30170b9e391f9f62afa14affc10bba13
Jump to navigation
Jump to search
Description
Summary
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.
Thank you for your comprehension.
Packer
The malware is packed with NTkrnl
Identification
| MD5 | 30170b9e391f9f62afa14affc10bba13 |
|---|---|
| SHA1 | 531b48897de360b83643f37e74e5efe0e6a35246 |
| SHA256 | 907ba8f9ac12d0a5d6e1c3c43c2ebd4f9e3851c02bc08fd6f2f9856e8e7fd6f3 |
| ssdeep | 3072:8/yfCLpsDcIKyKnO4owbewYJ5uHEnkn5R9af7bokHGe+A:mbLewQJoHEk5R9aT |
| imphash | 87bed5a7cba00c7e1f4015f1bdae2183 |
| File size | 116.0 KB ( 118784 bytes ) |
| File type | Win32 EXE |
| Magic literal | PE32 executable for MS Windows (GUI) Intel 80386 32-bit |
Antivirus detection
| Antivirus | Result | Update |
|---|---|---|
| Ad-Aware | Trojan.Generic.4158563 | 20140227 |
| Agnitum | Packed/NTkrnl | 20140227 |
| AntiVir | TR/Horse.SQA | 20140227 |
| Antiy-AVL | Trojan/Win32.SGeneric | 20140227 |
| Avast | Win32:Malware-gen | 20140227 |
| BitDefender | Trojan.Generic.4158563 | 20140227 |
| Bkav | HW32.CDB.31f5 | 20140227 |
| CAT-QuickHeal | (Suspicious) - DNAScan | 20140227 |
| Commtouch | W32/SuspPack.G.gen!Eldorado | 20140227 |
| Emsisoft | Trojan.Generic.4158563 (B) | 20140227 |
| F-Prot | W32/SuspPack.G.gen!Eldorado | 20140227 |
| F-Secure | Trojan-Spy:W32/Banker.JGT | 20140227 |
| Fortinet | W32/FakeAV.FE!tr | 20140227 |
| GData | Trojan.Generic.4158563 | 20140227 |
| Ikarus | Worm.Win32.Mytob | 20140227 |
| K7AntiVirus | Trojan-Downloader ( 002e302e1 ) | 20140227 |
| K7GW | Trojan-Downloader ( 002e302e1 ) | 20140227 |
| McAfee | RDN/Generic Downloader.x!iu | 20140227 |
| McAfee-GW-Edition | Heuristic.LooksLike.Win32.Suspicious.B | 20140227 |
| MicroWorld-eScan | Trojan.Generic.4158563 | 20140227 |
| NANO-Antivirus | Trojan.Win32.SuspPack.cteipf | 20140227 |
| Norman | Packed_NTKrnl.B | 20140227 |
| Panda | Trj/CI.A | 20140227 |
| Qihoo-360 | Win32/Trojan.b2e | 20140227 |
| Sophos | Mal/Generic-S | 20140227 |
| Symantec | Trojan Horse | 20140227 |
| TotalDefense | Win32/SillyDl.PVN!packed | 20140227 |
| TrendMicro | TROJ_GEN.R08NC0EAU14 | 20140227 |
| TrendMicro-HouseCall | TROJ_GEN.R08NC0EAU14 | 20140227 |
| VBA32 | SScope.Trojan-Downloader.Banload.bfn | 20140227 |
| VIPRE | Trojan.Win32.Packer.NTkrnl0.1 (ep) | 20140227 |
| nProtect | Trojan.Generic.4158563 | 20140227 |
| AVG | 20140227 | |
| AhnLab-V3 | 20140227 | |
| Baidu-International | 20140227 | |
| ByteHero | 20140227 | |
| CMC | 20140220 | |
| ClamAV | 20140227 | |
| Comodo | 20140227 | |
| DrWeb | 20140227 | |
| ESET-NOD32 | 20140227 | |
| Jiangmin | 20140227 | |
| Kaspersky | 20140227 | |
| Kingsoft | 20140227 | |
| Malwarebytes | 20140227 | |
| Microsoft | 20140227 | |
| Rising | 20140227 | |
| SUPERAntiSpyware | 20140227 | |
| TheHacker | 20140226 | |
| ViRobot | 20140227 |
Dynamic analysis
Network indicators
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.
