Static task
static1
Behavioral task
behavioral1
Sample
eb5afdabf8ed59b60e5d4d1010b126709910a6b0bf8ae499dab543021f1f0e18.exe
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral2
Sample
eb5afdabf8ed59b60e5d4d1010b126709910a6b0bf8ae499dab543021f1f0e18.exe
Resource
win10v2004-20231020-en
windows10-2004-x64
General
-
Target
eb5afdabf8ed59b60e5d4d1010b126709910a6b0bf8ae499dab543021f1f0e18
-
Size
989KB
-
MD5
ec0be3c65ebd0bf80bba96a885cf1eba
-
SHA1
ae94ce8656d54407aadb31f0d952985d5f84435c
-
SHA256
eb5afdabf8ed59b60e5d4d1010b126709910a6b0bf8ae499dab543021f1f0e18
-
SHA512
9058166f541aff2ea0f739c042f389b982cbb842f5b3d64c6fa73fe8c77c6f3971005ba7077558cdbcaf41933970a063de143817d2d709ebbd1393cc1d8190ae
-
SSDEEP
24576:eyS7SoK1U/6GDBti8v6zzlRvElkSEyPMOreQ3En5hu:haQSPAQU5hu
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource eb5afdabf8ed59b60e5d4d1010b126709910a6b0bf8ae499dab543021f1f0e18
Files
-
eb5afdabf8ed59b60e5d4d1010b126709910a6b0bf8ae499dab543021f1f0e18.exe windows:4 windows x86
8a9e7d9a6a37152f0c1ff2e5e604e790
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
libamcbdb
?setBakFolderInfo@NS_AMCB_DB@@SA_NPBGHABU_tag_AMCB_FOLDER_INFO@@@Z
?updateBakFolderInfo@NS_AMCB_DB@@SA_NPBGHABU_tag_AMCB_FOLDER_INFO@@@Z
?setBakTaskInfo@NS_AMCB_DB@@SA_NPBGHABU_tag_AMCB_BACKUP_TASK_INFO@@@Z
?updateBakfoldersStateByState@NS_AMCB_DB@@SA_NPBGABHABW4AMCB_TASK_STATE@@2@Z
?updateBakFileStateByid@NS_AMCB_DB@@SA_NPBGHABHW4AMCB_TASK_STATE@@1@Z
?getBakFolderInfo@NS_AMCB_DB@@SA_NPBGHHAAU_tag_AMCB_FOLDER_INFO@@@Z
?closeTaskDB@NS_AMCB_DB@@SA_NPBG@Z
?updateBakTaskStopType@NS_AMCB_DB@@SA_NPBGHH@Z
?setBakFileInfo@NS_AMCB_DB@@SA_NPBGHABU_tag_AMCB_FILE_INFO@@@Z
?getBakTaskOldStage@NS_AMCB_DB@@SA_NPBGHAAW4AMCB_TASKTRANS_STAGE@@@Z
?getCloudNameByID@NS_AMCB_DB@@SAIPBGAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?getBakTaskState@NS_AMCB_DB@@SA_NPBGHAAW4AMCB_TASK_STATE@@@Z
?getInstance@NS_AMCB_DB@@SAPAV1@XZ
?startup@NS_AMCB_DB@@SA_NPBD@Z
?reset@NS_AMCB_DB@@SA_NPBD@Z
?updateBakTaskState@NS_AMCB_DB@@SA_NPBGHW4AMCB_TASK_STATE@@@Z
?getConfigInfo@NS_AMCB_DB@@SA_NPBGAAU_tag_AMCB_PARAM_DETAIL@@@Z
?updateBakTaskErrCode@NS_AMCB_DB@@SA_NPBGV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?updateTaskType@NS_AMCB_DB@@SA_NPBGW4AMCB_TASK_TYPE@@@Z
?getTask@NS_AMCB_DB@@SA_NPBGAAU_tag_AMCB_TASK_BASE_INFO@@@Z
?updateTaskRetryStatus@NS_AMCB_DB@@SA_NPBGH@Z
?updateTaskVersionNumber@NS_AMCB_DB@@SA_NPBGH@Z
?updateTaskLastResExecTime@NS_AMCB_DB@@SA_NPBG_J@Z
?taskDBLock@NS_AMCB_DB@@SA_NPBG@Z
