Text strings referenced in scan:.text
Address Disassembly Text string
00401000 CMP EAX, 1000 (Initial CPU selection)
004011A7 PUSH scan.0040A2DC ASCII "wininet.dll"
004011C1 PUSH scan.0040A2C4 ASCII "FindFirstUrlCacheEntryA"
004011C9 PUSH scan.0040A2AC ASCII "FindNextUrlCacheEntryA"
004011D6 PUSH scan.0040A298 ASCII "FindCloseUrlCache"
00401245 PUSH scan.0040A608 UNICODE "\%s"
0040127A MOV EDI, scan.0040A5DC UNICODE "Control Panel\Desktop"
0040127F PUSH scan.0040A5C0 UNICODE "SCRNSAVE.EXE"
00401295 PUSH scan.0040A598 UNICODE "ScreenSaveActive"
004012A1 PUSH scan.0040A590 UNICODE "600"
004012A6 PUSH scan.0040A56C UNICODE "ScreenSaveTimeOut"
004012B2 PUSH scan.0040A550 UNICODE "Sysinternals"
004012B7 PUSH scan.0040A53C UNICODE "Software"
004012C2 PUSH scan.0040A50C UNICODE "Bluescreen Screen Saver"
004012C7 PUSH scan.0040A4E0 UNICODE "Software\Sysinternals"
004012D7 PUSH scan.0040A4C4 UNICODE "EulaAccepted"
004012DC PUSH scan.0040A468 UNICODE "Software\Sysinternals\Bluescreen Screen Saver"
004012E7 PUSH scan.0040A450 UNICODE "Policies"
004012EC PUSH scan.0040A3F8 UNICODE "Software\Microsoft\Windows\CurrentVersion\"
004012F7 PUSH scan.0040A3E8 UNICODE "System"
004012FC PUSH scan.0040A380 UNICODE "Software\Microsoft\Windows\CurrentVersion\Policies"
00401309 PUSH scan.0040A35C UNICODE "NoDispScrSavPage"
0040130E PUSH scan.0040A2E8 UNICODE "Software\Microsoft\Windows\CurrentVersion\Policies\System"
004014D0 PUSH scan.0040A610 UNICODE "[%02d/%02d/%02d %02d:%02d:%02d:%03d %04x] "
00401568 PUSH scan.0040A728 UNICODE "Installed soft dump {"
00401586 PUSH scan.0040A6C0 UNICODE "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
004015F4 PUSH scan.0040A6A8 UNICODE "DisplayName"
00401623 PUSH scan.0040A694 UNICODE "K:%s N:%s"
0040163E PUSH scan.0040A668 UNICODE "Installed soft dump }"
004016A4 PUSH scan.0040A754 UNICODE "%s"
004016C7 PUSH scan.0040A7B4 UNICODE "Dumping processes {"
0040170A PUSH scan.0040A7A0 UNICODE "N:%s P:%d"
00401747 PUSH scan.0040A784 UNICODE "N:%s(%s) P:%d"
0040176C PUSH scan.0040A75C UNICODE "Dumping processes }"
00401800 PUSH scan.0040A7E0 UNICODE "Version: OS:%d.%d, BLD:%d, PLTF:%d, SPS:%s, SP:%d.%d, STMSK:%d, PROD:%d"
0040183E PUSH scan.0040A908 UNICODE "ProcessorNameString"
00401843 MOV EDI, scan.0040A8A8 UNICODE "HARDWARE\DESCRIPTION\System\CentralProcessor\0"
0040186A PUSH scan.0040A890 UNICODE "Identifier"
00401884 PUSH scan.0040A870 UNICODE "Platform:%s(%s)"
004018A8 PUSH scan.0040A94C UNICODE "Loader V1.4"
004018B6 PUSH scan.0040A930 UNICODE "Iteration %d"
004018E3 PUSH scan.0040AA40 UNICODE "Logging finished"
004019BD PUSH scan.0040AA00 UNICODE "/log2.php?affid=%s&uid=%s&tm=%d"
00401A08 PUSH scan.0040A9D8 UNICODE "www.winifixer.com"
00401A2D PUSH scan.0040A9CC UNICODE "POST"
00401A48 PUSH scan.0040A968 UNICODE "Content-Type: application/x-www-form-urlencoded
"
00401A50 PUSH scan.0040A968 UNICODE "Content-Type: application/x-www-form-urlencoded
"
00401B18 PUSH scan.0040AA64 ASCII "C:\"
00402CBD MOV ESI, scan.0040AA9C UNICODE "trid"
00402EDE PUSH scan.0040AB54 UNICODE "" "
00402EE9 PUSH scan.0040AB44 UNICODE " /AID="
00402F31 PUSH scan.0040AAF0 UNICODE " CreateProcess szParams=%s failed with %d"
00402F70 PUSH scan.0040AAA8 UNICODE " WaitForSingleObject failed with %d"
00402FFC PUSH scan.0040AB60 UNICODE "%s:Zone.Identifier"
00403111 PUSH scan.0040AB88 UNICODE "{A56DECD8-1102-49e9-BFD5-17FBE35197F2}"
0040315C PUSH scan.0040ABEC UNICODE "%hs"
00403199 PUSH scan.0040ABDC UNICODE "%s%s%s"
