General

Malware Config

Signatures

Files

• 437ad402765ba53d5d6880017bb8bb6c

  .zip
• Loader/Loader.exe

  .exe windows:4 windows x86 arch:x86

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_BYTES_REVERSED_LO

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_BYTES_REVERSED_HI

  Sections

  CODE

  Size: 5KB - Virtual size: 4KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  DATA

  Size: 512B - Virtual size: 124B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  BSS

  Size: - Virtual size: 1KB

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 1024B - Virtual size: 770B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: - Virtual size: 4B

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 512B - Virtual size: 24B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 456B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 3.1MB - Virtual size: 3.1MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• Loader/etc/luIelD.dll

  .dll windows:6 windows x86 arch:x86

  3a2954525d997b4bb48fda16d51d15c5

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  kernel32

  VirtualAlloc

  VirtualProtect

  GetModuleHandleA

  Sleep

  LoadLibraryA

  GetProcAddress

  SetUnhandledExceptionFilter

  GetCurrentProcess

  TerminateProcess

  IsProcessorFeaturePresent

  IsDebuggerPresent

  QueryPerformanceCounter

  GetCurrentProcessId

  GetCurrentThreadId

  GetSystemTimeAsFileTime

  UnhandledExceptionFilter

  InitializeSListHead

  msvcp140

  ?_Xlength_error@std@@YAXPBD@Z

  vcruntime140

  _CxxThrowException

  __current_exception_context

  __current_exception

  __std_type_info_destroy_list

  memmove

  __std_exception_copy

  __std_exception_destroy

  __CxxFrameHandler3

  _except_handler4_common

  memcpy

  memset

  api-ms-win-crt-runtime-l1-1-0

  _cexit

  _initterm

  _execute_onexit_table

  _register_onexit_function

  _initialize_onexit_table

  _configure_narrow_argv

  _seh_filter_dll

  terminate

  _crt_atexit

  _initterm_e

  _invalid_parameter_noinfo_noreturn

  _initialize_narrow_environment

  api-ms-win-crt-heap-l1-1-0

  free

  _callnewh

  malloc

  Sections

  .text

  Size: 38KB - Virtual size: 40KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 17KB - Virtual size: 20KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 2.9MB - Virtual size: 2.9MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 3KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Loader/php5ts.dll