?taskDBunLock@NS_AMCB_DB@@SA_NPBG@Z
?updateCancleStatus@NS_AMCB_DB@@SA_NPBGHW4AMCB_TASK_STATE@@I@Z
?isHasErrorList@NS_AMCB_DB@@QAEIPB_WAAHAA_N@Z
?isRestoreTaskHasErrorList@NS_AMCB_DB@@QAEIPB_WAA_N@Z
?getTaskVersionInfo@NS_AMCB_DB@@SA_NHPBGW4AMCB_TASK_TYPE@@AAU_tag_AMCB_WEB_TASK_VERSION_UPDATE_INFO@@@Z
?getRestorySettingParams@NS_AMCB_DB@@SA_NPBGW4AMCB_TASK_TYPE@@AAU_tag_AMCB_WEB_RESTORY_SETTING_INFO@@@Z
?updateSpaceMagByCloudUid@NS_AMCB_DB@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABH@Z
?updateNativeTotalSpaceByCloudUid@NS_AMCB_DB@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AB_J@Z
?updateNativeTotalBackupSpaceByCloudUid@NS_AMCB_DB@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AB_J@Z
?updateNativeUseSpaceByCloudUid@NS_AMCB_DB@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AB_J@Z
?updateNativeUseBackupSpaceByCloudUid@NS_AMCB_DB@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AB_J@Z
?updateNativeLimitSpaceByCloudUid@NS_AMCB_DB@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AB_J@Z
?updateNativeItemUidInCloudByCloudUid@NS_AMCB_DB@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@00@Z
?getNativeTaskInfo@NS_AMCB_DB@@SA_NPBGAAU_tag_AMCB_NATIVE_TASK_INFO@@@Z
?getNativeUserInfo@NS_AMCB_DB@@SA_NPBGAAU_tag_AMCB_NATIVE_USER_INFO@@@Z
?getTaskSrcOrDestFromDB@NS_AMCB_DB@@SAIV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@00AAU_tag_AMCB_TASK_ITEAM_INFO@@H@Z
?updateVersionSuccessFileInfo@NS_AMCB_DB@@SA_NPBGHH_JH1_N@Z
?updateBakVersionErrorCode@NS_AMCB_DB@@SA_NPBGHI@Z
?updateAmcbdbBakTaskFileCount@NS_AMCB_DB@@SA_NPBGHJ@Z
?getSuccessSize@NS_AMCB_DB@@SA_NPBGHAA_J@Z
?getRestoreSuccessSize@NS_AMCB_DB@@SA_NPBGHAA_J@Z
?updataTaskCloudDef@NS_AMCB_DB@@SA_NPBGABHABU_tag_AMCB_DRIVE_ITEM@@@Z
?setNativeCloudInfo@NS_AMCB_DB@@SA_NPBGABU_tag_AMCB_NATIVE_CLOUD_INFO@@@Z
?getNativeCloudInfo@NS_AMCB_DB@@SA_NPBGAAU_tag_AMCB_NATIVE_CLOUD_INFO@@@Z
?getSettingParams@NS_AMCB_DB@@SA_NPBGW4AMCB_TASK_TYPE@@AAU_tag_AMCB_WEB_TASK_SETTING_INFO@@@Z
?updateTaskDataSize@NS_AMCB_DB@@SA_NPBG_J@Z
?updateRestoreFileInfo@NS_AMCB_DB@@SA_NPBGHABU_tag_AMCB_FILE_INFO@@@Z
?setRestoreFileState@NS_AMCB_DB@@SA_NPBGHHW4AMCB_TASK_STATE@@I@Z
?getRestoreFilesNumByState@NS_AMCB_DB@@SA_NPBGHW4AMCB_TASK_STATE@@AAH@Z
?getRestoreFilesSizeByState@NS_AMCB_DB@@SA_NPBGHW4AMCB_TASK_STATE@@AA_J@Z
?getRestoreFilesSize@NS_AMCB_DB@@SA_NPBGHAA_J@Z
?getRestoreFilesByState@NS_AMCB_DB@@SA_NPBGHW4AMCB_TASK_STATE@@HHAAV?$vector@U_tag_AMCB_FILE_INFO@@V?$allocator@U_tag_AMCB_FILE_INFO@@@std@@@std@@@Z