Thank you for your comprehension.
Files
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.
Thank you for your comprehension.
Registry keys
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.
Thank you for your comprehension.
Mutexes
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.
Thank you for your comprehension.
Static analysis
Sections
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.
Thank you for your comprehension.
Resources
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.
Thank you for your comprehension.
IAT
|
COMCTL32
|
msvcrt
|
COMDLG32
|
kernel32
|
Strings
!This program cannot be run in DOS mode. $y7D$x79 $x7Rich .text .rsrc .idata2 Wj@Y3 95$~@ YYh$R@ Ph0t@ 95,~@ F$QPh |CWWh YYj@W VSVWh SUVW3 jgWWWWj WWWWj j Sh6 Ph s@ VWtm9 Sh,R@ ;=,t@ ;=,t@ Sh8R@ ;=,t@ ;=,t@ SVAWQ QQSVW Sh@R@ QPWWW VPjJhlR@ Wh$s@ Yh$R@ tEVVh' |/VVh( t/PSW QQSUVW WPj@V >MZuD >"u:F XPVSS BinText 3.00 Ready ANSI: %d Uni: %d Rsrc: %d Unable to open that file File pos Mem pos ID Text Err :510 .rsrc BinText: A file text scanner. Foundstone Inc. http://www.foundstone.com/ [email protected] Enter a filename in the filename box or use the "Browse" button to select a file and click the "Go" button to begin the scan. Alternately you can drag and drop a file anywhere on the window. Only text determined by the Filter page will be shown. There are two viewing options for the text that was found in the requested file; advanced view and normal view. Advanced view (shown when the "Advanced view" box is checked) will show details such as the file position of each string together with extra technical information (see below). Normal view (shown when the "Advanced view" box is cleared) will show the recovered text in a traditional text editor style view with each string separated by a space character. Clicking the "Find" button searches for text (case insensitive) in the list. Items will be highlighted. Click again to find the next occurrence. Clicking the "Save" button saves the entire list to a file. If you are viewing the results in advanced mode then the strings will be saved in a text list much like the one on display. If you are not viewing in advanced mode the list will be saved in a standard text file format with each string separated by a space character and line breaks placed at column 80. ADVANCED VIEW DETAILS The type of string will be shown using a colored letter to the left of the list. ANSI strings will show a green "A", Unicode strings (double byte ANSI) will have a red "U" and resource strings have a blue "R". Clicking any of the column headers after a scan will sort the list by that column, alternating between ascending and descending whenever you click. File pos This is the HEX position in the file at which the text is located. Mem pos If the file is a Win32 PE file (e.g. Win95 EXEs and DLLs) then this is the HEX address at which