  .dll windows:5 windows x86 arch:x86

  aaf1492926158df000e59c70092d88e8

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  oleaut32

  GetActiveObject

  SysFreeString

  VariantClear

  VariantInit

  SysAllocString

  SafeArrayGetDim

  SafeArrayPutElement

  VariantChangeType

  SafeArrayGetVartype

  LHashValOfNameSys

  VarCmp

  VariantCopy

  SafeArrayGetUBound

  SafeArrayGetLBound

  VariantCopyInd

  SafeArrayGetElement

  LoadTypeLi

  LoadRegTypeLi

  SafeArrayUnaccessData

  SafeArrayAccessData

  SafeArrayCreate

  SysAllocStringByteLen

  VarXor

  VarPow

  VarOr

  VarMod

  VarImp

  VarIdiv

  VarEqv

  VarDiv

  VarAnd

  VarMul

  VarSu

  VarCat

  VarAdd

  VarNot

  VarNeg

  VarInt

  VarFix

  VarAbs

  VarRound

  VariantTimeToSystemTime

  SystemTimeToVariantTime

  user32

  DefWindowProcA

  SetTimer

  PostQuitMessage

  KillTimer

  UnregisterClassA

  DestroyWindow

  SendMessageA

  GetMessageA

  CreateWindowExA

  RegisterClassA

  PostThreadMessageA

  GetSystemMetrics

  GetDesktopWindow

  IsWindow

  GetDC

  GetClientRect

  GetWindowRect

  ReleaseDC

  PeekMessageA

  DispatchMessageA

  TranslateMessage

  MsgWaitForMultipleObjects

  MessageBoxA

  gdi32

  CreateCompatibleDC

  BitBlt

  CreateCompatibleBitmap

  SelectObject

  GetPixel

  DeleteObject

  DeleteDC

  advapi32

  RegCloseKey

  RegOpenKeyExA

  CryptCreateHash

  CryptHashData

  CryptGetHashParam

  CryptDestroyHash

  RegEnumKeyA

  RegQueryValueA

  DuplicateTokenEx

  CreateProcessAsUserA

  OpenThreadToken

  OpenProcessToken

  EqualSid

  DuplicateToken

  GetFileSecurityA

  MapGenericMask

  AccessCheck

  GetTokenInformation

  CopySid

  GetLengthSid

  ConvertSidToStringSidA

  ReportEventA

  RegisterEventSourceA

  DeregisterEventSource

  CryptAcquireContextA

  CryptGenRandom

  CryptReleaseContext

  RegQueryValueExA

  RegNotifyChangeKeyValue

  RegQueryInfoKeyA

  RegEnumValueA

  RegEnumKeyExA

  GetUserNameA

  ws2_32

  WSACleanup

  WSAGetLastError

  WSAStartup

  freeaddrinfo

  getaddrinfo

  closesocket

  socket

  htons

  ntohs

  inet_ntoa

  getpeername

  getsockname

  htonl

  ioctlsocket

  __WSAFDIsSet

  select

  WSASetLastError

  getsockopt

  connect

  bind

  setsockopt

  accept

  WSAStringToAddressA

  WSAAddressToStringA

  inet_addr

  listen

  send

  recv

  shutdown

  sendto

  recvfrom

  gethostbyname

  gethostname

  getprotobyname

  ntohl

  getservbyname

  getservbyport

  getprotobynumber

  gethostbyaddr

  kernel32

  WideCharToMultiByte

  GetProcessHeap

  GetFileAttributesExA

  GetCurrentDirectoryA

  DeviceIoControl

  CreateFileA

  FileTimeToSystemTime

  TlsFree

  TlsAlloc

  LeaveCriticalSection

  CreateProcessA

  SetFileTime

  InitializeCriticalSection

  TlsGetValue

  TlsSetValue

  CreateWaitableTimerA

  SetWaitableTimer

  QueryPerformanceFrequency

  QueryPerformanceCounter

  GetSystemTimeAsFileTime

  GetTickCount

  FindClose

  FindNextFileA

  SystemTimeToFileTime

  GetSystemTime

  MoveFileExA

  GetCurrentProcess

  GetCurrentThread

  DuplicateHandle

  GetBinaryTypeA

  DeleteCriticalSection

  GetStdHandle

  CreatePipe

  GetExitCodeProcess

  MapViewOfFileEx

  OpenFileMappingA

  GetFullPathNameA

