=================================================================================================== https://www.virustotal.com/file-scan/reanalysis.html?id=675af79b0fe81efd43a36fa02469767bfe01107c6240eb05e01c15c572b5c587-1308742163 MD5: ced3103e366d2eeac145639b080b3426 Date first seen: 2011-04-01 12:52:03 (UTC) Date last seen: 2011-06-02 04:42:54 (UTC) Detection ratio: 32/42 http://www.virustotal.com/file-scan/report.html?id=675af79b0fe81efd43a36fa02469767bfe01107c6240eb05e01c15c572b5c587-1308742163 File name: HPZipm12L.dll Submission date: 2011-06-22 11:29:23 (UTC) Result: 32/ 42 (76.2%) AhnLab-V3 2011.06.22.02 2011.06.22 Win-Trojan/Agent2.118784.AM AntiVir 7.11.10.66 2011.06.22 TR/Vundo.4.133 Antiy-AVL 2.0.3.7 2011.06.22 Trojan/Win32.Agent2.gen Avast 4.8.1351.0 2011.06.22 Win32:MalOb-GD Avast5 5.0.677.0 2011.06.22 Win32:MalOb-GD AVG 10.0.0.1190 2011.06.22 Generic21.AYHF BitDefender 7.2 2011.06.22 Gen:Variant.Vundo.4 CAT-QuickHeal 11.00 2011.06.22 Trojan.Agent2.defh ClamAV 0.97.0.0 2011.06.22 - Commtouch 5.3.2.6 2011.06.22 - Comodo 9154 2011.06.22 UnclassifiedMalware DrWeb 5.0.2.03300 2011.06.22 Trojan.Siggen2.26990 eSafe 7.0.17.0 2011.06.21 - eTrust-Vet 36.1.8400 2011.06.22 - F-Prot 4.6.2.117 2011.06.22 - F-Secure 9.0.16440.0 2011.06.22 Gen:Variant.Vundo.4 Fortinet 4.2.257.0 2011.06.22 - GData 22 2011.06.22 Gen:Variant.Vundo.4 Ikarus T3.1.1.104.0 2011.06.22 Trojan.Win32.Pirminay Jiangmin 13.0.900 2011.06.22 Trojan/Agent.euvl K7AntiVirus 9.106.4831 2011.06.21 Trojan Kaspersky 9.0.0.837 2011.06.22 Trojan.Win32.Agent2.defh McAfee 5.400.0.1158 2011.06.22 Vundo McAfee-GW-Edition 2010.1D 2011.06.22 Vundo Microsoft 1.7000 2011.06.22 Trojan:Win32/Vundo NOD32 6228 2011.06.22 a variant of Win32/Kryptik.NDC Norman 6.07.10 2011.06.22 W32/Suspicious_Gen2.KYWXF nProtect 2011-06-22.02 2011.06.22 Gen:Variant.Vundo.4 Panda 10.0.3.5 2011.06.21 Generic Trojan PCTools 8.0.0.5 2011.06.22 Trojan.Vundo!rem Prevx 3.0 2011.06.22 - Rising 23.63.02.03 2011.06.22 - Sophos 4.66.0 2011.06.22 Mal/Generic-L SUPERAntiSpyware 4.40.0.1006 2011.06.22 - Symantec 20111.1.0.186 2011.06.22 Trojan.Vundo TheHacker 6.7.0.1.237 2011.06.22 Trojan/Agent2.defh TrendMicro 9.200.0.1012 2011.06.22 TROJ_VUNDO.BWE TrendMicro-HouseCall 9.200.0.1012 2011.06.22 TROJ_VUNDO.BWE VBA32 3.12.16.2 2011.06.22 Trojan.Agent2.defh VIPRE 9656 2011.06.22 Trojan.Win32.Kryptik.laq (v) ViRobot 2011.6.22.4527 2011.06.22 - VirusBuster 14.0.90.0 2011.06.21 Trojan.Agent2!TGbgafVdiHU MD5 : ced3103e366d2eeac145639b080b3426 SHA1 : 77881085585c7ae773814c8f5d9083ed9ac466a5 SHA256: 675af79b0fe81efd43a36fa02469767bfe01107c6240eb05e01c15c572b5c587 ssdeep: 1536:9LRSYDJELTyDFuCsgfpM9UeZ0CfW3g3KEQBom6gbV/wAYQTQMxuWp:PSYDyv63lpM9R0Cf VQBoVgbV/VYjDc File size : 118784 bytes First seen: 