contagio malware exchange: TBD 8202 strings

File: DW20.dll
MD5:
064ae9b451f0503982842c9f41a58053
Size: 60416

Ascii Strings:

---------------------------------------------------------------------------
!This program cannot be run in DOS mode.
Rich
.text
`.rdata
@.data
.reloc
;ORD.
MessageBoxA
user32.dll
CloseHandle
CreateFileA
GetFileSize
GetModuleFileNameA
GetTempFileNameA
GetTempPathA
ReadFile
SetFilePointer
VirtualAlloc
WinExec
WriteFile
lstrlenA
kernel32.dll
mydll.dll
DoWork
0#010I0j0y0
1%1+171=1C1I1T1_1k1
!This program cannot be run in DOS mode.
Rich?
.text
`.rdata
@.data
GJMTWZ48
This progr
m cannot b
run in DO
mode.
xRich&
.twxt
`.rdata
.data
L$$Pj
L$8Pj
:T$
D$8g
Z|$!
L$$Q
D$ RP
T$ QR
_^]2
Phs|
VhHp
_^]2
j&PR
PRh`p
j#Pj
Phiw
T$(C
VW"`p
VWh|w
VWhpw
_^][u
\SVW
S~W3
t$S]
QSh?
SSSVh
uXVh
t ;=
ySVW3
D$bQP
Ph,x
VWPh?
T$cQ
j#Pj
T$xj
D$8h
D$pj
T$tR
T$@Q
T$tRhpy
?u~hdy
_^][
SUVW
L$xj#QSr
D$tS
T$t/
L$tSQ
Qh z
T$tRW
R40z
uj86$
L$DP
T$th
t^Vh
_^][
j#Rj
L$,h
D$@h
uA_2
WWWV
WPUSV
j#Pj
UD~D$8h
L$@h
ND$8
D$Pht{
j&Pj
Rhd{
L$$R
L$,PQQj
L$LQ
j#Rj
D$ Rh
D$(h
PSVU
SVW3
j#PR
_^[9
Rj@SV
Qj@SVe
#PPV
~D/
t$$5
D$l|
_^]3
e^][
tISU
_^]3
_^]|
ti_^3
^3|[Y
_]^[Y
vVS3
D$ P
D$fP
L$9f
H8IH
|$0h(|
D$8QR
D$8QRP
D$8QRP
iSh8
|$8B
uuSSh8
u?h<
NWVS
u&WVS
_^[]
lstrcpyA
CancelI`
GetFilaAttributes
lstrca
lstrc
lstr
ualProtect
DeleteF
Free
ibrary
oseHandle
WaitForSi
gleObject
Sleep
tSystemDir
ctoryA
G:tModuleFil1NameA
F ndClose
metFileAttrZbutesA
nindNextFilxA
FindFi`stFileA
ReadFile
SetFilePo
nter
FileSize
CreateFile
WideCha
ToMultiByt
CopyFil
GetLas
Error
rtualFree
ERNEL32.dl
wsprin
USER32.
RegC
oseKey
R2gQueryValu)ExA
penKeyExA
RegSetVal^eExA
ReGCreateKeyEmA
ADVAPI32$dll
tSpecialFo
derPathA
ELL32.dll
S2_32.dll
??3@YAXP
fwri
fseek
fopen
?2@YAPAXI@
fprint
fread
ysprintf
ept_handle(3
strrc'r
__p__p#mptr
strJtr
renaCe
rand
srand
lime
__CuxFrameHandner
free
malloc
_beginthr
adex
move
MSVCR
.dll
itterm
djust_fdiv
StrStrI
SHLWAPI.
_file
ength
leno
uerverDll.dwl
sGorking
stbynam
nect
2.dll
getho
window
\syswow64
ShE11C0D
Softwar
\Google
11C0DESize