the text is referred to in memory at runtime as determined by it's sections table. The decimal string resource ID or 0 if it is not a resource string. InitCommonControlsEx ImageList_Destroy ImageList_AddMasked ImageList_Create COMCTL32.dll LoadLibraryA FreeLibrary GlobalUnlock GlobalLock GlobalAlloc SetThreadPriority GetThreadPriority GetCurrentThread GetTickCount ReadFile SetFilePointer CreateFileA CloseHandle WriteFile KERNEL32.dll UpdateWindow ShowWindow LoadMenuA DestroyMenu DestroyWindow CreateWindowExA GetSystemMetrics RegisterClassExA LoadCursorA LoadIconA SendMessageA GetDlgItem CreateDialogParamA DispatchMessageA TranslateMessage GetMessageA IsDialogMessageA PeekMessageA SetWindowTextA CopyRect GetWindowRect PostQuitMessage DefWindowProcA TrackPopupMenu GetSubMenu GetCursorPos SetFocus SendDlgItemMessageA EnableWindow SetDlgItemTextA GetDlgItemTextA SetDlgItemInt GetWindowTextA HideCaret SetWindowLongA CallWindowProcA GetWindowLongA SetWindowPos InvalidateRect PostMessageA SetForegroundWindow GetDlgItemInt EndPaint BeginPaint ReleaseDC GetDC LoadImageA LoadBitmapA wsprintfA CloseClipboard SetClipboardData EmptyClipboard OpenClipboard MessageBoxA MoveWindow ScreenToClient AdjustWindowRect GetMenu GetClientRect USER32.dll CreateSolidBrush DeleteObject GetStockObject SetBkColor SetTextColor DeleteDC StretchBlt RealizePalette SelectPalette SelectObject CreateCompatibleDC CreateHalftonePalette CreatePalette GetDIBColorTable GetObjectA CreateFontIndirectA GDI32.dll GetOpenFileNameA GetSaveFileNameA comdlg32.dll DragAcceptFiles DragQueryFileA SHELL32.dll calloc ??3@YAXPAX@Z realloc ??2@YAPAXI@Z __CxxFrameHandler malloc sprintf strchr strstr _strlwr MSVCRT.dll _exit _XcptFilter _acmdln __getmainargs _initterm __setusermatherr _adjust_fdiv __p__commode __p__fmode __set_app_type _except_handler3 _controlfp GetModuleHandleA GetStartupInfoA _stricmp 0123456789ABCDEF Mem pos File pos Filter Search abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 123456789 RICHED32 Sorting... Scanning... S&top Open file for scanning All files (*.*) Saving... Save text to file Txt files (*.txt) *.txt All files (*.*) *.txt %s %s %5s %s Time taken : %d.%03d secs Text size: %d bytes (%.2fK) There was a problem trying to read the string resources in this file. The file may be compressed or in a non-standard format. Searching... MS Sans Serif KTj61 " (3\a P" "\S'_ fNDKn:\3I ?cEC( YXdN2 Y,UB xpl/t hx[1/ "0< =t" "h5r [" 5$9tI 2#V(%0 >F3cB #/:U| RD,BxB F<# ; 'FX~(n +hThs hPHg? E),X3 !N u" l}r%4 OP$8E Y@(hHdB|- :tP}H %PJ3S I[H3$ ">RV) " a;8sVS %$\Fip q;\FP ~povo #k2QX AX-dS \UC22KP %~Ke}Iq R',B$$ Z_pgT R;|)s KQBP\ 6#Jm! go+Vj} p(\2/~A%kO' 2:%*1 x;LP5 "v N+03" t!\}t#\} 0$(H -d![V axd;=, 0/SQj )DCDB-/ -3ctZ* &iKZAL 0_;!