Static task
static1
Behavioral task
behavioral1
Sample
1ae5f73c36094032970a363bc7feb133e9c79ff997baba53ecafeb5345dd50b4.exe
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral2
Sample
1ae5f73c36094032970a363bc7feb133e9c79ff997baba53ecafeb5345dd50b4.exe
Resource
win10v2004-20230915-en
windows10-2004-x64
General
-
Target
1ae5f73c36094032970a363bc7feb133e9c79ff997baba53ecafeb5345dd50b4
-
Size
1.4MB
-
MD5
38e4393ec57e2aa361206fc9e2a40053
-
SHA1
b2f1557aaa41e14cba7ccaf638f99b647c394945
-
SHA256
1ae5f73c36094032970a363bc7feb133e9c79ff997baba53ecafeb5345dd50b4
-
SHA512
8564e2b137656659512f0fca035614492434e0e12f29c35661c9bda9f2cea6b07ea0defbc3dd0efebbb3c422c3ad0c2129a0265c82905582d1152de56751edbb
-
SSDEEP
24576:Dx3TKNmBeC4HYbEJ8ocdJignfPAQPR8mlbBW8sRPEbyJlTaN8D1o:9B9PPAQplFBURPcyJpaNIK
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1ae5f73c36094032970a363bc7feb133e9c79ff997baba53ecafeb5345dd50b4
Files
-
1ae5f73c36094032970a363bc7feb133e9c79ff997baba53ecafeb5345dd50b4.exe windows:4 windows x86
e6a80392a7716d68b971618cf7e1356a
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
libamcbdb
?getBakFoldersNum@NS_AMCB_DB@@SA_NPBGHAAH@Z
?updateBakTaskExecTime@NS_AMCB_DB@@SA_NPBGH_J@Z
?getBakFoldesByParentId@NS_AMCB_DB@@SA_NPBGHHHHAAV?$vector@U_tag_AMCB_FOLDER_INFO@@V?$allocator@U_tag_AMCB_FOLDER_INFO@@@std@@@std@@@Z
?getBakFolders@NS_AMCB_DB@@SA_NPBGHHHAAV?$vector@U_tag_AMCB_FOLDER_INFO@@V?$allocator@U_tag_AMCB_FOLDER_INFO@@@std@@@std@@@Z
?getBakFoldesByTdid@NS_AMCB_DB@@SA_NPBGHHHHAAV?$vector@U_tag_AMCB_FOLDER_INFO@@V?$allocator@U_tag_AMCB_FOLDER_INFO@@@std@@@std@@@Z
?closeTaskDB@NS_AMCB_DB@@SA_NPBG@Z
?updateBakTaskStopType@NS_AMCB_DB@@SA_NPBGHH@Z
?getBakLastSuccVersion@NS_AMCB_DB@@SA_NPBGAAH@Z
?getBakFiles@NS_AMCB_DB@@SA_NPBGHHHAAV?$vector@U_tag_AMCB_FILE_INFO@@V?$allocator@U_tag_AMCB_FILE_INFO@@@std@@@std@@@Z
?updateBakTaskFileCountAndVersion@NS_AMCB_DB@@SA_NPBGH@Z
?getBakTaskState@NS_AMCB_DB@@SA_NPBGHAAW4AMCB_TASK_STATE@@@Z
?getInstance@NS_AMCB_DB@@SAPAV1@XZ
?startup@NS_AMCB_DB@@SA_NPBD@Z
?reset@NS_AMCB_DB@@SA_NPBD@Z
?updateBakTaskState@NS_AMCB_DB@@SA_NPBGHW4AMCB_TASK_STATE@@@Z
?getConfigInfo@NS_AMCB_DB@@SA_NPBGAAU_tag_AMCB_PARAM_DETAIL@@@Z
?updateBakTaskErrCode@NS_AMCB_DB@@SA_NPBGV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?updateTaskType@NS_AMCB_DB@@SA_NPBGW4AMCB_TASK_TYPE@@@Z
?getTask@NS_AMCB_DB@@SA_NPBGAAU_tag_AMCB_TASK_BASE_INFO@@@Z
?updateTaskRetryStatus@NS_AMCB_DB@@SA_NPBGH@Z
?updateTaskVersionNumber@NS_AMCB_DB@@SA_NPBGH@Z
?updateTaskLastResExecTime@NS_AMCB_DB@@SA_NPBG_J@Z
?taskDBLock@NS_AMCB_DB@@SA_NPBG@Z
?taskDBunLock@NS_AMCB_DB@@SA_NPBG@Z
?updateCancleStatus@NS_AMCB_DB@@SA_NPBGHW4AMCB_TASK_STATE@@I@Z
?isHasErrorList@NS_AMCB_DB@@QAEIPB_WAAHAA_N@Z
?isRestoreTaskHasErrorList@NS_AMCB_DB@@QAEIPB_WAA_N@Z
?getTaskVersionInfo@NS_AMCB_DB@@SA_NHPBGW4AMCB_TASK_TYPE@@AAU_tag_AMCB_WEB_TASK_VERSION_UPDATE_INFO@@@Z
