.- - -----÷M÷E÷N÷U÷------------------------------------------------------------- --- ---- -------------. ! WALL ! STATS ! GOODIES ! YARA ! FAQ ! RSS ! EMV ! `-------------- - --- ---------- -------- -------- -------- -------- ----------------- - ---- ---- --'
ATM MALWARE NOTICE
d7ce7b152f0da49e96fa32a9336b35253905d9940b001288d0df55d8f8b3951f
Date...........: 2019-05-31
Family.........: NVISOSPIT
File name......: am2.exe
File size......: 14.00 KB
Type file......: EXE/Windows
Virscan........: VT - HA
Documentation..: https://twitter.com/r3c0nst/status/1134403094157115392
Entropy:
Binary Histogram:
=== SCREENSHOT ===
=== PEDUMP REPORT ===
=== MZ Header ===
signature: "MZ"
bytes_in_last_block: 144 0x90
blocks_in_file: 3 3
num_relocs: 0 0
header_paragraphs: 4 4
min_extra_paragraphs: 0 0
max_extra_paragraphs: 65535 0xffff
ss: 0 0
sp: 184 0xb8
checksum: 0 0
ip: 0 0
cs: 0 0
reloc_table_offset: 64 0x40
overlay_number: 0 0
reserved0: 0 0
oem_id: 0 0
oem_info: 0 0
reserved2: 0 0
reserved3: 0 0
reserved4: 0 0
reserved5: 0 0
reserved6: 0 0
lfanew: 128 0x80
=== DOS STUB ===
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno|
00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
=== PE Header ===
signature: "PE\x00\x00"
# IMAGE_FILE_HEADER:
Machine: 332 0x14c x86
NumberOfSections: 7 7
TimeDateStamp: "1970-01-01 00:00:00"
PointerToSymbolTable: 0 0
NumberOfSymbols: 0 0
SizeOfOptionalHeader: 224 0xe0
Characteristics: 783 0x30f RELOCS_STRIPPED, EXECUTABLE_IMAGE
LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED
32BIT_MACHINE, DEBUG_STRIPPED
# IMAGE_OPTIONAL_HEADER32:
Magic: 267 0x10b 32-bit executable
LinkerVersion: 2.29
SizeOfCode: 7680 0x1e00
SizeOfInitializedData: 13312 0x3400
SizeOfUninitializedData: 1536 0x600
AddressOfEntryPoint: 5376 0x1500
BaseOfCode: 4096 0x1000
BaseOfData: 12288 0x3000
ImageBase: 4194304 0x400000
SectionAlignment: 4096 0x1000
FileAlignment: 512 0x200
OperatingSystemVersion: 4.0
ImageVersion: 1.0
SubsystemVersion: 4.0
Reserved1: 0 0
SizeOfImage: 36864 0x9000
SizeOfHeaders: 1024 0x400
CheckSum: 56897 0xde41
Subsystem: 3 3 WINDOWS_CUI
DllCharacteristics: 0 0
SizeOfStackReserve: 2097152 0x200000
SizeOfStackCommit: 4096 0x1000
SizeOfHeapReserve: 1048576 0x100000
SizeOfHeapCommit: 4096 0x1000
LoaderFlags: 0 0
NumberOfRvaAndSizes: 16 0x10
=== DATA DIRECTORY ===
EXPORT rva:0x 0 size:0x 0
IMPORT rva:0x 6000 size:0x 6ac
RESOURCE rva:0x 0 size:0x 0
EXCEPTION rva:0x 0 size:0x 0
SECURITY rva:0x 0 size:0x 0
BASERELOC rva:0x 0 size:0x 0
DEBUG rva:0x 0 size:0x 0