@ >/9U0 "tej F" t'Xd[# E2/)?a7= KP),$ ( KX) ?)zXb$ (f<)8Q! d"VEF 0"LDdt \"ND@. <"FDTb 0"BDXr GetC. @Job? MFFQR 2P8GZ "o%g ql}" nbmHz Dl&gI=I, +m;U2 prc%fA L<uWm LEAUTb0 _~|JT H@vBy @&N)am cRs(6M0 " OEMif&&" (?"8( q@@K:2 8B8I3N bbewt |R(chH .rsHc Pe\lB ""4DDR ,":DLd ""D4F EA%GH 1R~:K Y|el2 m$ Hp """ |Dxt" l$dH\ T"HD<4 %".2h aPSTg ";NZb N$mQ4 "Qd/ MHl" " Cor" t$xIr DOMAB& R6029 .NET; hp@HaP's O(d7"nw hv FXq hRA>w )srX2 !"#$%& '()*+,-.L/ 2345678 9:;<=>?@ ABCDEFGH IJKLMNOP QRSTUVWX YZ[\] ijklm uvwxyz HN:m< lcDhFXew,ux HD2qy Teh&s2 "XO <8A" fvaJl xB7!CUd (x"!$ "~@"8 !~@q| #~@T! 0x@14y 8y@Y( ~@,t|| }opzwSU ,X{vA !at|@ hSMwD Pp|B@ " .;5v" ZU\@U "Fd Dp" jRz#{@a @BHt+}G mzCD3 """ xDph" E/?+P <$=,>4?<?D?L?T?\?d?l ~<~@~D~H~L~P ~d~l~p~t~x~|~ 4918:H;X #;>'FGLg Err :509 '(G4g |#~)~-~2~7~=~E~d~j~uSebastien.damaye (talk) 3!'VG]gn t vVxcz 7K'\Gdgk ;J<V=]> C;H'bGha 9> :S;h< @'_!T Err :510 v6xKz 97$:.;;<E=R$[J 4#'-D7 897P:W*_ XhD|~ '2GDgb <B=T>_?q?|? K6XNg .9rRt Rr)t0v4x8 2?8N< pNpTpkprpnClg|c "4 f8L&a}s" erEf} um.Jp "&2* U$" "3e*"" UD" "NUo* " "w}< U" "2* U$" JH)r;pC CA@Id QSBHr 2H$s$ !n"Lo "|#H +" A%2?d! mD[+| XzwG0.! i+52)YX| MD++O /V8I\ RQ\an UT? 6 *SSBh GKh[\ !'!?> .[=BF SCmv: 1FWe* '4Wyf v x$z(|,~ 9x;r|t >$'(G8g< '@GLgP trbtsv :';W<l=u> g; @k t~E~V~ 99 :&;/<;=C>J?Z?h?q? " 90,:" )92H$Y IWB9c #91-:[;e i)Rxz 6D'[G t4v;g@ 9k;}N v$x2z>|j~o~y~ rPtY] ;><H=P>[X </=W& rYIN $3g??N?U?[?i?o?t?z? 0V7rj l.iB> >*'GDk :!\h&D~ N6SNm t=vOx[zk| :(;0%< t1v@xMW\ :aU:g((; 0jprv " 1#N8A" PSTgJwPT yRXRCXpJ PSTgJwPT yRXRCXpJ !Qp~B <wBp(%8 I,8+6 *j('Kb v?u_a detYe {EL%L> [+o,_ K#h*@ spvVX kq%?" |#qE* 9lw#R g/b|XA tv0V} "YT3V " t;S1w 8U(lk 9g|YZ* {!)[9 o+$im{ "_KS6 +" }(//j[ $9//( Ci=4R Bkyo" T?UXG f1bN K6SfY |j(o/ #C(@<K TB*>CY "!;9~ F[Gyxt 1D%)S +sDy} yu{T;9 kDJqE "s&. K" "X<aAH 9ppQO;Or ]0kJ; tO7$x HFlI4 'D(%A "w(< [1" LWSB* P#&[s s2D*' [GuKx /eL;R 2St_s$XU GLh5~ 1qkf$ Da]DO' F{n,xg AGO59 /|#/<v CcO9' S8Z%: "U j""6mn" E0JC@ * ,rV kY$M% ;}|1E"< KIP\Y <CB&) $V9/I qZNG l-HuE dBI)= Upa[_L TJjH 8 W0{:m iF+gL )VD[6 {q!Gk (S2?p 0lFs) ?j/?i0 SaULo "dR[_ " "GsQR {" m=V/__ mRhX]A m>aAXY $k'1) DefWindowProcA HsS}m HsS}m QjAYYp SPJBX[ RJZZx RJZZx RJZZx QjAYYp SPJBX[ RJZZx RJZZx RJZZx UWVRQSf QjAYYp SPJBX[ RJZZx RJZZx RJZZx UVQIY _]XYS SC[VSf# QjAYYp SPJBX[ RJZZx RJZZx RJZZx XxXxu Kernel32.dll OutputDebugStringA QjAYYp SPJBX[ RJZZx RJZZx RJZZx NTkrnl Secure Suite Version 0.1 Metamorphism Portable Executable (PE) Packer and Protector Library Copyright 2006-2007 Ashkbiz Danehkar All Rights Reserved Homepage: http://www.ntkrnl.com E-mail: [email protected] NTkrnl Geborgene Zeug Version 0.1 Metamorphismus Portable Executable (PE) Packer und Besch tzer Bibliothek Urheberrechtlicher 2006-2007 Ashkbiz Danehkar Alle Rechten reservierten HauseSeite: http://www.ntkrnl.com E-Mail: [email protected] NTkrnl Sicuro Seguito Version 0.1 Metamorphism Portable Eseguibile (PE) Biblioteca del Imballatore e del Protettore Propriet letterario riservato 2006-2007 Ashkbiz Danehkar Casa pagina: http://www.ntkrnl.com E-mail: [email