?getRestorySettingParams@NS_AMCB_DB@@SA_NPBGW4AMCB_TASK_TYPE@@AAU_tag_AMCB_WEB_RESTORY_SETTING_INFO@@@Z
?updateSpaceMagByCloudUid@NS_AMCB_DB@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABH@Z
?updateNativeTotalSpaceByCloudUid@NS_AMCB_DB@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AB_J@Z
?updateNativeTotalBackupSpaceByCloudUid@NS_AMCB_DB@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AB_J@Z
?updateNativeUseSpaceByCloudUid@NS_AMCB_DB@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AB_J@Z
?updateNativeUseBackupSpaceByCloudUid@NS_AMCB_DB@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AB_J@Z
?updateNativeLimitSpaceByCloudUid@NS_AMCB_DB@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AB_J@Z
?updateNativeItemUidInCloudByCloudUid@NS_AMCB_DB@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@00@Z
?getNativeTaskInfo@NS_AMCB_DB@@SA_NPBGAAU_tag_AMCB_NATIVE_TASK_INFO@@@Z
?getNativeUserInfo@NS_AMCB_DB@@SA_NPBGAAU_tag_AMCB_NATIVE_USER_INFO@@@Z
?getTaskSrcOrDestFromDB@NS_AMCB_DB@@SAIV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@00AAU_tag_AMCB_TASK_ITEAM_INFO@@H@Z
?updateVersionSuccessFileInfo@NS_AMCB_DB@@SA_NPBGHH_JH1_N@Z
?updateBakVersionErrorCode@NS_AMCB_DB@@SA_NPBGHI@Z
?updateAmcbdbBakTaskFileCount@NS_AMCB_DB@@SA_NPBGHJ@Z
?getSuccessSize@NS_AMCB_DB@@SA_NPBGHAA_J@Z
?getRestoreSuccessSize@NS_AMCB_DB@@SA_NPBGHAA_J@Z
?setNativeCloudInfo@NS_AMCB_DB@@SA_NPBGABU_tag_AMCB_NATIVE_CLOUD_INFO@@@Z
?getNativeCloudInfo@NS_AMCB_DB@@SA_NPBGAAU_tag_AMCB_NATIVE_CLOUD_INFO@@@Z
?updataTaskCloudDef@NS_AMCB_DB@@SA_NPBGABHABU_tag_AMCB_DRIVE_ITEM@@@Z
?getSettingParams@NS_AMCB_DB@@SA_NPBGW4AMCB_TASK_TYPE@@AAU_tag_AMCB_WEB_TASK_SETTING_INFO@@@Z
?updateTaskDataSize@NS_AMCB_DB@@SA_NPBG_J@Z
?updateRestoreFileInfo@NS_AMCB_DB@@SA_NPBGHABU_tag_AMCB_FILE_INFO@@@Z
?setRestoreFileState@NS_AMCB_DB@@SA_NPBGHHW4AMCB_TASK_STATE@@I@Z
?getTaskCloudDefByCloudUid@NS_AMCB_DB@@SA_NPBGABH0AAU_tag_AMCB_CLOUD_ITEM_DEF@@@Z
?getBakFilesByNeedRestoreAndParent@NS_AMCB_DB@@SA_NPBGHHHHAAV?$vector@U_tag_AMCB_FILE_INFO@@V?$allocator@U_tag_AMCB_FILE_INFO@@@std@@@std@@@Z
?getAllBakFolderByParentId@NS_AMCB_DB@@SA_NPBGHHAAV?$vector@U_tag_AMCB_FOLDER_INFO@@V?$allocator@U_tag_AMCB_FOLDER_INFO@@@std@@@std@@@Z
?getBakFoldesByByGuid@NS_AMCB_DB@@SA_NPBGHHHHAAV?$vector@U_tag_AMCB_FOLDER_INFO@@V?$allocator@U_tag_AMCB_FOLDER_INFO@@@std@@@std@@@Z
?setRestoreFileInfo@NS_AMCB_DB@@SA_NPBGHABU_tag_AMCB_FILE_INFO@@@Z
?getRestoreFilesNum@NS_AMCB_DB@@SA_NPBGHAAH@Z
?getRestoreFiles@NS_AMCB_DB@@SA_NPBGHHHAAV?$vector@U_tag_AMCB_FILE_INFO@@V?$allocator@U_tag_AMCB_FILE_INFO@@@std@@@std@@@Z
?getRestoreFilesNumByState@NS_AMCB_DB@@SA_NPBGHW4AMCB_TASK_STATE@@AAH@Z
?getRestoreFilesSizeByState@NS_AMCB_DB@@SA_NPBGHW4AMCB_TASK_STATE@@AA_J@Z
?getRestoreFilesSize@NS_AMCB_DB@@SA_NPBGHAA_J@Z
?getRestoreFilesByState@NS_AMCB_DB@@SA_NPBGHW4AMCB_TASK_STATE@@HHAAV?$vector@U_tag_AMCB_FILE_INFO@@V?$allocator@U_tag_AMCB_FILE_INFO@@@std@@@std@@@Z