?getRestoreFileByTnode@NS_AMCB_DB@@SA_NPBGHAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAU_tag_AMCB_FILE_INFO@@@Z
?getRestoreFilesNeedTrans@NS_AMCB_DB@@SA_NPBGHHHAAV?$vector@U_tag_AMCB_FILE_INFO@@V?$allocator@U_tag_AMCB_FILE_INFO@@@std@@@std@@@Z
?saveVersionToRestoreFolder@NS_AMCB_DB@@SA_NPBGH@Z
?getLastRsetoryVersion@NS_AMCB_DB@@SAIPBGAAH@Z
?getFloderFullPathById@NS_AMCB_DB@@SA_NPBGHHAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?getPcName@NS_AMCB_DB@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV23@@Z
?updateTaskLastResTime@NS_AMCB_DB@@SA_NPBG_J@Z
?getTaskCloudDefByCloudUid@NS_AMCB_DB@@SA_NPBGABH0AAU_tag_AMCB_CLOUD_ITEM_DEF@@@Z
?getBakFilesByNeedRestoreAndParent@NS_AMCB_DB@@SA_NPBGHHHHAAV?$vector@U_tag_AMCB_FILE_INFO@@V?$allocator@U_tag_AMCB_FILE_INFO@@@std@@@std@@@Z
?getAllBakFolderByParentId@NS_AMCB_DB@@SA_NPBGHHAAV?$vector@U_tag_AMCB_FOLDER_INFO@@V?$allocator@U_tag_AMCB_FOLDER_INFO@@@std@@@std@@@Z
?getBakFoldesByByGuid@NS_AMCB_DB@@SA_NPBGHHHHAAV?$vector@U_tag_AMCB_FOLDER_INFO@@V?$allocator@U_tag_AMCB_FOLDER_INFO@@@std@@@std@@@Z
?setRestoreFileInfo@NS_AMCB_DB@@SA_NPBGHABU_tag_AMCB_FILE_INFO@@@Z
?getRestoreFilesNum@NS_AMCB_DB@@SA_NPBGHAAH@Z
?getRestoreFiles@NS_AMCB_DB@@SA_NPBGHHHAAV?$vector@U_tag_AMCB_FILE_INFO@@V?$allocator@U_tag_AMCB_FILE_INFO@@@std@@@std@@@Z
?getBakFilesByParentId@NS_AMCB_DB@@SA_NPBGHHHHAAV?$vector@U_tag_AMCB_FILE_INFO@@V?$allocator@U_tag_AMCB_FILE_INFO@@@std@@@std@@@Z
?getInfosByParentIdAndFinshAndType@NS_AMCB_DB@@SA_NPBGHHAAV?$vector@U_tag_AMCB_FILE_INFO@@V?$allocator@U_tag_AMCB_FILE_INFO@@@std@@@std@@@Z
?getInfosByParentIdAndSuccAndType@NS_AMCB_DB@@SA_NPBGHHAAV?$vector@U_tag_AMCB_FILE_INFO@@V?$allocator@U_tag_AMCB_FILE_INFO@@@std@@@std@@@Z
?setBakFileUidInCloud@NS_AMCB_DB@@SA_NPBGHH0@Z
?updateBakFileInfo@NS_AMCB_DB@@SA_NPBGHABU_tag_AMCB_FILE_INFO@@@Z
?getBakFileInfo@NS_AMCB_DB@@SA_NPBGHHAAU_tag_AMCB_FILE_INFO@@@Z
?setBakFileState@NS_AMCB_DB@@SA_NPBGHHW4AMCB_TASK_STATE@@I@Z
?setBakFileSizeInCloud@NS_AMCB_DB@@SA_NPBGHH_J@Z
?getBakTaskInfo@NS_AMCB_DB@@SA_NPBGHPAPAU_tag_AMCB_BACKUP_TASK_INFO@@@Z
?updateTaskLastExecTime@NS_AMCB_DB@@SA_NPBG_J@Z
?getBakFilesNum@NS_AMCB_DB@@SA_NPBGHAAH@Z
?updateTaskLastStartTime@NS_AMCB_DB@@SA_NPBG_J@Z
?getBakFileByFullPath@NS_AMCB_DB@@SA_NPBGH0AAU_tag_AMCB_FILE_INFO@@AAU_tag_AMCB_FOLDER_INFO@@@Z
?getBakSuccFileBysNode@NS_AMCB_DB@@SA_NPBGH0AAU_tag_AMCB_FILE_INFO@@AAU_tag_AMCB_FOLDER_INFO@@@Z
?getStrategy@NS_AMCB_DB@@SA_NPBGAAU_tag_POLICY_PARAM@@@Z