ARCHITECTURE rva:0x 0 size:0x 0
GLOBALPTR rva:0x 0 size:0x 0
TLS rva:0x 8004 size:0x 18
LOAD_CONFIG rva:0x 0 size:0x 0
Bound_IAT rva:0x 0 size:0x 0
IAT rva:0x 6168 size:0x f0
Delay_IAT rva:0x 0 size:0x 0
CLR_Header rva:0x 0 size:0x 0
rva:0x 0 size:0x 0
=== SECTIONS ===
NAME RVA VSZ RAW_SZ RAW_PTR nREL REL_PTR nLINE LINE_PTR FLAGS
.text 1000 1d64 1e00 400 0 0 0 0 60500060 R-X CODE IDATA
.data 3000 2c 200 2200 0 0 0 0 c0300040 RW- IDATA
.rdata 4000 7c4 800 2400 0 0 0 0 40300040 R-- IDATA
.bss 5000 404 0 0 0 0 0 0 c0600080 RW- UDATA
.idata 6000 6ac 800 2c00 0 0 0 0 c0300040 RW- IDATA
.CRT 7000 34 200 3400 0 0 0 0 c0300040 RW- IDATA
.tls 8000 20 200 3600 0 0 0 0 c0300040 RW- IDATA
=== TLS ===
RAW_START RAW_END INDEX CALLBKS ZEROFILL FLAGS
408000 40801c 405390 407020 0 0
[?] can't find file_offset of VA 0x5390
=== IMPORTS ===
MODULE_NAME HINT ORD FUNCTION_NAME
MSXFS.dll 22 WFSStartUp
MSXFS.dll 1f WFSOpen
MSXFS.dll 19 WFSExecute
MSXFS.dll 1a WFSFreeResult
MSXFS.dll 1e WFSLock
KERNEL32.dll d5 DeleteCriticalSection
KERNEL32.dll f1 EnterCriticalSection
KERNEL32.dll 1c6 GetCurrentProcess
KERNEL32.dll 1c7 GetCurrentProcessId
KERNEL32.dll 1cb GetCurrentThreadId
KERNEL32.dll 205 GetLastError
KERNEL32.dll 266 GetStartupInfoA
KERNEL32.dll 27d GetSystemTimeAsFileTime
KERNEL32.dll 299 GetTickCount
KERNEL32.dll 2ed InitializeCriticalSection
KERNEL32.dll 328 LeaveCriticalSection
KERNEL32.dll 398 QueryPerformanceCounter
KERNEL32.dll 46d SetUnhandledExceptionFilter
KERNEL32.dll 47a Sleep
KERNEL32.dll 488 TerminateProcess
KERNEL32.dll 48f TlsGetValue
KERNEL32.dll 49c UnhandledExceptionFilter
KERNEL32.dll 4bc VirtualProtect
KERNEL32.dll 4bf VirtualQuery
msvcrt.dll 39 __dllonexit
msvcrt.dll 3c __getmainargs
msvcrt.dll 3d __initenv
msvcrt.dll 49 __lconv_init
msvcrt.dll 6d __set_app_type
msvcrt.dll 70 __setusermatherr
msvcrt.dll 80 _acmdln
msvcrt.dll 95 _amsg_exit
msvcrt.dll a6 _cexit
msvcrt.dll 116 _fmode
msvcrt.dll 161 _initterm
msvcrt.dll 165 _iob
msvcrt.dll 1ce _lock
msvcrt.dll 26d _onexit
msvcrt.dll 34a _unlock
msvcrt.dll 41e abort
msvcrt.dll 427 atoi
msvcrt.dll 42d calloc
msvcrt.dll 438 exit
msvcrt.dll 43e fflush
msvcrt.dll 448 fprintf
msvcrt.dll 44f free
msvcrt.dll 45b fwrite
msvcrt.dll 48a malloc
msvcrt.dll 492 memcpy
msvcrt.dll 49a printf
msvcrt.dll 49e puts
msvcrt.dll 4ae signal
msvcrt.dll 4c0 strlen
msvcrt.dll 4c3 strncmp
msvcrt.dll 4e4 vfprintf
USER32.dll a3 DefWindowProcA
=== Strings ===
File pos Mem pos ID Text
======== ======= == ====
00000000004D 00000040004D 0 !This program cannot be run in DOS mode.