?getRestoreFileByTnode@NS_AMCB_DB@@SA_NPBGHAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAU_tag_AMCB_FILE_INFO@@@Z
?getRestoreFilesNeedTrans@NS_AMCB_DB@@SA_NPBGHHHAAV?$vector@U_tag_AMCB_FILE_INFO@@V?$allocator@U_tag_AMCB_FILE_INFO@@@std@@@std@@@Z
?saveVersionToRestoreFolder@NS_AMCB_DB@@SA_NPBGH@Z
?getLastRsetoryVersion@NS_AMCB_DB@@SAIPBGAAH@Z
?getFloderFullPathById@NS_AMCB_DB@@SA_NPBGHHAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?getPcName@NS_AMCB_DB@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV23@@Z
?updateTaskLastResTime@NS_AMCB_DB@@SA_NPBG_J@Z
?getBakFilesByParentId@NS_AMCB_DB@@SA_NPBGHHHHAAV?$vector@U_tag_AMCB_FILE_INFO@@V?$allocator@U_tag_AMCB_FILE_INFO@@@std@@@std@@@Z
?getInfosByParentIdAndFinshAndType@NS_AMCB_DB@@SA_NPBGHHAAV?$vector@U_tag_AMCB_FILE_INFO@@V?$allocator@U_tag_AMCB_FILE_INFO@@@std@@@std@@@Z
?getInfosByParentIdAndSuccAndType@NS_AMCB_DB@@SA_NPBGHHAAV?$vector@U_tag_AMCB_FILE_INFO@@V?$allocator@U_tag_AMCB_FILE_INFO@@@std@@@std@@@Z
?setBakFileUidInCloud@NS_AMCB_DB@@SA_NPBGHH0@Z
?setBakFileSizeInCloud@NS_AMCB_DB@@SA_NPBGHH_J@Z
?updateBakFileInfo@NS_AMCB_DB@@SA_NPBGHABU_tag_AMCB_FILE_INFO@@@Z
?getBakFileInfo@NS_AMCB_DB@@SA_NPBGHHAAU_tag_AMCB_FILE_INFO@@@Z
?setBakFileState@NS_AMCB_DB@@SA_NPBGHHW4AMCB_TASK_STATE@@I@Z
?getBakTaskInfo@NS_AMCB_DB@@SA_NPBGHPAPAU_tag_AMCB_BACKUP_TASK_INFO@@@Z
?updateTaskLastExecTime@NS_AMCB_DB@@SA_NPBG_J@Z
?getBakFilesNum@NS_AMCB_DB@@SA_NPBGHAAH@Z
?updateBakTaskStage@NS_AMCB_DB@@SA_NPBGHW4AMCB_TASKTRANS_STAGE@@H@Z
?getBakFilesNumByState@NS_AMCB_DB@@SA_NPBGHW4AMCB_TASK_STATE@@AAH@Z
?updateBakTaskOldStage@NS_AMCB_DB@@SA_NPBGHW4AMCB_TASKTRANS_STAGE@@H@Z
?getBakChunksByParentIdAndState@NS_AMCB_DB@@SA_NPBGHHW4AMCB_TASK_STATE@@AAV?$vector@U_tag_AMCB_FILE_INFO@@V?$allocator@U_tag_AMCB_FILE_INFO@@@std@@@std@@@Z
?updateBakTaskReferenceVer@NS_AMCB_DB@@SA_NPBGHH@Z
?getBakChunksByParentIdAndNotState@NS_AMCB_DB@@SA_NPBGHHW4AMCB_TASK_STATE@@HHAAV?$vector@U_tag_AMCB_FILE_INFO@@V?$allocator@U_tag_AMCB_FILE_INFO@@@std@@@std@@@Z
?getBakTaskStrategy@NS_AMCB_DB@@SA_NPBGHAAW4BACKUP_STRATEGY@@@Z
?getBakFilesNeedTrans@NS_AMCB_DB@@SA_NPBGHHHAAV?$vector@U_tag_AMCB_FILE_INFO@@V?$allocator@U_tag_AMCB_FILE_INFO@@@std@@@std@@11V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z
?delBakFileInfos@NS_AMCB_DB@@SA_NPBGH@Z
?getBakTaskSizeInCloud@NS_AMCB_DB@@SA_NPBGHAA_J111@Z
?delRestoreFiles@NS_AMCB_DB@@SA_NPBGH@Z
?updateScheduleTaskLastExecTime@NS_AMCB_DB@@SA_NPBG_J@Z
?getBakTaskStageFromVerTable@NS_AMCB_DB@@SA_NPBGHAAW4AMCB_TASKTRANS_STAGE@@@Z
?getBakTaskStage@NS_AMCB_DB@@SA_NPBGHAAW4AMCB_TASKTRANS_STAGE@@@Z
?getFloderFullPathInDestById@NS_AMCB_DB@@SA_NPBGHHAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?getBakTaskOldStage@NS_AMCB_DB@@SA_NPBGHAAW4AMCB_TASKTRANS_STAGE@@@Z
?setBakFileInfo@NS_AMCB_DB@@SA_NPBGHABU_tag_AMCB_FILE_INFO@@@Z
