Analysis

Category Package Started Completed Duration Options Log
FILE exe 2020-10-18 07:23:03 2020-10-18 07:23:52 49 seconds Show Options Show Log
route = tor
2020-05-13 09:27:42,724 [root] INFO: Date set to: 20201018T07:23:02, timeout set to: 200
2020-10-18 07:23:02,062 [root] DEBUG: Starting analyzer from: C:\tmpt2nfl3rg
2020-10-18 07:23:02,062 [root] DEBUG: Storing results at: C:\MWPDxeK
2020-10-18 07:23:02,062 [root] DEBUG: Pipe server name: \\.\PIPE\sqxYZLLk
2020-10-18 07:23:02,062 [root] DEBUG: Python path: C:\Users\Louise\AppData\Local\Programs\Python\Python38-32
2020-10-18 07:23:02,062 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2020-10-18 07:23:02,062 [root] INFO: Automatically selected analysis package "exe"
2020-10-18 07:23:02,062 [root] DEBUG: Importing analysis package "exe"...
2020-10-18 07:23:02,062 [root] DEBUG: Initializing analysis package "exe"...
2020-10-18 07:23:02,328 [root] DEBUG: Importing auxiliary module "modules.auxiliary.browser"...
2020-10-18 07:23:02,343 [root] DEBUG: Importing auxiliary module "modules.auxiliary.curtain"...
2020-10-18 07:23:02,359 [root] DEBUG: Importing auxiliary module "modules.auxiliary.digisig"...
2020-10-18 07:23:02,390 [root] DEBUG: Importing auxiliary module "modules.auxiliary.disguise"...
2020-10-18 07:23:02,421 [root] DEBUG: Importing auxiliary module "modules.auxiliary.human"...
2020-10-18 07:23:02,437 [root] DEBUG: Importing auxiliary module "modules.auxiliary.procmon"...
2020-10-18 07:23:02,437 [root] DEBUG: Importing auxiliary module "modules.auxiliary.screenshots"...
2020-10-18 07:23:02,437 [modules.auxiliary.screenshots] DEBUG: Importing 'time'
2020-10-18 07:23:02,453 [modules.auxiliary.screenshots] DEBUG: Importing 'StringIO'
2020-10-18 07:23:02,453 [modules.auxiliary.screenshots] DEBUG: Importing 'Thread'
2020-10-18 07:23:02,453 [modules.auxiliary.screenshots] DEBUG: Importing 'Auxiliary'
2020-10-18 07:23:02,453 [modules.auxiliary.screenshots] DEBUG: Importing 'NetlogFile'
2020-10-18 07:23:02,453 [modules.auxiliary.screenshots] DEBUG: Importing 'Screenshot'
2020-10-18 07:23:02,453 [lib.api.screenshot] DEBUG: Importing 'math'
2020-10-18 07:23:02,453 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'
2020-10-18 07:23:02,546 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageGrab'
2020-10-18 07:23:02,562 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageDraw'
2020-10-18 07:23:02,562 [modules.auxiliary.screenshots] DEBUG: Imports OK
2020-10-18 07:23:02,562 [root] DEBUG: Importing auxiliary module "modules.auxiliary.sysmon"...
2020-10-18 07:23:02,562 [root] DEBUG: Importing auxiliary module "modules.auxiliary.usage"...
2020-10-18 07:23:02,593 [root] DEBUG: Initializing auxiliary module "Browser"...
2020-10-18 07:23:02,593 [root] DEBUG: Started auxiliary module Browser
2020-10-18 07:23:02,593 [root] DEBUG: Initializing auxiliary module "Curtain"...
2020-10-18 07:23:02,593 [root] DEBUG: Started auxiliary module Curtain
2020-10-18 07:23:02,593 [root] DEBUG: Initializing auxiliary module "DigiSig"...
2020-10-18 07:23:02,593 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature.
2020-10-18 07:23:03,609 [modules.auxiliary.digisig] DEBUG: File is not signed.
2020-10-18 07:23:03,609 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2020-10-18 07:23:03,625 [root] DEBUG: Started auxiliary module DigiSig
2020-10-18 07:23:03,625 [root] DEBUG: Initializing auxiliary module "Disguise"...
2020-10-18 07:23:03,640 [modules.auxiliary.disguise] INFO: Disguising GUID to b4302c8c-d917-4ad5-82df-1e9f051db52a
2020-10-18 07:23:03,640 [root] DEBUG: Started auxiliary module Disguise
2020-10-18 07:23:03,640 [root] DEBUG: Initializing auxiliary module "Human"...
2020-10-18 07:23:03,640 [root] DEBUG: Started auxiliary module Human
2020-10-18 07:23:03,640 [root] DEBUG: Initializing auxiliary module "Procmon"...
2020-10-18 07:23:03,656 [root] DEBUG: Started auxiliary module Procmon
2020-10-18 07:23:03,656 [root] DEBUG: Initializing auxiliary module "Screenshots"...
2020-10-18 07:23:03,671 [root] DEBUG: Started auxiliary module Screenshots
2020-10-18 07:23:03,671 [root] DEBUG: Initializing auxiliary module "Sysmon"...
2020-10-18 07:23:03,671 [root] DEBUG: Started auxiliary module Sysmon
2020-10-18 07:23:03,671 [root] DEBUG: Initializing auxiliary module "Usage"...
2020-10-18 07:23:03,671 [root] DEBUG: Started auxiliary module Usage
2020-10-18 07:23:03,671 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option
2020-10-18 07:23:03,671 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option
2020-10-18 07:23:03,671 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option
2020-10-18 07:23:03,671 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option
2020-10-18 07:23:03,703 [lib.api.process] ERROR: Failed to execute process from path "C:\Users\Louise\AppData\Local\Temp\emotet_exe_e2_46335._exe" with arguments "None" (Error: %1 is not a valid Win32 application (ERROR_BAD_EXE_FORMAT))
2020-10-18 07:23:03,703 [root] INFO: You probably submitted the job with wrong package
2020-10-18 07:23:03,718 [root] WARNING: Folder at path "C:\MWPDxeK\debugger" does not exist, skip.
2020-10-18 07:23:03,718 [root] INFO: Analysis completed.