?getBakFolderByFullPath@NS_AMCB_DB@@SA_NPBGH0AAU_tag_AMCB_FOLDER_INFO@@@Z
?beginTaskTransaction@NS_AMCB_DB@@SA_NPBG@Z
?getBakFolderBysNode@NS_AMCB_DB@@SA_NPBGHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAU_tag_AMCB_FOLDER_INFO@@@Z
?commitTaskTransaction@NS_AMCB_DB@@SA_NPBG_N@Z
?getBakFoldersBysNode@NS_AMCB_DB@@SA_NPBGHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HHAAV?$vector@U_tag_AMCB_FOLDER_INFO@@V?$allocator@U_tag_AMCB_FOLDER_INFO@@@std@@@3@@Z
?getBakFilesByTnode@NS_AMCB_DB@@SA_NPBGHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$vector@U_tag_AMCB_FILE_INFO@@V?$allocator@U_tag_AMCB_FILE_INFO@@@std@@@3@@Z
?getBakVersions@NS_AMCB_DB@@SA_NPBGAAV?$set@HU?$less@H@std@@V?$allocator@H@2@@std@@@Z
?setBakFolderState@NS_AMCB_DB@@SA_NPBGHHW4AMCB_TASK_STATE@@I@Z
?getBakCurVersion@NS_AMCB_DB@@SA_NPBGAAH@Z
?correctBakFilesState@NS_AMCB_DB@@SA_NPBGH@Z
?delBakVersion@NS_AMCB_DB@@SA_NPBGH@Z
?getBakFilesNumByType@NS_AMCB_DB@@SA_NPBGHW4AMCB_ITEM_TYPE@@AAHV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?getTaskCloudDefByCloudUid@NS_AMCB_DB@@SA_NPBGABH0AAU_tag_AMCB_DRIVE_ITEM@@@Z
?getTotalSizeByType@NS_AMCB_DB@@SA_NPBGHW4AMCB_ITEM_TYPE@@AA_JV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?getTaskCloudInfoById@NS_AMCB_DB@@SA_NPBGABH1AAU_tag_AMCB_DRIVE_ITEM@@@Z
?getSuccessSizeByInCloud@NS_AMCB_DB@@SA_NPBGHAA_J@Z
?freeTaskInfo@NS_AMCB_DB@@SAXPAU_tag_AMCB_BACKUP_TASK_INFO@@@Z
?getBakFiles@NS_AMCB_DB@@SA_NPBGHHHAAV?$vector@U_tag_AMCB_FILE_INFO@@V?$allocator@U_tag_AMCB_FILE_INFO@@@std@@@std@@@Z
?getBakLastSuccVersion@NS_AMCB_DB@@SA_NPBGAAH@Z
?getBakFolders@NS_AMCB_DB@@SA_NPBGHHHAAV?$vector@U_tag_AMCB_FOLDER_INFO@@V?$allocator@U_tag_AMCB_FOLDER_INFO@@@std@@@std@@@Z
?getBakFoldersNum@NS_AMCB_DB@@SA_NPBGHAAH@Z
?updateBakTaskExecTime@NS_AMCB_DB@@SA_NPBGH_J@Z
?getBakFoldesByParentId@NS_AMCB_DB@@SA_NPBGHHHHAAV?$vector@U_tag_AMCB_FOLDER_INFO@@V?$allocator@U_tag_AMCB_FOLDER_INFO@@@std@@@std@@@Z
?updateBakTaskFileCountAndVersion@NS_AMCB_DB@@SA_NPBGH@Z
?getBakFoldesByTdid@NS_AMCB_DB@@SA_NPBGHHHHAAV?$vector@U_tag_AMCB_FOLDER_INFO@@V?$allocator@U_tag_AMCB_FOLDER_INFO@@@std@@@std@@@Z
?updateBakTaskStage@NS_AMCB_DB@@SA_NPBGHW4AMCB_TASKTRANS_STAGE@@H@Z
?getBakFilesNumByState@NS_AMCB_DB@@SA_NPBGHW4AMCB_TASK_STATE@@AAH@Z
?updateBakTaskOldStage@NS_AMCB_DB@@SA_NPBGHW4AMCB_TASKTRANS_STAGE@@H@Z
?getBakChunksByParentIdAndState@NS_AMCB_DB@@SA_NPBGHHW4AMCB_TASK_STATE@@AAV?$vector@U_tag_AMCB_FILE_INFO@@V?$allocator@U_tag_AMCB_FILE_INFO@@@std@@@std@@@Z
?updateBakTaskReferenceVer@NS_AMCB_DB@@SA_NPBGHH@Z
?getBakChunksByParentIdAndNotState@NS_AMCB_DB@@SA_NPBGHHW4AMCB_TASK_STATE@@HHAAV?$vector@U_tag_AMCB_FILE_INFO@@V?$allocator@U_tag_AMCB_FILE_INFO@@@std@@@std@@@Z
?getBakTaskStrategy@NS_AMCB_DB@@SA_NPBGHAAW4BACKUP_STRATEGY@@@Z
?getBakFilesNeedTrans@NS_AMCB_DB@@SA_NPBGHHHAAV?$vector@U_tag_AMCB_FILE_INFO@@V?$allocator@U_tag_AMCB_FILE_INFO@@@std@@@std@@11V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z
?delBakFileInfos@NS_AMCB_DB@@SA_NPBGH@Z
?getBakTaskSizeInCloud@NS_AMCB_DB@@SA_NPBGHAA_J111@Z
?delRestoreFiles@NS_AMCB_DB@@SA_NPBGH@Z
?updateScheduleTaskLastExecTime@NS_AMCB_DB@@SA_NPBG_J@Z
?getBakTaskStageFromVerTable@NS_AMCB_DB@@SA_NPBGHAAW4AMCB_TASKTRANS_STAGE@@@Z
?getBakTaskStage@NS_AMCB_DB@@SA_NPBGHAAW4AMCB_TASKTRANS_STAGE@@@Z
?getFloderFullPathInDestById@NS_AMCB_DB@@SA_NPBGHHAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
libamct
registeAccessExpire
startup
setCloudAccess
setProxy
setThreadPool
stop
reset
delCacheDB
?getCloudsMgr@NS_AMCT@@YAPAVICloudsMgr@@XZ
onCloudAccessChange
registeTaskState
getErrorDetail
askTaskCtrl
getSrcNameInDest
setTransSpeed
addTask
getProgressInfo
registeTaskErrorCall
delTask
freeBuf
getTasksFromThreadPool
getWorkThreadsNum
clearTasksFromThreadPool
isPauseFromAllThreadPool
delItem
registeCloudChangeCall
askCreateFolder
getSrcUidInDest
ammcauth
getMcAuthObj
comn
GetObjectLog
wtsapi32
WTSFreeMemory
WTSEnumerateSessionsW
WTSQueryUserToken
userenv
DestroyEnvironmentBlock
CreateEnvironmentBlock
libamcbconsole
?checkTaskIsLocalTask@NS_AMCB_CONSOLE@@YAIPBGAA_N@Z
?getErrorInfo@NS_AMCB_CONSOLE@@YAPA_WI@Z
kernel32
GetFileInformationByHandle
GetModuleFileNameA
GetDiskFreeSpaceExW
GetTickCount
SetFilePointerEx
GetProcessHeap
HeapAlloc
DeleteFileW
WriteFile
HeapFree
MultiByteToWideChar
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
MoveFileExW
GetVolumeInformationW
GetFileAttributesW
RemoveDirectoryW
GetFileSizeEx
GetModuleHandleW
GetDriveTypeW
FlushFileBuffers
SetFilePointer
WinExec
ReadFile
GetFileTime
SetFileTime
SetFileAttributesW
WideCharToMultiByte
InterlockedExchange
GetFileSize
FindClose
GetFileAttributesExW
InterlockedIncrement
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetEvent
CreateThread
OpenProcess
GetVersionExW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
ResetEvent
OpenEventW
CreateProcessW
CreateFileA
CreateDirectoryA
FreeConsole
SetUnhandledExceptionFilter
CreateSemaphoreW
ReleaseSemaphore