?updateBakFileStateByid@NS_AMCB_DB@@SA_NPBGHABHW4AMCB_TASK_STATE@@1@Z
?setBakFolderInfo@NS_AMCB_DB@@SA_NPBGHABU_tag_AMCB_FOLDER_INFO@@@Z
?updateBakFolderInfo@NS_AMCB_DB@@SA_NPBGHABU_tag_AMCB_FOLDER_INFO@@@Z
?setBakTaskInfo@NS_AMCB_DB@@SA_NPBGHABU_tag_AMCB_BACKUP_TASK_INFO@@@Z
?updateBakfoldersStateByState@NS_AMCB_DB@@SA_NPBGABHABW4AMCB_TASK_STATE@@2@Z
?getCloudNameByID@NS_AMCB_DB@@SAIPBGAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?getBakFolderInfo@NS_AMCB_DB@@SA_NPBGHHAAU_tag_AMCB_FOLDER_INFO@@@Z
?updateTaskLastStartTime@NS_AMCB_DB@@SA_NPBG_J@Z
?getBakFileByFullPath@NS_AMCB_DB@@SA_NPBGH0AAU_tag_AMCB_FILE_INFO@@AAU_tag_AMCB_FOLDER_INFO@@@Z
?getBakSuccFileBysNode@NS_AMCB_DB@@SA_NPBGH0AAU_tag_AMCB_FILE_INFO@@AAU_tag_AMCB_FOLDER_INFO@@@Z
?getStrategy@NS_AMCB_DB@@SA_NPBGAAU_tag_POLICY_PARAM@@@Z
?getBakFolderByFullPath@NS_AMCB_DB@@SA_NPBGH0AAU_tag_AMCB_FOLDER_INFO@@@Z
?beginTaskTransaction@NS_AMCB_DB@@SA_NPBG@Z
?getBakFolderBysNode@NS_AMCB_DB@@SA_NPBGHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAU_tag_AMCB_FOLDER_INFO@@@Z
?commitTaskTransaction@NS_AMCB_DB@@SA_NPBG_N@Z
?getBakFoldersBysNode@NS_AMCB_DB@@SA_NPBGHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HHAAV?$vector@U_tag_AMCB_FOLDER_INFO@@V?$allocator@U_tag_AMCB_FOLDER_INFO@@@std@@@3@@Z
?getBakFilesByTnode@NS_AMCB_DB@@SA_NPBGHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$vector@U_tag_AMCB_FILE_INFO@@V?$allocator@U_tag_AMCB_FILE_INFO@@@std@@@3@@Z
?getBakVersions@NS_AMCB_DB@@SA_NPBGAAV?$set@HU?$less@H@std@@V?$allocator@H@2@@std@@@Z
?setBakFolderState@NS_AMCB_DB@@SA_NPBGHHW4AMCB_TASK_STATE@@I@Z
?getBakCurVersion@NS_AMCB_DB@@SA_NPBGAAH@Z
?correctBakFilesState@NS_AMCB_DB@@SA_NPBGH@Z
?delBakVersion@NS_AMCB_DB@@SA_NPBGH@Z
?getBakFilesNumByType@NS_AMCB_DB@@SA_NPBGHW4AMCB_ITEM_TYPE@@AAHV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?getTaskCloudDefByCloudUid@NS_AMCB_DB@@SA_NPBGABH0AAU_tag_AMCB_DRIVE_ITEM@@@Z
?getTotalSizeByType@NS_AMCB_DB@@SA_NPBGHW4AMCB_ITEM_TYPE@@AA_JV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?getTaskCloudInfoById@NS_AMCB_DB@@SA_NPBGABH1AAU_tag_AMCB_DRIVE_ITEM@@@Z
?getSuccessSizeByInCloud@NS_AMCB_DB@@SA_NPBGHAA_J@Z
?freeTaskInfo@NS_AMCB_DB@@SAXPAU_tag_AMCB_BACKUP_TASK_INFO@@@Z
libamct
registeAccessExpire
startup
setCloudAccess
setProxy
setThreadPool
stop
reset
delCacheDB
?getCloudsMgr@NS_AMCT@@YAPAVICloudsMgr@@XZ
onCloudAccessChange
addTask
getProgressInfo
registeTaskErrorCall
delTask
freeBuf
registeTaskState
getErrorDetail
askTaskCtrl
getSrcNameInDest
setTransSpeed
getTasksFromThreadPool
getWorkThreadsNum
clearTasksFromThreadPool
isPauseFromAllThreadPool
delItem
registeCloudChangeCall
askCreateFolder
getSrcUidInDest
ammcauth
getMcAuthObj
comn
GetObjectLog
wtsapi32
WTSFreeMemory
WTSQueryUserToken
WTSEnumerateSessionsW
userenv
DestroyEnvironmentBlock
CreateEnvironmentBlock
libamcbconsole
?checkTaskIsLocalTask@NS_AMCB_CONSOLE@@YAIPBGAA_N@Z
