007543 0 <dependentAssembly>
000000004D5C 00001000755C 0 <assemblyIdentity type="win32" name="Microsoft.VC90.CRT" version="9.0.21022.8" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>
000000004E04 000010007604 0 </dependentAssembly>
000000004E1E 00001000761E 0 </dependency>
000000004E2F 00001000762F 0 <dependency>
000000004E3F 00001000763F 0 <dependentAssembly>
000000004E58 000010007658 0 <assemblyIdentity type="win32" name="Microsoft.VC90.MFC" version="9.0.21022.8" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>
000000004F00 000010007700 0 </dependentAssembly>
000000004F1A 00001000771A 0 </dependency>
000000004F2B 00001000772B 0 </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
000000005008 000010008008 0 /050A0Q0W0u0
00000000501D 00001000801D 0 1e1l1
000000005031 000010008031 0 1"2C2R2e2r2
000000005053 000010008053 0 333@3I3O3T3a3g3q3
000000005077 000010008077 0 4 4-4;4G4R4a4
000000005095 000010008095 0 5#5;5L5T5
0000000050A9 0000100080A9 0 6>6K6s6
0000000050BD 0000100080BD 0 7;7I7Y7l7|7
0000000050DF 0000100080DF 0 8*8/898U8\8f8p8z8
0000000050FF 0000100080FF 0 9L9S9
00000000512B 00001000812B 0 :%:S:c:}:
000000005155 000010008155 0 ;#;(;-;6;;;A;I;N;T;[;
00000000516B 00001000816B 0 ;e;n;s;y;
000000005195 000010008195 0 <#<)<7<F<L<Z<
0000000051B5 0000100081B5 0 =4=A=
0000000051C7 0000100081C7 0 =K>R>b>s>z>
0000000051EB 0000100081EB 0 ?!?(?/?6?=?J?P?i?o?
00000000521B 00001000821B 0 0 0'040:0M0S0c0i0
000000005247 000010008247 0 1,11171=1C1I1O1U1[1a1g1m1t1x1|1
000000005287 000010008287 0 20262<2
000000005293 000010008293 0 2?3L3\3c3i3
0000000052A3 0000100082A3 0 3&4b4
0000000052AF 0000100082AF 0 5C5U5{5
0000000052CD 0000100082CD 0 6;6I6h6u6
0000000052EB 0000100082EB 0 7&737S7
0000000052FF 0000100082FF 0 8:8s8
000000005307 000010008307 0 839Z9
000000005315 000010008315 0 9#:/:>:D:J:P:V:\:b:h:n:t:z:
000000005361 000010008361 0 ;%;+;?;T;_;w;
000000005373 000010008373 0 ;)<2<9<><T<
000000005395 000010008395 0 =%=*=6=F=L=S=j=p=
0000000053B5 0000100083B5 0 >#>.>6>a>h>m>r>y>
0000000053CF 0000100083CF 0 >,?Y?
000000005407 000010008407 0 1!1+141?1K1P1
000000005415 000010008415 0 1e1k1q1
00000000542D 00001000842D 0 2'262;2\2a2
00000000543B 00001000843B 0 3/3M3a3g3
000000005451 000010008451 0 4+434;4G4k4s4~4
000000005471 000010008471 0 445Z5}5
00000000548D 00001000848D 0 6%6.6D6U6
0000000054B5 0000100084B5 0 7)7/737A7F7L7Q7a7q7w7
0000000054E7 0000100084E7 0 1P2T2X2\2
0000000054F1 0000100084F1 0 2d2h2l2p2t2x2|2
000000005513 000010008513 0 9L:P:
000000005531 000010008531 0 ;(;8;<;@;H;
00000000553D 00001000853D 0 ;p;t;|;
00000000554D 00001000854D 0 <4<8<X<t<x<
000000005569 000010008569 0 =(=0=H=T=t=|=
00000000558F 00001000858F 0 >(>H>P>\>|>
File pos Mem pos ID Text
======== ======= == ====
0000000055A5 0000100085A5 0 0(0H0h0
0000000048A6 0000100070A6 0 VS_VERSION_INFO
000000004902 000010007102 0 StringFileInfo
000000004926 000010007126 0 041904e3
00000000493E 00001000713E 0 CompanyName
000000004992 000010007192 0 FileDescription
0000000049EA 0000100071EA 0 FileVersion
000000004A04 000010007204 0 1.0.0.1
000000004A1A 00001000721A 0 InternalName
000000004A34 000010007234 0 dll_mfc.dll
000000004A52 000010007252 0 LegalCopyright
000000004ADE 0000100072DE 0 OriginalFilename
000000004B00 000010007300 0 dll_mfc.dll
000000004B1E 00001000731E 0 ProductName
000000004B72 000010007372 0 ProductVersion
000000004B90 000010007390 0 1.0.0.1
000000004BA6 0000100073A6 0 VarFileInfo
000000004BC6 0000100073C6 0 Translation
00000000004D 00001000004D 0 !This program cannot be run in DOS mode.