004031EC PUSH scan.0040AF98 UNICODE "Got abnormal file size %d"
00403206 PUSH scan.0040AF78 UNICODE "File size is %d"
00403258 PUSH scan.0040AF60 UNICODE " Offset:%d"
004032B2 PUSH scan.0040AF38 UNICODE " header v1:%d v2:%d"
004032EC PUSH scan.0040AEF8 UNICODE " Target file size %d, error %d"
0040330C PUSH scan.0040AEC0 UNICODE "Received less than 32 bytes"
0040333F PUSH scan.0040AE8C UNICODE " Read %d bytes, error %d"
00403386 PUSH scan.0040AE58 UNICODE "Calculated hexed md5 %hs"
004033AB PUSH scan.0040AE2C UNICODE "Remote hexed md5 %hs"
004033E2 PUSH scan.0040ADF0 UNICODE "Server and local md5 differs"
00403439 PUSH scan.0040ADA8 UNICODE " Cannot read encrypted data GLE:%d"
00403440 PUSH scan.0040AD98 UNICODE " v1==0"
00403453 PUSH scan.0040AD50 UNICODE " Cannot read second header with %d"
00403461 PUSH scan.0040ACF0 UNICODE " Cannot set file pointer to actual data with %d"
0040346F PUSH scan.0040ACA8 UNICODE " Cannot read header data with %d"
0040347D PUSH scan.0040AC38 UNICODE " Cannot set file pointer to header offset (11) with %d"
0040349E PUSH scan.0040ABF4 UNICODE " Cannot create file %s with %d"
004034C4 PUSH scan.0040B2E4 UNICODE "%s/%d/%s/%s.gif"
004034C9 MOV DWORD PTR DS:[4334CC], scan.0040 UNICODE "http://avxp08.com"
004034D3 MOV DWORD PTR DS:[4334D0], scan.0040 UNICODE "e354dd6a773d899336c058fb89fce801"
004034DD MOV DWORD PTR DS:[4334C8], scan.0040 UNICODE "http://youpornztube.com"
004034F1 MOV DWORD PTR SS:[ESP], scan.0040B14 UNICODE ".tttmp"
00403502 MOV DWORD PTR SS:[ESP], scan.0040B12 UNICODE "Internet Explorer"
00403513 MOV DWORD PTR SS:[ESP], scan.0040B10 UNICODE "%s\%s.exe"
00403524 MOV DWORD PTR SS:[ESP], scan.0040B0B UNICODE "Software\Microsoft\Windows\CurrentVersion\Run"
00403548 PUSH scan.0040B080 UNICODE "%s/%d/%s/%s.ok"
00403557 PUSH scan.0040B050 UNICODE "%s/%d/%s/%s.fail"
004035A1 PUSH scan.0040B028 UNICODE "Software\Microsoft"
004035AE PUSH scan.0040B004 UNICODE "Software Notifier"
004035BB PUSH scan.0040AFE4 UNICODE "InstallationID"
004035CA MOV DWORD PTR SS:[ESP], scan.0040AFD UNICODE "Tracking"
0040365B PUSH scan.0040B598 UNICODE "Started URL:%s DEST:%s"
004036F3 PUSH scan.0040B55C UNICODE " InternetOpen failed with %d"
00403752 PUSH scan.0040B510 UNICODE " Cannot open existing file %s with %d"
0040375C PUSH scan.0040B4F4 UNICODE " bSeek==false"
00403786 PUSH scan.0040B4C4 UNICODE " Cannot create file %s"
0040379E PUSH scan.0040B4A0 UNICODE "Range: bytes=%d-"
004037E3 PUSH scan.0040B460 UNICODE " InternetOpenUrl failed with %d"
0040387A PUSH scan.0040B43C UNICODE "Headers :{
%s
}"
00403888 PUSH scan.0040B3F0 UNICODE "HttpQueryInfoW returned false GLE:%d"
004038AA PUSH scan.0040B3B8 UNICODE "No headers retrieved GLE:%d"
004038C0 PUSH scan.0040B380 UNICODE " Got HTTP status %d, GLE=%d"
004038DD PUSH scan.0040B348 UNICODE " HttpQueryInfo returned 404"
004039B2 PUSH scan.0040B314 UNICODE " Recv finished, %d recvd"
00403AAF PUSH scan.0040B6A8 UNICODE " Read %s failed ToRead:%d actually read:%d"
00403ACB PUSH scan.0040B680 UNICODE " File %s size 0 "
00403AE1 PUSH scan.0040B648 UNICODE " Cannot open file %s err %d"
00403AF1 PUSH scan.0040B5F8 UNICODE " Cannot download URL: %s Local File :%s"
00403B0C PUSH scan.0040B5C8 UNICODE " Cannot create TMP file"
00403B46 PUSH scan.0040B700 UNICODE "http://windowsupdate.microsoft.com"
00403BBC PUSH scan.0040B74C UNICODE "?id=%d"
00403C0A PUSH scan.0040B748 ASCII "OK"
00403C82 PUSH scan.0040B74C UNICODE "?id=%d"
00403CD0 PUSH scan.0040B75C ASCII "FAIL"