?getErrorInfo@NS_AMCB_CONSOLE@@YAPA_WI@Z
kernel32
GetFileSize
GetModuleFileNameA
GetDiskFreeSpaceExW
GetTickCount
SetFilePointerEx
GetProcessHeap
HeapAlloc
DeleteFileW
WriteFile
HeapFree
MultiByteToWideChar
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
MoveFileExW
GetVolumeInformationW
GetFileAttributesW
RemoveDirectoryW
SetFilePointer
WinExec
ReadFile
GetFileSizeEx
GetModuleHandleW
FlushFileBuffers
GetDriveTypeW
GetFileTime
SetFileAttributesW
SetFileTime
WideCharToMultiByte
FindClose
GetFileInformationByHandle
FindFirstFileW
InterlockedExchange
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
SetEvent
CreateThread
InitializeCriticalSection
CreateToolhelp32Snapshot
OpenProcess
GetVersionExW
Process32FirstW
Process32NextW
ResetEvent
OpenEventW
CreateProcessW
CreateFileA
CreateDirectoryA
FreeConsole
SetUnhandledExceptionFilter
ReleaseSemaphore
CreateSemaphoreW
DeleteCriticalSection
TryEnterCriticalSection
IsBadWritePtr
IsBadReadPtr
GetWindowsDirectoryW
GetSystemDirectoryW
GetVersionExA
OutputDebugStringA
WriteConsoleW
SetLastError
GetSystemInfo
WriteConsoleA
lstrlenW
MoveFileW
PeekNamedPipe
InterlockedCompareExchange
UnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetExitCodeProcess
DeviceIoControl
CreatePipe
WaitForSingleObject
Sleep
GetModuleFileNameW
CreateEventW
ReleaseMutex
GetCurrentProcess
OutputDebugStringW
LoadLibraryW
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
CreateDirectoryW
CreateMutexW
CloseHandle
GetProcAddress
GetCommandLineW
GetLastError
CreateFileW
GetStartupInfoW
GetFileAttributesExW
FindNextFileW
user32
PostQuitMessage
DefWindowProcW
TranslateAcceleratorW
DestroyWindow
LoadStringW
EndDialog
GetMessageW
DialogBoxParamW
CreateWindowExW
LoadAcceleratorsW
UpdateWindow
TranslateMessage
ShowWindow
EndPaint
BeginPaint
LoadIconW
wsprintfW
DispatchMessageW
RegisterClassExW
LoadCursorW
advapi32
LookupAccountNameW
RegQueryInfoKeyW
RegEnumKeyW
LookupPrivilegeValueW
OpenProcessToken
SetSecurityDescriptorDacl
AdjustTokenPrivileges
InitializeSecurityDescriptor
DuplicateTokenEx
CreateProcessAsUserW
GetTokenInformation
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyA
RegDeleteValueA
RegCloseKey
InitializeAcl
GetSecurityDescriptorControl
GetFileSecurityW
EqualSid
AddAce
GetLengthSid
SetFileSecurityW
GetAclInformation
AddAccessAllowedAce
GetAce
AllocateAndInitializeSid
FreeSid
RegSetValueExW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyW
RegFlushKey
RegSetValueExA
shell32
SHGetSpecialFolderPathW
CommandLineToArgvW
ole32
CoCreateGuid
CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoInitialize
oleaut32
SysFreeString
SysAllocString
log4cplusu
?isEnabledFor@Logger@log4cplus@@QBE_NH@Z
?getInstance@Logger@log4cplus@@SA?AV12@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?setLogLevel@Logger@log4cplus@@QAEXH@Z
??1Logger@log4cplus@@UAE@XZ