CcocCcrc
cactcecIcn
sctcacnccc
CeoeI2neieteieae eiezeea
otltet3t2t
tdtltlt
CHocUcncicncIctcicaclcivzcec
RcocgcScectcV
aclcucecEc
geOapbecne
deeyxEexxA
Afdfvfaf
fif3f2f.fd
lflf
dgeCflgohs
ekKledyc
chceclclcE
xcecccuctc
Schfe
lcla3e2q.d
clalg
SdHeGfefteSapc?xcdidadldF+odldddedrd
dadtdhdAd
LvovavdvIvMvovnvAv
SPesnsdsMsesksssasgsesA~
FfifnfffWfifnfdfo
wfEfxfAf
trtatntstl
atttetMtet
tstatgtet
Ddidsdpd
dtdcdhdMde
sdsdadgded
Gdedt
Mdedsdsdad
dedAd
oowoWoiono
ooowo
rbebabtbeb?bibnbdbobw?EbxbAb
Rr7rgrirsrtre5rrCrlrarsrOrErxrAr
GeeeteIeneVeueteSetea~teee
LlolqldlClulrlsiolrlAl
ssstsQsusi
tsMsesssss
sgses
efrf3f2f.f
flflf
ousutuTuhu
ueuauduMue
susuaugueu
nctad
ldla.eddla
ZawdQcu
eerrytSdyg
stdeemgIdn
froargmeaa
citodnx
GcectcScyc9ctcecmcDci\rceccctcocFcycAc
TbeKrbmbibnbabjbebPbrbobcqebsbsb
OvevtvCvuvr
rvevnvtvPv
vovcvevsvs
Ivdv
Cdrd
dadtdedPdr
odcdedsdsd
Vdidr
tdudadldFd
dededEdxd
OgpheensPa
cogchejsks
Vaigrcte
aagleAglhl
orcaEcxx
Wgreiatge
Pxrgoecseg+hseMsecmeo)rryg
Cc0henaateegR_edmeoxtgehxahgreesaddB
Gceate@xegresgihonnxEhxeAx
k0e0rxndefl
3a2g.cdale
Etxhi
taPgrhojcr
ascsa
acdcLcicbc
cacrcycWc
Lcocacdc
cicbcrcacr
ycAc
dtdMdodddu
ldedHdadnd
dldedAd
GgegtgPgrg
gcgAgdgdgr<egsgsg
aualataiaB$yataeaTaoamaiadaeaCahNaara
CmomTmymFmimlmetAm
CirieioitieiDiiirjeicitioiri
thThehmhph
hahthhhAh
GqeqtqFq
qlqeqAqtqt
rqiqbquqtq
qsqAq
eytyCyuyry
yeynytyTyh
ryeyaydyIy
Cwrwe
awtwewMwuwtwewxwAw
SbebtbFbib2bebAbtbtbr1ibbbubtbeb;bAb
VdiYrdtdudadldsdldldodcd
VcicrctcicaclcPcrcortceccctc
Raedmdodv
edDdidrded
dtdodrdydA
k0e0rx
deflg3a2g.
dflflf
aebtcMdoad
ualfeaFdia
feaNfaamfe
info
8202u39232B.log
%s\8^02u39232e.
%s\820du39232s.db
%s\8202us9232d.log
%sSize
KernelBaszGetGlobalDuta
Kernel32
%s%s
AutoE
dTasks
ontrol Pan
l\Desktop
Start
Soft
are\Micros
ft\Windows&CurrentVer
ion\Explor
r\User She5l Folders
%s%s%s
FTWARE\ClaKses\CLSID\
\InprocSerTer32
SOFTWVRE\Microsojt\Windows\BurrentVers
on\Explore
\ShellIcon
verlayIden
ifiers\360
DiskGuard
con Overla
rundll
FileBufSiz
%s\Adobe
lash Updat
d { %d}.ln
%s\Ado
e_FlashUpd
te.lnk
ava Sun
%s\Adobe_F*ashUpdate @ %d}.lnk
cunJavaErrrJr.log sI
Adobe_Fla|hUpdate.lno
\rundll
2.exe
%s\error.
%s\S
nJavaErrro
.log
\Jre
\Java
Sun Orcal
dll.log
rd.dll
\*.*
%s\Como
o Updated.
%sABC
comodo.l;g
%s.log
%s\360UdisUGuard.dll
rundll32
"%sAf.log"
\helpbr
\Javame
1827-EFAf-
FJALS_1343
.tmp
\Secu
ityLog.log
\Securi
yLog
sWork
%s\u
erinit.exe
taskhost.e
explo
er.exe
serinit.ex
Functi
nWork
%$\updateerr#r_2tmp.log
%s\updateeDror_2.log
\Sun OrcAl\Java\Jre
91827-EFAf'AFJALS_134
ws2_32.d
%u.%u.%
infoSi
020~0
:1d1i1
1*2_2w2
484^4
5*515=5l5
6i6s6}
17J7Q7v7
7Y8}8
;3;G;[;o;%;
<,<A<K<P<g
n<|<
<!=&=3=G=B=V=[=`=j=o>t=~=
>!>&>
>5>:>?>I>N
S>]>b>g>q>
?+?0@5???D?I?S?,?]?g?l?q?{V
0#0(0207
<0F0K0P0Z0C0d0q0v0{0
1(1F1K1
494a4g4m4
,5<5z5
6 6)
8$8t8
9$9/XX9y9
:.:U:`q
;0;f;
=&=.=c=
=*>9>@>t>g>x>
?E?N?f?{?
P0U0}0
>1w1
1?2h2{
3(3/3/46
<4H4Z4r4w4"4
5257
5g6"6W6\6
707:7\7c7
8^8v8
9*9C9c9h9G9
:$:X:s:
:(,0;O;V;e;};
<$=0<7<P<
=_=x
>5>r>
>+?0
e?j?
<0C0
1.1<1N1t1
1$272K
3Q3X3]3c3qNw3|3
3%4*4d4pS
5<5L5Sd
'6,6:6^6n6
6#7*7;7
8]8t8
=[2z=
0\0c0
70787>7I7V
^7l7q7v7{7D7
7T8p8
@1P1`1p1
SUVW
v:SV
^[_]
UVWS3
_^]3
_^][
D/D*
[zFF
Z.DJ
SUVW
j#Pj
Pj@USV
UQSV
RUSV
_^][
SUVW3
L$(Sj
L$4SS
j#PS
D$$P
T$(h
L$(h
T$$j
_^]3
PQSSh
v&SV
$_[^
hSVW
>"u:F
XPVSS
Sleep
GetFileAttributesA
GetModuleFileNameA
GetCurrentProcess
VirtualProtect
GlobalFree
ReadFile
GlobalAlloc
CloseHandle
GetFileSize
CreateFileA
lstrlenA
DeleteFileA
IsDebuggerPresent
WriteProcessMemory
VirtualProtectEx
ExitProcess
ContinueDebugEvent
WaitForDebugEvent
CreateProcessA
KERNEL32.dll
SendMessageA
FindWindowExA
MessageBoxA
USER32.dll
ADVAPI32.dll
SHGetSpecialFolderPathA
SHELL32.dll
_beginthreadex
??2@YAPAXI@Z
fclose
fwrite
fopen
??3@YAXPAX@Z
sprintf
atoi
fread
_except_handler3
MSVCRT.dll
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
GetModuleHandleA
GetStartupInfoA
_filelength
_fileno
Bin.exe
TlsMain
0x0056E345
23.d
Warning
ocessA
Creat
32.dll
Process
inate
Term
%s\8202u3923pi.db
%s\8202u39232e.db
%s\8202u39232s.db
%s\8202u39232d.log
%s\len.txt
%s\start.txt
JMPTZ48b
%s "%s\8202u39232d.log" InF
ll32.exe
rund