00403D95 PUSH scan.0040B990 UNICODE ".bmp"
00403DB9 PUSH scan.0040B984 UNICODE ".scr"
00403DBE PUSH scan.0040B97C UNICODE "bl"
00403E01 MOV DWORD PTR SS:[ESP], scan.0040B94 UNICODE "Checking Internet Connection"
00403F30 PUSH scan.0040B8E0 UNICODE "Got error %d while loading URL, GetLastError:%d"
00403F5F PUSH scan.0040B8B8 UNICODE "Cannot extract data"
00403F73 PUSH scan.0040B888 UNICODE "Cannot create Temp File"
00403FE8 PUSH scan.0040B850 UNICODE "Cannot write file error %d"
00403FFE PUSH scan.0040B808 UNICODE "Cannot create file for installer %s"
0040401A PUSH scan.0040B7B8 UNICODE "Written %d bytes going to offer mode"
00404078 PUSH scan.0040B788 UNICODE "Cannot start process"
0040407F PUSH scan.0040B764 UNICODE "Cannot write file"
00405B09 PUSH scan.0040B144 UNICODE ".tttmp"
00405B37 PUSH scan.0040B9A8 UNICODE ".vbs"
00405B9F PUSH scan.0040B99C UNICODE "open"
00405BE3 PUSH scan.0040BAD4 UNICODE "WallpInst"
00405BE8 MOV EBX, scan.0040A5DC UNICODE "Control Panel\Desktop"
00405C2C PUSH scan.0040A608 UNICODE "\%s"
00405C77 PUSH scan.0040BAC4 UNICODE "0 0 255"
00405C7C PUSH scan.0040BAAC UNICODE "Background"
00405C81 PUSH scan.0040BA80 UNICODE "Control Panel\Colors"
00405C92 PUSH scan.0040BA5C UNICODE "WallpaperStyle"
00405C9F PUSH scan.0040BA40 UNICODE "TileWallpaper"
00405CB2 PUSH scan.0040BA2C UNICODE "Wallpaper"
00405CC8 PUSH scan.0040BA08 UNICODE "OriginalWallpaper"
00405CDB PUSH scan.0040B9E0 UNICODE "ConvertedWallpaper"
00405CE7 PUSH scan.0040A450 UNICODE "Policies"
00405CEC PUSH scan.0040A3F8 UNICODE "Software\Microsoft\Windows\CurrentVersion\"
00405CF7 PUSH scan.0040A3E8 UNICODE "System"
00405CFC PUSH scan.0040A380 UNICODE "Software\Microsoft\Windows\CurrentVersion\Policies"
00405D09 PUSH scan.0040B9B4 UNICODE "NoDispBackgroundPage"
00405D0E PUSH scan.0040A2E8 UNICODE "Software\Microsoft\Windows\CurrentVersion\Policies\System"
00406544 PUSH scan.0040BB04 ASCII "mscoree.dll"
00406553 PUSH scan.0040BAF4 ASCII "CorExitProcess"
0040676D PUSH scan.0040BF04 ASCII "<program name unknown>"
004067A0 PUSH scan.0040BF00 ASCII "..."
004067D4 PUSH scan.0040BEE4 ASCII "Runtime Error!
Program: "
004067E6 PUSH scan.0040BEE0 ASCII "
"
00406802 PUSH scan.0040BEB8 ASCII "Microsoft Visual C++ Runtime Library"
004077E1 PUSH scan.0040C4B8 ASCII "user32.dll"
004077FC PUSH scan.0040C4AC ASCII "MessageBoxA"
0040780D PUSH scan.0040C49C ASCII "GetActiveWindow"
00407815 PUSH scan.0040C488 ASCII "GetLastActivePopup"
00407830 PUSH scan.0040C46C ASCII "GetUserObjectInformationA"
00407841 PUSH scan.0040C454 ASCII "GetProcessWindowStation"
0040949D MOV EDI, scan.0040C68C ASCII "Unknown security failure detected!"
004094A2 MOV DWORD PTR SS:[EBP-128], scan.004 ASCII "A security error of unknown cause has been detected which has
corrupted the program's internal state. The program cannot safely
continue execution and must now be terminated.
"
004094B3 MOV EDI, scan.0040C5B8 ASCII "Buffer overrun detected!"
004094B8 MOV DWORD PTR SS:[EBP-128], scan.004 ASCII "A buffer overrun has been detected which has corrupted the program's
internal state. The program cannot safely continue execution and must
now be terminated.
"
004094E1 PUSH scan.0040BF04 ASCII "<program name unknown>"
00409522 PUSH scan.0040BF00 ASCII "..."
00409552 MOV EDI, scan.0040BEE0 ASCII "
"
0040955E PUSH scan.0040C50C ASCII "Program: "
00409588 PUSH scan.0040BEB8 ASCII "Microsoft Visual C++ Runtime Library"
thanks for the insight i should really concentrate a little bit in these buffer thingies 