0000000000E7 0000100000E7 0 BRichs
0000000001F0 0000100001F0 0 .text
000000000218 000010000218 0 .rdata
00000000023F 00001000023F 0 @.data
000000000268 000010000268 0 .rsrc
00000000028F 00001000028F 0 @.reloc
00000000047A 00001000107A 0 SUVWu%Q
000000000886 000010001486 0 d$ hdD
000000000B08 000010001708 0 |$(t&
000000001145 000010001D45 0 SUVWj
000000001170 000010001D70 0 l$$WSS
0000000011DA 000010001DDA 0 D$,PQ
00000000135D 000010001F5D 0 T$0RQ
0000000016C0 0000100022C0 0 D$,QRP
000000001823 000010002423 0 uTh(e
00000000187C 00001000247C 0 uEh(e
0000000018B8 0000100024B8 0 D$ Pj
000000001D53 000010002953 0 L1(WR
000000002318 000010002F18 0 u WPS
000000002341 000010002F41 0 uCWVS
00000000235F 000010002F5F 0 t%WVS
000000002E1C 00001000421C 0 Delete
000000002E24 000010004224 0 NoRemove
000000002E30 000010004230 0 ForceRemove
000000002EA4 0000100042A4 0 bad allocation
000000002EB4 0000100042B4 0 CDM30
000000002EBC 0000100042BC 0 command.txt
000000002EC8 0000100042C8 0 Trying to open dispenser by name. Result is %d
000000002EF8 0000100042F8 0 Dispenser instance is %d
000000002F18 000010004318 0 Receive CASH UNIT info first, then LOOK on
000000002F43 000010004343 0 SCREEN and think what does you DO.
000000002F68 000010004368 0 Unlocking dispenser, result is %d
000000002F8C 00001000438C 0 Catch some money, bitch! %d
000000002FA8 0000100043A8 0 Dispenser instance set to %d
000000002FC8 0000100043C8 0 Dispenser name is: %s
000000002FE0 0000100043E0 0 Dispenser name is not set or default.
000000003008 000010004408 0 Dispenser's name set to: %s
000000003024 000010004424 0 Not initislised. Try to initialise.
000000003048 000010004448 0 Entering process dispense.
000000003064 000010004464 0 Items from parameters converted successfully. %d %d
000000003098 000010004498 0 Dispense success, code is %d
File pos Mem pos ID Text
======== ======= == ====
0000000030B8 0000100044B8 0 StartUp()
0000000030C4 0000100044C4 0 Version: %s
0000000030D8 0000100044D8 0 Dispenser instanse id %d
0000000030F4 0000100044F4 0 Unknown command mnemonic, check it and repeat again.
00000000312C 00001000452C 0 msxfs.dll
000000003138 000010004538 0 Could not load the dynamic library. error# %d
000000003168 000010004568 0 msxfs loaded successfully.