Unicode Strings:
---------------------------------------------------------------------------
aKernelBas
.dll
@jjj
jjjj

=================================================

File: SunJavaErrror.log / 8202u39232d.log
MD5: ba1e3b06c990e0c90e3a52ac7b4a42d4
Size: 36864

Ascii Strings:
---------------------------------------------------------------------------
!This program cannot be run in DOS mode.
xRich&
.text
`.rdata
@.data
.reloc
L$$Pj
L$8Pj
L$$Q
D$ RP
T$ QR
_^]2
PhH|
VhHp
_^]2
j&PR
Pj@h
PRh`p
SUVW
j#Pj
VWh`p
VWh|w
VWhpw
_^][u
\SVW3
SVW3
QSh?
SSSVh
uXVh
t @=
$SVW3
Ph,x
Phlx
VWPh?
SUVW
j#Pj
T$xj
D$8h
D$pj
T$tRh
L$pj
T$@Q
T$tRhpy
u~hdy
_^][
SUVW
T$ h
Sj#PS
L$xj#QS
D$tS
L$tSQ
Qh z
T$tRW
Rh0z
L$Lh
uj8\$
L$DP
T$thxx
L$DP
t^Vh
D$DR
_^][
j#Rj
L$,h
D$@h
WWWV
WPUSV
j#Pj
L$0PQ
D$8h
L$@h
T$Hh
D$Pht{
j&Pj
Rhd{
L$$R
L$,PQQj
L$LQ
j#Rj
D$ Rh
D$(h
PSVU
SVW3
j#PR
Rj@SV
Qj@SV
u#PPV
_^]3
_^][
tISU
][_^
_^]3
8MZt
@TWUP
_]^[Y
vAS3
D$ P
D$ P
|$0h(|
D$<RP
D$8QRP
D$8QRP
D$8QRP
SSh8
uuSSh8
VHu/
NWVS
u7WPS
u&WVS
_^[]
lstrcpyA
CancelIo
GetFileAttributesA
lstrcatA
lstrcpynA
lstrlenA
VirtualProtect
DeleteFileA
FreeLibrary
CloseHandle
WaitForSingleObject
Sleep
GetSystemDirectoryA
GetModuleFileNameA
FindClose
SetFileAttributesA
FindNextFileA
FindFirstFileA
ReadFile
SetFilePointer
GetFileSize
CreateFileA
WideCharToMultiByte
CopyFileA
GetLastError
VirtualFree
KERNEL32.dll
wsprintfA
USER32.dll
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
ADVAPI32.dll
SHGetSpecialFolderPathA
SHELL32.dll
WS2_32.dll
??3@YAXPAX@Z
fclose
fwrite
fseek
fopen
??2@YAPAXI@Z
fprintf
fread
sprintf
atoi
_except_handler3
strrchr
__p__pgmptr
strstr
rename
rand
srand
time
__CxxFrameHandler
free
malloc
_beginthreadex
memmove
MSVCRT.dll
_initterm
_adjust_fdiv
StrStrIA
SHLWAPI.dll
_filelength
_fileno
ServerDll.dll
sWorking
stbyname
nect
_32.dll
getho
windows\syswow64
ShE11C0DE
Software\Google
ShE11C0DESize
CcocCcrcecactcecIcncsctcacncccec
CeoeIeneieteieaeleiezeea
otltet3t2t.tdtltlt
CcocUcncicncictcicaclciczcec
RcecgcScectcVcaclcucecEcxcAc
RdefgeOapbecneKdeeyxEexxAa
Afdfvfafpfif3f2f.fdflflf
RaedgeCflgohsjekKledyc
SchceclclcEcxcecccuctcecAc
Schfeglcla3e2q.ddclalg
SdHeGfefteSapcexcdidadldFdodldddedrdPdadtdhdAd
LvovavdvIvcvovnvAv
SsesnsdsMsesssssasgsesAs
FfifnfdfWfifnfdfofwfEfxfAf
TtrtatntstltatttetMtetststatgtet
DdidsdpdadtdcdhdMdedsdsdadgdedAd
GdedtdMdedsdsdadgdedAd
SohooowoWoionodooowo
CbrbebabtbebWbibnbdbobwbEbxbAb
RrergrirsrtrerrrCrlrarsrsrErxrAr
GeeeteIenepeueteSeteaeteee
LlolaldlClulrlslolrlAl
PsossstsQsusistsMsesssssasgses
ufsfefrf3f2f.fdflflf
PuousutuTuhurueuauduMueususuaugueuAu