2011-04-01 12:52:03 Last seen : 2011-06-22 11:29:23 TrID: Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) sigcheck: publisher....: Seswrqkme Irshxagykay copyright....: (c) Nzpmhmaky Bksrynteigs. All rights reserved. product......: Internet Information Services description..: Xaoatxjyx IIS Plugin DLL original name: IISLOG.DLL internal name: IISLOG.DLL file version.: 6.0.3790.3959 (srv03_sp2_rtm.070216-1710) comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEiD: Armadillo v1.xx - v2.xx PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x9B8A timedatestamp....: 0x47F7E871 (Sat Apr 05 21:00:33 2008) machinetype......: 0x14c (I386) [[ 5 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .text, 0x1000, 0xBC1E, 0xC000, 6.50, 2f9dd14f76499758023a1ab5b69a9d2a .rdata, 0xD000, 0x10AC, 0x2000, 3.40, c0d1c90d8949f1d6152729904f516dfc .data, 0xF000, 0x13F84, 0xC000, 4.36, ecc0317f6703c98b55a7c58d2819a519 .rsrc, 0x23000, 0x698, 0x1000, 1.71, 57371fdefdcfc6397a4120ee244f7216 .reloc, 0x24000, 0xE20, 0x1000, 5.70, 94fa5d5f878f59389d9c9da6642a0e85 [[ 5 import(s) ]] KERNEL32.dll: GetCurrentProcess, FindResourceExW, FindResourceW, LoadResource, LockResource, SizeofResource, OutputDebugStringA, GetVersion, GetFileAttributesW, GetProcAddress, GetModuleHandleA, LoadLibraryA, CloseHandle, GetStringTypeA, LCMapStringW, LCMapStringA, MultiByteToWideChar, GetOEMCP, GetACP, GetCPInfo, SetUnhandledExceptionFilter, GetEnvironmentStringsW, GetEnvironmentStrings, WideCharToMultiByte, FreeEnvironmentStringsW, FreeEnvironmentStringsA, GetStartupInfoA, GetFileType, GetStdHandle, SetHandleCount, ExitProcess, HeapReAlloc, VirtualFree, HeapCreate, HeapDestroy, GetVersionExA, GetEnvironmentVariableA, GetModuleFileNameA, RtlUnwind, HeapFree, HeapAlloc, UnhandledExceptionFilter, TerminateProcess, VirtualAlloc, GetProcessHeap, GetThreadLocale, GetStringTypeW, SetThreadLocale, ExpandEnvironmentStringsW, CreateThread, FormatMessageW, SetProcessWorkingSetSize, WaitForSingleObject, SetEvent, lstrcmpA, LocalAlloc, LocalFree, GetCommandLineA, WriteFile, VirtualProtect USER32.dll: GetSystemMetrics, SetCursor, GetParent, SetWindowTextW, GetDC, ReleaseDC, ShowWindow, SetWindowLongW, LoadCursorW, PostMessageW, GetScrollInfo, SetScrollInfo, MapWindowPoints, CreateWindowExW, DispatchMessageW, IsWindowVisible, IsWindowEnabled, TrackMouseEvent, GetSysColor, CallWindowProcW, GetWindowLongW, EnableWindow, DestroyIcon, FillRect, DrawIconEx, GetFocus, DrawFocusRect, GetDlgItem, SetRect, IsDialogMessageW, GetMessageW, PeekMessageW, TranslateMessage, LoadImageW, SendMessageW, LoadIconW, MoveWindow, GetWindowRect, GetClientRect, ScreenToClient, BeginPaint, EndPaint, InvalidateRect, SetFocus, DestroyWindow, DefWindowProcW, SystemParametersInfoW ADVAPI32.dll: AllocateAndInitializeSid, FreeSid, RegCloseKey, RegEnumKeyExW, CheckTokenMembership GDI32.dll: GetObjectW, SelectObject, CreateFontIndirectW, CreateCompatibleDC, GetDeviceCaps, CreateBitmap, CreateSolidBrush, BitBlt, DeleteObject, DeleteDC, SetTextColor ole32.dll: CoGetObject, CoInitializeEx, CoUninitialize ExifTool: file metadata CharacterSet: Unicode CodeSize: 49152 CompanyName: Seswrqkme Irshxagykay EntryPoint: 0x9b8a FileDescription: Xaoatxjyx IIS Plugin DLL FileFlagsMask: 0x003f FileOS: Windows NT 32-bit FileSize: 116 kB FileSubtype: 0 FileType: Win32 DLL FileVersion: 6.0.3790.3959 (srv03_sp2_rtm.070216-1710) FileVersionNumber: 6.0.3790.3959 ImageVersion: 5.1 InitializedDataSize: 98304 InternalName: IISLOG.DLL LanguageCode: English (U.S.) LegalCopyright: Nzpmhmaky Bksrynteigs. All rights reserved. LinkerVersion: 7.1 MIMEType: application/octet-stream MachineType: Intel 386 or later, and compatibles OSVersion: 4.0 ObjectFileType: Dynamic link library OriginalFilename: IISLOG.DLL PEType: PE32 ProductName: Internet Information Services ProductVersion: 6.0.3790.3959 ProductVersionNumber: 6.0.3790.3959 Subsystem: Windows GUI SubsystemVersion: 4.0 TimeStamp: 2008:04:05 23:00:33+02:00 UninitializedDataSize: 0 =================================================================================================== https://www.virustotal.com/file-scan/reanalysis.html?id=cf97a0835af8d0daa0f6d884590ad8a87b5f94f446d513abf03007906b45c8e9-1308742174 MD5: dfe859eda8d9ed88863896ac233b17a9 Date first seen: 2011-05-23 14:24:50 (UTC) Date last seen: 2011-06-02 04:42:10 (UTC) Detection ratio: 15/41 http://www.virustotal.com/file-scan/report.html?id=cf97a0835af8d0daa0f6d884590ad8a87b5f94f446d513abf03007906b45c8e9-1308742174 File name: crtdllo.dll Submission date: 2011-06-22 11:29:34 (UTC) Result: 16/ 42 (38.1%) AhnLab-V3 2011.06.22.02 2011.06.22 - AntiVir 7.11.10.66 2011.06.22 TR/ATRAPS.Gen Antiy-AVL 2.0.3.7 2011.06.22 - Avast 4.8.1351.0 2011.06.22 - Avast5 5.0.677.0 2011.06.22 - AVG 10.0.0.1190 2011.06.22 - BitDefender 7.2 2011.06.22 Gen:Variant.Vundo.4 CAT-QuickHeal 11.00 2011.06.22 - ClamAV 0.97.0.0 2011.06.22 - Commtouch 5.3.2.6 2011.06.22 W32/Virtumonde.BZ.gen!Eldorado Comodo 9154 2011.06.22 - DrWeb 5.0.2.03300 2011.06.22 - eSafe 7.0.17.0 2011.06.21 - eTrust-Vet 36.1.8400 2011.06.22 - F-Prot 4.6.2.117 2011.06.22 W32/Virtumonde.BZ.gen!Eldorado F-Secure 9.0.16440.0 2011.06.22 Gen:Variant.Vundo.4 Fortinet 4.2.257.0 2011.06.22 - GData 22 2011.06.22 Gen:Variant.Vundo.4 Ikarus T3.1.1.104.0 2011.06.22 - Jiangmin 13.0.900 2011.06.22 - K7AntiVirus 9.106.4831 2011.06.21 Riskware Kaspersky 9.0.0.837 2011.06.22 - McAfee 5.400.0.1158 2011.06.22 Vundo McAfee-GW-Edition 2010.1D 2011.06.22 Vundo Microsoft 1.7000 2011.06.22 Trojan:Win32/Vundo.gen!AV NOD32 6228 2011.06.22 a variant of Win32/Kryptik.IRI Norman 6.07.10 2011.06.22 - nProtect 2011-06-22.02 2011.06.22 Gen:Variant.Vundo.4 Panda 10.0.3.5 2011.06.21 Trj/CI.A PCTools 8.0.0.5 2011.06.22 HeurEngine.MaliciousPacker Prevx 3.0 2011.06.22 - Rising 23.63.02.03 2011.06.22 - Sophos 4.66.0 2011.06.22 - SUPERAntiSpyware 4.40.0.1006 2011.06.22 - Symantec 20111.1.0.186 2011.06.22 Packed.Generic.305 TheHacker 6.7.0.1.237 2011.06.22 - TrendMicro 9.200.0.1012 2011.06.22 - TrendMicro-HouseCall 9.200.0.1012 2011.06.22 - VBA32 3.12.16.2 2011.06.22 - VIPRE 9656 2011.06.22 Trojan.Win32.Kryptik.laq (v) ViRobot 2011.6.22.4527 2011.06.22 - VirusBuster 14.0.90.0 2011.06.21 - MD5 : dfe859eda8d9ed88863896ac233b17a9 SHA1 : 912ab0fca8eb7f57a5ec4c1aef47367022a0979e SHA256: cf97a0835af8d0daa0f6d884590ad8a87b5f94f446d513abf03007906b45c8e9 ssdeep: 1536:HJJlDLCyepD2KERZP/WjujBR/IYs1jNCuNrGACQQFAoMWXYzRN7D:pLoD2JLGjSRgY+jIG GHNjXGD File size : 69632 bytes First seen: 2011-05-23 14:24:50 Last seen : 2011-06-22 11:29:34 TrID: Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) sigcheck: publisher....: U.S. Robotics Corporation copyright....: Copyright (C) (c) 2000 U.S. Robotics Corporation product......: U.S. Robotics Modem Driver description..: U.S. Robotics shutdown helper original name: 3cshtdwn.exe internal name: 3cshtdwn.exe file version.: 4. 11. 21 comments.....: signers......: - signing date.: - verified.....: Unsigned PEiD: Armadillo v1.xx - v2.xx PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x7877 timedatestamp....: 0x45272C6A (Sat Oct 07 04:26:18 2006) machinetype......: 0x14c (I386) [[ 5 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .text, 0x1000, 0x6936, 0x6A00, 6.47, 16d03cd8fa688ed240ccc57bae84c232 .rdata, 0x8000, 0x988, 0xA00, 5.24, 169400769efc8188fa2c338264898e7e .data, 0x9000, 0x10B24, 0x8600, 5.53, 52ccb7b22fe88d82e283fc6b34b2da33 .rsrc, 0x1A000, 0x448, 0x600, 2.54, 526c9c1cc11dd6345562f90012e0a6b4 .reloc, 0x1B000, 0xB4A, 0xC00, 6.20, d19fe39efbcf8dd469519f3d9b26651d [[ 4 import(s) ]] KERNEL32.dll: WriteFile, PostQueuedCompletionStatus, GetQueuedCompletionStatus, CreateIoCompletionPort, GlobalMemoryStatus, GetCurrentThread, SetFilePointer, GetFileSize, IsBadWritePtr, GetLastError, CreateThread, CreateSemaphoreA, LocalFree, WaitForSingleObject, ReadFile, ReleaseSemaphore, SetLastError, CloseHandle, Sleep, DeleteCriticalSection, InterlockedExchange, InterlockedDecrement, InterlockedIncrement, LeaveCriticalSection, EnterCriticalSection, LocalAlloc, GetProcessHeap, HeapAlloc, HeapFree, FreeLibrary, OutputDebugStringA, SetEvent, CreateEventA, GetTickCount, GetCommandLineA, GetCurrentThreadId, VirtualProtect ADVAPI32.dll: RegSetValueExA, RegQueryInfoKeyA, RegEnumKeyExA, RegQueryValueExA, RegCloseKey, RegOpenKeyExA, RegCreateKeyExA MSVCRT.dll: _adjust_fdiv, malloc, _initterm, free, time, sprintf, qsort, _except_handler3, __CxxFrameHandler, __3@YAXPAX@Z MSVCP60.dll: __Grow@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAE_NI_N@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __Ostd@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@0@Z, __Mstd@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@0@Z, __8std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@0@Z, __Hstd@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@ABV10@PBD@Z, __Hstd@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@ABV10@0@Z, __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z ExifTool: file metadata CharacterSet: Unicode CodeSize: 27136 Comments: CompanyName: U.S. Robotics Corporation EntryPoint: 0x7877 FileDescription: U.S. Robotics shutdown helper FileFlagsMask: 0x003f FileOS: Windows NT 32-bit FileSize: 68 kB FileSubtype: 0 FileType: Win32 DLL FileVersion: 4. 11. 21 FileVersionNumber: 4.11.21.0 ImageVersion: 6.0 InitializedDataSize: 78336 InternalName: 3cshtdwn.exe LanguageCode: English (U.S.) LegalCopyright: Copyright (C) 2000 U.S. Robotics Corporation LegalTrademarks: LinkerVersion: 8.0 MIMEType: application/octet-stream MachineType: Intel 386 or later, and compatibles OSVersion: 4.0 ObjectFileType: Dynamic link library OriginalFilename: 3cshtdwn.exe PEType: PE32 PrivateBuild: ProductName: U.S. Robotics Modem Driver ProductVersion: 4. 11. 21 ProductVersionNumber: 4.11.21.0 SpecialBuild: Subsystem: Windows GUI SubsystemVersion: 4.0 TimeStamp: 2006:10:07 06:26:18+02:00 UninitializedDataSize: 0 =================================================================================================== https://www.virustotal.com/file-scan/reanalysis.html?id=491b2c4db99cdf99dafe8950dbcb94ce2cf8833698ace36032b064099af759ff-1308742184 MD5: 04366dfaa4a7d32066fa6dcda14c9e94 Date first seen: 2011-05-31 14:58:08 (UTC) Date last seen: 2011-06-03 18:07:56 (UTC) Detection ratio: 23/42 http://www.virustotal.com/file-scan/report.html?id=491b2c4db99cdf99dafe8950dbcb94ce2cf8833698ace36032b064099af759ff-1308742184 File name: ole32H.dll Submission date: 2011-06-22 11:29:44 (UTC) Result: 27/ 42 (64.3%) AhnLab-V3 2011.06.22.02 2011.06.22 Packed/Win32.Generic AntiVir 7.11.10.66 2011.06.22 TR/ATRAPS.Gen Antiy-AVL 2.0.3.7 2011.06.22 Trojan/win32.agent.gen Avast 4.8.1351.0 2011.06.22 Win32:MalOb-EI Avast5 5.0.677.0 2011.06.22 Win32:MalOb-EI AVG 10.0.0.1190 2011.06.22 Generic22.BUEV BitDefender 7.2 2011.06.22 Trojan.Generic.KDV.237415 CAT-QuickHeal 11.00 2011.06.22 - ClamAV 0.97.0.0 2011.06.22 - Commtouch 5.3.2.6 2011.06.22 W32/Virtumonde.BZ.gen!Eldorado Comodo 9154 2011.06.22 UnclassifiedMalware DrWeb 5.0.2.03300 