protected] COMCTL32.DLL InitCommonControlsEx ImageList_Destroy ImageList_AddMasked ImageList_Create msvcrt.dll _controlfp _except_handler3 __set_app_type __p__fmode __p__commode _adjust_fdiv __setusermatherr _initterm __getmainargs _acmdln _XcptFilter _exit _strlwr strstr strchr sprintf malloc __CxxFrameHandler ??2@YAPAXI@Z realloc ??3@YAXPAX@Z _strcmpi calloc COMDLG32.DLL GetSaveFileNameA GetOpenFileNameA kernel32.dll LoadLibraryA GetProcAddress GetModuleHandleA VirtualProtect VirtualAlloc VirtualFree VirtualQuery IsBadReadPtr LoadLibraryA GetProcAddress MS Sans Serif File to scan &Browse Advanced &view SysListView32 List2 Ready &Find &Save RICHEDIT MS Sans Serif STAGE 1: Characters included in the definition of a string Space ' (apostrophe) , (comma) - (minus) . (period) _ (underscore) (backtick) ~ (tilde) Include these characters too C&lear Restore &defaults STAGE 2: String size Min text length Max text length Discard strings with or more repeated characters STAGE 3: Essentials MUST contain these MS Sans Serif MS Sans Serif SysTabControl32 Popup &Copy VS_VERSION_INFO StringFileInfo 040904b0 Comments CompanyName Foundstone Inc. FileDescription bintext FileVersion 3, 0, 0, 0 InternalName bintext LegalCopyright 2000 Foundstone LegalTrademarks OriginalFilename bintext.exe PrivateBuild ProductName bintext ProductVersion 3, 0, 0, 0 SpecialBuild VarFileInfo Translation NSEProLib.dll VS_VERSION_INFO StringFileInfo 040904b0 Comments CompanyName Foundstone Inc. FileDescription bintext FileVersion 3, 0, 0, 0 InternalName bintext LegalCopyright 2000 Foundstone LegalTrademarks OriginalFilename bintext.exe PrivateBuild ProductName bintext ProductVersion 3, 0, 0, 0 SpecialBuild VarFileInfo Translation !This program cannot be run in DOS mode. $y7D$x79 $x7Rich .text .rsrc .idata2 Wj@Y3 95$~@ YYh$R@ Ph0t@ 95,~@ F$QPh |CWWh YYj@W VSVWh SUVW3 jgWWWWj WWWWj j Sh6 Ph s@ VWtm9 Sh,R@ ;=,t@ ;=,t@ Sh8R@ ;=,t@ ;=,t@ SVAWQ QQSVW Sh@R@ QPWWW VPjJhlR@ Wh$s@ Yh$R@ tEVVh' |/VVh( t/PSW QQSUVW WPj@V >MZuD >"u:F XPVSS BinText 3.00 Ready ANSI: %d Uni: %d Rsrc: %d Unable to open that file File pos Mem pos ID Text Err :510 .rsrc BinText: A file text scanner. Foundstone Inc. http://www.foundstone.com/ [email protected] Enter a filename in the filename box or use the "Browse" button to select a file and click the "Go" button to begin the scan. Alternately you can drag and drop a file anywhere on the window. Only text determined by the Filter page will be shown. There are two viewing options for the text that was found in the requested file; advanced view and normal view. Advanced view (shown when the "Advanced view" box is checked) will show details such as the file position of each string together with extra technical information (see below). Normal view (shown when the "Advanced view" box is cleared) will show the recovered text in a traditional text editor style view with each string separated by a space character. Clicking the "Find" button searches for text (case insensitive) in the list. Items will be highlighted. Click again to find the next occurrence. Clicking the "Save" button saves the entire list to a file. If you are viewing the results in advanced mode then the strings will be saved in a text list much like the one on display. If you are not viewing in advanced mode the list will be saved in a standard text file format with each string separated by a space character and line breaks placed at column 80. ADVANCED VIEW DETAILS The type of string will be shown using a colored letter to the left of the list. ANSI strings will show a green "A", Unicode strings (double byte ANSI) will have a red "U" and resource strings have a blue "R". Clicking any of the column headers after a scan will sort the list by that column, alternating between ascending and descending whenever you click. File pos This is the HEX position in the file at which the text is located. Mem pos If the file is a Win32 PE file (e.g. Win95 EXEs and DLLs) then this is the HEX address at which the text is referred to in memory at runtime as determined by it's sections table. The decimal string resource ID or 0 if it is not a resource string. InitCommonControlsEx ImageList_Destroy ImageList_AddMasked ImageList_Create COMCTL32.dll LoadLibraryA FreeLibrary GlobalUnlock GlobalLock GlobalAlloc SetThreadPriority GetThreadPriority GetCurrentThread GetTickCount ReadFile SetFilePointer CreateFileA CloseHandle WriteFile KERNEL32.dll UpdateWindow ShowWindow LoadMenuA DestroyMenu DestroyWindow CreateWindowExA GetSystemMetrics RegisterClassExA LoadCursorA LoadIconA SendMessageA GetDlgItem CreateDialogParamA DispatchMessageA TranslateMessage GetMessageA IsDialogMessageA PeekMessageA SetWindowTextA CopyRect GetWindowRect PostQuitMessage DefWindowProcA TrackPopupMenu GetSubMenu GetCursorPos SetFocus SendDlgItemMessageA EnableWindow SetDlgItemTextA GetDlgItemTextA SetDlgItemInt GetWindowTextA HideCaret SetWindowLongA CallWindowProcA GetWindowLongA SetWindowPos InvalidateRect PostMessageA SetForegroundWindow GetDlgItemInt EndPaint BeginPaint ReleaseDC GetDC LoadImageA LoadBitmapA wsprintfA CloseClipboard SetClipboardData EmptyClipboard OpenClipboard MessageBoxA MoveWindow ScreenToClient AdjustWindowRect GetMenu GetClientRect USER32.dll CreateSolidBrush DeleteObject GetStockObject SetBkColor SetTextColor DeleteDC StretchBlt RealizePalette SelectPalette SelectObject CreateCompatibleDC CreateHalftonePalette CreatePalette GetDIBColorTable GetObjectA CreateFontIndirectA GDI32.dll GetOpenFileNameA GetSaveFileNameA comdlg32.dll DragAcceptFiles DragQueryFileA SHELL32.dll calloc ??3@YAXPAX@Z realloc ??2@YAPAXI@Z __CxxFrameHandler malloc sprintf strchr strstr _strlwr MSVCRT.dll _exit _XcptFilter _acmdln __getmainargs _initterm __setusermatherr _adjust_fdiv __p__commode __p__fmode __set_app_type _except_handler3 _controlfp GetModuleHandleA GetStartupInfoA _stricmp 0123456789ABCDEF Mem pos File pos Filter Search abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 123456789 RICHED32 Sorting... Scanning... S&top Open file for scanning All files (*.