000000000178 000000400178 0 .text
0000000001A0 0000004001A0 0 .data
0000000001C8 0000004001C8 0 .rdata
0000000001EE 0000004001EE 0 0@.bss
000000000218 000000400218 0 .idata
000000001333 000000401F33 0 D$Xt)
000000001DC7 0000004029C7 0 MZuWVS
000000001F77 000000402B77 0 MZWVS
000000002402 000000404002 0 Calling WFSStartUp()
000000002418 000000404018 0 Start up result = %ld
000000002431 000000404031 0 wVersion: %d
000000002440 000000404040 0 LowVersion: %d
000000002451 000000404051 0 wHighVersion: %d
000000002464 000000404064 0 szDescription: %s
000000002478 000000404078 0 szSystemStatus: %s
000000002492 000000404092 0 Calling WFSOpen()
0000000024A4 0000004040A4 0 Using device %s
0000000024B6 0000004040B6 0 NVISOSPIT
0000000024C0 0000004040C0 0 SrvcVersion Records:
0000000024D6 0000004040D6 0 wVersion: %d
0000000024E5 0000004040E5 0 LowVersion: %d
0000000024F6 0000004040F6 0 wHighVersion: %d
000000002509 000000404109 0 szDescription: %s
00000000251D 00000040411D 0 szSystemStatus: %s
000000002534 000000404134 0 SPIVersion Records:
000000002549 000000404149 0 wVersion: %d
000000002558 000000404158 0 LowVersion: %d
000000002569 000000404169 0 wHighVersion: %d
00000000257C 00000040417C 0 szDescription: %s
000000002590 000000404190 0 szSystemStatus: %s
0000000025A7 0000004041A7 0 HService Address ; %ld
0000000025C0 0000004041C0 0 Calling WFSLock()
0000000025D2 0000004041D2 0 Output from WFSLock: %d
0000000025EE 0000004041EE 0 Calling WFSExecute() to dispense $%d
000000002618 000000404218 0 DEBUG: WFS_ERR_CDM_ITEMSLEFT = %d
00000000263C 00000040423C 0 DEBUG: WFS_ERR_INVALID_DATA = %d
000000002660 000000404260 0 DEBUG: WFS_ERR_CDM_INVALIDDENOMINATION = %d
000000002690 000000404290 0 DEBUG: WFS_ERR_CDM_NOTDISPENSABLE = %d
0000000026B8 0000004042B8 0 DEBUG: WFS_ERR_DEV_NOT_READY = %d
0000000026DC 0000004042DC 0 Execute result = %ld
0000000026F4 0000004042F4 0 lpResult Records:
000000002707 000000404307 0 RequestID: %d
000000002718 000000404318 0 HService Address ; %ld
000000002731 000000404331 0 Command Code ; %d
000000002745 000000404345 0 Event ID ; %d
000000002756 000000404356 0 Event Received from XFS
00000000277C 00000040437C 0 Unknown error
00000000278C 00000040438C 0 _matherr(): %s in %s(%g, %g) (retval=%g)
0000000027B8 0000004043B8 0 Argument domain error (DOMAIN)
0000000027D7 0000004043D7 0 Argument singularity (SIGN)
0000000027F4 0000004043F4 0 Overflow range error (OVERFLOW)
000000002814 000000404414 0 The result is too small to be represented (UNDERFLOW)
00000000284C 00000040444C 0 Total loss of significance (TLOSS)
000000002870 000000404470 0 Partial loss of significance (PLOSS)
0000000028B0 0000004044B0 0 Mingw-w64 runtime failure:
0000000028CC 0000004044CC 0 Address %p has no image-section
0000000028EC 0000004044EC 0 VirtualQuery failed for %d bytes at address %p
000000002920 000000404520 0 VirtualProtect failed with code 0x%x
000000002948 000000404548 0 Unknown pseudo relocation protocol version %d.
File pos Mem pos ID Text
======== ======= == ====
00000000297C 00000040457C 0 Unknown pseudo relocation bit size %d.