Machine

Name Label Manager Started On Shutdown On
win7x64_2 win7x64_6 KVM 2020-10-18 07:23:04 2020-10-18 07:23:52

File Details

File Name emotet_exe_e2_46335._exe
File Size 235298 bytes
File Type PE32 executable (GUI) Intel 80386, for MS Windows
PE timestamp 2020-10-16 20:44:09
MD5 1bc589c2bba45c650df94d1c29287fcf
SHA1 3004f95a0d3d1c93b915a5ae68bf2ad28cf645bf
SHA256 463354edc5eb544086c2f3c145bee3ac973810df33057d8071e13624ede47616
SHA512 1b26db554ddcdb52472d87ee7306140c3e8fadd88d1d56743a5ab95ee8ab85505bb36fd6ebf208d73a1e8c01da94822fe4bb3ba6d2e5c3e5c6607389c2dda91e
CRC32 ABFF5069
Ssdeep 6144:NXIwVZttuO5pqIFLmg36H3uIxjmk45/zgM4P:VtP5pqIFT36H3uIxjm95/m
Download Download ZIP Resubmit sample

Signatures

Authenticode signature is invalid
authenticode error: No signature found. SignTool Error File not valid C\Users\Louise\AppData\Local\Temp\emotet_exe_e2_46335._exe
File has been identified by 14 Antiviruses on VirusTotal as malicious
Bkav: W32.AIDetectVM.malware1
MicroWorld-eScan: Trojan.Ranapama.AMW
APEX: Malicious
BitDefender: Trojan.Ranapama.AMW
Ad-Aware: Trojan.Ranapama.AMW
Emsisoft: Trojan.Ranapama.AMW (B)
DrWeb: Trojan.Emotet.1042
FireEye: Trojan.Ranapama.AMW
GData: Trojan.Ranapama.AMW
MAX: malware (ai score=83)
Arcabit: Trojan.Ranapama.AMW
Microsoft: Trojan:Win32/EmotetCrypt.ARJ!MTB
McAfee: GenericRXAA-AA!1BC589C2BBA4
Fortinet: W32/BankerX.5CC7!tr
Anomalous binary characteristics
anomaly: Actual checksum does not match that reported in PE header

Screenshots

No screenshots available.

Hosts

No hosts contacted.

DNS

No domains contacted.


Summary

BinGraph Download graph

2020-10-18T07:24:00.292998 image/svg+xml Matplotlib v3.3.0, https://matplotlib.org/

PE Information

Image Base Entry Point Reported Checksum Actual Checksum Minimum OS Version Compile Time Import Hash
0x00400000 0x0040ecf9 0x0005e854 0x00042231 5.0 2020-10-16 20:44:09 802db2b693e23b594e5f02f63ef92ced

Sections

Name RAW Address Virtual Address Virtual Size Size of Raw Data Characteristics Entropy
.text 0x00000400 0x00001000 0x00025227 0x00025400 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.59
.rdata 0x00025800 0x00027000 0x0000930a 0x00009400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.92
.data 0x0002ec00 0x00031000 0x000062d8 0x00002600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 3.93
.rsrc 0x00031200 0x00038000 0x0002170c 0x00021800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.98
.reloc 0x00052a00 0x0005a000 0x00007976 0x00007a00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 0.00

Overlay

Offset 0x00031200
Size 0x00008522

Resources

Name Offset Size Language Sub-language Entropy File type
RT_CURSOR 0x00039fac 0x00000134 LANG_GERMAN SUBLANG_GERMAN 2.23 None
RT_CURSOR 0x00039fac 0x00000134 LANG_GERMAN SUBLANG_GERMAN 2.23 None
RT_CURSOR 0x00039fac 0x00000134 LANG_GERMAN SUBLANG_GERMAN 2.23 None
RT_CURSOR 0x00039fac 0x00000134 LANG_GERMAN SUBLANG_GERMAN 2.23 None
RT_CURSOR 0x00039fac 0x00000134 LANG_GERMAN SUBLANG_GERMAN 2.23 None
RT_CURSOR 0x00039fac 0x00000134 LANG_GERMAN SUBLANG_GERMAN 2.23 None
RT_CURSOR 0x00039fac 0x00000134 LANG_GERMAN SUBLANG_GERMAN 2.23 None
RT_CURSOR 0x00039fac 0x00000134 LANG_GERMAN SUBLANG_GERMAN 2.23 None
RT_CURSOR 0x00039fac 0x00000134 LANG_GERMAN SUBLANG_GERMAN 2.23 None
RT_CURSOR 0x00039fac 0x00000134 LANG_GERMAN SUBLANG_GERMAN 2.23 None
RT_CURSOR 0x00039fac 0x00000134 LANG_GERMAN SUBLANG_GERMAN 2.23 None
RT_CURSOR 0x00039fac 0x00000134 LANG_GERMAN SUBLANG_GERMAN 2.23 None
RT_CURSOR 0x00039fac 0x00000134 LANG_GERMAN SUBLANG_GERMAN 2.23 None
RT_CURSOR 0x00039fac 0x00000134 LANG_GERMAN SUBLANG_GERMAN 2.23 None
RT_CURSOR 0x00039fac 0x00000134 LANG_GERMAN SUBLANG_GERMAN 2.23 None
RT_CURSOR 0x00039fac 0x00000134 LANG_GERMAN SUBLANG_GERMAN 2.23 None
RT_BITMAP 0x0003a198 0x00000144 LANG_GERMAN SUBLANG_GERMAN 2.88 None
RT_BITMAP 0x0003a198 0x00000144 LANG_GERMAN SUBLANG_GERMAN 2.88 None
RT_ICON 0x0003d2ec 0x000008a8 LANG_GERMAN SUBLANG_GERMAN 5.83 None
RT_ICON 0x0003d2ec 0x000008a8 LANG_GERMAN SUBLANG_GERMAN 5.83 None
RT_ICON 0x0003d2ec 0x000008a8 LANG_GERMAN SUBLANG_GERMAN 5.83 None
RT_ICON 0x0003d2ec 0x000008a8 LANG_GERMAN SUBLANG_GERMAN 5.83 None
RT_ICON 0x0003d2ec 0x000008a8 LANG_GERMAN SUBLANG_GERMAN 5.83 None
RT_ICON 0x0003d2ec 0x000008a8 LANG_GERMAN SUBLANG_GERMAN 5.83 None
RT_ICON 0x0003d2ec 0x000008a8 LANG_GERMAN SUBLANG_GERMAN 5.83 None
RT_ICON 0x0003d2ec 0x000008a8 LANG_GERMAN SUBLANG_GERMAN 5.83 None
RT_ICON 0x0003d2ec 0x000008a8 LANG_GERMAN SUBLANG_GERMAN 5.83 None
RT_ICON 0x0003d2ec 0x000008a8 LANG_GERMAN SUBLANG_GERMAN 5.83 None
RT_ICON 0x0003d2ec 0x000008a8 LANG_GERMAN SUBLANG_GERMAN 5.83 None
RT_DIALOG 0x0003e260 0x00000034 LANG_GERMAN SUBLANG_GERMAN 2.42 None
RT_DIALOG 0x0003e260 0x00000034 LANG_GERMAN SUBLANG_GERMAN 2.42 None
RT_DIALOG 0x0003e260 0x00000034 LANG_GERMAN SUBLANG_GERMAN 2.42 None
RT_DIALOG 0x0003e260 0x00000034 LANG_GERMAN SUBLANG_GERMAN 2.42 None
RT_STRING 0x0003f9d4 0x00000042 LANG_GERMAN SUBLANG_GERMAN 1.96 None
RT_STRING 0x0003f9d4 0x00000042 LANG_GERMAN SUBLANG_GERMAN 1.96 None
RT_STRING 0x0003f9d4 0x00000042 LANG_GERMAN SUBLANG_GERMAN 1.96 None
RT_STRING 0x0003f9d4 0x00000042 LANG_GERMAN SUBLANG_GERMAN 1.96 None
RT_STRING 0x0003f9d4 0x00000042 LANG_GERMAN SUBLANG_GERMAN 1.96 None
RT_STRING 0x0003f9d4 0x00000042 LANG_GERMAN SUBLANG_GERMAN 1.96 None
RT_STRING 0x0003f9d4 0x00000042 LANG_GERMAN SUBLANG_GERMAN 1.96 None
RT_STRING 0x0003f9d4 0x00000042 LANG_GERMAN SUBLANG_GERMAN 1.96 None
RT_STRING 0x0003f9d4 0x00000042 LANG_GERMAN SUBLANG_GERMAN 1.96 None
RT_STRING 0x0003f9d4 0x00000042 LANG_GERMAN SUBLANG_GERMAN 1.96 None
RT_STRING 0x0003f9d4 0x00000042 LANG_GERMAN SUBLANG_GERMAN 1.96 None
RT_STRING 0x0003f9d4 0x00000042 LANG_GERMAN SUBLANG_GERMAN 1.96 None
RT_STRING 0x0003f9d4 0x00000042 LANG_GERMAN SUBLANG_GERMAN 1.96 None
RT_STRING 0x0003f9d4 0x00000042 LANG_GERMAN SUBLANG_GERMAN 1.96 None
RT_GROUP_CURSOR 0x0003fb40 0x00000014 LANG_GERMAN SUBLANG_GERMAN 2.02 None
RT_GROUP_CURSOR 0x0003fb40 0x00000014 LANG_GERMAN SUBLANG_GERMAN 2.02 None
RT_GROUP_CURSOR 0x0003fb40 0x00000014 LANG_GERMAN SUBLANG_GERMAN 2.02 None
RT_GROUP_CURSOR 0x0003fb40 0x00000014 LANG_GERMAN SUBLANG_GERMAN 2.02 None
RT_GROUP_CURSOR 0x0003fb40 0x00000014 LANG_GERMAN SUBLANG_GERMAN 2.02 None
RT_GROUP_CURSOR 0x0003fb40 0x00000014 LANG_GERMAN SUBLANG_GERMAN 2.02 None
RT_GROUP_CURSOR 0x0003fb40 0x00000014 LANG_GERMAN SUBLANG_GERMAN 2.02 None
RT_GROUP_CURSOR 0x0003fb40 0x00000014 LANG_GERMAN SUBLANG_GERMAN 2.02 None
RT_GROUP_CURSOR 0x0003fb40 0x00000014 LANG_GERMAN SUBLANG_GERMAN 2.02 None
RT_GROUP_CURSOR 0x0003fb40 0x00000014 LANG_GERMAN SUBLANG_GERMAN 2.02 None
RT_GROUP_CURSOR 0x0003fb40 0x00000014 LANG_GERMAN SUBLANG_GERMAN 2.02 None
RT_GROUP_CURSOR 0x0003fb40 0x00000014 LANG_GERMAN SUBLANG_GERMAN 2.02 None
RT_GROUP_CURSOR 0x0003fb40 0x00000014 LANG_GERMAN SUBLANG_GERMAN 2.02 None
RT_GROUP_CURSOR 0x0003fb40 0x00000014 LANG_GERMAN SUBLANG_GERMAN 2.02 None
RT_GROUP_CURSOR 0x0003fb40 0x00000014 LANG_GERMAN SUBLANG_GERMAN 2.02 None
RT_GROUP_ICON 0x0003fbf0 0x00000022 LANG_GERMAN SUBLANG_GERMAN 2.55 None
RT_GROUP_ICON 0x0003fbf0 0x00000022 LANG_GERMAN SUBLANG_GERMAN 2.55 None
RT_GROUP_ICON 0x0003fbf0 0x00000022 LANG_GERMAN SUBLANG_GERMAN 2.55 None
RT_GROUP_ICON 0x0003fbf0 0x00000022 LANG_GERMAN SUBLANG_GERMAN 2.55 None
RT_GROUP_ICON 0x0003fbf0 0x00000022 LANG_GERMAN SUBLANG_GERMAN 2.55 None
RT_VERSION 0x0003fc14 0x00000354 LANG_GERMAN SUBLANG_GERMAN 3.38 None
RT_MANIFEST 0x0003ff68 0x0000026e LANG_ENGLISH SUBLANG_ENGLISH_US 5.02 None
None 0x000401d8 0x00019533 LANG_GERMAN SUBLANG_GERMAN 7.77 None