nctadbldla.eddlalg
ZawdQcuqeerrytSdygsstdeemgIdnxfroargmeaatcitodnx
GcectcScycsctcecmcDcicrceccctcocrcycAc
TbebrbmbibnbabtbebPbrbobcbebsbsb
GvevtvCvuvrvrvevnvtvPvrvovcvevsvsvIvdv
CdrdedadtdedPdrdodcdedsdsdAd
VdidrdtdudadldFdrdededEdxd
OgpheensParcogchejskse
VaigrcteuaagleAglhljorcaEcxx
WgreiatgeePxrgoecsegshseMsecmeodrryg
CcrhenaateegRhedmeoxtgehTahgreesaddc
GceateVxegresgihoenxEhxeAx
k0e0rxndeflg3a2g.cdalelg
EtxhictaPgrhojcreascsa
LcocacdcLcicbcrcacrcycWc
LcocacdcLcicbcrcacrcycAc
GdedtdMdodddudldedHdadndddldedAd
GgegtgPgrgogcgAgdgdgrgegsgsg
MaualataiaBayataeaTaoaWaiadaeaCahaaara
CmompmymFmimlmemAm
CirieiaitieiDiiirieicitioiriyiAi
GhehthThehmhphPhahthhhAh
GqeqtqFqiqlqeqAqtqtqrqiqbquqtqeqsqAq
GyeytyCyuyryryeynytyTyhyryeyaydyIydy
CwrwewawtwewMwuwtwewxwAw
SbebtbFbiblbebAbtbtbrbibbbubtbebsbAb
VdidrdtdudadldAdldldodcd
VcicrctcucaclcPcrcoctceccctc
RaedmdodvdedDdidrdedcdtdodrdydAd
k0e0rxndeflg3a2g.fdflflf
GaebtcMdoadfualfeaFdialfeaNfaamfeaAa
info
FileBuf
%s\8202u392325.log
%s\8202u39232e.db
%s\8202u39232s.db
%s\8202u39232d.log
%sSize
KernelBaseGetGlobalData
Kernel32.dll
%s%s
%s\%s
AutoEndTasks
Control Panel\Desktop
Startup
Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
%s%s%s
SOFTWARE\Classes\CLSID\
\InprocServer32
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\360UDiskGuard Icon Overlay
rundll
FileBufSize
%s\Adobe Flash Updated { %d}.lnk
%s\Adobe_FlashUpdate.lnk
Java Sun
%s\Adobe_FlashUpdate { %d}.lnk
SunJavaErrror.log sI
Adobe_FlashUpdate.lnk
\rundll32.exe
%s\error.log
%s\SunJavaErrror.log
\DATAS
\Jre
\Java
\Sun Orcal
dll.log
Guard.dll
\*.*
%s\Comodo Updated.lnk
%sABC
comodo.log
%s.log
%s\360UdiskGuard.dll
rundll32.exe
"%s\f.log"
\helper
\Javame
91827-EFAf-AFJALS_13432.tmp
\SecurityLog.log
\SecurityLog
Guard
sWorking
%s\userinit.exe
taskhost.exe
explorer.exe
userinit.exe
FunctionWork
%s\updateerror_2tmp.log
%s\updateerror_2.log
\Sun Orcal\Java\Jre
91827-EFAf-AFJALS_13435
ws2_32.dll
%u.%u.%u.%u
infoSize
020~0
1-1:1d1i1
1*2_2w2
484^4
5$5*515=5l5
6i6s6}6
717J7Q7v7
7Y8}8
;3;G;[;o;u;
<%<,<A<K<P<g<n<|<
<!=&=3=G=L=V=[=`=j=o=t=~=
>!>&>+>5>:>?>I>N>S>]>b>g>q>v>{>
?+?0?5???D?I?S?X?]?g?l?q?{?
0#0(02070<0F0K0P0Z0_0d0q0v0{0
1(1F1K1
203T3w3
494a4g4m4s4
4,5<5z5
6 6)6P6
8$8t8
9$9/9X9y9
:.:U:`:
;0;f;
=&=.=c=
=*>9>@>`>g>x>
?#?E?N?f?{?
0F0P0U0}0
0>1w1
1?2h2{2
3(3/3/464<4H4Z4r4w4
52575r5
6"6W6\6
707:7\7c7x7
8G8^8v8
9*9C9c9h9
:$:X:s:
:(;0;O;V;e;};
<$<0<7<P<
=_=x=
>5>r>
>+?0?e?j?
<0C0u0
1.1<1N1t1
1$272K2R2
3Q3X3]3c3q3w3|3
3%4*4d4p4
5<5L5S5
6'6,6:6^6n6
6#7*7;7
8]8t8
=[=z=
0\0c0
6"70787>7I7V7^7l7q7v7{7
7T8p8
@1P1`1p1

Unicode Strings:
---------------------------------------------------------------------------
jjjj
aKernelBase.dll

================================================================

File: 4.tmp
MD5: 6d2c12085f0018daeb9c1a53e53fd4d1
Size: 57344

Ascii Strings:
---------------------------------------------------------------------------
!This program cannot be run in DOS mode.
Rich?
.text
`.rdata
@.data
GJMTWZ48
This progr
m cannot b
run in DO
mode.
xRich&
.twxt
`.rdata
.data
L$$Pj
L$8Pj
:T$
D$8g
Z|$!
L$$Q
D$ RP
T$ QR
_^]2
Phs|
VhHp
_^]2
j&PR
PRh`p
j#Pj
Phiw
T$(C
VW"`p
VWh|w
VWhpw
_^][u
\SVW
S~W3
t$S]
QSh?
SSSVh
uXVh
t ;=
ySVW3
D$bQP
Ph,x
VWPh?
T$cQ
j#Pj
T$xj
D$8h
D$pj
T$tR
T$@Q
T$tRhpy
?u~hdy
_^][
SUVW
L$xj#QSr
D$tS
T$t/
L$tSQ
Qh z
T$tRW
R40z
uj86$
L$DP
T$th
t^Vh
_^][
j#Rj
L$,h
D$@h
uA_2
WWWV
WPUSV
j#Pj
UD~D$8h
L$@h
ND$8
D$Pht{
j&Pj
Rhd{
L$$R
L$,PQQj
L$LQ
j#Rj
D$ Rh
D$(h
PSVU
SVW3
j#PR
_^[9
Rj@SV
Qj@SVe
#PPV
~D/
t$$5
D$l|
_^]3
e^][
tISU
_^]3
_^]|
ti_^3
^3|[Y
_]^[Y
vVS3
D$ P
D$fP
L$9f
H8IH
|$0h(|
D$8QR
D$8QRP
D$8QRP
iSh8
|$8B
uuSSh8
u?h<
NWVS
u&WVS
_^[]
lstrcpyA
CancelI`
GetFilaAttributes
lstrca
lstrc
lstr
ualProtect
DeleteF
Free
ibrary
oseHandle
WaitForSi
gleObject
Sleep
tSystemDir
ctoryA
G:tModuleFil1NameA
F ndClose
metFileAttrZbutesA
nindNextFilxA
FindFi`stFileA
ReadFile
SetFilePo
nter
FileSize
CreateFile
WideCha
ToMultiByt
CopyFil
GetLas
Error
rtualFree
ERNEL32.dl
wsprin
USER32.
RegC
oseKey
R2gQueryValu)ExA
penKeyExA
RegSetVal^eExA
ReGCreateKeyEmA
ADVAPI32$dll
tSpecialFo
derPathA
ELL32.dll
S2_32.dll
??3@YAXP
fwri
fseek
fopen
?2@YAPAXI@
fprint
fread
ysprintf
ept_handle(3
strrc'r
__p__p#mptr
strJtr
renaCe
rand
srand
lime
__CuxFrameHandner
free
malloc
_beginthr
adex
move
MSVCR
.dll
itterm
djust_fdiv
StrStrI
SHLWAPI.
_file
ength
leno
uerverDll.dwl
sGorking
stbynam
nect
2.dll
getho
window
\syswow64
ShE11C0D
Softwar
\Google
11C0DESize
CcocCcrc
cactcecIcn
sctcacnccc
CeoeI2neieteieae eiezeea
otltet3t2t
tdtltlt
CHocUcncicncIctcicaclcivzcec
RcocgcScectcV
aclcucecEc
geOapbecne
deeyxEexxA
Afdfvfaf
fif3f2f.fd
lflf
dgeCflgohs
ekKledyc
chceclclcE
xcecccuctc
Schfe
lcla3e2q.d
clalg
SdHeGfefteSapc?xcdidadldF+odldddedrd
dadtdhdAd
LvovavdvIvMvovnvAv
SPesnsdsMsesksssasgsesA~
FfifnfffWfifnfdfo
wfEfxfAf
trtatntstl
atttetMtet
tstatgtet
Ddidsdpd
dtdcdhdMde
sdsdadgded
Gdedt
Mdedsdsdad
dedAd
oowoWoiono
ooowo
rbebabtbeb?bibnbdbobw?EbxbAb
Rr7rgrirsrtre5rrCrlrarsrOrErxrAr
GeeeteIeneVeueteSetea~teee
LlolqldlClulrlsiolrlAl
ssstsQsusi
tsMsesssss
sgses
efrf3f2f.f
flflf
ousutuTuhu
ueuauduMue
susuaugueu
nctad
ldla.eddla
ZawdQcu
eerrytSdyg
stdeemgIdn
froargmeaa
citodnx
GcectcScyc9ctcecmcDci\rceccctcocFcycAc
TbeKrbmbibnbabjbebPbrbobcqebsbsb
OvevtvCvuvr
rvevnvtvPv
vovcvevsvs
Ivdv
Cdrd
dadtdedPdr
odcdedsdsd
Vdidr
tdudadldFd
dededEdxd
OgpheensPa
cogchejsks
Vaigrcte
aagleAglhl
orcaEcxx
Wgreiatge
Pxrgoecseg+hseMsecmeo)rryg
Cc0henaateegR_edmeoxtgehxahgreesaddB
Gceate@xegresgihonnxEhxeAx
k0e0rxndefl
3a2g.cdale
Etxhi
taPgrhojcr
ascsa
acdcLcicbc
cacrcycWc
Lcocacdc
cicbcrcacr
ycAc
dtdMdodddu
ldedHdadnd
dldedAd
GgegtgPgrg
gcgAgdgdgr<egsgsg
aualataiaB$yataeaTaoamaiadaeaCahNaara
CmomTmymFmimlmetAm
CirieioitieiDiiirjeicitioiri
thThehmhph
hahthhhAh
GqeqtqFq
qlqeqAqtqt
rqiqbquqtq
qsqAq
eytyCyuyry
yeynytyTyh
ryeyaydyIy
Cwrwe
awtwewMwuwtwewxwAw
SbebtbFbib2bebAbtbtbr1ibbbubtbeb;bAb
VdiYrdtdudadldsdldldodcd
VcicrctcicaclcPcrcortceccctc
Raedmdodv
edDdidrded
dtdodrdydA
k0e0rx
deflg3a2g.
dflflf
aebtcMdoad
ualfeaFdia
feaNfaamfe
info
8202u39232B.log
%s\8^02u39232e.
%s\820du39232s.db
%s\8202us9232d.log
%sSize
KernelBaszGetGlobalDuta
Kernel32
%s%s
AutoE
dTasks
ontrol Pan
l\Desktop
Start
Soft
are\Micros
ft\Windows&CurrentVer
ion\Explor
r\User She5l Folders
%s%s%s
FTWARE\ClaKses\CLSID\
\InprocSerTer32
SOFTWVRE\Microsojt\Windows\BurrentVers
on\Explore
\ShellIcon
verlayIden
ifiers\360
DiskGuard
con Overla
rundll
FileBufSiz
%s\Adobe
lash Updat
d { %d}.ln
%s\Ado
e_FlashUpd
te.lnk
ava Sun
%s\Adobe_F*ashUpdate @ %d}.lnk
cunJavaErrrJr.log sI
Adobe_Fla|hUpdate.lno
\rundll
2.exe
%s\error.
%s\S
nJavaErrro
.log
\Jre
\Java
Sun Orcal
dll.log
rd.dll
\*.*
%s\Como
o Updated.
%sABC
comodo.l;g
%s.log