  MultiByteToWideChar

  InterlockedDecrement

  GetLocalTime

  GetCurrentProcessId

  SetEnvironmentVariableA

  SleepEx

  GetDiskFreeSpaceA

  LockFileEx

  UnlockFileEx

  GetModuleHandleA

  InterlockedExchange

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  GetComputerNameA

  GetFileAttributesA

  CreateHardLinkA

  TerminateProcess

  SetErrorMode

  SetFilePointer

  GetACP

  CreateMutexA

  ReleaseMutex

  InterlockedCompareExchange

  Sleep

  GetSystemDirectoryA

  EnterCriticalSection

  FindFirstFileA

  CreateFileMappingA

  GetFileSize

  GetSystemInfo

  MapViewOfFile

  UnmapViewOfFile

  GetFileType

  GetTempPathA

  GetTempFileNameA

  SetLastError

  GetEnvironmentVariableA

  GetModuleFileNameA

  GetWindowsDirectoryA

  GetSystemWindowsDirectoryA

  LocalFree

  GetVersion

  GetVersionExA

  GetLastError

  OutputDebugStringA

  FormatMessageA

  LoadLibraryA

  GetProcAddress

  GetTimeZoneInformation

  InterlockedIncrement

  GetCurrentThreadId

  CloseHandle

  CreateEventA

  WaitForSingleObject

  SetEvent

  IsDBCSLeadByte

  HeapReAlloc

  HeapFree

  HeapAlloc

  HeapCreate

  HeapDestroy

  FreeLibrary

  ole32

  CoUninitialize

  CoInitialize

  CoCreateInstance

  CoCreateInstanceEx

  MkParseDisplayName

  CreateBindCtx

  CLSIDFromString

  CoTaskMemFree

  StringFromCLSID

  CoCreateGuid

  CoDisconnectObject

  CoTaskMemAlloc

  OleLoadFromStream

  CLSIDFromProgID

  dnsapi

  DnsQuery_A

  DnsRecordListFree

  msvcr90

  sscanf

  putchar

  _open_osfhandle

  _fdopen

  _mktime32

  fgets

  floor

  strftime

  _CIatan2

  _CIsqrt

  _CIsin

  _CIcos

  _CIacos

  _atoi64

  strtod

  isupper

  abort

  strtoul

  putc

  getc

  _CItan

  _access

  atof

  iscntrl

  ispunct

  isprint

  isgraph

  isxdigit

  strcspn

  mblen

  _CIlog10

  ceil

  _CIlog

  _CIexp

  _CIasin

  _CIatan

  _CIsinh

  _CIcosh

  _CItanh

  _hypot

  _CIfmod

  strcat_s

  strncpy_s

  _close

  strspn

  _setmode

  _fileno

  remove

  _creat

  _mktemp

  ferror

  strcmp

  clearerr

  ungetc

  fgetc

  memcmp

  strlen

  strcat

  fabs

  pow

  _vsnprintf

  _wfopen

  _stat64i32

  _wstat64i32

  vfprintf

  strcpy_s

  sprintf_s

  _encode_pointer

  _malloc_crt

  _encoded_null

  _decode_pointer

  _initterm

  _initterm_e

  _amsg_exit

  _adjust_fdiv

  __CppXcptFilter

  _dup

  _crt_debugger_hook

  __clean_type_info_names_internal

  _unlock

  __dllonexit

  _lock

  _onexit

  _except_handler4_common

  _stricmp

  _strnicmp

  _isatty

  _write

  _unlink

  _lseek

  _read

  _chsize

  _open

  _chmod

  _mkdir

  _rmdir

  _getcwd

  _strdup

  _set_errno

  _memicmp

  _stat32

  _getpid

  _tzset

  __timezone

  __daylight

  strtok

  setvbuf

  fseek

  feof

  _get_osfhandle

  rewind

  strnlen

  _putenv

  _umask

  strpbrk

  atoi

  _snprintf

  fopen

  memset

  calloc

  malloc

  free

  strncat

  realloc

  _setjmp3

  sprintf

  longjmp

  exit

  strtol

  memcpy

  fprintf

  __iob_func

  fflush

  getenv

  memchr

  strchr

  memmove

  isalpha

  strrchr

  _beginthreadex

  _controlfp_s

  ftell

  _errno

  printf

  toupper

  _CIpow

  strcoll

  tolower

  _finite

  _fstat32

  fread

  fclose

  _HUGE

  isspace

  _time32

  _configthreadlocale

  strstr

  strncmp

  strncpy

  isalnum

  strerror

  _set_invalid_parameter_handler

  setlocale

  fwrite

  qsort

  vsprintf

  _environ

  _ctime32

  _gmtime32

  _localtime32

  asctime

  atol

  localeconv

  _fpclass

  _isnan

  isdigit

  islower

  Exports

  Exports

  GetSMErrorText

  OnUpdateBaseDir

  OnUpdateBool

  OnUpdateLong

  OnUpdateLongGEZero

  OnUpdateReal

  OnUpdateString

  OnUpdateStringUnempty

  PHP_3HAVAL128Init

  PHP_3HAVAL160Init

  PHP_3HAVAL192Init

  PHP_3HAVAL224Init

  PHP_3HAVAL256Init

  PHP_3TIGERInit

  PHP_4HAVAL128Init

  PHP_4HAVAL160Init

  PHP_4HAVAL192Init

  PHP_4HAVAL224Init

  PHP_4HAVAL256Init

  PHP_4TIGERInit

  PHP_5HAVAL128Init

  PHP_5HAVAL160Init

  PHP_5HAVAL192Init

  PHP_5HAVAL224Init

  PHP_5HAVAL256Init

  PHP_ADLER32Copy

  PHP_ADLER32Final

  PHP_ADLER32Init

  PHP_ADLER32Update

  PHP_CRC32BFinal

  PHP_CRC32BUpdate

  PHP_CRC32Copy

  PHP_CRC32Final

  PHP_CRC32Init

  PHP_CRC32Update

  PHP_GOSTFinal

  PHP_GOSTInit

  PHP_GOSTUpdate

  PHP_HAVAL128Final

  PHP_HAVAL160Final

  PHP_HAVAL192Final

  PHP_HAVAL224Final

  PHP_HAVAL256Final

  PHP_HAVALUpdate

  PHP_MD2Final

  PHP_MD2Init

  PHP_MD2Update

  PHP_MD4Final

  PHP_MD4Init

  PHP_MD4Update

  PHP_MD5Final

  PHP_MD5Init

  PHP_MD5Update

  PHP_RIPEMD128Final

  PHP_RIPEMD128Init

  PHP_RIPEMD128Update

  PHP_RIPEMD160Final

  PHP_RIPEMD160Init

  PHP_RIPEMD160Update

  PHP_RIPEMD256Final

  PHP_RIPEMD256Init

  PHP_RIPEMD256Update

  PHP_RIPEMD320Final

  PHP_RIPEMD320Init

  PHP_RIPEMD320Update

  PHP_SALSA10Init

  PHP_SALSA20Init

  PHP_SALSAFinal

  PHP_SALSAUpdate

  PHP_SHA1Final

  PHP_SHA1Init

  PHP_SHA1Update

  PHP_SHA224Final

  PHP_SHA224Init

  PHP_SHA224Update

  PHP_SHA256Final

  PHP_SHA256Init

  PHP_SHA256Update

  PHP_SHA384Final

  PHP_SHA384Init

  PHP_SHA384Update

  PHP_SHA512Final

  PHP_SHA512Init

  PHP_SHA512Update

  PHP_SNEFRUFinal

  PHP_SNEFRUInit

  PHP_SNEFRUUpdate

  PHP_TIGER128Final

  PHP_TIGER160Final

  PHP_TIGER192Final

  PHP_TIGERUpdate

  PHP_WHIRLPOOLFinal

  PHP_WHIRLPOOLInit

  PHP_WHIRLPOOLUpdate

  TSMClose

  TSendMail

  ValidateFormat

  XML_GetUserData

  _DllMain@12

  _array_init

  _convert_to_string

  _ecalloc

  _efree

  _emalloc

  _erealloc

  _estrdup

  _estrndup

  _mysqlnd_calloc

  _mysqlnd_debug

  _mysqlnd_ecalloc

  _mysqlnd_efree

  _mysqlnd_emalloc

  _mysqlnd_erealloc

  _mysqlnd_fetch_lengths

  _mysqlnd_free

  _mysqlnd_get_client_stats

  _mysqlnd_init

  _mysqlnd_malloc

  _mysqlnd_pecalloc

  _mysqlnd_pefree

  _mysqlnd_pemalloc

  _mysqlnd_perealloc

  _mysqlnd_pestrdup

  _mysqlnd_pestrndup

  _mysqlnd_plugin_get_plugin_connection_data

  _mysqlnd_plugin_get_plugin_net_data

  _mysqlnd_plugin_get_plugin_protocol_data

  _mysqlnd_plugin_get_plugin_result_data

  _mysqlnd_plugin_get_plugin_result_metadata_data

  _mysqlnd_plugin_get_plugin_stmt_data

  _mysqlnd_poll

  _mysqlnd_realloc

  _object_and_properties_init

  _object_init

  _object_init_ex

  _php_emit_fd_setsize_warning

  _php_error_log

  _php_error_log_ex

  _php_find_ps_module

  _php_find_ps_serializer

  _php_get_stream_filters_hash

  _php_glob_stream_get_count

  _php_glob_stream_get_path

  _php_glob_stream_get_pattern

  _php_math_basetolong

  _php_math_basetozval

  _php_math_longtobase

  _php_math_number_format

  _php_math_round

  _php_math_zvaltobase

  _php_regcomp@12

  _php_regerror@16

  _php_regexec@20

  _php_regfree@4

  _php_stream_alloc

  _php_stream_cast

  _php_stream_copy_to_mem

  _php_stream_copy_to_stream

  _php_stream_copy_to_stream_ex

  _php_stream_eof

  _php_stream_filter_alloc

  _php_stream_filter_append

  _php_stream_filter_flush

  _php_stream_filter_prepend

  _php_stream_flush

  _php_stream_fopen

  _php_stream_fopen_from_fd

  _php_stream_fopen_from_file

  _php_stream_fopen_from_pipe

  _php_stream_fopen_temporary_file

  _php_stream_fopen_tmpfile

  _php_stream_fopen_with_path

  _php_stream_free

  _php_stream_get_line

  _php_stream_get_url_stream_wrappers_hash

  _php_stream_getc

  _php_stream_make_seekable

  _php_stream_memory_create

  _php_stream_memory_get_buffer

  _php_stream_memory_open

  _php_stream_mkdir

  _php_stream_mmap_range

  _php_stream_mmap_unmap

  _php_stream_mmap_unmap_ex

  _php_stream_open_wrapper_as_file

  _php_stream_open_wrapper_ex

  _php_stream_opendir

  _php_stream_passthru

  _php_stream_printf

  _php_stream_putc

  _php_stream_puts

  _php_stream_read

  _php_stream_readdir

  _php_stream_rmdir

  _php_stream_scandir

  _php_stream_seek

  _php_stream_set_option

  _php_stream_sock_open_from_socket

  _php_stream_sock_open_host

  _php_stream_stat

  _php_stream_stat_path

  _php_stream_tell

  _php_stream_temp_create

  _php_stream_temp_open

  _php_stream_truncate_set_size

  _php_stream_write

  _php_stream_xport_create

  _safe_emalloc

  _safe_erealloc

  _safe_malloc

  _safe_realloc

  _xml_zval_strdup

  _zend_bailout

  _zend_get_parameters_array

  _zend_get_parameters_array_ex

  _zend_hash_add_or_update

  _zend_hash_index_update_or_next_insert

  _zend_hash_init

  _zend_hash_init_ex

  _zend_hash_merge

  _zend_hash_quick_add_or_update

  _zend_list_addref

  _zend_list_delete

  _zend_list_find

  _zend_mem_block_size

  _zend_mm_alloc

  _zend_mm_block_size

  _zend_mm_free

  _zend_mm_realloc

  _zend_ts_hash_add_or_update

  _zend_ts_hash_index_update_or_next_insert

  _zend_ts_hash_init

  _zend_ts_hash_init_ex

  _zend_ts_hash_quick_add_or_update

  _zval_copy_ctor_func

  _zval_dtor_func

  _zval_dtor_wrapper

  _zval_internal_dtor

  _zval_internal_ptr_dtor

  _zval_ptr_dtor

  add_assoc_bool_ex

  add_assoc_double_ex

  add_assoc_function

  add_assoc_long_ex

  add_assoc_null_ex

  add_assoc_resource_ex

  add_assoc_string_ex

  add_assoc_stringl_ex

  add_assoc_zval_ex

  add_char_to_string

  add_function

  add_get_assoc_string_ex

  add_get_assoc_stringl_ex

  add_get_index_double

  add_get_index_long

  add_get_index_string

  add_get_index_stringl

  add_index_bool

  add_index_double

  add_index_long

  add_index_null

  add_index_resource

  add_index_string

  add_index_stringl

  add_index_zval

  add_next_index_bool

  add_next_index_double

  add_next_index_long

  add_next_index_null

  add_next_index_resource

  add_next_index_string

  add_next_index_stringl

  add_next_index_zval

  add_property_bool_ex

  add_property_double_ex

  add_property_long_ex

  add_property_null_ex

  add_property_resource_ex

  add_property_string_ex

  add_property_stringl_ex

  add_property_zval_ex

  add_string_to_string

  ap_php_asprintf

  ap_php_slprintf

  ap_php_snprintf

  ap_php_vasprintf

  ap_php_vslprintf

  ap_php_vsnprintf

  arcfour_LTX__is_block_algorithm

  arcfour_LTX__mcrypt_algorithm_version

  arcfour_LTX__mcrypt_decrypt

  arcfour_LTX__mcrypt_encrypt

  arcfour_LTX__mcrypt_get_algo_iv_size

  arcfour_LTX__mcrypt_get_algorithms_name

  arcfour_LTX__mcrypt_get_block_size

  arcfour_LTX__mcrypt_get_key_size

  arcfour_LTX__mcrypt_get_size

  arcfour_LTX__mcrypt_get_supported_key_sizes

  arcfour_LTX__mcrypt_self_test

  arcfour_LTX__mcrypt_set_key

  basic_globals_id

  bcompiler_zend_shutdown

  bcompiler_zend_startup

  bitwise_and_function

  bitwise_not_function

  bitwise_or_function

  bitwise_xor_function

  blowfish_LTX__is_block_algorithm

  blowfish_LTX__mcrypt_algorithm_version

  blowfish_LTX__mcrypt_decrypt

  blowfish_LTX__mcrypt_encrypt

  blowfish_LTX__mcrypt_get_algorithms_name

  blowfish_LTX__mcrypt_get_block_size

  blowfish_LTX__mcrypt_get_key_size

  blowfish_LTX__mcrypt_get_size

  blowfish_LTX__mcrypt_get_supported_key_sizes

  blowfish_LTX__mcrypt_self_test

  blowfish_LTX__mcrypt_set_key

  blowfish_compat_LTX__is_block_algorithm

  blowfish_compat_LTX__mcrypt_algorithm_version

  blowfish_compat_LTX__mcrypt_decrypt

  blowfish_compat_LTX__mcrypt_encrypt

  blowfish_compat_LTX__mcrypt_get_algorithms_name

  blowfish_compat_LTX__mcrypt_get_block_size

  blowfish_compat_LTX__mcrypt_get_key_size

  blowfish_compat_LTX__mcrypt_get_size

  blowfish_compat_LTX__mcrypt_get_supported_key_sizes

  blowfish_compat_LTX__mcrypt_self_test

  blowfish_compat_LTX__mcrypt_set_key

  boolean_not_function

  boolean_xor_function

  call_user_function

  call_user_function_ex

  cast_128_LTX__is_block_algorithm

  cast_128_LTX__mcrypt_algorithm_version

  cast_128_LTX__mcrypt_decrypt

  cast_128_LTX__mcrypt_encrypt

  cast_128_LTX__mcrypt_get_algorithms_name

  cast_128_LTX__mcrypt_get_block_size

  cast_128_LTX__mcrypt_get_key_size

  cast_128_LTX__mcrypt_get_size

  cast_128_LTX__mcrypt_get_supported_key_sizes

  cast_128_LTX__mcrypt_self_test

  cast_128_LTX__mcrypt_set_key

  cast_256_LTX__is_block_algorithm

  cast_256_LTX__mcrypt_algorithm_version

  cast_256_LTX__mcrypt_decrypt

  cast_256_LTX__mcrypt_encrypt

  cast_256_LTX__mcrypt_get_algorithms_name

  cast_256_LTX__mcrypt_get_block_size

  cast_256_LTX__mcrypt_get_key_size

  cast_256_LTX__mcrypt_get_size

  cast_256_LTX__mcrypt_get_supported_key_sizes

  cast_256_LTX__mcrypt_self_test

  cast_256_LTX__mcrypt_set_key

  cfg_get_double

  cfg_get_entry

  cfg_get_long

  cfg_get_string

  compare_function

  compile_file

  compile_filename

  compile_string

  compiler_globals_id

  concat_function

  config_zval_dtor

  convert_scalar_to_number

  convert_to_array

  convert_to_boolean

  convert_to_double

  convert_to_long

  convert_to_long_base

  convert_to_null

  convert_to_object

  core_globals_id

  decrement_function

  des_LTX__is_block_algorithm

  des_LTX__mcrypt_algorithm_version

  des_LTX__mcrypt_decrypt

  des_LTX__mcrypt_encrypt

  des_LTX__mcrypt_get_algorithms_name

  des_LTX__mcrypt_get_block_size

  des_LTX__mcrypt_get_key_size

  des_LTX__mcrypt_get_size

  des_LTX__mcrypt_get_supported_key_sizes

  des_LTX__mcrypt_self_test

  des_LTX__mcrypt_set_key

  destroy_op_array

  destroy_zend_class

  destroy_zend_function

  display_ini_entries

  display_link_numbers

  div_function

  do_bind_class

  do_bind_function

  do_bind_inherited_class

  dom_node_class_entry

  dom_object_get_node

  dummy_indent

  empty_fcall_info

  empty_fcall_info_cache

  end_mcrypt

  enigma_LTX__is_block_algorithm

  enigma_LTX__mcrypt_algorithm_version

  enigma_LTX__mcrypt_decrypt

  enigma_LTX__mcrypt_encrypt

  enigma_LTX__mcrypt_get_algo_iv_size

  enigma_LTX__mcrypt_get_algorithms_name

  enigma_LTX__mcrypt_get_block_size

  enigma_LTX__mcrypt_get_key_size

  enigma_LTX__mcrypt_get_size

  enigma_LTX__mcrypt_get_supported_key_sizes

  enigma_LTX__mcrypt_self_test

  enigma_LTX__mcrypt_set_key

  execute

  execute_internal

  executor_globals_id

  expand_filepath

  expand_filepath_ex

  extension_version_info

  file_globals_id

  file_handle_dtor

  flock

  fnmatch

  free_estring

  function_add_ref

  gc_collect_cycles

  gc_globals_ctor

  gc_globals_dtor

  gc_globals_id

  gc_init

  gc_remove_zval_from_buffer

  gc_reset

  gc_zobj_possible_root

  gc_zval_possible_root

  get_active_class_name

  get_active_function_name

  get_binary_op

  get_timezone_info

  get_unary_op

  get_zend_version

  gettimeofday

  glob

  globfree

  gost_LTX__is_block_algorithm

  gost_LTX__mcrypt_algorithm_version

  gost_LTX__mcrypt_decrypt

  gost_LTX__mcrypt_encrypt

  gost_LTX__mcrypt_get_algorithms_name

  gost_LTX__mcrypt_get_block_size

  gost_LTX__mcrypt_get_key_size

  gost_LTX__mcrypt_get_size

  gost_LTX__mcrypt_get_supported_key_sizes

  gost_LTX__mcrypt_self_test

  gost_LTX__mcrypt_set_key

  highlight_file

  highlight_string

  igbinary_serialize

  igbinary_unserialize

  increment_function

  inet_aton

  inet_ntop

  inet_pton

  ini_scanner_globals_id

  init_mcrypt

  init_op_array

  instanceof_function

  instanceof_function_ex

  is_equal_function

  is_identical_function

  is_not_equal_function

  is_not_identical_function

  is_smaller_function

  is_smaller_or_equal_function

  is_zend_mm

  language_scanner_globals_id

  le_index_ptr

  lex_scan

  localeconv_r

  loki97_LTX__is_block_algorithm

  loki97_LTX__mcrypt_algorithm_version

  loki97_LTX__mcrypt_decrypt

  loki97_LTX__mcrypt_encrypt

  loki97_LTX__mcrypt_get_algorithms_name

  loki97_LTX__mcrypt_get_block_size

  loki97_LTX__mcrypt_get_key_size

  loki97_LTX__mcrypt_get_size

  loki97_LTX__mcrypt_get_supported_key_sizes

  loki97_LTX__mcrypt_self_test

  loki97_LTX__mcrypt_set_key

  make_digest

  make_digest_ex

  make_sha1_digest

  mcrypt

  mcrypt_algorithm_module_ok

  mcrypt_dlopen

  mcrypt_enc_get_algorithms_name

  mcrypt_enc_get_block_size

  mcrypt_enc_get_iv_size

  mcrypt_enc_get_key_size

  Sections

  .text

  Size: 4.2MB - Virtual size: 4.2MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 2.1MB - Virtual size: 2.1MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 52KB - Virtual size: 170KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 207KB - Virtual size: 206KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