0000000029A8 0000004045A8 0 GCC: (GNU) 7.2.0
0000000029BC 0000004045BC 0 GCC: (GNU) 7.2.0
0000000029D0 0000004045D0 0 GCC: (GNU) 7.2.0
0000000029E4 0000004045E4 0 GCC: (GNU) 7.2.0
0000000029F8 0000004045F8 0 GCC: (GNU) 7.2.0
000000002A0C 00000040460C 0 GCC: (GNU) 7.2.0
000000002A20 000000404620 0 GCC: (GNU) 7.2.0
000000002A34 000000404634 0 GCC: (GNU) 7.2.0
000000002A48 000000404648 0 GCC: (GNU) 7.2.0
000000002A5C 00000040465C 0 GCC: (GNU) 7.2.0
000000002A70 000000404670 0 GCC: (GNU) 7.2.0
000000002A84 000000404684 0 GCC: (GNU) 7.2.0
000000002A98 000000404698 0 GCC: (GNU) 7.2.0
000000002AAC 0000004046AC 0 GCC: (GNU) 7.2.0
000000002AC0 0000004046C0 0 GCC: (GNU) 7.2.0
000000002AD4 0000004046D4 0 GCC: (GNU) 7.2.0
000000002AE8 0000004046E8 0 GCC: (GNU) 7.2.0
000000002AFC 0000004046FC 0 GCC: (GNU) 7.2.0
000000002B10 000000404710 0 GCC: (GNU) 7.2.0
000000002B24 000000404724 0 GCC: (GNU) 7.2.0
000000002B38 000000404738 0 GCC: (GNU) 7.2.0
000000002B4C 00000040474C 0 GCC: (GNU) 7.2.0
000000002B60 000000404760 0 GCC: (GNU) 7.2.0
000000002B74 000000404774 0 GCC: (GNU) 7.2.0
000000002B88 000000404788 0 GCC: (GNU) 7.2.0
000000002B9C 00000040479C 0 GCC: (GNU) 7.2.0
000000002BB0 0000004047B0 0 GCC: (GNU) 7.2.0
000000002E58 000000406258 0 MSXFS.dll
000000002E66 000000406266 0 WFSStartUp
000000002E7A 00000040627A 0 WFSOpen
000000002E8A 00000040628A 0 WFSExecute
000000002E9E 00000040629E 0 WFSFreeResult
000000002EB2 0000004062B2 0 WFSLock
000000002EC2 0000004062C2 0 DeleteCriticalSection
000000002EDA 0000004062DA 0 EnterCriticalSection
000000002EF2 0000004062F2 0 GetCurrentProcess
000000002F06 000000406306 0 GetCurrentProcessId
000000002F1C 00000040631C 0 GetCurrentThreadId
000000002F32 000000406332 0 GetLastError
000000002F42 000000406342 0 GetStartupInfoA
000000002F54 000000406354 0 GetSystemTimeAsFileTime
000000002F6E 00000040636E 0 GetTickCount
000000002F7E 00000040637E 0 InitializeCriticalSection
000000002F9A 00000040639A 0 LeaveCriticalSection
000000002FB2 0000004063B2 0 QueryPerformanceCounter
000000002FCC 0000004063CC 0 SetUnhandledExceptionFilter
000000002FEA 0000004063EA 0 Sleep
000000002FF2 0000004063F2 0 TerminateProcess
000000003006 000000406406 0 TlsGetValue
000000003014 000000406414 0 UnhandledExceptionFilter
000000003030 000000406430 0 VirtualProtect
000000003042 000000406442 0 VirtualQuery
000000003052 000000406452 0 __dllonexit
000000003060 000000406460 0 __getmainargs
000000003070 000000406470 0 __initenv
00000000307C 00000040647C 0 __lconv_init
00000000308C 00000040648C 0 __set_app_type
00000000309E 00000040649E 0 __setusermatherr
0000000030B2 0000004064B2 0 _acmdln
File pos Mem pos ID Text
======== ======= == ====
0000000030BC 0000004064BC 0 _amsg_exit
0000000030CA 0000004064CA 0 _cexit
0000000030D4 0000004064D4 0 _fmode
0000000030DE 0000004064DE 0 _initterm
0000000030F2 0000004064F2 0 _lock
0000000030FA 0000004064FA 0 _onexit
000000003104 000000406504 0 _unlock
00000000310E 00000040650E 0 abort
00000000311E 00000040651E 0 calloc
000000003130 000000406530 0 fflush
00000000313A 00000040653A 0 fprintf
00000000314C 00000040654C 0 fwrite
000000003156 000000406556 0 malloc
000000003160 000000406560 0 memcpy
00000000316A 00000040656A 0 printf
00000000317C 00000040657C 0 signal
000000003186 000000406586 0 strlen
000000003190 000000406590 0 strncmp
00000000319A 00000040659A 0 vfprintf
0000000031A6 0000004065A6 0 DefWindowProcA
000000003204 000000406604 0 KERNEL32.dll
000000003290 000000406690 0 msvcrt.dll
0000000032A0 0000004066A0 0 USER32.dll
00000000004D 00000040004D 0 !This program cannot be run in DOS mode.