000000003184 000010004584 0 WFSUnlock
000000003190 000010004590 0 WFSGetInfo
00000000319C 00001000459C 0 WFSExecute
0000000031A8 0000100045A8 0 WFSFreeResult
0000000031B8 0000100045B8 0 WFSStartUp
0000000031C4 0000100045C4 0 WFSOpen
0000000031CC 0000100045CC 0 WFSUnhookBlockingHook
0000000031E4 0000100045E4 0 WFSClose
0000000031F0 0000100045F0 0 WFSCleanUp
0000000031FC 0000100045FC 0 Can't import "GetInfo()" function
000000003220 000010004620 0 Can't import "Unlock()" function
000000003244 000010004644 0 Can't import "WfSExecute()" function
00000000326C 00001000466C 0 Can't import "WFSFreeResult()" function
000000003294 000010004694 0 Can't import "StartUp()" function
0000000032B8 0000100046B8 0 Unlocking hook result is %d
0000000032D4 0000100046D4 0 Unlocking result is %d
0000000032EC 0000100046EC 0 %d CU 's found
0000000032FC 0000100046FC 0 CDM HSERVICE NUM IS %d
000000003314 000010004714 0 ======= %s =======================================
000000003348 000010004748 0 + Cash unit # %d
00000000335C 00001000475C 0 + Cash unit type: %s
000000003374 000010004774 0 + Cash unit status: %s
000000003390 000010004790 0 + UnitId: %s
0000000033A0 0000100047A0 0 + Currency ID: %s
0000000033B8 0000100047B8 0 + Values: %d
0000000033C8 0000100047C8 0 + Cash Count: %d
0000000033DC 0000100047DC 0 + Cash initial Count: %d
0000000033F8 0000100047F8 0 + Cash presented count: %d
00000000341C 00001000481C 0 ++ Is locked ? : %s
000000003434 000010004834 0 =======================================================
00000000346C 00001000486C 0 Error, code is:%d
000000003484 000010004884 0 REJECTCASSETTE
000000003494 000010004894 0 BILLCASSETTE
0000000034A4 0000100048A4 0 COINCYLINDER
0000000034B4 0000100048B4 0 COINDISPENSER
0000000034C4 0000100048C4 0 RETRACTCASSETTE
0000000034D4 0000100048D4 0 COUPON
0000000034DC 0000100048DC 0 DOCUMENT
0000000034E8 0000100048E8 0 REPCONTAINER
0000000034F8 0000100048F8 0 RECYCLING
00000000351C 00001000491C 0 EMPTY
00000000352C 00001000492C 0 MISSING
000000003534 000010004934 0 NOVAL
00000000353C 00001000493C 0 NOREF
000000003544 000010004944 0 MANIP
00000000354C 00001000494C 0 Open() calling.
00000000355C 00001000495C 0 Dispenser open successfully, disinstance is %d
00000000358C 00001000498C 0 Thread created successfully.
0000000035AC 0000100049AC 0 Can't create thread.
0000000035CC 0000100049CC 0 logfile.log
0000000035D8 0000100049D8 0 %d %m %Y - %H : %M : %S >
0000000035F4 0000100049F4 0 C:\windows\temp\kl.txt
000000003670 000010004A70 0 d:\last\tester\Release\dll_mfc.pdb
File pos Mem pos ID Text
======== ======= == ====
000000003CE0 0000100050E0 0 mfc90.dll
000000003CF4 0000100050F4 0 strcpy_s
000000003D00 000010005100 0 strftime
000000003D0C 00001000510C 0 _localtime64
000000003D1C 00001000511C 0 _time64
000000003D24 000010005124 0 MSVCR90.dll
000000003D32 000010005132 0 _unlock
000000003D3C 00001000513C 0 __dllonexit
000000003D4A 00001000514A 0 _encode_pointer
000000003D5C 00001000515C 0 _lock
000000003D64 000010005164 0 _onexit
000000003D6E 00001000516E 0 _decode_pointer
000000003D80 000010005180 0 _malloc_crt
000000003D96 000010005196 0 _encoded_null
000000003DA6 0000100051A6 0 _initterm
000000003DB2 0000100051B2 0 _initterm_e
000000003DC0 0000100051C0 0 _amsg_exit
000000003DCE 0000100051CE 0 _adjust_fdiv
000000003DDE 0000100051DE 0 __CppXcptFilter
000000003DF0 0000100051F0 0 ?terminate@@YAXXZ
000000003E04 000010005204 0 _crt_debugger_hook
000000003E1A 00001000521A 0 _except_handler4_common
000000003E34 000010005234 0 ?_type_info_dtor_internal_method@type_info@@QAEXXZ
000000003E6A 00001000526A 0 __clean_type_info_names_internal
000000003E8E 00001000528E 0 Sleep
000000003E96 000010005296 0 ExitThread
000000003EA4 0000100052A4 0 GetLastError
000000003EB4 0000100052B4 0 GetProcAddress
000000003EC6 0000100052C6 0 LoadLibraryA
000000003ED6 0000100052D6 0 LocalAlloc
000000003EE4 0000100052E4 0 LocalFree
000000003EF0 0000100052F0 0 DeleteFileA
000000003EFE 0000100052FE 0 CreateThread
000000003F0E 00001000530E 0 InterlockedExchange
000000003F24 000010005324 0 InterlockedCompareExchange
000000003F42 000010005342 0 TerminateProcess
000000003F56 000010005356 0 GetCurrentProcess