Imports

0x427088 GetStartupInfoW
0x42708c HeapAlloc
0x427094 HeapFree
0x427098 RtlUnwind
0x42709c RaiseException
0x4270a0 HeapReAlloc
0x4270a4 Sleep
0x4270a8 ExitProcess
0x4270ac HeapSize
0x4270b4 GetStdHandle
0x4270b8 GetModuleFileNameA
0x4270c4 GetCommandLineW
0x4270c8 SetHandleCount
0x4270cc GetFileType
0x4270d0 GetStartupInfoA
0x4270d4 HeapCreate
0x4270d8 VirtualFree
0x4270e0 GetTickCount
0x4270e4 TerminateProcess
0x4270e8 IsDebuggerPresent
0x4270ec VirtualAlloc
0x4270f4 GetCPInfo
0x4270f8 GetACP
0x4270fc GetOEMCP
0x427100 IsValidCodePage
0x427104 GetConsoleCP
0x427108 GetConsoleMode
0x42710c GetLocaleInfoA
0x427110 GetUserDefaultLCID
0x427114 EnumSystemLocalesA
0x427118 IsValidLocale
0x42711c GetStringTypeA
0x427120 GetStringTypeW
0x427124 LCMapStringA
0x427128 LCMapStringW
0x42712c SetStdHandle
0x427130 WriteConsoleA
0x427134 GetConsoleOutputCP
0x427138 WriteConsoleW
0x42713c CreateFileA
0x427140 SetErrorMode
0x427144 FlushFileBuffers
0x427148 SetFilePointer
0x42714c WriteFile
0x427150 ReadFile
0x427158 GlobalFlags
0x42715c TlsFree
0x427164 LocalReAlloc
0x427168 TlsSetValue
0x42716c TlsAlloc
0x427174 GlobalHandle
0x427178 GlobalReAlloc
0x427180 TlsGetValue
0x427188 LocalAlloc
0x427190 CloseHandle
0x427198 GetCurrentThread
0x4271a4 GetLocaleInfoW
0x4271a8 InterlockedExchange
0x4271ac lstrlenA
0x4271b0 lstrcmpA
0x4271b4 GetCurrentProcessId
0x4271b8 GetModuleFileNameW
0x4271bc GetModuleHandleA
0x4271c0 GlobalFree
0x4271c4 GlobalAlloc
0x4271c8 GlobalLock
0x4271cc GlobalUnlock
0x4271d0 WideCharToMultiByte
0x4271d4 lstrlenW
0x4271d8 GetCurrentThreadId
0x4271dc GlobalAddAtomW
0x4271e0 GlobalFindAtomW
0x4271e4 GlobalDeleteAtom
0x4271e8 LoadLibraryA
0x4271ec GetLastError
0x4271f0 SetLastError
0x4271f4 lstrcmpW
0x4271f8 MultiByteToWideChar
0x4271fc GetModuleHandleW
0x427200 GetVersionExA
0x427204 FindResourceW
0x427208 LoadResource
0x42720c LockResource
0x427210 SizeofResource
0x427214 GetCurrentProcess
0x427218 GetProcAddress
0x42721c GetModuleHandleExA
0x427220 LocalFree
0x427224 FormatMessageW
0x427228 FreeLibrary
0x42722c LoadLibraryW
0x427254 IsWindowEnabled
0x427258 ShowWindow
0x42725c SetWindowTextW
0x427264 WinHelpW
0x427268 GetCapture
0x42726c SetWindowsHookExW
0x427270 CallNextHookEx
0x427274 GetClassLongW
0x427278 GetClassNameW
0x42727c SetPropW
0x427280 GetPropW
0x427284 RemovePropW
0x427288 GetFocus
0x42728c GetWindowTextW
0x427290 GetForegroundWindow
0x427294 GetLastActivePopup
0x427298 DispatchMessageW
0x42729c GetDlgItem
0x4272a0 GetTopWindow
0x4272a4 DestroyWindow
0x4272a8 UnhookWindowsHookEx
0x4272ac GetMessageTime
0x4272b0 GetMessagePos
0x4272b4 PeekMessageW
0x4272b8 MapWindowPoints
0x4272bc GetKeyState
0x4272c0 SetMenu
0x4272c4 SetForegroundWindow
0x4272c8 IsWindowVisible
0x4272cc PostMessageW
0x4272d0 GetSubMenu
0x4272d4 GetMenuItemID
0x4272d8 GetMenuItemCount
0x4272dc MessageBoxW
0x4272e0 CreateWindowExW
0x4272e4 GetClassInfoExW
0x4272e8 GetClassInfoW
0x4272ec RegisterClassW
0x4272f0 AdjustWindowRectEx
0x4272f4 CopyRect
0x4272f8 GetDlgCtrlID
0x4272fc DefWindowProcW
0x427300 CallWindowProcW
0x427304 GetMenu
0x427308 GetWindowLongW
0x42730c SetWindowPos
0x427314 GetWindowPlacement
0x427318 GetWindow
0x42731c GetSystemMetrics
0x427320 IsIconic
0x427324 LoadIconW
0x427328 EnableWindow
0x42732c SendMessageW
0x427330 SetCursor
0x427334 PtInRect
0x427338 GetCursorPos
0x42733c LoadCursorW
0x427340 ReleaseDC
0x427344 GetDC
0x427348 GetParent
0x42734c GetWindowRect
0x427350 GetSysColor
0x427354 IsWindow
0x427358 UnregisterClassW
0x42735c SetWindowLongW
0x427360 GetClientRect
0x427364 GetSysColorBrush
0x427368 DestroyMenu
0x42736c GetMessageW
0x427370 TranslateMessage
0x427374 ValidateRect
0x427378 GetActiveWindow
0x42737c PostQuitMessage
0x427384 ClientToScreen
0x427388 GrayStringW
0x42738c DrawTextExW
0x427390 DrawTextW
0x427394 TabbedTextOutW
0x427398 SetMenuItemBitmaps
0x4273a0 LoadBitmapW
0x4273a4 ModifyMenuW
0x4273a8 GetMenuState
0x4273ac EnableMenuItem
0x4273b0 CheckMenuItem
0x427028 DeleteObject
0x42702c PtVisible
0x427030 RectVisible
0x427034 TextOutW
0x427038 ExtTextOutW
0x42703c Escape
0x427040 SelectObject
0x427044 SetViewportOrgEx
0x427048 OffsetViewportOrgEx
0x42704c SetViewportExtEx
0x427050 ScaleViewportExtEx
0x427054 SetWindowExtEx
0x427058 DeleteDC
0x42705c SetMapMode
0x427060 RestoreDC
0x427064 SaveDC
0x427068 SetBkColor
0x42706c GetDeviceCaps
0x427070 ScaleWindowExtEx
0x427074 GetStockObject
0x427078 SetTextColor
0x42707c GetClipBox
0x427080 CreateBitmap
0x4273b8 DocumentPropertiesW
0x4273bc OpenPrinterW
0x4273c0 ClosePrinter
0x427000 RegSetValueExW
0x427004 RegOpenKeyW
0x427008 RegEnumKeyW
0x42700c RegDeleteKeyW
0x427010 RegOpenKeyExW
0x427014 RegCreateKeyExW
0x427018 RegQueryValueExW
0x42701c RegCloseKey
0x427020 RegQueryValueW
0x427248 PathFindFileNameW
0x42724c PathFindExtensionW
0x427238 VariantInit
0x42723c VariantChangeType
0x427240 VariantClear

!This program cannot be run in DOS mode.
.text
`.rdata
@.data
.rsrc
@.reloc
@t'9u
;(r[V
F0$xB
Q$_^]
Q(_^]
Q,_^]
Q0_^]
Q4_^]
Q8_^]
Q<_^]
QD_^]
QP_^]
QT_^]
QX_^]
Q\_^]
Qd_^]
Qh_^]
F0$xB
S\_^[]
S\_^[]
@[_^]
t39w u&
_ 9w$u
Ht;O u
Q$_^]
Q(_^]
Q,_^]
Q0_^]
Q4_^]
Q8_^]
Q<_^]
QD_^]
QP_^]
QT_^]
QX_^]
Q\_^]
Qd_^]
u8hdzB
8hXzB
u=j0^VP
SVWj(3
+F(_^[;E
F(@@;F,v
F(;^ r
F(;F0u
^(_^[]
v|ht`C
P|_^]
j _W3
PWVWWW
WVWWW
0WWWWS
WWWWS
Ph_^[
@_[^]
WtrHHt
tA9wht<
9p t-S
9p$ty
u*h(RC
Pj8hh
j8hh
QQSVW
^(_^[
9~8ucj
F4_^[]
YQPVh
SSSSS
SSSSS
HH_^[
VVVVV
VVVVV
SSSSS
SSSSS
0WWWWW
VVVVV
0WWWWW
@AA;E
0WWWWW
AAFFf;
QQSVWd
Y__^[
Y__^[
0WWWWW
@@BBf;
@@BBf;
0;1t|
wIVSP
uBhm0A
YhptB
0WWWWW
AAFFf;
SSSSS
WWWWW
WWWWW
SVWt*
VVVVV
PPPPP
VVVVV
VVVVV
VVVVV
>=Yt1j
tPVWP
PPPPP
QQSVWh
teht3A
PPPPP
PPPPP
PPPPP
0SSSSS
s[S;7|G;w
tR99u2
@_^[]
URPQQhLwA
SSSSS
PPPPP
_VVVVV
SSSSS
SSSSS
^WWWWW
PPPPP
SSSSS
SSSSS
VVVVV
WWWWW
0SSSSS
0SSSSS
VVVVV
to=H+C
Y_^[]
SSSSS
SSSSS
PPPPP
SSSSS
PPPPP
VVVVV
VVVVV
VVVVV
PPPPP
VVVVV
vSSSh
SSSSS
950^C
WWWWW
WWWWW
VVVVV
VVVVV
WWWWW
VVVVV
VVVVV
SVWUj
;t$,v-
UQPXY]Y[
u,VVWV
t VV9u
^SSSSS
j"^SSSSS
QSWVj
SSSSW
SSSSW
0SSSSS
PPPPP
_VVVVV
Pj1Q3
F Pj*
F$Pj+
F(Pj,
F,Pj-
F0Pj.
F4Pj/
F8PjD
F<PjE
FDPjG
FHPjH
FLPjI
FPPjJ
FTPjK
FXPjL
F\PjM
F`PjN
FdPjO
FhPj8
FlPj9
FpPj:
FtPj;
FxPj<
F|Pj=
;5P+C
v$;5l+C
C PjPV
C$PjQV
C*PjTV
C+PjUV
C,PjVV
C-PjWV
C.PjRV
C/PjSV
PPPPPPPP
PPPPP
9] SS
PPPPPPPP
u8SS3
9]$SS
t"SS9]
VW|[;
VVVVV
~,WPV
WWWWW
@WuyV
WWWWW
VVVVV
WWWWW
SSSSS
<+t(<-t$:
+t HHt
VVVVV
VVVVV
SSSSS
SSSSS
VVVVV
SSSSS
SSSSS
VVVVV
^SSSSS
^SSSSS
WWWWV
t+WWVPV
WWWWW
WWWWW
SSSSS
SSSSS
SSSSS
VVVVV
WWWWW
FYY;u
FYY;u
HHtt2
t}9>uyj
9^Lth
F 98u
FAPPW
9^Lty
FAPPQ
F09^(u
WWWWW
WWWWW
WWWWW
WWWWW
SSSSS
WWWWW
VVVVV
WWWWW
WWWWW
VVVVV
VVVVV
WWWWW
SSSSS
GetMonitorInfoA
GetMonitorInfoW
EnumDisplayDevicesW
EnumDisplayMonitors
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
GetSystemMetrics
DISPLAY
InitCommonControls
InitCommonControlsEx
HtmlHelpW
hhctrl.ocx
CCmdTarget
COleException
CInvalidArgException
CNotSupportedException
CMemoryException
CSimpleException
CException
CGdiObject
CUserException
CResourceException
CArchiveException
CObject
CWinApp
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
CWinThread
CMenu
CMapPtrToPtr
CByteArray
NotifyWinEvent
CObArray
CPtrArray
Unknown exception
CorExitProcess
HeapQueryInformation
runtime error
TLOSS error
SING error
DOMAIN error
R6034
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
R6033
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
R6032
- not enough space for locale information
R6031
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
R6030
- CRT not initialized
R6028
- unable to initialize heap
R6027
- not enough space for lowio initialization
R6026
- not enough space for stdio initialization
R6025
- pure virtual function call
R6024
- not enough space for _onexit/atexit table
R6019
- unable to open console device
R6018
- unexpected heap error
R6017
- unexpected multithread lock error
R6016
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
R6009
- not enough space for environment
R6008
- not enough space for arguments
R6002
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
bad exception
e+000
GAIsProcessorFeaturePresent
KERNEL32
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
LC_TIME
LC_NUMERIC
LC_MONETARY
LC_CTYPE
LC_COLLATE
LC_ALL
!"#$%&'()*+,-./0123456789:;<=>[email protected][\]^_`abcdefghijklmnopqrstuvwxyz{|}~
Complete Object Locator'
Class Hierarchy Descriptor'
Base Class Array'
Base Class Descriptor at (
Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
delete[]
new[]
`local vftable constructor closure'
`local vftable'
`RTTI
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
delete
__unaligned
__restrict
__ptr64
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
(null)
( 8PX
700WP
`h````
xpxxxx
('8PW
700PP
`h`hhh
xppwpp
!"#$%&'()*+,-./0123456789:;<=>[email protected][\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>[email protected][\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
united-states
united-kingdom
trinidad & tobago
south-korea
south-africa
south korea
south africa
slovak
puerto-rico
pr-china
pr china
new-zealand
hong-kong
holland
great britain
england
czech
china
britain
america
swiss
swedish-finland
spanish-venezuela
spanish-uruguay
spanish-puerto rico
spanish-peru
spanish-paraguay
spanish-panama
spanish-nicaragua
spanish-modern
spanish-mexican
spanish-honduras
spanish-guatemala
spanish-el salvador
spanish-ecuador
spanish-dominican republic
spanish-costa rica
spanish-colombia
spanish-chile
spanish-bolivia
spanish-argentina
portuguese-brazilian
norwegian-nynorsk
norwegian-bokmal
norwegian
italian-swiss
irish-english
german-swiss
german-luxembourg
german-lichtenstein
german-austrian
french-swiss
french-luxembourg
french-canadian
french-belgian
english-usa
english-us
english-uk
english-trinidad y tobago
english-south africa
english-nz
english-jamaica
english-ire
english-caribbean
english-can
english-belize
english-aus
english-american
dutch-belgian
chinese-traditional
chinese-singapore
chinese-simplified
chinese-hongkong
chinese
canadian
belgian
australian
american-english
american english
american
Norwegian-Nynorsk
1#QNAN
1#INF
1#IND
1#SNAN
CONOUT$
bad cast
string too long
invalid string position
=L9o<
OLEACC.dll
bad allocation
ios_base::badbit set
ios_base::failbit set
ios_base::eofbit set
kernel32.dll
VirtualAllocExNuma
LdrAcces
sResource
indResource_U
ntdll.dll
C:\Users\BEAUREGARD\Videos\PwdChange_src\PwdChange\Release\PwdChange.pdb
CreateStdAccessibleObject
LresultFromObject
LoadLibraryW
FreeLibrary
FormatMessageW
LocalFree
GetModuleHandleExA
GetProcAddress
GetCurrentProcess
SizeofResource
LockResource
LoadResource
FindResourceW
GetVersionExA
GetModuleHandleW
MultiByteToWideChar
lstrcmpW
SetLastError
GetLastError
LoadLibraryA
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GetCurrentThreadId
lstrlenW
WideCharToMultiByte
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
GetModuleHandleA
GetModuleFileNameW
GetCurrentProcessId
lstrcmpA
lstrlenA
InterlockedExchange
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
WritePrivateProfileStringW
CloseHandle
InterlockedDecrement
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GlobalFlags
InterlockedIncrement
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
SetErrorMode
GetStartupInfoW
HeapAlloc
GetSystemTimeAsFileTime
HeapFree
RtlUnwind
RaiseException
HeapReAlloc
Sleep
ExitProcess
HeapSize
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
VirtualAlloc
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
KERNEL32.dll
EnableWindow
SendMessageW
SetCursor
SetWindowLongW
GetClientRect
IsWindow
GetSysColor
GetWindowRect
GetParent
GetDC
ReleaseDC
LoadCursorW
GetCursorPos
PtInRect
LoadIconW
IsIconic
GetSystemMetrics
GetWindow
GetWindowPlacement
SystemParametersInfoA
SetWindowPos
GetWindowLongW
GetMenu
CallWindowProcW
DefWindowProcW
GetDlgCtrlID
CopyRect
AdjustWindowRectEx
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
MessageBoxW
GetMenuItemCount
GetMenuItemID
GetSubMenu
PostMessageW
IsWindowVisible
SetForegroundWindow
SetMenu
GetKeyState
MapWindowPoints
PeekMessageW
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
DestroyWindow
GetTopWindow
GetDlgItem
DispatchMessageW
GetLastActivePopup
GetForegroundWindow
GetWindowTextW
GetFocus
RemovePropW
GetPropW
SetPropW
GetClassNameW
GetClassLongW
CallNextHookEx
SetWindowsHookExW
GetCapture
WinHelpW
RegisterWindowMessageW
SetWindowTextW
ShowWindow
IsWindowEnabled
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuW
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
ClientToScreen
GetWindowThreadProcessId
PostQuitMessage
GetActiveWindow
ValidateRect
TranslateMessage
GetMessageW
DestroyMenu
GetSysColorBrush
UnregisterClassW
USER32.dll
GetStockObject
GetClipBox
SetTextColor
SetBkColor
CreateBitmap
GetDeviceCaps
SaveDC
RestoreDC
SetMapMode
DeleteObject
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GDI32.dll
ClosePrinter
DocumentPropertiesW
OpenPrinterW
WINSPOOL.DRV
RegOpenKeyExW
RegQueryValueW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyW
ADVAPI32.dll
PathFindExtensionW
PathFindFileNameW
SHLWAPI.dll
OLEAUT32.dll
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
z?aUY
zc%C1
-64OS
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
E0*NkXU(t<4Igm7BmNdk5mISUbOFJImv?swVJc2FZv*[email protected](jd$pIJ6&8oVA
ww187
w7pwp8
87770
77777
77778
788777
ssssw
77777
78777
w777w77
swsss
33330
w77ww70888
ssssssp
78770708888
777p80
770888
wwwwwwp
wwwwww
wwwww
wwwwwp
wwwww
wwwwz
wwwwww
wwwwwp
pnnxp
pnnxp
wwwwz
jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj{{{{{jjjjjjjjjjjjjjj}}}}}jjjjj
jjjjjjjjjjjj
+8}jjjjjjjjjj
ssv*w
#jjjjjjjjj
ssv*w
yjjjjjjjjj
0jjjjjjjjjjj
0jjjj
jjjjjj}}}|jjj
jjjjj
nn}}}}
LLN<<
AMQQQRH<
AMQQQRH<
KRSTTSR<
7lmmnb
KRSTTSR<
OUUWWUU<
yyyllllyyy
OUUWWUU<
KWZ[[[X<
jjjjyD
KWZ[[[X<
W[]cc\[<
jjjjyD
W[]cc\[<
Y\deed\<#jjjjyD
Y\ceed\<#j
:a_]<yjjjjj
7:a_]<yjjjjj
/jjjjjj
"jjjjjj
/jjjjjjjjjjjjjjj
jjjjjjjjjjjjjjjjjjjjjjj
/////+8}jjjjjjjjjjjjjjjjjjjjj
#jjjjjjjjjjjjjjjjjjjjj
yjjjjjjjjjjjjjjjjjjjjjj
+jjjjjjjjjjjjjjjjjjjjjjjj
|jjjjjjjjjjjjjjjjjjjjjj
AMQQQRH<
jjjjjjjjjjjjjjjjjjjjjj
KRSTTSR<
jjjjjjjjjjjjjjjjjjjjjj
OUUWWUU<
jjjjjjjjjjjjjjjjjjjjjj
KWZ[[[X<
jjjjjjjjjjjjjjjjjjjjj
W[]cc\[<
jjjjjjjjjjjjjjjjjjjjj
Y\deed\<#jjjjjjjjjjjjjjjjjjjjj
7:a_]<yjjjjjjjjjjjjjjjjjjjjjjjjj
/jjjjjjjjjjj
""""(
wwwwwww
ssxxx""
x8swxw
3swwxp
wwwww
wwwwwwwwww1"""
fffffffff
l|||||||f
nnnnn
n~~~~~~
s"""7wwwwwwwwwww2""
eSOJ`VH
E==5]]H
]b0..(bV
_X<%!!
]M`usqnh
>+?<#
}sqjXT
}hUGK44To
~aKIWakoS84To
>"1:Whsqnc\
sqncADGGD9J
sqnX;DGGG==
1sqnW/@76CA.
asqn:##$,;9'
(hsqn:
Dpppi_rv
{|oSO
DDDDD
{xcc9/////9jc
J/(,,%<[email protected]==7++# j
9,5DNO6
6OOOKC=;2-*$
!<>HOQV(
3ZYVQOF=;20
5>MOR\P
v8a^\VOH=;0!
X;HOT^fL|
]le^ZOE=09
<OS^gl1
)kle^TO>8u
<O\elp
|1pla\QB
,S^lmlX
?nh^Q&
Ldlsi
pVDCO
Q2EZx
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
<dependency>
<dependentAssembly>
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
</dependentAssembly>
</dependency>
</assembly>PA'
36>wB
O{tDRc
q?)=X
`:Nm=
/P9AY
02knuJ)
8L^+ %aD
!Id~U
jjjjj
AfxWnd90su
AfxControlBar90su
AfxMDIFrame90su
AfxFrameOrView90su
AfxOleControl90su
AfxOldWndProc423
USER32
YaccParent
accChildCount
accChild
accName
accValue
accDescription
accRole
accState
accHelp
accHelpTopic
accKeyboardShortcut
accFocus
accSelection
accDefaultAction
accSelect
accLocation
accNavigate
accHitTest
accDoDefaultAction
#32768
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
commctrl_DragListMsg
tDelete
NoRemove
ForceRemove
pSettings
PreviewPages
KERNEL32
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoRun
NoDrives
RestrictRun
NoNetConnectDisconnect
NoRecentDocsHistory
NoClose
Software\Microsoft\Windows\CurrentVersion\Policies\Network
NoEntireNetwork
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
NoPlacesBar
NoBackButton
NoFileMru
ntdll.dll
kernel32.dll
%s%s.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp
software
@Software\Classes\
Software\
@comctl32.dll
@comdlg32.dll
@shell32.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
%2\CLSID
%2\Insertable
%2\protocol\StdFileEditing\verb\0
&Edit
%2\protocol\StdFileEditing\server
CLSID\%1
CLSID\%1\ProgID
CLSID\%1\InprocHandler32
ole32.dll
CLSID\%1\LocalServer32
CLSID\%1\Verb\0
&Edit,0,2
CLSID\%1\Verb\1
&Open,0,2
CLSID\%1\Insertable
CLSID\%1\AuxUserType\2
CLSID\%1\AuxUserType\3
CLSID\%1\DefaultIcon
%3,%7
CLSID\%1\MiscStatus
CLSID\%1\InProcServer32
CLSID\%1\DocObject
%2\DocObject
CLSID\%1\Printable
CLSID\%1\DefaultExtension
%9, %8
B.INI
user32.dll
mscoree.dll
KERNEL32.DLL
B(null)
((((( H
h(((( H
H
C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\atlmfc\include\afxwin1.inl
Exception thrown in destructor
%s (%s:%d)
%s (%s:%d)
Apartment
Info
ber Password Changer
MS Shell Dlg
Password Changer
Version 1.0
(C) Copyright 2006 by Steffen Lange
Alle Rechte vorbehalten.
Password Changer
MS Shell Dlg
IDCANCEL
IDC_LBL_DOMAIN
IDC_LBL_SERVER
IDC_BTN_SERVER
IDC_LBL_USER
IDC_BTN_USER
IDC_LBL_OLDPASSWORD
IDC_LBL_NEWPASSWORD
IDC_BTN_CHANGE
Steffen-Lange.com
MS Shell Dlg
&New
Cancel
&Help
MS Shell Dlg
&Info...
&Schlie
&Computer suchen
&Benutzer suchen
&Kennwort
ndern
ne / Arbeitsgruppe
Computer
Benutzer
Altes Kennwort
Neues KennwortSDer Benutzername ist falsch oder die eingegebenen Kennw
rter stimmen nicht
berein.
Save As
All Files (*.*)
Untitled
an unnamed file
&Hide
No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.
Out of memory.
An unknown error has occurred.!Encountered an improper argument.
Incorrect filename.
Failed to open document.
Failed to save document.
Save changes to %1? Failed to create empty document.
The file is too large to open.
Could not start print job.
Failed to launch help.
Internal application error.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Enter an integer.
Enter a number.#Enter an integer between %1 and %2.!Enter a number between %1 and %2.!Enter no more than %1 characters.
Select a button.#Enter an integer between 0 and 255.
Enter a positive integer.
Enter a date and/or time.
Enter a currency.
Enter a GUID.
Enter a time.
Enter a date.
Unexpected file format.O%1
Cannot find this file.
Verify that the correct path and file name are given.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.
%1: %2
Continue running script?
Dispatch exception: %1
#Unable to read write-only property.#Unable to write read-only property.
#Unable to load mail system support.
Mail system DLL is invalid.!Send Mail failed to send message.
No error occurred.-An unknown error occurred while accessing %1.
%1 was not found.
%1 contains an incorrect path.8Could not open %1 because there are too many open files.
Access to %1 was denied.0An incorrect file handle was associated with %1.8Could not remove %1 because it is the current directory.2Could not create %1 because the directory is full.
Seek failed on %14Encountered a hardware I/O error while accessing %1.3Encountered a sharing violation while accessing %1.3Encountered a locking violation while accessing %1.
Disk full while accessing %1.$Attempted to access %1 past its end.
No error occurred.-An unknown error occurred while accessing %1.%Attempted to write to the reading %1.$Attempted to access %1 past its end.&Attempted to read from the writing %1.
%1 has a bad format."%1 contained an unexpected object. %1 contains an incorrect schema.
pixels
Uncheck
Check
Mixed
VS_VERSION_INFO
StringFileInfo
040704e4
CompanyName
Steffen Lange
FileDescription
Password Changer
FileVersion
1.0.0.1
InternalName
PwdChange.exe
LegalCopyright
(C) Copyright 2006 by Steffen Lange
LegalTrademarks
Alle Rechte vorbehalten.
OriginalFilename
PwdChange.exe
ProductName
Password Changer
ProductVersion
1.0.0.1
VarFileInfo
Translation