000000000178 000000400178 0 .text
0000000001A0 0000004001A0 0 .data
0000000001C8 0000004001C8 0 .rdata
0000000001EE 0000004001EE 0 0@.bss
000000000218 000000400218 0 .idata
000000001333 000000401F33 0 D$Xt)
000000001DC7 0000004029C7 0 MZuWVS
000000001F77 000000402B77 0 MZWVS
000000002402 000000404002 0 Calling WFSStartUp()
000000002418 000000404018 0 Start up result = %ld
000000002431 000000404031 0 wVersion: %d
000000002440 000000404040 0 LowVersion: %d
000000002451 000000404051 0 wHighVersion: %d
000000002464 000000404064 0 szDescription: %s
000000002478 000000404078 0 szSystemStatus: %s
000000002492 000000404092 0 Calling WFSOpen()
0000000024A4 0000004040A4 0 Using device %s
0000000024B6 0000004040B6 0 NVISOSPIT
0000000024C0 0000004040C0 0 SrvcVersion Records:
0000000024D6 0000004040D6 0 wVersion: %d
0000000024E5 0000004040E5 0 LowVersion: %d
0000000024F6 0000004040F6 0 wHighVersion: %d
000000002509 000000404109 0 szDescription: %s
00000000251D 00000040411D 0 szSystemStatus: %s
000000002534 000000404134 0 SPIVersion Records:
000000002549 000000404149 0 wVersion: %d
000000002558 000000404158 0 LowVersion: %d
000000002569 000000404169 0 wHighVersion: %d
00000000257C 00000040417C 0 szDescription: %s
000000002590 000000404190 0 szSystemStatus: %s
0000000025A7 0000004041A7 0 HService Address ; %ld
0000000025C0 0000004041C0 0 Calling WFSLock()
0000000025D2 0000004041D2 0 Output from WFSLock: %d
0000000025EE 0000004041EE 0 Calling WFSExecute() to dispense $%d
000000002618 000000404218 0 DEBUG: WFS_ERR_CDM_ITEMSLEFT = %d
00000000263C 00000040423C 0 DEBUG: WFS_ERR_INVALID_DATA = %d
File pos Mem pos ID Text
======== ======= == ====
000000002660 000000404260 0 DEBUG: WFS_ERR_CDM_INVALIDDENOMINATION = %d
000000002690 000000404290 0 DEBUG: WFS_ERR_CDM_NOTDISPENSABLE = %d
0000000026B8 0000004042B8 0 DEBUG: WFS_ERR_DEV_NOT_READY = %d
0000000026DC 0000004042DC 0 Execute result = %ld
0000000026F4 0000004042F4 0 lpResult Records:
000000002707 000000404307 0 RequestID: %d
000000002718 000000404318 0 HService Address ; %ld
000000002731 000000404331 0 Command Code ; %d
000000002745 000000404345 0 Event ID ; %d
000000002756 000000404356 0 Event Received from XFS
00000000277C 00000040437C 0 Unknown error
00000000278C 00000040438C 0 _matherr(): %s in %s(%g, %g) (retval=%g)
0000000027B8 0000004043B8 0 Argument domain error (DOMAIN)
0000000027D7 0000004043D7 0 Argument singularity (SIGN)
0000000027F4 0000004043F4 0 Overflow range error (OVERFLOW)
000000002814 000000404414 0 The result is too small to be represented (UNDERFLOW)
00000000284C 00000040444C 0 Total loss of significance (TLOSS)
000000002870 000000404470 0 Partial loss of significance (PLOSS)
0000000028B0 0000004044B0 0 Mingw-w64 runtime failure:
0000000028CC 0000004044CC 0 Address %p has no image-section
0000000028EC 0000004044EC 0 VirtualQuery failed for %d bytes at address %p
000000002920 000000404520 0 VirtualProtect failed with code 0x%x
000000002948 000000404548 0 Unknown pseudo relocation protocol version %d.
00000000297C 00000040457C 0 Unknown pseudo relocation bit size %d.
0000000029A8 0000004045A8 0 GCC: (GNU) 7.2.0
0000000029BC 0000004045BC 0 GCC: (GNU) 7.2.0
0000000029D0 0000004045D0 0 GCC: (GNU) 7.2.0
0000000029E4 0000004045E4 0 GCC: (GNU) 7.2.0
0000000029F8 0000004045F8 0 GCC: (GNU) 7.2.0
000000002A0C 00000040460C 0 GCC: (GNU) 7.2.0
000000002A20 000000404620 0 GCC: (GNU) 7.2.0
000000002A34 000000404634 0 GCC: (GNU) 7.2.0
000000002A48 000000404648 0 GCC: (GNU) 7.2.0
000000002A5C 00000040465C 0 GCC: (GNU) 7.2.0
000000002A70 000000404670 0 GCC: (GNU) 7.2.0
000000002A84 000000404684 0 GCC: (GNU) 7.2.0
000000002A98 000000404698 0 GCC: (GNU) 7.2.0
000000002AAC 0000004046AC 0 GCC: (GNU) 7.2.0
000000002AC0 0000004046C0 0 GCC: (GNU) 7.2.0
000000002AD4 0000004046D4 0 GCC: (GNU) 7.2.0
000000002AE8 0000004046E8 0 GCC: (GNU) 7.2.0
000000002AFC 0000004046FC 0 GCC: (GNU) 7.2.0
000000002B10 000000404710 0 GCC: (GNU) 7.2.0
000000002B24 000000404724 0 GCC: (GNU) 7.2.0
000000002B38 000000404738 0 GCC: (GNU) 7.2.0
000000002B4C 00000040474C 0 GCC: (GNU) 7.2.0
000000002B60 000000404760 0 GCC: (GNU) 7.2.0
000000002B74 000000404774 0 GCC: (GNU) 7.2.0
000000002B88 000000404788 0 GCC: (GNU) 7.2.0
000000002B9C 00000040479C 0 GCC: (GNU) 7.2.0
000000002BB0 0000004047B0 0 GCC: (GNU) 7.2.0
000000002E58 000000406258 0 MSXFS.dll
000000002E66 000000406266 0 WFSStartUp
000000002E7A 00000040627A 0 WFSOpen
000000002E8A 00000040628A 0 WFSExecute
000000002E9E 00000040629E 0 WFSFreeResult
000000002EB2 0000004062B2 0 WFSLock
000000002EC2 0000004062C2 0 DeleteCriticalSection
000000002EDA 0000004062DA 0 EnterCriticalSection
000000002EF2 0000004062F2 0 GetCurrentProcess
File pos Mem pos ID Text
======== ======= == ====
000000002F06 000000406306 0 GetCurrentProcessId
000000002F1C 00000040631C 0 GetCurrentThreadId
000000002F32 000000406332 0 GetLastError
000000002F42 000000406342 0 GetStartupInfoA
000000002F54 000000406354 0 GetSystemTimeAsFileTime
000000002F6E 00000040636E 0 GetTickCount
000000002F7E 00000040637E 0 InitializeCriticalSection
000000002F9A 00000040639A 0 LeaveCriticalSection
000000002FB2 0000004063B2 0 QueryPerformanceCounter
000000002FCC 0000004063CC 0 SetUnhandledExceptionFilter
000000002FEA 0000004063EA 0 Sleep
000000002FF2 0000004063F2 0 TerminateProcess
000000003006 000000406406 0 TlsGetValue
000000003014 000000406414 0 UnhandledExceptionFilter
000000003030 000000406430 0 VirtualProtect
000000003042 000000406442 0 VirtualQuery
000000003052 000000406452 0 __dllonexit
000000003060 000000406460 0 __getmainargs
000000003070 000000406470 0 __initenv
00000000307C 00000040647C 0 __lconv_init
00000000308C 00000040648C 0 __set_app_type
00000000309E 00000040649E 0 __setusermatherr
0000000030B2 0000004064B2 0 _acmdln
0000000030BC 0000004064BC 0 _amsg_exit
0000000030CA 0000004064CA 0 _cexit
0000000030D4 0000004064D4 0 _fmode
0000000030DE 0000004064DE 0 _initterm
0000000030F2 0000004064F2 0 _lock
0000000030FA 0000004064FA 0 _onexit
000000003104 000000406504 0 _unlock
00000000310E 00000040650E 0 abort
00000000311E 00000040651E 0 calloc
000000003130 000000406530 0 fflush
00000000313A 00000040653A 0 fprintf
00000000314C 00000040654C 0 fwrite
000000003156 000000406556 0 malloc
000000003160 000000406560 0 memcpy
00000000316A 00000040656A 0 printf
00000000317C 00000040657C 0 signal
000000003186 000000406586 0 strlen
000000003190 000000406590 0 strncmp
00000000319A 00000040659A 0 vfprintf
0000000031A6 0000004065A6 0 DefWindowProcA
000000003204 000000406604 0 KERNEL32.dll
000000003290 000000406690 0 msvcrt.dll
0000000032A0 0000004066A0 0 USER32.dll
=== DOWNLOAD ===
Mirror provided by vx-underground.org, thx!