DeleteCriticalSection
TryEnterCriticalSection
IsBadReadPtr
IsBadWritePtr
lstrlenW
MoveFileW
GetWindowsDirectoryW
GetSystemDirectoryW
GetVersionExA
GetExitCodeProcess
DeviceIoControl
CreatePipe
GetStartupInfoW
PeekNamedPipe
InterlockedCompareExchange
UnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
OutputDebugStringA
SetLastError
WriteConsoleW
WaitForSingleObject
Sleep
GetModuleFileNameW
CreateEventW
ReleaseMutex
GetCurrentProcess
OutputDebugStringW
LoadLibraryW
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
CreateDirectoryW
CreateMutexW
CloseHandle
GetProcAddress
GetCommandLineW
GetLastError
CreateFileW
GetSystemInfo
WriteConsoleA
FindNextFileW
FindFirstFileW
user32
DispatchMessageW
PostQuitMessage
TranslateAcceleratorW
DestroyWindow
DefWindowProcW
LoadStringW
EndDialog
GetMessageW
DialogBoxParamW
CreateWindowExW
LoadAcceleratorsW
UpdateWindow
TranslateMessage
EndPaint
ShowWindow
BeginPaint
wsprintfW
RegisterClassExW
LoadCursorW
LoadIconW
advapi32
AddAce
RegEnumKeyW
RegQueryInfoKeyW
InitializeSecurityDescriptor
LookupPrivilegeValueW
OpenProcessToken
SetSecurityDescriptorDacl
AdjustTokenPrivileges
CreateProcessAsUserW
GetTokenInformation
DuplicateTokenEx
RegDeleteValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyA
GetSecurityDescriptorControl
GetFileSecurityW
EqualSid
LookupAccountNameW
GetLengthSid
SetFileSecurityW
AddAccessAllowedAce
GetAclInformation
GetAce
InitializeAcl
FreeSid
AllocateAndInitializeSid
RegSetValueExW
RegDeleteValueW
RegQueryValueExW
RegFlushKey
RegOpenKeyW
RegSetValueExA
shell32
SHGetSpecialFolderPathW
CommandLineToArgvW
ole32
CoCreateGuid
CoUninitialize
CoCreateInstance
CoInitializeSecurity
CoInitialize
oleaut32
SysAllocString
SysFreeString
log4cplusu
?isEnabledFor@Logger@log4cplus@@QBE_NH@Z
?getInstance@Logger@log4cplus@@SA?AV12@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?setLogLevel@Logger@log4cplus@@QAEXH@Z
??1Logger@log4cplus@@UAE@XZ
??0PatternLayout@log4cplus@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??0RollingFileAppender@log4cplus@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@JH_N@Z
?addReference@SharedObject@helpers@log4cplus@@QBEXXZ
?macro_forced_log@detail@log4cplus@@YAXABVLogger@2@HABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PBDH2@Z
?get_macro_body_scratch_pad@detail@log4cplus@@YAAAUmacro_body_scratch_pad_type@12@XZ
??6@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@std@@AAV01@PBD@Z
?removeReference@SharedObject@helpers@log4cplus@@QBEXXZ