??0PatternLayout@log4cplus@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??0RollingFileAppender@log4cplus@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@JH_N@Z
?addReference@SharedObject@helpers@log4cplus@@QBEXXZ
?macro_forced_log@detail@log4cplus@@YAXABVLogger@2@HABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PBDH2@Z
?get_macro_body_scratch_pad@detail@log4cplus@@YAAAUmacro_body_scratch_pad_type@12@XZ
??6@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@std@@AAV01@PBD@Z
?removeReference@SharedObject@helpers@log4cplus@@QBEXXZ
msvcp80
_Inf
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
_Nan
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?str@?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@_W@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?push_back@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEX_W@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?allocate@?$allocator@D@std@@QAEPADI@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIABV12@@Z
ws2_32
listen
WSACleanup
gethostbyname
socket
ioctlsocket
WSAGetLastError
closesocket
htons
WSAStartup
inet_addr
accept
send
recv
bind
setsockopt
connect
msvcr80
atoi
_beginthreadex
??3@YAXPAX@Z
_invalid_parameter_noinfo
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
printf
sprintf
wcsrchr
memcpy_s
strncat_s
strncpy_s
malloc
strrchr
memmove_s
wcscpy_s
free
strcpy_s
_purecall
??_V@YAXPAX@Z
isdigit
wcscat_s
_wcsicmp
__RTDynamicCast
mbstowcs_s
fprintf
__iob_func
swprintf_s
wcsstr
iswalpha
fclose
wcschr
toupper
_wmkdir
_wfullpath
_wrmdir
_wfindnext64i32
_waccess
memcpy
__CxxFrameHandler3
memset
_itoa
_strnicmp
_controlfp_s
_invoke_watson
_wremove
wcsncmp
_wfindfirst64i32
_findclose
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
wprintf
_access
vswprintf_s
vsprintf_s
_time64
_localtime64_s
_mktime64
sprintf_s
rand
_localtime64
strncpy
_wcsnicmp
_vswprintf
modf
strchr
sscanf
localeconv
_snprintf
_finite
_vsnprintf
strtol
_vsnwprintf
strftime
_vscprintf
calloc
_vscwprintf
vsprintf
srand
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_CxxThrowException
rpcrt4
RpcBindingFromStringBindingW
NdrServerCall2
RpcServerUnregisterIf
RpcServerListen
RpcMgmtStopServerListening
RpcServerUseProtseqEpW
RpcServerRegisterIf
RpcStringFreeW
NdrClientCall2
RpcStringBindingComposeW
shlwapi
PathFileExistsW
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
winhttp
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpQueryDataAvailable
WinHttpCloseHandle
WinHttpSetTimeouts
WinHttpReadData
WinHttpReceiveResponse
WinHttpOpen
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
Sections
.text Size: 720KB - Virtual size: 716KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 136KB - Virtual size: 135KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 89KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 600KB - Virtual size: 604KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE