30170b9e391f9f62afa14affc10bba13

From aldeid
Jump to: navigation, search

Description

Summary

Incomplete.png
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.

Packer

The malware is packed with NTkrnl

Identification

MD5 30170b9e391f9f62afa14affc10bba13
SHA1 531b48897de360b83643f37e74e5efe0e6a35246
SHA256 907ba8f9ac12d0a5d6e1c3c43c2ebd4f9e3851c02bc08fd6f2f9856e8e7fd6f3
ssdeep 3072:8/yfCLpsDcIKyKnO4owbewYJ5uHEnkn5R9af7bokHGe+A:mbLewQJoHEk5R9aT
imphash 87bed5a7cba00c7e1f4015f1bdae2183
File size 116.0 KB ( 118784 bytes )
File type Win32 EXE
Magic literal PE32 executable for MS Windows (GUI) Intel 80386 32-bit

Antivirus detection

Antivirus Result Update
Ad-Aware Trojan.Generic.4158563 20140227
Agnitum Packed/NTkrnl 20140227
AntiVir TR/Horse.SQA 20140227
Antiy-AVL Trojan/Win32.SGeneric 20140227
Avast Win32:Malware-gen 20140227
BitDefender Trojan.Generic.4158563 20140227
Bkav HW32.CDB.31f5 20140227
CAT-QuickHeal (Suspicious) - DNAScan 20140227
Commtouch W32/SuspPack.G.gen!Eldorado 20140227
Emsisoft Trojan.Generic.4158563 (B) 20140227
F-Prot W32/SuspPack.G.gen!Eldorado 20140227
F-Secure Trojan-Spy:W32/Banker.JGT 20140227
Fortinet W32/FakeAV.FE!tr 20140227
GData Trojan.Generic.4158563 20140227
Ikarus Worm.Win32.Mytob 20140227
K7AntiVirus Trojan-Downloader ( 002e302e1 ) 20140227
K7GW Trojan-Downloader ( 002e302e1 ) 20140227
McAfee RDN/Generic Downloader.x!iu 20140227
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.B 20140227
MicroWorld-eScan Trojan.Generic.4158563 20140227
NANO-Antivirus Trojan.Win32.SuspPack.cteipf 20140227
Norman Packed_NTKrnl.B 20140227
Panda Trj/CI.A 20140227
Qihoo-360 Win32/Trojan.b2e 20140227
Sophos Mal/Generic-S 20140227
Symantec Trojan Horse 20140227
TotalDefense Win32/SillyDl.PVN!packed 20140227
TrendMicro TROJ_GEN.R08NC0EAU14 20140227
TrendMicro-HouseCall TROJ_GEN.R08NC0EAU14 20140227
VBA32 SScope.Trojan-Downloader.Banload.bfn 20140227
VIPRE Trojan.Win32.Packer.NTkrnl0.1 (ep) 20140227
nProtect Trojan.Generic.4158563 20140227
AVG 20140227
AhnLab-V3 20140227
Baidu-International 20140227
ByteHero 20140227
CMC 20140220
ClamAV 20140227
Comodo 20140227
DrWeb 20140227
ESET-NOD32 20140227
Jiangmin 20140227
Kaspersky 20140227
Kingsoft 20140227
Malwarebytes 20140227
Microsoft 20140227
Rising 20140227
SUPERAntiSpyware 20140227
TheHacker 20140226
ViRobot 20140227

Dynamic analysis

Network indicators

Incomplete.png
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.

Files

Incomplete.png
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.

Registry keys

Incomplete.png
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.

Mutexes

Incomplete.png
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.

Static analysis

Sections

Incomplete.png
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.

Resources

Incomplete.png
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.

IAT

COMCTL32

  • InitCommonControlsEx
  • ImageList_Destroy
  • ImageList_AddMasked
  • ImageList_Create

msvcrt

  • _controlfp
  • _except_handler3
  • __set_app_type
  • __p__fmode
  • __p__commode
  • _adjust_fdiv
  • __setusermatherr
  • _initterm
  • __getmainargs
  • _acmdln
  • exit
  • _XcptFilter
  • _exit
  • _strlwr
  • strstr
  • strchr
  • sprintf
  • malloc
  • __CxxFrameHandler
  • [email protected]@Z
  • realloc
  • free
  • [email protected]@Z
  • _strcmpi
  • calloc

COMDLG32

  • GetSaveFileNameA
  • GetOpenFileNameA

kernel32

  • LoadLibraryA
  • GetProcAddress
  • GetModuleHandleA
  • VirtualProtect
  • VirtualAlloc
  • VirtualFree
  • VirtualQuery
  • IsBadReadPtr

Strings

!This program cannot be run in DOS mode.
$y7D$x79
$x7Rich
.text
.rsrc
.idata2
[email protected]
[email protected]
[email protected]
[email protected]
95,[email protected]
F$QPh
|CWWh
[email protected]
VSVWh
SUVW3
jgWWWWj
WWWWj
j Sh6
Ph [email protected]
VWtm9
Sh,[email protected]
;=,[email protected]
;=,[email protected]
[email protected]
;=,[email protected]
;=,[email protected]
SVAWQ
QQSVW
[email protected]@
QPWWW
[email protected]
[email protected]
[email protected]
tEVVh'
|/VVh(
t/PSW
QQSUVW
[email protected]
>MZuD
>"u:F
XPVSS
BinText 3.00
Ready
ANSI: %d
Uni: %d
Rsrc: %d
Unable to open that file
File pos   Mem pos      ID   Text
Err :510
.rsrc
BinText:  A file text scanner.
Foundstone Inc.
http://www.foundstone.com/
[email protected]
Enter a filename in the filename box or use the "Browse" button to select a file and click the "Go" button to begin the scan. Alternately you can drag and drop a file anywhere on the window.
Only text determined by the Filter page will be shown.
There are two viewing options for the text that was found in the requested file; advanced view and normal view. Advanced view (shown when the "Advanced view" box is checked) will show details such as the file position of each string together with extra technical information (see below). Normal view (shown when the "Advanced view" box is cleared) will show the recovered text in a traditional text editor style view with each string separated by a space character.
Clicking the "Find" button searches for text (case insensitive) in the list. Items will be highlighted. Click again to find the next occurrence.
Clicking the "Save" button saves the entire list to a file. If you are viewing the results in advanced mode then the strings will be saved in a text list much like the one on display. If you are not viewing in advanced mode the list will be saved in a standard text file format with each string separated by a space character and line breaks placed at column 80.
ADVANCED VIEW DETAILS
The type of string will be shown using a colored letter to the left of the list. ANSI strings will show a green "A",  Unicode strings (double byte ANSI) will have a red "U" and resource strings have a blue "R".
Clicking any of the column headers after a scan will sort the list by that column, alternating between ascending and descending whenever you click.
File pos
This is the HEX position in the file at which the text is located.
Mem pos
If the file is a Win32 PE file (e.g. Win95 EXEs and DLLs) then this is the HEX address at which the text is referred to in memory at runtime as determined by it's sections table.
The decimal string resource ID or 0 if it is not a resource string.
InitCommonControlsEx
ImageList_Destroy
ImageList_AddMasked
ImageList_Create
COMCTL32.dll
LoadLibraryA
FreeLibrary
GlobalUnlock
GlobalLock
GlobalAlloc
SetThreadPriority
GetThreadPriority
GetCurrentThread
GetTickCount
ReadFile
SetFilePointer
CreateFileA
CloseHandle
WriteFile
KERNEL32.dll
UpdateWindow
ShowWindow
LoadMenuA
DestroyMenu
DestroyWindow
CreateWindowExA
GetSystemMetrics
RegisterClassExA
LoadCursorA
LoadIconA
SendMessageA
GetDlgItem
CreateDialogParamA
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PeekMessageA
SetWindowTextA
CopyRect
GetWindowRect
PostQuitMessage
DefWindowProcA
TrackPopupMenu
GetSubMenu
GetCursorPos
SetFocus
SendDlgItemMessageA
EnableWindow
SetDlgItemTextA
GetDlgItemTextA
SetDlgItemInt
GetWindowTextA
HideCaret
SetWindowLongA
CallWindowProcA
GetWindowLongA
SetWindowPos
InvalidateRect
PostMessageA
SetForegroundWindow
GetDlgItemInt
EndPaint
BeginPaint
ReleaseDC
GetDC
LoadImageA
LoadBitmapA
wsprintfA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
MessageBoxA
MoveWindow
ScreenToClient
AdjustWindowRect
GetMenu
GetClientRect
USER32.dll
CreateSolidBrush
DeleteObject
GetStockObject
SetBkColor
SetTextColor
DeleteDC
StretchBlt
RealizePalette
SelectPalette
SelectObject
CreateCompatibleDC
CreateHalftonePalette
CreatePalette
GetDIBColorTable
GetObjectA
CreateFontIndirectA
GDI32.dll
GetOpenFileNameA
GetSaveFileNameA
comdlg32.dll
DragAcceptFiles
DragQueryFileA
SHELL32.dll
calloc
[email protected]@Z
realloc
[email protected]@Z
__CxxFrameHandler
malloc
sprintf
strchr
strstr
_strlwr
MSVCRT.dll
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
GetModuleHandleA
GetStartupInfoA
_stricmp
0123456789ABCDEF
Mem pos
File pos
Filter
Search
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
123456789
RICHED32
Sorting...
Scanning...
S&top
Open file for scanning
All files (*.*)
Saving...
Save text to file
Txt files (*.txt)
*.txt
All files (*.*)
*.txt
%s   %s  %5s   %s
Time taken : %d.%03d secs    Text size: %d bytes (%.2fK)
There was a problem trying to read the string resources in this file.
The file may be compressed or in a non-standard format.
Searching...
MS Sans Serif
KTj61
" (3\a	P"
"\S'_
fNDKn:\3I
?cEC(
YXdN2
Y,UB
xpl/t
hx[1/
"0<	=t"
"h5r	["
5$9tI
2#V(%0
>F3cB
#/:U|
RD,BxB
F<# ;
'FX~(n
+hThs
hPHg?
E),X3
!N u"
l}r%4
OP$8E
[email protected](hHdB|-
:tP}H
%PJ3S
I[H3$
">RV)	"
a;8sVS
%$\Fip
q;\FP
~povo
#k2QX
AX-dS
\UC22KP
%~Ke}Iq
R',B$$
Z_pgT
R;|)s
KQBP\
6#Jm!
go+Vj}
p(\2/~A%kO'
2:%*1
x;LP5
"v	N+03"
t!\}t#\}
0$(H
-d![V
axd;=,
0/SQj
)DCDB-/
-3ctZ*
&iKZAL
0_;[email protected]
>/9U0
"tej	F"
t'Xd[#
E2/)?a7=
KP),$
( KX)
?)zXb$
(f<)8Q!
d"VEF
0"LDdt
\"[email protected]
<"FDTb
0"BDXr
GetC.
@Job?
MFFQR
2P8GZ
"o%g	ql}"
nbmHz
Dl&gI=I,
+m;U2
prc%fA
L<uWm
LEAUTb0
_~|JT
[email protected]
@&N)am
cRs(6M0
"	OEMif&&"
(?"8(
[email protected]@K:2
8B8I3N
bbewt
|R(chH
.rsHc
Pe\lB
""4DDR
,":DLd
""D4F
 EA%GH
1R~:K
Y|el2
m$ Hp
"""	|Dxt"
l$dH\
T"HD<4
%".2h
aPSTg
";NZb
N$mQ4
"Qd/	MHl"
"		Cor"
t$xIr
DOMAB&
R6029
.NET;
[email protected]'s
O(d7"nw
hv FXq
hRA>w
)srX2
 !"#$%&
'()*+,-.L/
2345678
9:;<=>[email protected]
ABCDEFGH
IJKLMNOP
QRSTUVWX
YZ[\]
ijklm
uvwxyz
HN:m<
lcDhFXew,ux
HD2qy
Teh&s2
"XO	<8A"
fvaJl
xB7!CUd
(x"!$
"[email protected]"8
[email protected]|
#[email protected]!
[email protected]
[email protected](
[email protected],t||
}opzwSU
,X{vA
 !at|@
hSMwD
Pp|[email protected]
"	.;5v"
ZU\@U
"Fd	Dp"
jRz#{@a
@BHt+}G
mzCD3
"""	xDph"
E/?+P
<$=,>4?<?D?L?T?\?d?l
~<[email protected]~D~H~L~P
~d~l~p~t~x~|~
4918:H;X
#;>'FGLg
Err :509
'(G4g
|#~)~-~2~7~=~E~d~j~uSebastien.damaye (talk)
3!'VG]gn
t vVxcz
7K'\Gdgk
;J<V=]>
C;H'bGha
9> :S;h<
@'_!T
Err :510
v6xKz
97$:.;;<E=R$[J
4#'-D7
897P:W*_
XhD|~
'2GDgb
<B=T>_?q?|?
K6XNg
.9rRt
Rr)t0v4x8
2?8N<
pNpTpkprpnClg|c
"4	f8L&a}s"
erEf}
um.Jp
"&2*	U$"
"3e*""	UD"
"NUo*	"
"w}<	U"
"2*	U$"
JH)r;pC
[email protected]
QSBHr
2H$s$
!n"Lo
"|#H	+"
A%2?d!
mD[+|
XzwG0.!
i+52)YX|
MD++O
/V8I\
RQ\an
UT? 6
*SSBh
GKh[\
!'!?>
.[=BF
SCmv:
1FWe*
'4Wyf
v x$z(|,~
9x;r|t
 >$'(G8g<
'@GLgP
trbtsv
:';W<l=u>
g; @k
t~E~V~
99 :&;/<;=C>J?Z?h?q?
"	90,:"
)92H$Y
IWB9c
#91-:[;e
i)Rxz
6D'[G
t4v;[email protected]
9k;}N
v$x2z>|j~o~y~
rPtY]
;><H=P>[X
</=W&
 rYIN
$3g??N?U?[?i?o?t?z?
0V7rj
l.iB>
>*'GDk
:!\h&D~
N6SNm
t=vOx[zk|
:(;0%<
[email protected]\
:aU:g((;
0jprv
"	1#N8A"
PSTgJwPT
yRXRCXpJ
PSTgJwPT
yRXRCXpJ
!Qp~B
<wBp(%8
I,8+6
*j('Kb
v?u_a
detYe
{EL%L>
[+o,_
K#h*@
spvVX
kq%?"
|#qE*
9lw#R
g/b|XA
tv0V}
"YT3V	"
t;S1w
8U(lk
9g|YZ*
{!)[9
o+$im{
"_KS6	+"
}(//j[
$9//(
Ci=4R
Bkyo"
T?UXG
 f1bN
K6SfY
|j(o/
#C(@<K
TB*>CY
"!;9~
F[Gyxt
1D%)S
+sDy}
yu{T;9
kDJqE
"s&.	K"
"X<aAH
9ppQO;Or
]0kJ;
tO7$x
HFlI4
'D(%A
"w(<	[1"
LWSB*
P#&[s
s2D*'
[GuKx
/eL;R
2St_s$XU
GLh5~
1qkf$
Da]DO'
F{n,xg
AGO59
 /|#/<v
CcO9'
S8Z%:
"U	j""6mn"
[email protected]
* ,rV
kY$M%
;}|1E"<
KIP\Y
<CB&)
$V9/I
 qZNG
l-HuE
dBI)=
Upa[_L
TJjH 8
W0{:m
iF+gL
)VD[6
{q!Gk
(S2?p
0lFs)
?j/?i0
SaULo
"dR[_	"
"GsQR	{"
m=V/__
mRhX]A
m>aAXY
$k'1)
DefWindowProcA
HsS}m
HsS}m
QjAYYp
SPJBX[
RJZZx
RJZZx
RJZZx
QjAYYp
SPJBX[
RJZZx
RJZZx
RJZZx
UWVRQSf
QjAYYp
SPJBX[
RJZZx
RJZZx
RJZZx
UVQIY
_]XYS
SC[VSf#
QjAYYp
SPJBX[
RJZZx
RJZZx
RJZZx
XxXxu
Kernel32.dll
OutputDebugStringA
QjAYYp
SPJBX[
RJZZx
RJZZx
RJZZx
NTkrnl Secure Suite
Version 0.1
Metamorphism Portable Executable (PE) Packer and Protector Library
Copyright
 2006-2007 Ashkbiz Danehkar
All Rights Reserved
Homepage: http://www.ntkrnl.com
E-mail: [email protected] NTkrnl Geborgene Zeug
Version 0.1
Metamorphismus Portable Executable (PE) Packer und Besch
tzer Bibliothek
Urheberrechtlicher
 2006-2007 Ashkbiz Danehkar
Alle Rechten reservierten
HauseSeite: http://www.ntkrnl.com
E-Mail: [email protected] NTkrnl Sicuro Seguito
Version 0.1
Metamorphism Portable Eseguibile (PE) Biblioteca del Imballatore e del Protettore
Propriet
 letterario riservato
 2006-2007 Ashkbiz Danehkar
Casa pagina: http://www.ntkrnl.com
E-mail: [email protected]
COMCTL32.DLL
InitCommonControlsEx
ImageList_Destroy
ImageList_AddMasked
ImageList_Create
msvcrt.dll
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_strlwr
strstr
strchr
sprintf
malloc
__CxxFrameHandler
[email protected]@Z
realloc
[email protected]@Z
_strcmpi
calloc
COMDLG32.DLL
GetSaveFileNameA
GetOpenFileNameA
kernel32.dll
LoadLibraryA
GetProcAddress
GetModuleHandleA
VirtualProtect
VirtualAlloc
VirtualFree
VirtualQuery
IsBadReadPtr
LoadLibraryA
GetProcAddress
MS Sans Serif
File to scan
&Browse
Advanced &view
SysListView32
List2
Ready
&Find
&Save
RICHEDIT
MS Sans Serif
STAGE 1:   Characters included in the definition of a string
Space
' (apostrophe)
, (comma)
- (minus)
. (period)
_ (underscore)
 (backtick)
~ (tilde)
Include these characters too
C&lear
Restore &defaults
STAGE 2:   String size
Min text length
Max text length
Discard strings with
or more repeated characters
STAGE 3:   Essentials
MUST contain these
MS Sans Serif
MS Sans Serif
SysTabControl32
Popup
&Copy
VS_VERSION_INFO
StringFileInfo
040904b0
Comments
CompanyName
Foundstone Inc.
FileDescription
bintext
FileVersion
3, 0, 0, 0
InternalName
bintext
LegalCopyright
 2000 Foundstone
LegalTrademarks
OriginalFilename
bintext.exe
PrivateBuild
ProductName
  bintext
ProductVersion
3, 0, 0, 0
SpecialBuild
VarFileInfo
Translation
NSEProLib.dll
VS_VERSION_INFO
StringFileInfo
040904b0
Comments
CompanyName
Foundstone Inc.
FileDescription
bintext
FileVersion
3, 0, 0, 0
InternalName
bintext
LegalCopyright
 2000 Foundstone
LegalTrademarks
OriginalFilename
bintext.exe
PrivateBuild
ProductName
  bintext
ProductVersion
3, 0, 0, 0
SpecialBuild
VarFileInfo
Translation
!This program cannot be run in DOS mode.
$y7D$x79
$x7Rich
.text
.rsrc
.idata2
[email protected]
[email protected]
[email protected]
[email protected]
95,[email protected]
F$QPh
|CWWh
[email protected]
VSVWh
SUVW3
jgWWWWj
WWWWj
j Sh6
Ph [email protected]
VWtm9
Sh,[email protected]
;=,[email protected]
;=,[email protected]
[email protected]
;=,[email protected]
;=,[email protected]
SVAWQ
QQSVW
[email protected]@
QPWWW
[email protected]
[email protected]
[email protected]
tEVVh'
|/VVh(
t/PSW
QQSUVW
[email protected]
>MZuD
>"u:F
XPVSS
BinText 3.00
Ready
ANSI: %d
Uni: %d
Rsrc: %d
Unable to open that file
File pos   Mem pos      ID   Text
Err :510
.rsrc
BinText:  A file text scanner.
Foundstone Inc.
http://www.foundstone.com/
[email protected]
Enter a filename in the filename box or use the "Browse" button to select a file and click the "Go" button to begin the scan. Alternately you can drag and drop a file anywhere on the window.
Only text determined by the Filter page will be shown.
There are two viewing options for the text that was found in the requested file; advanced view and normal view. Advanced view (shown when the "Advanced view" box is checked) will show details such as the file position of each string together with extra technical information (see below). Normal view (shown when the "Advanced view" box is cleared) will show the recovered text in a traditional text editor style view with each string separated by a space character.
Clicking the "Find" button searches for text (case insensitive) in the list. Items will be highlighted. Click again to find the next occurrence.
Clicking the "Save" button saves the entire list to a file. If you are viewing the results in advanced mode then the strings will be saved in a text list much like the one on display. If you are not viewing in advanced mode the list will be saved in a standard text file format with each string separated by a space character and line breaks placed at column 80.
ADVANCED VIEW DETAILS
The type of string will be shown using a colored letter to the left of the list. ANSI strings will show a green "A",  Unicode strings (double byte ANSI) will have a red "U" and resource strings have a blue "R".
Clicking any of the column headers after a scan will sort the list by that column, alternating between ascending and descending whenever you click.
File pos
This is the HEX position in the file at which the text is located.
Mem pos
If the file is a Win32 PE file (e.g. Win95 EXEs and DLLs) then this is the HEX address at which the text is referred to in memory at runtime as determined by it's sections table.
The decimal string resource ID or 0 if it is not a resource string.
InitCommonControlsEx
ImageList_Destroy
ImageList_AddMasked
ImageList_Create
COMCTL32.dll
LoadLibraryA
FreeLibrary
GlobalUnlock
GlobalLock
GlobalAlloc
SetThreadPriority
GetThreadPriority
GetCurrentThread
GetTickCount
ReadFile
SetFilePointer
CreateFileA
CloseHandle
WriteFile
KERNEL32.dll
UpdateWindow
ShowWindow
LoadMenuA
DestroyMenu
DestroyWindow
CreateWindowExA
GetSystemMetrics
RegisterClassExA
LoadCursorA
LoadIconA
SendMessageA
GetDlgItem
CreateDialogParamA
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PeekMessageA
SetWindowTextA
CopyRect
GetWindowRect
PostQuitMessage
DefWindowProcA
TrackPopupMenu
GetSubMenu
GetCursorPos
SetFocus
SendDlgItemMessageA
EnableWindow
SetDlgItemTextA
GetDlgItemTextA
SetDlgItemInt
GetWindowTextA
HideCaret
SetWindowLongA
CallWindowProcA
GetWindowLongA
SetWindowPos
InvalidateRect
PostMessageA
SetForegroundWindow
GetDlgItemInt
EndPaint
BeginPaint
ReleaseDC
GetDC
LoadImageA
LoadBitmapA
wsprintfA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
MessageBoxA
MoveWindow
ScreenToClient
AdjustWindowRect
GetMenu
GetClientRect
USER32.dll
CreateSolidBrush
DeleteObject
GetStockObject
SetBkColor
SetTextColor
DeleteDC
StretchBlt
RealizePalette
SelectPalette
SelectObject
CreateCompatibleDC
CreateHalftonePalette
CreatePalette
GetDIBColorTable
GetObjectA
CreateFontIndirectA
GDI32.dll
GetOpenFileNameA
GetSaveFileNameA
comdlg32.dll
DragAcceptFiles
DragQueryFileA
SHELL32.dll
calloc
[email protected]@Z
realloc
[email protected]@Z
__CxxFrameHandler
malloc
sprintf
strchr
strstr
_strlwr
MSVCRT.dll
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
GetModuleHandleA
GetStartupInfoA
_stricmp
0123456789ABCDEF
Mem pos
File pos
Filter
Search
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
123456789
RICHED32
Sorting...
Scanning...
S&top
Open file for scanning
All files (*.*)
Saving...
Save text to file
Txt files (*.txt)
*.txt
All files (*.*)
*.txt
%s   %s  %5s   %s
Time taken : %d.%03d secs    Text size: %d bytes (%.2fK)
There was a problem trying to read the string resources in this file.
The file may be compressed or in a non-standard format.
Searching...
MS Sans Serif
KTj61
" (3\a	P"
"\S'_
fNDKn:\3I
?cEC(
YXdN2
Y,UB
xpl/t
hx[1/
"0<	=t"
"h5r	["
5$9tI
2#V(%0
>F3cB
#/:U|
RD,BxB
F<# ;
'FX~(n
+hThs
hPHg?
E),X3
!N u"
l}r%4
OP$8E
[email protected](hHdB|-
:tP}H
%PJ3S
I[H3$
">RV)	"
a;8sVS
%$\Fip
q;\FP
~povo
#k2QX
AX-dS
\UC22KP
%~Ke}Iq
R',B$$
Z_pgT
R;|)s
KQBP\
6#Jm!
go+Vj}
p(\2/~A%kO'
2:%*1
x;LP5
"v	N+03"
t!\}t#\}
0$(H
-d![V
axd;=,
0/SQj
)DCDB-/
-3ctZ*
&iKZAL
0_;[email protected]
>/9U0
"tej	F"
t'Xd[#
E2/)?a7=
KP),$
( KX)
?)zXb$
(f<)8Q!
d"VEF
0"LDdt
\"[email protected]
<"FDTb
0"BDXr
GetC.
@Job?
MFFQR
2P8GZ
"o%g	ql}"
nbmHz
Dl&gI=I,
+m;U2
prc%fA
L<uWm
LEAUTb0
_~|JT
[email protected]
@&N)am
cRs(6M0
"	OEMif&&"
(?"8(
[email protected]@K:2
8B8I3N
bbewt
|R(chH
.rsHc
Pe\lB
""4DDR
,":DLd
""D4F
 EA%GH
1R~:K
Y|el2
m$ Hp
"""	|Dxt"
l$dH\
T"HD<4
%".2h
aPSTg
";NZb
N$mQ4
"Qd/	MHl"
"		Cor"
t$xIr
DOMAB&
R6029
.NET;
[email protected]'s
O(d7"nw
hv FXq
hRA>w
)srX2
 !"#$%&
'()*+,-.L/
2345678
9:;<=>[email protected]
ABCDEFGH
IJKLMNOP
QRSTUVWX
YZ[\]
ijklm
uvwxyz
HN:m<
lcDhFXew,ux
HD2qy
Teh&s2
"XO	<8A"
fvaJl
xB7!CUd
(x"!$
"[email protected]"8
[email protected]|
#[email protected]!
[email protected]
[email protected](
[email protected],t||
}opzwSU
,X{vA
 !at|@
hSMwD
Pp|[email protected]
"	.;5v"
ZU\@U
"Fd	Dp"
jRz#{@a
@BHt+}G
mzCD3
"""	xDph"
E/?+P
<$=,>4?<?D?L?T?\?d?l
~<[email protected]~D~H~L~P
~d~l~p~t~x~|~
4918:H;X
#;>'FGLg
Err :509
'(G4g
|#~)~-~2~7~=~E~d~j~uSebastien.damaye (talk)
3!'VG]gn
t vVxcz
7K'\Gdgk
;J<V=]>
C;H'bGha
9> :S;h<
@'_!T
Err :510
v6xKz
97$:.;;<E=R$[J
4#'-D7
897P:W*_
XhD|~
'2GDgb
<B=T>_?q?|?
K6XNg
.9rRt
Rr)t0v4x8
2?8N<
pNpTpkprpnClg|c
"4	f8L&a}s"
erEf}
um.Jp
"&2*	U$"
"3e*""	UD"
"NUo*	"
"w}<	U"
"2*	U$"
JH)r;pC
[email protected]
QSBHr
2H$s$
!n"Lo
"|#H	+"
A%2?d!
mD[+|
XzwG0.!
i+52)YX|
MD++O
/V8I\
RQ\an
UT? 6
*SSBh
GKh[\
!'!?>
.[=BF
SCmv:
1FWe*
'4Wyf
v x$z(|,~
9x;r|t
 >$'(G8g<
'@GLgP
trbtsv
:';W<l=u>
g; @k
t~E~V~
99 :&;/<;=C>J?Z?h?q?
"	90,:"
)92H$Y
IWB9c
#91-:[;e
i)Rxz
6D'[G
t4v;[email protected]
9k;}N
v$x2z>|j~o~y~
rPtY]
;><H=P>[X
</=W&
 rYIN
$3g??N?U?[?i?o?t?z?
0V7rj
l.iB>
>*'GDk
:!\h&D~
N6SNm
t=vOx[zk|
:(;0%<
[email protected]\
:aU:g((;
0jprv
"	1#N8A"
PSTgJwPT
yRXRCXpJ
PSTgJwPT
yRXRCXpJ
!Qp~B
<wBp(%8
I,8+6
*j('Kb
v?u_a
detYe
{EL%L>
[+o,_
K#h*@
spvVX
kq%?"
|#qE*
9lw#R
g/b|XA
tv0V}
"YT3V	"
t;S1w
8U(lk
9g|YZ*
{!)[9
o+$im{
"_KS6	+"
}(//j[
$9//(
Ci=4R
Bkyo"
T?UXG
 f1bN
K6SfY
|j(o/
#C(@<K
TB*>CY
"!;9~
F[Gyxt
1D%)S
+sDy}
yu{T;9
kDJqE
"s&.	K"
"X<aAH
9ppQO;Or
]0kJ;
tO7$x
HFlI4
'D(%A
"w(<	[1"
LWSB*
P#&[s
s2D*'
[GuKx
/eL;R
2St_s$XU