*) Saving... Save text to file Txt files (*.txt) *.txt All files (*.*) *.txt %s %s %5s %s Time taken : %d.%03d secs Text size: %d bytes (%.2fK) There was a problem trying to read the string resources in this file. The file may be compressed or in a non-standard format. Searching... MS Sans Serif KTj61 " (3\a P" "\S'_ fNDKn:\3I ?cEC( YXdN2 Y,UB xpl/t hx[1/ "0< =t" "h5r [" 5$9tI 2#V(%0 >F3cB #/:U| RD,BxB F<# ; 'FX~(n +hThs hPHg? E),X3 !N u" l}r%4 OP$8E Y@(hHdB|- :tP}H %PJ3S I[H3$ ">RV) " a;8sVS %$\Fip q;\FP ~povo #k2QX AX-dS \UC22KP %~Ke}Iq R',B$$ Z_pgT R;|)s KQBP\ 6#Jm! go+Vj} p(\2/~A%kO' 2:%*1 x;LP5 "v N+03" t!\}t#\} 0$(H -d![V axd;=, 0/SQj )DCDB-/ -3ctZ* &iKZAL 0_;!@ >/9U0 "tej F" t'Xd[# E2/)?a7= KP),$ ( KX) ?)zXb$ (f<)8Q! d"VEF 0"LDdt \"ND@. <"FDTb 0"BDXr GetC. @Job? MFFQR 2P8GZ "o%g ql}" nbmHz Dl&gI=I, +m;U2 prc%fA L<uWm LEAUTb0 _~|JT H@vBy @&N)am cRs(6M0 " OEMif&&" (?"8( q@@K:2 8B8I3N bbewt |R(chH .rsHc Pe\lB ""4DDR ,":DLd ""D4F EA%GH 1R~:K Y|el2 m$ Hp """ |Dxt" l$dH\ T"HD<4 %".2h aPSTg ";NZb N$mQ4 "Qd/ MHl" " Cor" t$xIr DOMAB& R6029 .NET; hp@HaP's O(d7"nw hv FXq hRA>w )srX2 !"#$%& '()*+,-.L/ 2345678 9:;<=>?@ ABCDEFGH IJKLMNOP QRSTUVWX YZ[\] ijklm uvwxyz HN:m< lcDhFXew,ux HD2qy Teh&s2 "XO <8A" fvaJl xB7!CUd (x"!$ "~@"8 !~@q| #~@T! 0x@14y 8y@Y( ~@,t|| }opzwSU ,X{vA !at|@ hSMwD Pp|B@ " .;5v" ZU\@U "Fd Dp" jRz#{@a @BHt+}G mzCD3 """ xDph" E/?+P <$=,>4?<?D?L?T?\?d?l ~<~@~D~H~L~P ~d~l~p~t~x~|~ 4918:H;X #;>'FGLg Err :509 '(G4g |#~)~-~2~7~=~E~d~j~uSebastien.damaye (talk) 3!'VG]gn t vVxcz 7K'\Gdgk ;J<V=]> C;H'bGha 9> :S;h< @'_!T Err :510 v6xKz 97$:.;;<E=R$[J 4#'-D7 897P:W*_ XhD|~ '2GDgb <B=T>_?q?|? K6XNg .9rRt Rr)t0v4x8 2?8N< pNpTpkprpnClg|c "4 f8L&a}s" erEf} um.Jp "&2* U$" "3e*"" UD" "NUo* " "w}< U" "2* U$" JH)r;pC CA@Id QSBHr 2H$s$ !n"Lo "|#H +" A%2?d! mD[+| XzwG0.! i+52)YX| MD++O /V8I\ RQ\an UT? 6 *SSBh GKh[\ !'!?> .[=BF SCmv: 1FWe* '4Wyf v x$z(|,~ 9x;r|t >$'(G8g< '@GLgP trbtsv :';W<l=u> g; @k t~E~V~ 99 :&;/<;=C>J?Z?h?q? " 90,:" )92H$Y IWB9c #91-:[;e i)Rxz 6D'[G t4v;g@ 9k;}N v$x2z>|j~o~y~ rPtY] ;><H=P>[X </=W& rYIN $3g??N?U?[?i?o?t?z? 0V7rj l.iB> >*'GDk :!\h&D~ N6SNm t=vOx[zk| :(;0%< t1v@xMW\ :aU:g((; 0jprv " 1#N8A" PSTgJwPT yRXRCXpJ PSTgJwPT yRXRCXpJ !Qp~B <wBp(%8 I,8+6 *j('Kb v?u_a detYe {EL%L> [+o,_ K#h*@ spvVX kq%?" |#qE* 9lw#R g/b|XA tv0V} "YT3V " t;S1w 8U(lk 9g|YZ* {!)[9 o+$im{ "_KS6 +" }(//j[ $9//( Ci=4R Bkyo" T?UXG f1bN K6SfY |j(o/ #C(@<K TB*>CY "!;9~ F[Gyxt 1D%)S +sDy} yu{T;9 kDJqE "s&. K" "X<aAH 9ppQO;Or ]0kJ; tO7$x HFlI4 'D(%A "w(< [1" LWSB* P#&[s s2D*' [GuKx /eL;R 2St_s$XU GLh5~ 1qkf$ Da]DO' F{n,xg AGO59 /|#/<v CcO9' S8Z%: "U j""6mn" E0JC@ * ,rV kY$M% ;}|1E"< KIP\Y <CB&) $V9/I qZNG l-HuE dBI)= Upa[_L TJjH 8 W0{:m iF+gL )VD[6 {q!Gk (S2?p 0lFs) ?j/?i0 SaULo "dR[_ " "GsQR {" m=V/__ mRhX]A m>aAXY $k'1) DefWindowProcA HsS}m HsS}m QjAYYp SPJBX[ RJZZx RJZZx RJZZx QjAYYp SPJBX[ RJZZx RJZZx RJZZx UWVRQSf QjAYYp SPJBX[ RJZZx RJZZx RJZZx UVQIY _]XYS SC[VSf# QjAYYp SPJBX[ RJZZx RJZZx RJZZx XxXxu Kernel32.dll OutputDebugStringA QjAYYp SPJBX[ RJZZx RJZZx RJZZx NTkrnl Secure Suite Version 0.1 Metamorphism Portable Executable (PE) Packer and Protector Library Copyright 2006-2007 Ashkbiz Danehkar All Rights Reserved Homepage: http://www.ntkrnl.com E-mail: [email protected] NTkrnl Geborgene Zeug Version 0.1 Metamorphismus Portable Executable (PE) Packer und Besch tzer Bibliothek Urheberrechtlicher 2006-2007 Ashkbiz Danehkar Alle Rechten reservierten HauseSeite: http://www.ntkrnl.com E-Mail: [email protected] NTkrnl Sicuro Seguito Version 0.1 Metamorphism Portable Eseguibile (PE) Biblioteca del Imballatore e del Protettore Propriet letterario riservato 2006-2007 Ashkbiz Danehkar Casa pagina: http://www.ntkrnl.com E-mail: [email protected] COMCTL32.DLL InitCommonControlsEx ImageList_Destroy ImageList_AddMasked ImageList_Create msvcrt.dll _controlfp _except_handler3 __set_app_type __p__fmode __p__commode _adjust_fdiv __setusermatherr _initterm __getmainargs _acmdln _XcptFilter _exit _strlwr strstr strchr sprintf malloc __CxxFrameHandler ??2@YAPAXI@Z realloc ??3@YAXPAX@Z _strcmpi calloc COMDLG32.DLL GetSaveFileNameA GetOpenFileNameA kernel32.dll LoadLibraryA GetProcAddress GetModuleHandleA VirtualProtect VirtualAlloc VirtualFree VirtualQuery IsBadReadPtr LoadLibraryA GetProcAddress MS Sans Serif File to scan &Browse Advanced &view SysListView32 List2 Ready &Find &Save RICHEDIT MS Sans Serif STAGE 1: Characters included in the definition of a string Space ' (apostrophe) , (comma) - (minus) . (period) _ (underscore) (backtick) ~ (tilde) Include these characters too C&lear Restore &defaults STAGE 2: String size Min text length Max text length Discard strings with or more repeated characters STAGE 3: Essentials MUST contain these MS Sans Serif MS Sans Serif SysTabControl32 Popup &Copy VS_VERSION_INFO StringFileInfo 040904b0 Comments CompanyName Foundstone Inc. FileDescription bintext FileVersion 3, 0, 0, 0 InternalName bintext LegalCopyright 2000 Foundstone LegalTrademarks OriginalFilename bintext.exe PrivateBuild ProductName bintext ProductVersion 3, 0, 0, 0 SpecialBuild VarFileInfo Translation NSEProLib.dll VS_VERSION_INFO StringFileInfo 040904b0 Comments CompanyName Foundstone Inc. FileDescription bintext FileVersion 3, 0, 0, 0 InternalName bintext LegalCopyright 2000 Foundstone LegalTrademarks OriginalFilename bintext.exe PrivateBuild ProductName bintext ProductVersion 3, 0, 0, 0 SpecialBuild VarFileInfo Translation
Comments
Keywords: NTkrnl BinText 30170b9e391f9f62afa14affc10bba13