2011.06.22 - eSafe 7.0.17.0 2011.06.21 - eTrust-Vet 36.1.8400 2011.06.22 - F-Prot 4.6.2.117 2011.06.22 W32/Virtumonde.BZ.gen!Eldorado F-Secure 9.0.16440.0 2011.06.22 Trojan.Generic.KDV.237415 Fortinet 4.2.257.0 2011.06.22 W32/Vundo!tr GData 22 2011.06.22 Trojan.Generic.KDV.237415 Ikarus T3.1.1.104.0 2011.06.22 Trojan.Win32.Pirminay Jiangmin 13.0.900 2011.06.22 - K7AntiVirus 9.106.4831 2011.06.21 Riskware Kaspersky 9.0.0.837 2011.06.22 - McAfee 5.400.0.1158 2011.06.22 Vundo McAfee-GW-Edition 2010.1D 2011.06.22 Vundo Microsoft 1.7000 2011.06.22 Trojan:Win32/Vundo.gen!AV NOD32 6228 2011.06.22 a variant of Win32/Kryptik.NHN Norman 6.07.10 2011.06.22 W32/Suspicious_Gen2.MNTXH nProtect 2011-06-22.02 2011.06.22 - Panda 10.0.3.5 2011.06.21 Suspicious file PCTools 8.0.0.5 2011.06.22 HeurEngine.MaliciousPacker Prevx 3.0 2011.06.22 - Rising 23.63.02.03 2011.06.22 - Sophos 4.66.0 2011.06.22 - SUPERAntiSpyware 4.40.0.1006 2011.06.22 - Symantec 20111.1.0.186 2011.06.22 Packed.Generic.305 TheHacker 6.7.0.1.237 2011.06.22 Trojan/Kryptik.nhn TrendMicro 9.200.0.1012 2011.06.22 TROJ_GEN.R3EC2F1 TrendMicro-HouseCall 9.200.0.1012 2011.06.22 TROJ_GEN.R3EC2F1 VBA32 3.12.16.2 2011.06.22 - VIPRE 9656 2011.06.22 Virtumonde ViRobot 2011.6.22.4527 2011.06.22 - VirusBuster 14.0.90.0 2011.06.21 - MD5 : 04366dfaa4a7d32066fa6dcda14c9e94 SHA1 : d71aca5b5c98fabe038e7d50616de90abe58ad04 SHA256: 491b2c4db99cdf99dafe8950dbcb94ce2cf8833698ace36032b064099af759ff ssdeep: 1536:TTv+rg2gSn+TdqS1Ve9XPyCjGcnoR7zti3nWrc:TTvP6+Tdxe9fy1tDc File size : 75776 bytes First seen: 2011-05-31 14:58:08 Last seen : 2011-06-22 11:29:44 TrID: Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) sigcheck: publisher....: Microsoft Corporation copyright....: Copyright (c) 1995-1999 Microsoft Corporation, All rights reserved. product......: Microsoft_ FrontPage_ 2000 description..: Microsoft FrontPage Server Extensions original name: RPCTEST.DLL internal name: n/a file version.: 4.0.2.7523 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEiD: Armadillo v1.xx - v2.xx PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x11441 timedatestamp....: 0x4A52BE4B (Tue Jul 07 03:17:31 2009) machinetype......: 0x14c (I386) [[ 5 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .text, 0x1000, 0x104FA, 0x10600, 6.23, 729b378481b1c4196165296b1a204339 .rdata, 0x12000, 0xB18, 0xC00, 5.23, a9e7fa0a6a4b7ad1dd689614db5cf054 .data, 0x13000, 0x8AFC, 0x400, 2.73, 6981382a2a446e24f9b7531ac1f4eb55 .rsrc, 0x1C000, 0x550, 0x600, 3.10, 4665a10ddaa9cd2a87a389468113cca7 .reloc, 0x1D000, 0x70A, 0x800, 5.38, 3f03ba887305d18d5402578feae0d7c3 [[ 7 import(s) ]] KERNEL32.dll: InterlockedExchange, CreateThread, InterlockedDecrement, InterlockedIncrement, CloseHandle, ExpandEnvironmentStringsW, LoadLibraryW, GetLastError, GetProcAddress, GetCommandLineW, WaitForMultipleObjects, InterlockedCompareExchange, HeapAlloc, GetProcessHeap, HeapFree, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, CreateEventA, CreateFileW, ResetEvent, GetSystemTime, SystemTimeToFileTime, GetStartupInfoW, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, CreateEventW, GetCurrentThreadId, CompareStringW, Sleep, SetEvent, SetLastError, VirtualProtect USER32.dll: CharNextW, DispatchMessageW, GetMessageW ADVAPI32.dll: LsaAddAccountRights, LookupAccountNameW, RegOpenKeyExW, RegQueryInfoKeyW, RegCloseKey, RegEnumKeyExW, RegEnumValueW, RegisterEventSourceW, ReportEventW, DeregisterEventSource, LsaClose ole32.dll: CoResumeClassObjects, CoInitializeEx, CoUninitialize, CoInitializeSecurity RPCRT4.dll: MesEncodeDynBufferHandleCreate, MesHandleFree, MesDecodeBufferHandleCreate MSVCRT.dll: _adjust_fdiv, asctime, ctime, clock, difftime, localtime, time, _except_handler3, _amsg_exit, exit, memcpy, _cexit, free, malloc, memset, wcsncmp, _wcmdln, swprintf, wcslen, __dllonexit, _onexit, _initterm MSVCP60.dll: _cout@std@@3V_$basic_ostream@DU_$char_traits@D@std@@@1@A, __6std@@YAAAV_$basic_ostream@DU_$char_traits@D@std@@@0@AAV10@PBD@Z, _endl@std@@YAAAV_$basic_ostream@DU_$char_traits@D@std@@@1@AAV21@@Z, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV01@N@Z, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV01@J@Z, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV01@H@Z, __1_Winit@std@@QAE@XZ, __0_Winit@std@@QAE@XZ, __1Init@ios_base@std@@QAE@XZ, __0Init@ios_base@std@@QAE@XZ ExifTool: file metadata CharacterSet: Unicode CodeSize: 67072 CompanyName: Microsoft Corporation EntryPoint: 0x11441 FileDescription: Microsoft FrontPage Server Extensions FileFlagsMask: 0x003f FileOS: Win32 FileSize: 74 kB FileSubtype: 0 FileType: Win32 DLL FileVersion: 4.0.2.7523 FileVersionNumber: 4.0.2.7523 ImageVersion: 6.1 InitializedDataSize: 45056 LanguageCode: English (U.S.) LegalCopyright: Copyright 1995-1999 Microsoft Corporation, All rights reserved. LegalTrademark1: Microsoft , Windows , and FrontPage are registered trademarks of Microsoft Corporation, and WebBot is a trademark of Microsoft Corporation, in the United States and/or other countries. LinkerVersion: 9.0 MIMEType: application/octet-stream MachineType: Intel 386 or later, and compatibles OSVersion: 4.0 ObjectFileType: Dynamic link library OriginalFilename: RPCTEST.DLL PEType: PE32 ProductName: Microsoft FrontPage 2000 ProductVersion: 4.0.2.7523 ProductVersionNumber: 4.0.2.7523 Subsystem: Windows GUI SubsystemVersion: 4.0 TimeStamp: 2009:07:07 05:17:31+02:00 UninitializedDataSize: 0 ===================================================================================================