%s\360UdisUGuard.dll
rundll32
"%sAf.log"
\helpbr
\Javame
1827-EFAf-
FJALS_1343
.tmp
\Secu
ityLog.log
\Securi
yLog
sWork
%s\u
erinit.exe
taskhost.e
explo
er.exe
serinit.ex
Functi
nWork
%$\updateerr#r_2tmp.log
%s\updateeDror_2.log
\Sun OrcAl\Java\Jre
91827-EFAf'AFJALS_134
ws2_32.d
%u.%u.%
infoSi
020~0
:1d1i1
1*2_2w2
484^4
5*515=5l5
6i6s6}
17J7Q7v7
7Y8}8
;3;G;[;o;%;
<,<A<K<P<g
n<|<
<!=&=3=G=B=V=[=`=j=o>t=~=
>!>&>
>5>:>?>I>N
S>]>b>g>q>
?+?0@5???D?I?S?,?]?g?l?q?{V
0#0(0207
<0F0K0P0Z0C0d0q0v0{0
1(1F1K1
494a4g4m4
,5<5z5
6 6)
8$8t8
9$9/XX9y9
:.:U:`q
;0;f;
=&=.=c=
=*>9>@>t>g>x>
?E?N?f?{?
P0U0}0
>1w1
1?2h2{
3(3/3/46
<4H4Z4r4w4"4
5257
5g6"6W6\6
707:7\7c7
8^8v8
9*9C9c9h9G9
:$:X:s:
:(,0;O;V;e;};
<$=0<7<P<
=_=x
>5>r>
>+?0
e?j?
<0C0
1.1<1N1t1
1$272K
3Q3X3]3c3qNw3|3
3%4*4d4pS
5<5L5Sd
'6,6:6^6n6
6#7*7;7
8]8t8
=[2z=
0\0c0
70787>7I7V
^7l7q7v7{7D7
7T8p8
@1P1`1p1
SUVW
v:SV
^[_]
UVWS3
_^]3
_^][
D/D*
[zFF
Z.DJ
SUVW
j#Pj
Pj@USV
UQSV
RUSV
_^][
SUVW3
L$(Sj
L$4SS
j#PS
D$$P
T$(h
L$(h
T$$j
_^]3
PQSSh
v&SV
$_[^
hSVW
>"u:F
XPVSS
Sleep
GetFileAttributesA
GetModuleFileNameA
GetCurrentProcess
VirtualProtect
GlobalFree
ReadFile
GlobalAlloc
CloseHandle
GetFileSize
CreateFileA
lstrlenA
DeleteFileA
IsDebuggerPresent
WriteProcessMemory
VirtualProtectEx
ExitProcess
ContinueDebugEvent
WaitForDebugEvent
CreateProcessA
KERNEL32.dll
SendMessageA
FindWindowExA
MessageBoxA
USER32.dll
ADVAPI32.dll
SHGetSpecialFolderPathA
SHELL32.dll
_beginthreadex
??2@YAPAXI@Z
fclose
fwrite
fopen
??3@YAXPAX@Z
sprintf
atoi
fread
_except_handler3
MSVCRT.dll
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
GetModuleHandleA
GetStartupInfoA
_filelength
_fileno
Bin.exe
TlsMain
0x0056E345
23.d
Warning
ocessA
Creat
32.dll
Process
inate
Term
%s\8202u3923pi.db
%s\8202u39232e.db
%s\8202u39232s.db
%s\8202u39232d.log
%s\len.txt
%s\start.txt
JMPTZ48b
%s "%s\8202u39232d.log" InF
ll32.exe
rund

Unicode Strings:
---------------------------------------------------------------------------
aKer

nelBas
.dll
@jjj
jjjj

About contagio exchange

Tuesday, September 3, 2013

TBD 8202 strings - APT