000000003F6A 00001000536A 0 UnhandledExceptionFilter
000000003F86 000010005386 0 SetUnhandledExceptionFilter
000000003FA4 0000100053A4 0 IsDebuggerPresent
000000003FB8 0000100053B8 0 QueryPerformanceCounter
000000003FD2 0000100053D2 0 GetTickCount
000000003FE2 0000100053E2 0 GetCurrentThreadId
000000003FF8 0000100053F8 0 GetCurrentProcessId
00000000400E 00001000540E 0 GetSystemTimeAsFileTime
000000004026 000010005426 0 KERNEL32.dll
000000004036 000010005436 0 ?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
000000004074 000010005474 0 ??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
0000000040B4 0000100054B4 0 ??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
0000000040F0 0000100054F0 0 ?uncaught_exception@std@@YA_NXZ
000000004112 000010005512 0 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
000000004156 000010005556 0 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
000000004194 000010005594 0 ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
0000000041D4 0000100055D4 0 ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
000000004216 000010005616 0 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
000000004256 000010005656 0 ?close@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
000000004293 000010005693 0 ?open@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
0000000042D6 0000100056D6 0 ??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@XZ
000000004310 000010005710 0 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
000000004352 000010005752 0 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
File pos Mem pos ID Text
======== ======= == ====
000000004392 000010005792 0 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
0000000043DC 0000100057DC 0 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
000000004428 000010005828 0 ??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
000000004460 000010005860 0 MSVCP90.dll
00000000446E 00001000586E 0 __CxxFrameHandler3
0000000044B8 0000100058B8 0 dll_mfc.dll
000000004608 000010006008 0 .?AVtype_info@@
000000004630 000010006030 0 .?AVCNoTrackObject@@
000000004650 000010006050 0 .?AVAFX_MODULE_STATE@@
000000004670 000010006070 0 .?AV_AFX_DLL_MODULE_STATE@@
000000004BE4 0000100073E4 0 <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
000000004C2F 00001000742F 0 <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
000000004C67 000010007467 0 <security>
000000004C77 000010007477 0 <requestedPrivileges>
000000004C94 000010007494 0 <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
000000004CF4 0000100074F4 0 </requestedPrivileges>
000000004D12 000010007512 0 </security>
000000004D23 000010007523 0 </trustInfo>
000000004D33 000010007533 0 <dependency>
000000004D43 000010007543 0 <dependentAssembly>
000000004D5C 00001000755C 0 <assemblyIdentity type="win32" name="Microsoft.VC90.CRT" version="9.0.21022.8" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>
000000004E04 000010007604 0 </dependentAssembly>
000000004E1E 00001000761E 0 </dependency>
000000004E2F 00001000762F 0 <dependency>
000000004E3F 00001000763F 0 <dependentAssembly>
000000004E58 000010007658 0 <assemblyIdentity type="win32" name="Microsoft.VC90.MFC" version="9.0.21022.8" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>
000000004F00 000010007700 0 </dependentAssembly>
000000004F1A 00001000771A 0 </dependency>
000000004F2B 00001000772B 0 </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
000000005008 000010008008 0 /050A0Q0W0u0
00000000501D 00001000801D 0 1e1l1
000000005031 000010008031 0 1"2C2R2e2r2
000000005053 000010008053 0 333@3I3O3T3a3g3q3
000000005077 000010008077 0 4 4-4;4G4R4a4
000000005095 000010008095 0 5#5;5L5T5
0000000050A9 0000100080A9 0 6>6K6s6
0000000050BD 0000100080BD 0 7;7I7Y7l7|7
0000000050DF 0000100080DF 0 8*8/898U8\8f8p8z8
0000000050FF 0000100080FF 0 9L9S9
00000000512B 00001000812B 0 :%:S:c:}:
000000005155 000010008155 0 ;#;(;-;6;;;A;I;N;T;[;
00000000516B 00001000816B 0 ;e;n;s;y;
000000005195 000010008195 0 <#<)<7<F<L<Z<
0000000051B5 0000100081B5 0 =4=A=
0000000051C7 0000100081C7 0 =K>R>b>s>z>
0000000051EB 0000100081EB 0 ?!?(?/?6?=?J?P?i?o?
00000000521B 00001000821B 0 0 0'040:0M0S0c0i0
000000005247 000010008247 0 1,11171=1C1I1O1U1[1a1g1m1t1x1|1
000000005287 000010008287 0 20262<2
000000005293 000010008293 0 2?3L3\3c3i3
0000000052A3 0000100082A3 0 3&4b4
0000000052AF 0000100082AF 0 5C5U5{5
0000000052CD 0000100082CD 0 6;6I6h6u6
0000000052EB 0000100082EB 0 7&737S7
0000000052FF 0000100082FF 0 8:8s8
000000005307 000010008307 0 839Z9
000000005315 000010008315 0 9#:/:>:D:J:P:V:\:b:h:n:t:z:
000000005361 000010008361 0 ;%;+;?;T;_;w;
000000005373 000010008373 0 ;)<2<9<><T<
000000005395 000010008395 0 =%=*=6=F=L=S=j=p=
File pos Mem pos ID Text
======== ======= == ====
0000000053B5 0000100083B5 0 >#>.>6>a>h>m>r>y>
0000000053CF 0000100083CF 0 >,?Y?
000000005407 000010008407 0 1!1+141?1K1P1
000000005415 000010008415 0 1e1k1q1
00000000542D 00001000842D 0 2'262;2\2a2
00000000543B 00001000843B 0 3/3M3a3g3
000000005451 000010008451 0 4+434;4G4k4s4~4
000000005471 000010008471 0 445Z5}5
00000000548D 00001000848D 0 6%6.6D6U6
0000000054B5 0000100084B5 0 7)7/737A7F7L7Q7a7q7w7
0000000054E7 0000100084E7 0 1P2T2X2\2
0000000054F1 0000100084F1 0 2d2h2l2p2t2x2|2
000000005513 000010008513 0 9L:P:
000000005531 000010008531 0 ;(;8;<;@;H;
00000000553D 00001000853D 0 ;p;t;|;
00000000554D 00001000854D 0 <4<8<X<t<x<
000000005569 000010008569 0 =(=0=H=T=t=|=
00000000558F 00001000858F 0 >(>H>P>\>|>
0000000055A5 0000100085A5 0 0(0H0h0
0000000048A6 0000100070A6 0 VS_VERSION_INFO
000000004902 000010007102 0 StringFileInfo
000000004926 000010007126 0 041904e3
00000000493E 00001000713E 0 CompanyName
000000004992 000010007192 0 FileDescription
0000000049EA 0000100071EA 0 FileVersion
000000004A04 000010007204 0 1.0.0.1
000000004A1A 00001000721A 0 InternalName
000000004A34 000010007234 0 dll_mfc.dll
000000004A52 000010007252 0 LegalCopyright
000000004ADE 0000100072DE 0 OriginalFilename
000000004B00 000010007300 0 dll_mfc.dll
000000004B1E 00001000731E 0 ProductName
000000004B72 000010007372 0 ProductVersion
000000004B90 000010007390 0 1.0.0.1
000000004BA6 0000100073A6 0 VarFileInfo
000000004BC6 0000100073C6 0 Translation