Full Results

Engine Signature Engine Signature Engine Signature
Bkav W32.AIDetectVM.malware1 Elastic Clean MicroWorld-eScan Trojan.Ranapama.AMW
CMC Clean CAT-QuickHeal Clean ALYac Clean
Cylance Clean VIPRE Clean SUPERAntiSpyware Clean
Sangfor Clean K7AntiVirus Clean Alibaba Clean
K7GW Clean Cybereason Clean TrendMicro Clean
Baidu Clean Cyren Clean Symantec Clean
TotalDefense Clean APEX Malicious Avast Clean
ClamAV Clean Kaspersky Clean BitDefender Trojan.Ranapama.AMW
NANO-Antivirus Clean Paloalto Clean AegisLab Clean
Rising Clean Ad-Aware Trojan.Ranapama.AMW Emsisoft Trojan.Ranapama.AMW (B)
Comodo Clean F-Secure Clean DrWeb Trojan.Emotet.1042
Zillya Clean Invincea Clean McAfee-GW-Edition Clean
FireEye Trojan.Ranapama.AMW Sophos Clean SentinelOne Clean
GData Trojan.Ranapama.AMW Jiangmin Clean Webroot Clean
Avira Clean eGambit Clean MAX malware (ai score=83)
Antiy-AVL Clean Kingsoft Clean Arcabit Trojan.Ranapama.AMW
ViRobot Clean ZoneAlarm Clean Microsoft Trojan:Win32/EmotetCrypt.ARJ!MTB
Cynet Clean AhnLab-V3 Clean Acronis Clean
McAfee GenericRXAA-AA!1BC589C2BBA4 TACHYON Clean VBA32 Clean
Malwarebytes Clean Zoner Clean ESET-NOD32 Clean
TrendMicro-HouseCall Clean Tencent Clean Yandex Clean
Ikarus Clean MaxSecure Clean Fortinet W32/BankerX.5CC7!tr
BitDefenderTheta Clean AVG Clean Panda Clean
CrowdStrike Clean Qihoo-360 Clean
Sorry! No behavior.

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

Sorry! No dropped files.
Sorry! No process dumps.
Defense Evasion
  • T1116 - Code Signing
    • Signature - invalid_authenticode_signature

    Processing ( 3.859 seconds )

    • 1.792 CAPE
    • 1.188 VirusTotal
    • 0.417 Suricata
    • 0.313 Static
    • 0.091 AnalysisInfo
    • 0.035 TargetInfo
    • 0.008 peid
    • 0.007 Strings
    • 0.005 Debug
    • 0.002 NetworkAnalysis
    • 0.001 BehaviorAnalysis

    Signatures ( 0.05100000000000001 seconds )

    • 0.01 ransomware_files
    • 0.007 ransomware_extensions
    • 0.005 antiav_detectreg
    • 0.003 antiav_detectfile
    • 0.003 infostealer_ftp
    • 0.002 persistence_autorun
    • 0.002 antianalysis_detectfile
    • 0.002 infostealer_bitcoin
    • 0.002 infostealer_im
    • 0.002 territorial_disputes_sigs
    • 0.001 kibex_behavior
    • 0.001 tinba_behavior
    • 0.001 antianalysis_detectreg
    • 0.001 antivm_vbox_files
    • 0.001 geodo_banking_trojan
    • 0.001 browser_security
    • 0.001 disables_backups
    • 0.001 disables_browser_warn
    • 0.001 azorult_mutexes
    • 0.001 infostealer_mail
    • 0.001 masquerade_process_name
    • 0.001 revil_mutexes
    • 0.001 ursnif_behavior

    Reporting ( 1.696 seconds )

    • 1.43 BinGraph
    • 0.266 MITRE_TTPS