GLh5~
1qkf$
Da]DO'
F{n,xg
AGO59
 /|#/<v
CcO9'
S8Z%:
"U	j""6mn"
[email protected]
* ,rV
kY$M%
;}|1E"<
KIP\Y
<CB&)
$V9/I
 qZNG
l-HuE
dBI)=
Upa[_L
TJjH 8
W0{:m
iF+gL
)VD[6
{q!Gk
(S2?p
0lFs)
?j/?i0
SaULo
"dR[_	"
"GsQR	{"
m=V/__
mRhX]A
m>aAXY
$k'1)
DefWindowProcA
HsS}m
HsS}m
QjAYYp
SPJBX[
RJZZx
RJZZx
RJZZx
QjAYYp
SPJBX[
RJZZx
RJZZx
RJZZx
UWVRQSf
QjAYYp
SPJBX[
RJZZx
RJZZx
RJZZx
UVQIY
_]XYS
SC[VSf#
QjAYYp
SPJBX[
RJZZx
RJZZx
RJZZx
XxXxu
Kernel32.dll
OutputDebugStringA
QjAYYp
SPJBX[
RJZZx
RJZZx
RJZZx
NTkrnl Secure Suite
Version 0.1
Metamorphism Portable Executable (PE) Packer and Protector Library
Copyright
 2006-2007 Ashkbiz Danehkar
All Rights Reserved
Homepage: http://www.ntkrnl.com
E-mail: [email protected] NTkrnl Geborgene Zeug
Version 0.1
Metamorphismus Portable Executable (PE) Packer und Besch
tzer Bibliothek
Urheberrechtlicher
 2006-2007 Ashkbiz Danehkar
Alle Rechten reservierten
HauseSeite: http://www.ntkrnl.com
E-Mail: [email protected] NTkrnl Sicuro Seguito
Version 0.1
Metamorphism Portable Eseguibile (PE) Biblioteca del Imballatore e del Protettore
Propriet
 letterario riservato
 2006-2007 Ashkbiz Danehkar
Casa pagina: http://www.ntkrnl.com
E-mail: [email protected]
COMCTL32.DLL
InitCommonControlsEx
ImageList_Destroy
ImageList_AddMasked
ImageList_Create
msvcrt.dll
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_strlwr
strstr
strchr
sprintf
malloc
__CxxFrameHandler
[email protected]@Z
realloc
[email protected]@Z
_strcmpi
calloc
COMDLG32.DLL
GetSaveFileNameA
GetOpenFileNameA
kernel32.dll
LoadLibraryA
GetProcAddress
GetModuleHandleA
VirtualProtect
VirtualAlloc
VirtualFree
VirtualQuery
IsBadReadPtr
LoadLibraryA
GetProcAddress
MS Sans Serif
File to scan
&Browse
Advanced &view
SysListView32
List2
Ready
&Find
&Save
RICHEDIT
MS Sans Serif
STAGE 1:   Characters included in the definition of a string
Space
' (apostrophe)
, (comma)
- (minus)
. (period)
_ (underscore)
 (backtick)
~ (tilde)
Include these characters too
C&lear
Restore &defaults
STAGE 2:   String size
Min text length
Max text length
Discard strings with
or more repeated characters
STAGE 3:   Essentials
MUST contain these
MS Sans Serif
MS Sans Serif
SysTabControl32
Popup
&Copy
VS_VERSION_INFO
StringFileInfo
040904b0
Comments
CompanyName
Foundstone Inc.
FileDescription
bintext
FileVersion
3, 0, 0, 0
InternalName
bintext
LegalCopyright
 2000 Foundstone
LegalTrademarks
OriginalFilename
bintext.exe
PrivateBuild
ProductName
  bintext
ProductVersion
3, 0, 0, 0
SpecialBuild
VarFileInfo
Translation
NSEProLib.dll
VS_VERSION_INFO
StringFileInfo
040904b0
Comments
CompanyName
Foundstone Inc.
FileDescription
bintext
FileVersion
3, 0, 0, 0
InternalName
bintext
LegalCopyright
 2000 Foundstone
LegalTrademarks
OriginalFilename
bintext.exe
PrivateBuild
ProductName
  bintext
ProductVersion
3, 0, 0, 0
SpecialBuild
VarFileInfo
Translation


Comments

blog comments powered by Disqus

Keywords: NTkrnl BinText 30170b9e391f9f62afa14affc10bba13