File messagebox.exe

Size 387.0KB Resubmit sample
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 7f3e4cc32961766218d7674286f12a79
SHA1 84729c9f695e0e3a7bdf010696ffed0505b32df4
SHA256 3454230d2caf02ece1bfdb21714b9809408b7a87d910ab868517777f36de0b49
SHA512
3f976f187d89cf9848722b9ad0007099da7758ba13a361c2e65a7949b3de0210681bc5bffebc6bfc0b3baeb58c1746141c6206e7358bc9b32d328573a437a1bb
CRC32 263D1294
ssdeep 6144:B7ePAJVBqHAw9je6BGP6a3UnQn5yOj3pRPkeyB/egYw8aFt:B7ePSqg4j1aknA/jPlM5YwR
PDB Path C:\Documents and Settings\Bib\Desktop\samples\messageBox\messagebox\Debug\messagebox.pdb
Yara
  • IsPE32 -
  • IsWindowsGUI -
  • HasDebugData - DebugData Check
  • HasRichSignature - Rich Signature Check
  • PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ - [dUP v2.x Patcher --> www.diablo2oo2.cjb.net]
  • PEiD_01004_MASM_TASM___sig1_h__ - [MASM/TASM - sig1(h)]
  • PEiD_01007_MASM_TASM___sig4__h__ - [MASM/TASM - sig4 (h)]
  • PEiD_01070_Microsoft_Visual_C___6_0___8_0_ - [Microsoft Visual C++ 6.0 - 8.0]
  • PEiD_01087_Microsoft_Visual_C___8_0__Debug_ - [Microsoft Visual C++ 8.0 [Debug]
  • PEiD_01088_Microsoft_Visual_C___8_0__Debug__ - [Microsoft Visual C++ 8.0 [Debug]]
  • PEiD_01272_Neolite_v2_0_ - [Neolite v2.0]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • PEiD_01693_pex_V0_99____params_ - [pex V0.99 -> params]
  • PEiD_02152_StarForce_V3_X_DLL____StarForce_Copy_Protection_System_ - [StarForce V3.X DLL -> StarForce Copy Protection System]
  • PEiD_02161_Stranik_1_3_Modula_C_Pascal_ - [Stranik 1.3 Modula/C/Pascal]
  • PEiD_03512_Xtreme_Protector_v1_05_ - [Xtreme-Protector v1.05]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • DebuggerException__SetConsoleCtrl -
  • Check_OutputDebugStringA_iat -
  • anti_dbg - Checks if being debugged
  • win_files_operation - Affect private profile
  • contentis_base64 - This rule finds for base64 strings
  • Microsoft_Visual_Cpp_V80_Debug -
  • Microsoft_Visual_Cpp_80_Debug_ -
  • Microsoft_Visual_Cpp_80_Debug -
  • NeoLite_vxx -
  • maldoc_function_prolog_signature -
  • maldoc_structured_exception_handling -
  • maldoc_suspicious_strings -

Score

This file shows some signs of potential malicious behavior.

The score of this file is 1.4 out of 10.

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Information on Execution

Category Started Completed Duration Logs
FILE March 8, 2017, 10:01 a.m. March 8, 2017, 10:05 a.m. 256 seconds

Machine

Name Label Started On Shutdown On
winxpsp3x86 winxpsp3x86 2017-03-08 10:01:17 2017-03-08 10:05:33

Analyzer Log

2017-03-08 18:01:16,015 [analyzer] DEBUG: Starting analyzer from: C:\surdwtqv
2017-03-08 18:01:16,015 [analyzer] DEBUG: Pipe server name: \\.\PIPE\shsWPaqdzUrbxQNaNZqEwE
2017-03-08 18:01:16,015 [analyzer] DEBUG: Log pipe server name: \\.\PIPE\YObIMMzIMxbznmhwDsnhR
2017-03-08 18:01:18,390 [analyzer] DEBUG: Started auxiliary module Disguise
2017-03-08 18:01:18,515 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x4802a12c)
2017-03-08 18:01:18,515 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x4802a12c)
2017-03-08 18:01:18,578 [analyzer] DEBUG: Loaded monitor into process with pid 700
2017-03-08 18:01:18,578 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2017-03-08 18:01:18,578 [analyzer] DEBUG: Started auxiliary module Human
2017-03-08 18:01:18,578 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2017-03-08 18:01:18,578 [analyzer] WARNING: Cannot execute auxiliary module Reboot: [Errno 2] No such file or directory: 'C:\\surdwtqv\\reboot.json'
2017-03-08 18:01:18,953 [analyzer] DEBUG: Started auxiliary module RecentFiles
2017-03-08 18:01:18,953 [analyzer] DEBUG: Started auxiliary module Screenshots
2017-03-08 18:01:18,953 [analyzer] INFO: No process IDs returned by the package, running for the full timeout.
2017-03-08 18:05:18,562 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2017-03-08 18:05:18,562 [analyzer] INFO: Terminating remaining processes before shutdown.
2017-03-08 18:05:18,562 [analyzer] INFO: Analysis completed.

Cuckoo Log

2017-03-08 10:01:17,181 [lib.cuckoo.core.scheduler] INFO: File already exists at "/opt/cuckoo/storage/binaries/3454230d2caf02ece1bfdb21714b9809408b7a87d910ab868517777f36de0b49"
2017-03-08 10:01:17,194 [lib.cuckoo.core.scheduler] INFO: Task #10: acquired machine winxpsp3x86 (label=winxpsp3x86)
2017-03-08 10:01:17,211 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 1698 (interface=eth2, host=192.168.128.101, pcap=/opt/cuckoo/storage/analyses/10/dump.pcap)
2017-03-08 10:01:24,729 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=winxpsp3x86, ip=192.168.128.101)
2017-03-08 10:01:25,589 [modules.auxiliary.reboot] ERROR: Reboot analysis is not backwards compatible with the Old Agent, please upgrade your target machine (<Machine('3','winxpsp3x86')>) to the New Agent to use the reboot analysis capabilities.
2017-03-08 10:05:32,698 [lib.cuckoo.core.guest] INFO: winxpsp3x86: analysis completed successfully
2017-03-08 10:05:36,359 [lib.cuckoo.core.plugins] WARNING: The processing module "Suricata" returned the following error: Unable to locate Suricata binary
2017-03-08 10:05:37,875 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7ff074928150>: Failed to establish a new connection: [Errno 111] Connection refused
2017-03-08 10:05:37,876 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7ff0751b3050>: Failed to establish a new connection: [Errno 111] Connection refused
2017-03-08 10:05:37,877 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7ff074928ed0>: Failed to establish a new connection: [Errno 111] Connection refused
2017-03-08 10:05:37,878 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7ff0751b3050>: Failed to establish a new connection: [Errno 111] Connection refused
2017-03-08 10:05:37,878 [lib.cuckoo.core.plugins] ERROR: Failed to run the reporting module "ElasticSearch":
Traceback (most recent call last):
  File "/opt/cuckoo/lib/cuckoo/core/plugins.py", line 533, in process
    current.run(self.results)
  File "/opt/cuckoo/modules/reporting/elasticsearch.py", line 196, in run
    self.connect()
  File "/opt/cuckoo/modules/reporting/elasticsearch.py", line 79, in connect
    if not self.es.indices.exists_template("cuckoo_template"):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/utils.py", line 69, in _wrapped
    return func(*args, params=params, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/indices.py", line 491, in exists_template
    name), params=params)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/transport.py", line 327, in perform_request
    status, headers, data = connection.perform_request(method, url, params, body, ignore=ignore, timeout=timeout)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 105, in perform_request
    raise ConnectionError('N/A', str(e), e)
ConnectionError: ConnectionError(<urllib3.connection.HTTPConnection object at 0x7ff0751b3050>: Failed to establish a new connection: [Errno 111] Connection refused) caused by: NewConnectionError(<urllib3.connection.HTTPConnection object at 0x7ff0751b3050>: Failed to establish a new connection: [Errno 111] Connection refused)

Signatures

This executable has a PDB path (1 event)
pdb_path C:\Documents and Settings\Bib\Desktop\samples\messageBox\messagebox\Debug\messagebox.pdb
The executable has PE anomalies (could be a false positive) (1 event)
section .textbss
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 event)
dead_host 192.158.197.132:3460

Screenshots

Network

DNS

Name Response Post-Analysis Lookup
time.windows.com

Summary

PE Compile Time

2015-02-28 09:10:30

PDB Path

C:\Documents and Settings\Bib\Desktop\samples\messageBox\messagebox\Debug\messagebox.pdb

PEiD Signatures

Microsoft Visual C++ V8.0 (Debug)

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.textbss 0x00001000 0x00023f31 0x00000000 0.0
.text 0x00025000 0x0004bbaf 0x0004bc00 5.55153059953
.rdata 0x00071000 0x0000ef5a 0x0000f000 3.6040278907
.data 0x00080000 0x000038b8 0x00001400 2.03034504972
.idata 0x00084000 0x00000b43 0x00000c00 4.45355139434
.rsrc 0x00085000 0x00000459 0x00000600 2.25329075679
.reloc 0x00086000 0x0000359c 0x00003600 6.24184461212

Imports

Library KERNEL32.dll:
0x4841e0 GetProcAddress
0x4841e4 LoadLibraryA
0x4841e8 GetCommandLineA
0x4841ec HeapSetInformation
0x4841f0 GetStartupInfoW
0x4841f4 WideCharToMultiByte
0x4841f8 IsDebuggerPresent
0x4841fc MultiByteToWideChar
0x484200 RaiseException
0x484204 lstrlenA
0x484208 LoadLibraryW
0x484214 GetTickCount
0x484218 GetCurrentThreadId
0x48421c GetCurrentProcessId
0x48422c DecodePointer
0x484230 GetModuleHandleW
0x484234 ExitProcess
0x484238 GetModuleFileNameA
0x484244 SetHandleCount
0x484248 GetStdHandle
0x484250 GetFileType
0x484258 HeapValidate
0x48425c IsBadReadPtr
0x484260 EncodePointer
0x484264 TlsAlloc
0x484268 TlsGetValue
0x48426c TlsSetValue
0x484270 TlsFree
0x484274 SetLastError
0x484278 GetLastError
0x48427c GetCurrentThread
0x484280 HeapCreate
0x484284 HeapDestroy
0x484288 GetModuleFileNameW
0x48428c WriteFile
0x484290 HeapFree
0x484294 HeapAlloc
0x484298 GetProcessHeap
0x48429c VirtualQuery
0x4842a0 FreeLibrary
0x4842a4 GetACP
0x4842a8 GetOEMCP
0x4842ac GetCPInfo
0x4842b0 IsValidCodePage
0x4842bc FatalAppExitA
0x4842c4 InterlockedExchange
0x4842c8 GetLocaleInfoW
0x4842cc TerminateProcess
0x4842d0 GetCurrentProcess
0x4842d8 HeapReAlloc
0x4842dc HeapSize
0x4842e4 RtlUnwind
0x4842e8 OutputDebugStringA
0x4842ec WriteConsoleW
0x4842f0 OutputDebugStringW
0x4842f4 LCMapStringW
0x4842f8 GetStringTypeW
0x484300 SetFilePointer
0x484304 GetConsoleCP
0x484308 GetConsoleMode
0x48430c GetLocaleInfoA
0x484310 IsValidLocale
0x484314 EnumSystemLocalesA
0x484318 GetUserDefaultLCID
0x48431c SetStdHandle
0x484320 CreateFileW
0x484324 CloseHandle
0x484328 FlushFileBuffers

!This program cannot be run in DOS mode.
~Rich2
.textbss1?
`.rdata
@.data
.idata
@.reloc
PRSVWh
jBh`$G
jJh0)G
u!h0+G
u!h0+G
u!h8-G
t!h\+G
u!h,/G
u!h0+G
u!h8-G
t!hX/G
u!h,/G
u!h0+G
u!h8-G
u!hp7G
u!h|9G
u!h8:G
u!h8:G
u!h\:G
Ph`;G
Rh0;G
t1hH<G
u!h8:G
H0Qhd<G
u!h,?G
jDh(_G
jDh(_G
jPh(_G
jPh(_G
jVh(_G
jVh(_G
jWh8aG
jHhHdG
jHhHdG
t!hXeG
jihxkG
jihxkG
jnhxkG
jnhxkG
URPQQh
u"h`rG
u%h`rG
u!h<kG
;t$,v-
UQPXY]Y[
u!h<kG
PPPPPPPP
PPPPPPPP
MessageBoxA
user32.dll
Unknown Runtime Check Error
Stack memory around _alloca was corrupted
A local variable was used before it was initialized
Stack memory was corrupted
A cast to a smaller data type has caused a loss of data. If this was intentional, you should mask the source of the cast with the appropriate bitmask. For example:
char c = (i & 0xFF);
Changing the code in this way will not affect the quality of the resulting optimized code.
The value of ESP was not properly saved across a function call. This is usually a result of calling a function declared with one calling convention with a function pointer declared with a different calling convention.
Stack around the variable '
' was corrupted.
The variable '
' is being used without being initialized.
Run-Time Check Failure #%d - %s
Unknown Module Name
Unknown Filename
Stack corrupted near unknown variable
Stack area around _alloca memory reserved by this function is corrupted
%s%s%s%s
%s%s%p%s%ld%s%d%s
Stack area around _alloca memory reserved by this function is corrupted
Address: 0x
Size:
Allocation number within this function:
Data: <
wsprintfA
A variable is being used without being initialized.
Stack around _alloca corrupted
Local variable used before initialization
Stack memory corruption
Cast to smaller type causing loss of data
Stack pointer corruption
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\misc\i386\chkesp.c
The value of ESP was not properly saved across a function call. This is usually a result of calling a function declared with one calling convention with a function pointer declared with a different calling convention.
CorExitProcess
f:\dd\vctools\crt_bld\self_x86\crt\src\stdenvp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\stdargv.c
f:\dd\vctools\crt_bld\self_x86\crt\src\a_env.c
f:\dd\vctools\crt_bld\self_x86\crt\src\ioinit.c
Client
Ignore
Normal
Error: memory allocation: bad memory block type.
Invalid allocation size: %Iu bytes.
Client hook allocation failure.
Client hook allocation failure at file %hs line %d.
Error: possible heap corruption at or near 0x%p
The Block at 0x%p was allocated by aligned routines, use _aligned_realloc()
Error: memory allocation: bad memory block type.
Memory allocated at %hs(%d).
Invalid allocation size: %Iu bytes.
Memory allocated at %hs(%d).
Client hook re-allocation failure.
Client hook re-allocation failure at file %hs line %d.
HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.
CRT detected that the application wrote to memory after end of heap buffer.
HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.
CRT detected that the application wrote to memory after end of heap buffer.
Memory allocated at %hs(%d).
HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.
CRT detected that the application wrote to memory before start of heap buffer.
HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.
CRT detected that the application wrote to memory before start of heap buffer.
Memory allocated at %hs(%d).
Client hook free failure.
The Block at 0x%p was allocated by aligned routines, use _aligned_free()
%hs located at 0x%p is %Iu bytes long.
%hs located at 0x%p is %Iu bytes long.
Memory allocated at %hs(%d).
HEAP CORRUPTION DETECTED: on top of Free block at 0x%p.
CRT detected that the application wrote to a heap buffer that was freed.
HEAP CORRUPTION DETECTED: on top of Free block at 0x%p.
CRT detected that the application wrote to a heap buffer that was freed.
Memory allocated at %hs(%d).
DAMAGED
_heapchk fails with unknown return value!
_heapchk fails with _HEAPBADPTR.
_heapchk fails with _HEAPBADEND.
_heapchk fails with _HEAPBADNODE.
_heapchk fails with _HEAPBADBEGIN.
Bad memory block found at 0x%p.
Bad memory block found at 0x%p.
Memory allocated at %hs(%d).
Object dump complete.
crt block at 0x%p, subtype %x, %Iu bytes long.
normal block at 0x%p, %Iu bytes long.
client block at 0x%p, subtype %x, %Iu bytes long.
{%ld}
%hs(%d) :
#File Error#(%d) :
Dumping objects ->
Data: <%s> %s
Detected memory leaks!
Total allocations: %Id bytes.
Largest number used: %Id bytes.
%Id bytes in %Id %hs Blocks.
Damage before 0x%p which was allocated by aligned routine
The block at 0x%p was not allocated by _aligned routines, use realloc()
The block at 0x%p was not allocated by _aligned routines, use free()
f:\dd\vctools\crt_bld\self_x86\crt\src\tidtable.c
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
PDBOpenValidate5
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
Assertion Failed
Warning
f:\dd\vctools\crt_bld\self_x86\crt\src\dbgrpt.c
Microsoft Visual C++ Debug Library
_CrtDbgReport: String too long or IO Error
Debug %s!
Program: %s%s%s%s%s%s%s%s%s%s%s%s
(Press Retry to debug the application)
Module:
File:
Line:
Expression:
For information on how your program can cause an assertion
failure, see the Visual C++ documentation on asserts.
<program name unknown>
f:\dd\vctools\crt_bld\self_x86\crt\src\onexit.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mbctype.c
f:\dd\vctools\crt_bld\self_x86\crt\src\mlock.c
f:\dd\vctools\crt_bld\self_x86\crt\src\winsig.c
SystemFunction036
f:\dd\vctools\crt_bld\self_x86\crt\src\inithelp.c
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
%s(%d) : %s
Assertion failed!
Assertion failed:
, Line
<file unknown>
Second Chance Assertion Failed: File
_CrtDbgReport: String too long or Invalid characters in String
GetUserObjectInformationA
f:\dd\vctools\crt_bld\self_x86\crt\src\inittime.c
f:\dd\vctools\crt_bld\self_x86\crt\src\initnum.c
f:\dd\vctools\crt_bld\self_x86\crt\src\initmon.c
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
(null)
`h````
xpxxxx
f:\dd\vctools\crt_bld\self_x86\crt\src\output.c
LC_TIME
LC_NUMERIC
LC_MONETARY
LC_CTYPE
LC_COLLATE
LC_ALL
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
f:\dd\vctools\crt_bld\self_x86\crt\src\setlocal.c
bad exception
f:\dd\vctools\crt_bld\self_x86\crt\src\_getbuf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_file.c
`h`hhh
xppwpp
f:\dd\vctools\crt_bld\self_x86\crt\src\initctyp.c
united-states
united-kingdom
trinidad & tobago
south-korea
south-africa
south korea
south africa
slovak
puerto-rico
pr-china
pr china
new-zealand
hong-kong
holland
great britain
england
britain
america
swedish-finland
spanish-venezuela
spanish-uruguay
spanish-puerto rico
spanish-peru
spanish-paraguay
spanish-panama
spanish-nicaragua
spanish-modern
spanish-mexican
spanish-honduras
spanish-guatemala
spanish-el salvador
spanish-ecuador
spanish-dominican republic
spanish-costa rica
spanish-colombia
spanish-chile
spanish-bolivia
spanish-argentina
portuguese-brazilian
norwegian-nynorsk
norwegian-bokmal
norwegian
italian-swiss
irish-english
german-swiss
german-luxembourg
german-lichtenstein
german-austrian
french-swiss
french-luxembourg
french-canadian
french-belgian
english-usa
english-us
english-uk
english-trinidad y tobago
english-south africa
english-nz
english-jamaica
english-ire
english-caribbean
english-can
english-belize
english-aus
english-american
dutch-belgian
chinese-traditional
chinese-singapore
chinese-simplified
chinese-hongkong
chinese
canadian
belgian
australian
american-english
american english
american
Norwegian-Nynorsk
Unknown exception
f:\dd\vctools\crt_bld\self_x86\crt\src\osfinfo.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_sftbuf.c
Complete Object Locator'
Class Hierarchy Descriptor'
Base Class Array'
Base Class Descriptor at (
Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
delete[]
new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
generic-type-
template-parameter-
`anonymous namespace'
`non-type-template-parameter
`template-parameter
extern "C"
[thunk]:
public:
protected:
private:
virtual
static
`template static data member destructor helper'
`template static data member constructor helper'
`local static destructor helper'
`adjustor{
`vtordisp{
`vtordispex{
std::nullptr_t
volatile
,<ellipsis>
<ellipsis>
throw(
volatile
signed
unsigned
UNKNOWN
__w64
wchar_t
<unknown>
__int128
__int64
__int32
__int16
__int8
double
cointerface
coclass
class
struct
union
`unknown ecsu'
short
const
volatile
cli::pin_ptr<
cli::array<
{flat}
C:\Documents and Settings\Bib\Desktop\samples\messageBox\messagebox\Debug\messagebox.pdb
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_exception@std@@
.?AVexception@std@@
.?AVtype_info@@
.?AVbad_cast@std@@
.?AVbad_typeid@std@@
.?AV__non_rtti_object@std@@
GetProcAddress
LoadLibraryA
KERNEL32.dll
GetCommandLineA
HeapSetInformation
GetStartupInfoW
WideCharToMultiByte
IsDebuggerPresent
MultiByteToWideChar
RaiseException
lstrlenA
LoadLibraryW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
InterlockedIncrement
InterlockedDecrement
DecodePointer
GetModuleHandleW
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
HeapValidate
IsBadReadPtr
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetLastError
GetCurrentThread
HeapCreate
HeapDestroy
GetModuleFileNameW
WriteFile
HeapFree
HeapAlloc
GetProcessHeap
VirtualQuery
FreeLibrary
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
SetConsoleCtrlHandler
InterlockedExchange
GetLocaleInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
HeapReAlloc
HeapSize
HeapQueryInformation
RtlUnwind
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
LCMapStringW
GetStringTypeW
IsProcessorFeaturePresent
SetFilePointer
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
SetStdHandle
CreateFileW
CloseHandle
FlushFileBuffers
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
1272H2R2e2j2
4H5M5_5
7P8W8r8
:X;];o;
>(>D>J>W>^>c>~>
,070r0
2!2?2D2K2
2&3,3X3c3p3x3
6,656k6z6
<%<7<C<p<u<z<
=4=9=>=U=g=s=
0A1O1Y1`1:2N2
3:3I3^3c3h3
1,1t1{1
4%4.4O4i4
4+505~5
6 6&6,646E6N6
;3;?;H;N;W;c;l;
<"=.=w=
=Q>Z>f>q>y>
0&0A0G0P0a0i0~0(3-3?3e3q3
485@5I5Y5e5{5
6"6R6^6
647:7r7x7
7,828k8w8
959?9K9f9
< <0<<<R<^<g<
>'?3?V?
B0G0L0l0q0
4(5-5?5S5
6!6'646
7>7C7H7X7u7
;;E;Q;~;
>,>8>e>j>o>
22K2P2y2
7>798\8l8q8
8$9)9.9]9y9
;<+<X<]<b<
?=?B?G?
6-646@6G6
7#7,757>7B7H7N7T7Z7_7d7j7o7u7~7
8,8O8V8]8
8'9/969=9E9O9X9_9e9
;/;S;Y;`;z;
;(<-<?<
? ?W?g?
1&1>1_1
50555:5?5I5}5
6I6N6S6X6b6
7@8I8V8`8h8m8t8
;';A;F;L;\;z;
>.>3>8>_>h>
>Q?j?s?
00Z0c0l0
0 2^2n2s2x2}2
4)494E4q4
5D5I5N5
7/7k7t7
849l9u9
;H<M<R<Y<
= =,=@=L=g=w=
3 3)303
44)4A4F4
6(8-8?8b8
9B:P:y:
:(;Z;b;i;s;w;
=2=<=a=
1D2K2t2x2|2
:H:M:_:{:
<;<B<]<
<R=\=b=m=y=
> >%>->4>G>L>
0 0$0(0,0H0L0X1]1o1
4L5P5T5X5\5`5b6u6
6)7J7Q7k7t7
898>8C8Z8d8
:#;(;-;
==>D>l>a?l?v?
0+080C0n0{0
11181E1J1|1
3I4U4w4|4
5H9W9q:z:
:6;?;i;n;s;
;(<Q<Z<
3,4H4d4
;X;];o;
<&=+=0=
0S1\1w3
444;4C4H4L4P4y4
4*5054585<5
5'6Y6`6d6h6l6p6t6x6|6
:!:K:P:U:
;;);C;H;M;W;^;c;h;r;y;~;
;O<Z<a<{<
=#>+>j>s>
?$?Q?z?
1080e0
4-555b5
97:?:L;R;X;^;d;j;q;x;
<!<'<?<F<
="=a=j=
1$11161<1
2:2F2R2W2\2
4-42474
7/74797
:;%;@;M;R;X;e;j;p;
;"<'<,<1<d<p<|<
===B=G=L=
>">'>,>W>\>a>
0#1*191Y1^1c1
2!2+2=2G2g2l2q2
6#6-6:6?6E6M6W6^6c6i6t6~6
7&7-7E7L788A8k8p8u8
8#9,9V9[9`9
:";';,;N?{?
0R2W2C3`3e3
0#0N0w0
0"0N072U2t2
;2;Q;p;
0%111a1f1k1
2"3.3^3c3h3
`2d2h2l2p2t2x2|2
3 3$3(3
;2;7;<;c;l;
;/=;=h=m=r=
?2?7?<?y?
2;2@2E2
495E5r5w5|5
9=:&?6?~?
0080<0@0D0
0X1]1o1
1+2.3a3
6X7]7o7
8$959V:b:h:s:y:
;"<j<o<t<
7'8=8t8
9K:P:U:Z:
<#<I=N=S=
>A?F?K?
=0B0G0{0
253O3X3
4"4L4Q4V4
:(;0;m;y;
>>I>N>S>
>!?*?T?Y?^?
0/080b0g0l0
4#4M4R4W4!5-5Z5_5d5
8B8G8L8
6-62676
7/8;8h8m8r8{:
:B;N;{;
<.<h<o<
=C=K=y>
?K?P?U?
1*1W1\1a1
6A6F6K6
7*7W7\7a7
:%:R:W:\:
;";';f;r;
?1?6?;?}?
0Y1`1o2v2
7/868^8e8
> >$>(>,>0>4>8><>@>D>H>`>d>h>l>p>
?5K5x5}5
8H8M8R8
1X5]5o5(8-8?8
H0M0_088=8O8
>"?E?N?
2!3D3M3
626f6o6
8#8I8n8
:;D;d<n<
666?6r6
6-7>7h7q7{7
8(818M8k8
9,91969x9}9
<-<V<a<
8K8P8U8
8':_:};
151:1?1
787=7B7
8H8M8R8Q9]9
,01060
1E1J1O1
2%2U2Z2_2@3L3|3
<6<;<@<
<*>6>f>k>p>
? ?$?(?,?`?d?h?l?p?t?x?|?
2 2b2t2
3B3N3~3
<J=Q=y=
4(4,4044484l4p4t4x4|4
<F=\=w=
1"202>2
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
8#8T8w8x:~:
5#5,5T5
9;:G:w:|:
:X;_;n<u<
1.252]2d2
2(848d8i8n8
9L9P9T9X9\9`9d9h9l9p9t9x9|9
43484=4
6I6g7s7
<G<L<Q<
>-?2?7?
2:2?2D2
3L3Q3V3
;+<0<5<
>?>D>I>
?D?I?N?
63686=6
7E7J7O7<8H8x8}8
0 0]5i5
5Q6i7u7
8 8$8(8,8084888<8@8D8\8`8d8h8l8
9 9$9(9,9
9S:X;];o;
=d=p=6>B>
; ;$;(;,;0;z;
<<$<(<,<M<w<
= =$=(=X>]>o>
050;0D0Y0
2$222H2
383D3P3f3
4*464n4s4x4
7&7[7y7X8]8o8
;Q;_;n;
?&?9?S?s?
0F1N1m1w1
2(3-3?3p3y3
6$7)7.7W<m<
=:=?=D=z=
0A0F0K0
14191>1t1}1
444@4m4r4w4
7H7Q7{7
=X?]?o?
4!4X4]4o4
4f5k5p5
8?8D8I829;9e9j9o9X:]:o:
;,;D;M;w;|;
0 1%1*1
<K<x=}=
?]?i?w?
2B2L2`2l2
6$6H6Q6
7&7/787C7L7Q7r7x7
838@8o8|8
:):2:X:_:d:l:
<+<2<8<A<Y<d<x<
>">1>:>o>
0(000I0
1#1I1V1^1}1
1 2$2(2,2024282
2034383<3@3D3H3
696E6S6\6c6p6y6
7)7<7G7t7
8#81898g8t8|8
909C9P9Y9
=+=>=G=
>(>0>8>
0.0<0O0\0o0
1;1D1J1R1[1
293S3i3z3
4'444C4L4l4
5L5Z5m5
5\6f6q6z6
758l8|8
: :P:T:X:\:`:d:h:l:p:
6'646[8
;";+;4;a;j;
=0K0T0c0
0 1$1(1,101
1\4i4u4~4
7f8t8}8
9,9G9^9g9n91:K:R:q:
:';0;5;O;V;\;e;
;*<3<:<b<k<
<8=<=@=D=H=L=P=T=X=
?=?o?w?
1'151H1_1
253<3A3S3e3w3
4)4;4M4_4q4
5!525A5P5X5
5"6)626
7,7l7p7t7x7|7
7H8L8P8T8x8|8::E:M:g:n:t:}:
:T;X;\;`;d;h;l;p;
=7=>=G=
>C>P>^>~>
-1i3z3
31595?5y5
6?6N6_6h6
9":+:S:`:i:<;Z;
7&838;8M8Z8x8
: :):k:&;F;f;
<&<F<f<
8Q8t8}8
989=9B9{9
=%=2=7=V=]=j=p=v=|=
>$>*>0>6><>B>H>N>T>Z>`>f>l>r>x>~>
? ?&?,?2?8?>?D?J?
:*;Z;q;y;
3 4,70788
H4L4P4T4X4
;$;,;4;<;
X2`2h2p2x2
3 3(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4
5 5(50585@5H5P5X5`5h5p5x58:<:D:H:L:l:p:t:|:
@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
= =$=(=,=0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=
2 2024282
9,9D9L9`9d9x9
:,:0:D:L:P:X:p:
24282T2X2x2
383X3x3
4$4H4T4x4
585X5d5p5
6 6X6x6
7(747X7d7p7
8(80848T8X8t8x8
9,9P9\9d9
:8:D:h:
;8;D;P;
<(<H<T<`<
4 :0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
;8<H<X<h<x<
<@=D=H=L=P=T=X=\=`=d=p=t=x=|=
@1\1|1
Run-Time Check Failure #%d - %s
Runtime Check Error.
Unable to display RTC Message.
user32.dll
mscoree.dll
_wpgmptr != NULL
_get_wpgmptr
f:\dd\vctools\crt_bld\self_x86\crt\src\crt0dat.c
pValue != NULL
_pgmptr != NULL
_get_pgmptr
strcpy_s(*env, cchars, p)
_setenvp
f:\dd\vctools\crt_bld\self_x86\crt\src\stdenvp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c
_CrtCheckMemory()
_pFirstBlock == pOldBlock
_pLastBlock == pOldBlock
fRealloc || (!fRealloc && pNewBlock == pOldBlock)
pOldBlock->nLine == IGNORE_LINE && pOldBlock->lRequest == IGNORE_REQ
_CrtIsValidHeapPointer(pUserData)
_expand_dbg
pUserData != NULL
_pFirstBlock == pHead
_pLastBlock == pHead
pHead->nBlockUse == nBlockUse
pHead->nLine == IGNORE_LINE && pHead->lRequest == IGNORE_REQ
_BLOCK_TYPE_IS_VALID(pHead->nBlockUse)
_msize_dbg
_CrtSetDbgFlag
(fNewBits==_CRTDBG_REPORT_FLAG) || ((fNewBits & 0x0ffff & ~(_CRTDBG_ALLOC_MEM_DF | _CRTDBG_DELAY_FREE_MEM_DF | _CRTDBG_CHECK_ALWAYS_DF | _CRTDBG_CHECK_CRT_DF | _CRTDBG_LEAK_CHECK_DF) ) == 0)
_CrtDoForAllClientObjects
pfn != NULL
_CrtMemCheckpoint
state != NULL
newState != NULL
oldState != NULL
_CrtMemDifference
(*_errno())
_printMemBlockData
_CrtMemDumpStatistics
offset == 0 || offset < size
_aligned_offset_malloc_dbg
IS_2_POW_N(align)
_aligned_offset_realloc_dbg
_aligned_msize_dbg
memblock != NULL
KERNEL32.DLL
f:\dd\vctools\crt_bld\self_x86\crt\src\heapinit.c
_crtheap
runtime error
TLOSS error
SING error
DOMAIN error
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
- abort() has been called
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
wcscat_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), error_text)
wcscat_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), L"\n\n")
wcsncpy_s(pch, progname_size - (pch - progname), L"...", 3)
<program name unknown>
wcscpy_s(progname, progname_size, L"<program name unknown>")
Runtime Error!
Program:
wcscpy_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), L"Runtime Error!\n\nProgram: ")
_NMSG_WRITE
f:\dd\vctools\crt_bld\self_x86\crt\src\crt0msg.c
MSPDB100.DLL
EnvironmentDirectory
SOFTWARE\Microsoft\VisualStudio\10.0\Setup\VS
ADVAPI32.DLL
("The hook function is not in the list!",0)
pfnNewHook != NULL
_CrtSetReportHook2
f:\dd\vctools\crt_bld\self_x86\crt\src\dbgrpt.c
mode == _CRT_RPTHOOK_INSTALL || mode == _CRT_RPTHOOK_REMOVE
strcpy_s(szOutMessage, 4096, "_CrtDbgReport: String too long or IO Error")
memcpy_s(szShortProgName, sizeof(TCHAR) * (260 - (szShortProgName - szExeName)), dotdotdot, sizeof(TCHAR) * 3)
strcpy_s(szExeName, 260, "<program name unknown>")
__crtMessageWindowA
Assertion Failed
Warning
_CrtSetReportHookW2
Microsoft Visual C++ Debug Library
_CrtDbgReport: String too long or IO Error
wcscpy_s(szOutMessage, 4096, L"_CrtDbgReport: String too long or IO Error")
Debug %s!
Program: %s%s%s%s%s%s%s%s%s%s%s%s
(Press Retry to debug the application)
Module:
File:
Line:
Expression:
For information on how your program can cause an assertion
failure, see the Visual C++ documentation on asserts.
wcscpy_s(szExeName, 260, L"<program name unknown>")
__crtMessageWindowW
signal
f:\dd\vctools\crt_bld\self_x86\crt\src\winsig.c
("Invalid signal or error", 0)
("rand_s is not available on this platform", 0)
rand_s
f:\dd\vctools\crt_bld\self_x86\crt\src\rand_s.c
_RandomValue != NULL
strncpy_s(*straddress, outsize, pcbuffer, outsize - 1)
__getlocaleinfo
f:\dd\vctools\crt_bld\self_x86\crt\src\inithelp.c
f:\dd\vctools\crt_bld\self_x86\crt\src\handler.cpp
pnh == 0
_get_errno
f:\dd\vctools\crt_bld\self_x86\crt\src\dosmap.c
_get_doserrno
(L"Buffer is too small" && 0)
Buffer is too small
(((_Src))) != NULL
strcpy_s
f:\dd\vctools\crt_bld\self_x86\crt\src\tcscpy_s.inl
((_Dst)) != NULL && ((_SizeInBytes)) > 0
_expand_base
f:\dd\vctools\crt_bld\self_x86\crt\src\expand.c
pBlock != NULL
f:\dd\vctools\crt_bld\self_x86\crt\src\localref.c
((ptloci->lc_category[category].wlocale != NULL) && (ptloci->lc_category[category].wrefcount != NULL)) || ((ptloci->lc_category[category].wlocale == NULL) && (ptloci->lc_category[category].wrefcount == NULL))
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
n(string != NULL)
sprintf
f:\dd\vctools\crt_bld\self_x86\crt\src\sprintf.c
(format != NULL)
f:\dd\vctools\crt_bld\self_x86\crt\src\isctype.c
(unsigned)(c + 1) <= 256
_set_error_mode
f:\dd\vctools\crt_bld\self_x86\crt\src\errmode.c
("Invalid error_mode", 0)
USER32.DLL
(L"String is not null terminated" && 0)
String is not null terminated
wcscat_s
f:\dd\vctools\crt_bld\self_x86\crt\src\tcscat_s.inl
((_Dst)) != NULL && ((_SizeInWords)) > 0
wcsncpy_s
f:\dd\vctools\crt_bld\self_x86\crt\src\tcsncpy_s.inl
wcscpy_s
fMode == _CRTDBG_REPORT_MODE || (fMode & ~(_CRTDBG_MODE_FILE | _CRTDBG_MODE_DEBUG | _CRTDBG_MODE_WNDW)) == 0
_CrtSetReportMode
f:\dd\vctools\crt_bld\self_x86\crt\src\dbgrptt.c
nRptType >= 0 && nRptType < _CRT_ERRCNT
_CrtSetReportFile
_CrtDbgReport: String too long or Invalid characters in String
wcscpy_s(szOutMessage2, 4096, L"_CrtDbgReport: String too long or Invalid characters in String")
e = mbstowcs_s(&ret, szOutMessage2, 4096, szOutMessage, ((size_t)-1))
strcpy_s(szOutMessage, 4096, szLineMessage)
strcat_s(szLineMessage, 4096, "\n")
strcat_s(szLineMessage, 4096, "\r")
strcat_s(szLineMessage, 4096, szUserMessage)
strcpy_s(szLineMessage, 4096, szFormat ? "Assertion failed: " : "Assertion failed!")
strcpy_s(szUserMessage, 4096, "_CrtDbgReport: String too long or IO Error")
_itoa_s(nLine, szLineMessage, 4096, 10)
_VCrtDbgReportA
wcstombs_s(&ret, szaOutMessage, 4096, szOutMessage, ((size_t)-1))
strcpy_s(szOutMessage2, 4096, "_CrtDbgReport: String too long or Invalid characters in String")
wcstombs_s(((void *)0), szOutMessage2, 4096, szOutMessage, ((size_t)-1))
wcscpy_s(szOutMessage, 4096, szLineMessage)
%s(%d) : %s
wcscat_s(szLineMessage, 4096, L"\n")
wcscat_s(szLineMessage, 4096, L"\r")
wcscat_s(szLineMessage, 4096, szUserMessage)
wcscpy_s(szLineMessage, 4096, szFormat ? L"Assertion failed: " : L"Assertion failed!")
Assertion failed!
Assertion failed:
wcscpy_s(szUserMessage, 4096, L"_CrtDbgReport: String too long or IO Error")
, Line
<file unknown>
Second Chance Assertion Failed: File
_itow_s(nLine, szLineMessage, 4096, 10)
_VCrtDbgReportW
sizeInBytes >= count
src != NULL
memcpy_s
f:\dd\vctools\crt_bld\self_x86\crt\src\memcpy_s.c
dst != NULL
_swprintf
f:\dd\vctools\crt_bld\self_x86\crt\src\swprintf.c
f:\dd\vctools\crt_bld\self_x86\crt\src\malloc.h
("Corrupted pointer passed to _freea", 0)
strncpy_s
f:\dd\vctools\crt_bld\self_x86\crt\src\inittime.c
ploci->lc_time_curr->refcount > 0
f:\dd\vctools\crt_bld\self_x86\crt\src\initnum.c
ploci->lconv_num_refcount > 0
f:\dd\vctools\crt_bld\self_x86\crt\src\initmon.c
ploci->lconv_mon_refcount > 0
((((( H
h(((( H
H
("inconsistent IOB fields", stream->_ptr - stream->_base >= 0)
f:\dd\vctools\crt_bld\self_x86\crt\src\_flsbuf.c
str != NULL
(null)
("'n' format specifier disabled", 0)
(ch != _T('\0'))
( (_Stream->_flag & _IOSTRG) || ( fn = _fileno(_Stream), ( (_textmode_safe(fn) == __IOINFO_TM_ANSI) && !_tm_unicode_safe(fn))))
_output_l
f:\dd\vctools\crt_bld\self_x86\crt\src\output.c
(stream != NULL)
_vsprintf_l
f:\dd\vctools\crt_bld\self_x86\crt\src\vsprintf.c
_vscprintf_helper
(count == 0) || (string != NULL)
_vsnprintf_helper
("Buffer too small", 0)
string != NULL && sizeInBytes > 0
_vsprintf_s_l
format != NULL
_vsnprintf_s_l
_configthreadlocale
f:\dd\vctools\crt_bld\self_x86\crt\src\setlocal.c
("Invalid parameter for _configthreadlocale",0)
setlocale
LC_MIN <= _category && _category <= LC_MAX
strncpy_s(lctemp, (sizeof(lctemp) / sizeof(lctemp[0])), s, len)
_setlocale_nolock
strcpy_s(pch + sizeof(int), cch - sizeof(int), lctemp)
_setlocale_set_cat
strcat_s(pch, cch, ";")
_setlocale_get_all
strcpy_s(output, sizeInChars, cacheout)
strncpy_s(cachein, cacheinSize, source, charactersInSource + 1)
strcpy_s(output, sizeInChars, "C")
_expandlocale
strcat_s(outstr, sizeInBytes, ( *(char * *)((substr += ( (sizeof(char *) + sizeof(int) - 1) & ~(sizeof(int) - 1) )) - ( (sizeof(char *) + sizeof(int) - 1) & ~(sizeof(int) - 1) )) ))
_strcats
strncpy_s(names->szCodePage, (sizeof(names->szCodePage) / sizeof(names->szCodePage[0])), locale, len)
strncpy_s(names->szCountry, (sizeof(names->szCountry) / sizeof(names->szCountry[0])), locale, len)
strncpy_s(names->szLanguage, (sizeof(names->szLanguage) / sizeof(names->szLanguage[0])), locale, len)
,strncpy_s(names->szCodePage, (sizeof(names->szCodePage) / sizeof(names->szCodePage[0])), &locale[1], 16-1)
__lc_strtolc
strcpy_s(locale, sizeInBytes, (char *)names->szLanguage)
__lc_lctostr
_mbstowcs_l_helper
f:\dd\vctools\crt_bld\self_x86\crt\src\mbstowcs.c
s != NULL
retsize <= sizeInWords
bufferSize <= INT_MAX
_mbstowcs_s_l
(pwcs == NULL && sizeInWords == 0) || (pwcs != NULL && sizeInWords > 0)
strcat_s
length < sizeInTChars
2 <= radix && radix <= 36
sizeInTChars > (size_t)(is_neg ? 2 : 1)
sizeInTChars > 0
xtoa_s
f:\dd\vctools\crt_bld\self_x86\crt\src\xtoa.c
buf != NULL
x64toa_s
_wcstombs_l_helper
f:\dd\vctools\crt_bld\self_x86\crt\src\wcstombs.c
pwcs != NULL
sizeInBytes > retsize
_wcstombs_s_l
(dst != NULL && sizeInBytes > 0) || (dst == NULL && sizeInBytes == 0)
_vswprintf_helper
f:\dd\vctools\crt_bld\self_x86\crt\src\vswprint.c
string != NULL && sizeInWords > 0
_vswprintf_s_l
_vsnwprintf_s_l
xtow_s
x64tow_s
_woutput_l
_vswprintf_l
_vscwprintf_helper
("Invalid file descriptor. File possibly closed by a different thread",0)
(_osfile(fh) & FOPEN)
_lseeki64
f:\dd\vctools\crt_bld\self_x86\crt\src\lseeki64.c
(fh >= 0 && (unsigned)fh < (unsigned)_nhandle)
_write
f:\dd\vctools\crt_bld\self_x86\crt\src\write.c
isleadbyte(_dbcsBuffer(fh))
((cnt & 1) == 0)
_write_nolock
(buf != NULL)
f:\dd\vctools\crt_bld\self_x86\crt\src\_getbuf.c
_isatty
f:\dd\vctools\crt_bld\self_x86\crt\src\isatty.c
_fileno
f:\dd\vctools\crt_bld\self_x86\crt\src\fileno.c
printf
f:\dd\vctools\crt_bld\self_x86\crt\src\printf.c
sizeInBytes > 0
_wctomb_s_l
f:\dd\vctools\crt_bld\self_x86\crt\src\wctomb.c
sizeInBytes <= INT_MAX
("Missing position in the format string", 0)
((state == ST_NORMAL) || (state == ST_TYPE))
_tvalidate_param_reuse(&pos_value[type_pos], e_long_long_arg, ch, flags)
_tvalidate_param_reuse(&pos_value[type_pos], e_int64_arg, ch, flags)
pass == FORMAT_OUTPUT_PASS
_tvalidate_param_reuse(&pos_value[type_pos], e_double_arg, ch, flags)
_tvalidate_param_reuse(&pos_value[type_pos], e_ptr_arg, ch, flags)
_tvalidate_param_reuse(&pos_value[type_pos], e_int_arg, ch, flags)
_tvalidate_param_reuse(&pos_value[type_pos], e_short_arg, ch, flags)
((type_pos>=0) && (type_pos<_ARGMAX))
_tvalidate_param_reuse(&pos_value[precis_pos], e_int_arg, ch, flags)
((precis_pos >= 0) && (*end_pos == POSITION_CHAR) && (type_pos < _ARGMAX))
_tvalidate_param_reuse(&pos_value[width_pos], e_int_arg, ch, flags)
((width_pos >= 0) && (*end_pos == POSITION_CHAR) && (type_pos < _ARGMAX))
("Incorrect format specifier", 0)
((type_pos >= 0) && (*end_pos == POSITION_CHAR) && (type_pos < _ARGMAX))
_output_p_l
_output_s_l
ploci->ctype1_refcount > 0
f:\dd\vctools\crt_bld\self_x86\crt\src\initctyp.c
strcpy_s(lpOutStr->szLanguage, (sizeof(lpOutStr->szLanguage) / sizeof(lpOutStr->szLanguage[0])), "Norwegian-Nynorsk")
__get_qualified_locale
f:\dd\vctools\crt_bld\self_x86\crt\src\getqloc.c
P_woutput_s_l
_woutput_p_l
f:\dd\vctools\crt_bld\self_x86\crt\src\mbtowc.c
_loc_update.GetLocaleT()->locinfo->mb_cur_max == 1 || _loc_update.GetLocaleT()->locinfo->mb_cur_max == 2
fputwc
f:\dd\vctools\crt_bld\self_x86\crt\src\fputwc.c
(str != NULL)
f:\dd\vctools\crt_bld\self_x86\crt\src\dbgdel.cpp
_get_osfhandle
f:\dd\vctools\crt_bld\self_x86\crt\src\osfinfo.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_sftbuf.c
flag == 0 || flag == 1
vprintf_helper
f:\dd\vctools\crt_bld\self_x86\crt\src\vprintf.c
ibase == 0 || (2 <= ibase && ibase <= 36)
strtoxl
f:\dd\vctools\crt_bld\self_x86\crt\src\strtol.c
nptr != NULL
_stricmp_l
f:\dd\vctools\crt_bld\self_x86\crt\src\stricmp.c
_stricmp
count <= INT_MAX
_strnicmp_l
f:\dd\vctools\crt_bld\self_x86\crt\src\strnicmp.c
_strnicmp
wcstoxl
f:\dd\vctools\crt_bld\self_x86\crt\src\wcstol.c
f:\dd\vctools\crt_bld\self_x86\crt\prebuild\eh\typname.cpp
pNode->_Next != NULL
strcpy_s ((char *)((type_info *)_This)->_M_data, len+2, (char *)pTmpUndName)
type_info::_Name_base
strcpy_s (pTmpTypeName, len+2, (char *)pTmpUndName)
type_info::_Name_base_internal
CONOUT$
fclose
f:\dd\vctools\crt_bld\self_x86\crt\src\fclose.c
_fclose_nolock
(_osfile(filedes) & FOPEN)
_commit
f:\dd\vctools\crt_bld\self_x86\crt\src\commit.c
(filedes >= 0 && (unsigned)filedes < (unsigned)_nhandle)
strtoxq
f:\dd\vctools\crt_bld\self_x86\crt\src\strtoq.c
_close
f:\dd\vctools\crt_bld\self_x86\crt\src\close.c
f:\dd\vctools\crt_bld\self_x86\crt\src\_freebuf.c
stream != NULL
No antivirus signatures available.

Process Tree


Deprecation note: While processing this analysis you did not have the httpreplay Python library installed. Installing this library (i.e., pip install httpreplay) will allow Cuckoo to do more proper PCAP analysis including but not limited to showing full HTTP and HTTPS (!) requests and responses. It is recommended that you install this library and possibly reprocess any interesting analysis tasks.

DNS

Name Response Post-Analysis Lookup
time.windows.com

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.128.101 1025 192.168.128.111 53
192.168.128.101 137 192.168.128.255 137
192.168.128.101 138 192.168.128.255 138
192.168.128.101 1037 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.
Task ID 10
Mongo ID 58c01dc211d30832c448319f
Cuckoo release 2.0-dev