msvcp80
_Inf
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
_Nan
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?str@?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@_W@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?push_back@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEX_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?allocate@?$allocator@D@std@@QAEPADI@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIABV12@@Z
ws2_32
WSACleanup
ioctlsocket
gethostbyname
inet_addr
recv
WSAGetLastError
send
bind
connect
listen
closesocket
socket
htons
WSAStartup
setsockopt
accept
msvcr80
atoi
_beginthreadex
??3@YAXPAX@Z
_invalid_parameter_noinfo
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??2@YAPAXI@Z
??0exception@std@@QAE@ABQBD@Z
printf
??0exception@std@@QAE@ABV01@@Z
free
strcpy_s
_purecall
sprintf
wcsrchr
memcpy_s
strncat_s
strncpy_s
malloc
strrchr
memmove_s
wcscpy_s
??_V@YAXPAX@Z
isdigit
_wcsicmp
wcscat_s
__RTDynamicCast
mbstowcs_s
__iob_func
fprintf
wcsstr
iswalpha
swprintf_s
fclose
wcschr
toupper
_wmkdir
_wfullpath
_wrmdir
_wfindnext64i32
_waccess
__CxxFrameHandler3
memcpy
memset
_itoa
_strnicmp
_controlfp_s
_invoke_watson
_wremove
wcsncmp
_wfindfirst64i32
_findclose
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
wprintf
_access
vswprintf_s
vsprintf_s
_time64
_localtime64_s
_mktime64
rand
sprintf_s
_localtime64
strncpy
_wcsnicmp
_vswprintf
modf
strchr
_snprintf
sscanf
localeconv
_finite
_vsnwprintf
_vsnprintf
strtol
calloc
strftime
_vscprintf
_vscwprintf
vsprintf
srand
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_CxxThrowException
rpcrt4
RpcStringFreeW
NdrServerCall2
RpcServerListen
RpcMgmtStopServerListening
RpcServerUseProtseqEpW
RpcServerRegisterIf
RpcServerUnregisterIf
RpcStringBindingComposeW
NdrClientCall2
RpcBindingFromStringBindingW
shlwapi
PathFileExistsW
version
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
winhttp
WinHttpAddRequestHeaders
WinHttpConnect
WinHttpReceiveResponse
WinHttpCrackUrl
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReadData
WinHttpSetTimeouts
WinHttpOpen
WinHttpCloseHandle
WinHttpQueryDataAvailable
Sections
.text Size: 720KB - Virtual size: 716KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 136KB - Virtual size: 134KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 4KB - Virtual size: 89KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 104KB - Virtual size: 104KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE