vds.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
db728edac855decd5bfe3d962079bcc0_NEIKI.exe
Resource
win7-20240419-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
db728edac855decd5bfe3d962079bcc0_NEIKI.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
db728edac855decd5bfe3d962079bcc0_NEIKI
-
Size
1.1MB
-
MD5
db728edac855decd5bfe3d962079bcc0
-
SHA1
881492b78358f34f8b26f06be9cd520578bf4131
-
SHA256
f92d6e86ec71aa2dba077b8e3571e10542f1cd5d59e64f121896689fd586e203
-
SHA512
943a1f5b5fa67a216072212142516cf295b7a95cce295f4848b708169509ea3995309d1d886834ab93c62b9e0082d4b0bc5244f6386eea3353ae65c260ad2379
-
SSDEEP
24576:wvMgzNciyYe13kvoUFCzq3bZOcko/UkhHkLRl:WcibeUoUFSChkgG1
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource db728edac855decd5bfe3d962079bcc0_NEIKI
Files
-
db728edac855decd5bfe3d962079bcc0_NEIKI.exe windows:6 windows x64 arch:x64
6837a7cff1dc2cc5f03975b3caeaaa7c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
user32
UnregisterDeviceNotification
DefWindowProcW
PeekMessageW
CharNextW
DispatchMessageW
GetMessageW
PostThreadMessageW
MessageBoxW
LoadStringW
RegisterDeviceNotificationW
msvcrt
memcmp
_wcmdln
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
_ltow
swscanf_s
wcscpy_s
towupper
wcsncmp
wcsstr
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
memcpy
memset
_purecall
??3@YAXPEAX@Z
_vsnwprintf
??2@YAPEAX_K@Z
_wcsicmp
_wcsnicmp
srand
time
rand
_wtol
_initterm
atl
ord30
ord20
ord17
ord16
ord57
ord18
ord23
ord32
ntdll
RtlAcquireResourceExclusive
RtlDeleteResource
RtlConvertSharedToExclusive
RtlReleaseResource
RtlConvertExclusiveToShared
RtlAcquireResourceShared
RtlAdjustPrivilege
NtQueryVolumeInformationFile
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlInitializeResource
api-ms-win-core-debug-l1-1-0
OutputDebugStringW
api-ms-win-core-errorhandling-l1-1-0
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError
api-ms-win-core-file-l1-1-0
GetDriveTypeW
QueryDosDeviceW
FindFirstVolumeW
RemoveDirectoryW
FindNextVolumeW
FindVolumeClose
DeleteVolumeMountPointW
DefineDosDeviceW
GetVolumePathNameW
WriteFile
SetFilePointerEx
CreateFileW
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-heap-l1-1-0
HeapAlloc
HeapSetInformation
GetProcessHeap
HeapFree
api-ms-win-core-io-l1-1-0
DeviceIoControl
api-ms-win-core-libraryloader-l1-1-0
LoadLibraryExA
FreeLibrary
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
api-ms-win-core-localregistry-l1-1-0
RegEnumKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
api-ms-win-core-misc-l1-1-0
FormatMessageW
Sleep
LocalFree
lstrlenW
lstrcmpiW
api-ms-win-core-processenvironment-l1-1-0
GetCommandLineW
api-ms-win-core-processthreads-l1-1-0
GetCurrentThreadId
CreateThread
SetThreadToken
OpenThreadToken
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetStartupInfoW
ResumeThread
OpenProcessToken
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-string-l1-1-0
WideCharToMultiByte
api-ms-win-core-synch-l1-1-0
SetEvent
CreateEventW
InitializeCriticalSection
DeleteCriticalSection
ReleaseSemaphore
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
api-ms-win-core-sysinfo-l1-1-0
GetTickCount
GetSystemTimeAsFileTime
api-ms-win-security-base-l1-1-0
GetSecurityDescriptorLength
IsValidSid
FreeSid
AdjustTokenPrivileges
DuplicateTokenEx
MakeAbsoluteSD
AddAccessAllowedAce
GetLengthSid
MakeSelfRelativeSD
api-ms-win-service-core-l1-1-0
SetServiceStatus
StartServiceCtrlDispatcherW
api-ms-win-service-winsvc-l1-1-0
RegisterServiceCtrlHandlerW
ControlService
api-ms-win-service-management-l1-1-0
CloseServiceHandle
OpenServiceW
OpenSCManagerW
CreateServiceW
DeleteService
api-ms-win-service-management-l2-1-0
QueryServiceObjectSecurity
SetServiceObjectSecurity
ChangeServiceConfig2W
setupapi
CM_Query_And_Remove_SubTreeW
CM_Get_DevNode_Status
SetupDiGetCustomDevicePropertyW
SetupDiCallClassInstaller
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
CM_Get_Parent
CM_Reenumerate_DevNode_Ex
osuninst
IsUninstallImageValid
vdsutil
?WaitForRundownProtectionRelease@@YAXPEAU_RUNDOWN_REF@@@Z
??1CRtlMap@@UEAA@XZ
?RemoveAll@CRtlMap@@QEAAXH@Z
?VdsInitializeCriticalSection@@YAKPEAU_RTL_CRITICAL_SECTION@@@Z
?GetEntryPointer@CRtlListIter@@QEAAPEAXXZ
?VdsTraceW@@YAXKPEAGZZ
?InsertTail@CRtlList@@QEAAHAEAVCRtlEntry@@@Z
?Begin@CRtlMap@@QEAA?AVCRtlMapIter@@XZ
?Next@CRtlMapIter@@QEAAAEAV1@XZ
?Uninitialize@CVdsPnPNotificationBase@@QEAAXXZ
?Uninitialize@CVdsAsyncObjectBase@@SAXXZ
?InsertTailPointer@CRtlList@@QEAAHPEAX@Z
?Remove@CRtlList@@QEAAXAEAVCRtlListIter@@@Z
?IsWinPE@@YAHXZ
?AcquireRundownProtection@@YAEPEAU_RUNDOWN_REF@@@Z
?Initialize@CVdsAsyncObjectBase@@SAKXZ
?Initialize@CVdsPnPNotificationBase@@QEAAKXZ
?ReleaseRundownProtection@@YAXPEAU_RUNDOWN_REF@@@Z
?InsertHeadPointer@CRtlList@@QEAAHPEAX@Z
?GetInterfaceDetailData@@YAKPEAXPEAU_SP_DEVICE_INTERFACE_DATA@@PEAPEAU_SP_DEVICE_INTERFACE_DETAIL_DATA_W@@@Z
?InvalidateDiskCache@@YAJPEAG@Z
??0CVdsWmiVariantObjectArrayEnum@@QEAA@XZ
??1CVdsWmiVariantObjectArrayEnum@@QEAA@XZ
?VdsWmiConnectToNamespace@@YAJPEAGPEAPEAUIWbemLocator@@PEAPEAUIWbemServices@@@Z
?Attach@CVdsWmiVariantObjectArrayEnum@@QEAAJPEAUtagVARIANT@@@Z
?Next@CVdsWmiVariantObjectArrayEnum@@QEAAJPEAPEAUIWbemClassObject@@@Z
?VdsWmiGetByteFromInstance@@YAJPEAUIWbemClassObject@@PEAGPEAE@Z
?VdsWmiGetUlongFromInstance@@YAJPEAUIWbemClassObject@@PEAGPEAK@Z
?VdsWmiGetObjectFromInstance@@YAJPEAUIWbemClassObject@@PEAGPEAPEAU1@@Z
?VdsWmiCopyFromVariantByteArray@@YAJPEAUIWbemClassObject@@PEAGJPEAE@Z
?Detach@CVdsWmiVariantObjectArrayEnum@@QEAAJXZ
?Find@CRtlMap@@QEAAHAEAVCRtlEntry@@PEAV2@@Z
?VdsTrace@@YAXKPEADZZ
?Insert@CRtlMap@@QEAAHAEAVCRtlEntry@@0@Z
?FindPtr@CRtlMap@@QEAAHAEAVCRtlEntry@@PEAPEAV2@@Z
?Remove@CRtlMap@@QEAAHAEAVCRtlEntry@@@Z
?OpenDevice@@YAKPEAGKPEAPEAX@Z
?GetDeviceName@@YAKPEAXHKPEAG@Z
?GetDeviceAndMediaType@@YAKPEAGPEAXPEAK2@Z
?GetDiskLayout@@YAKPEAXPEAPEAU_DRIVE_LAYOUT_INFORMATION_EX@@@Z
?GetPartitionInformation@@YAKPEAXPEAU_PARTITION_INFORMATION_EX@@@Z
?RegisterHandle@CVdsPnPNotificationBase@@QEAAKPEAXPEAPEAX@Z
?InitializeRundownProtection@@YAXPEAU_RUNDOWN_REF@@@Z
?IsLoggingEnabledW@@YAEXZ
?VdsTraceExW@@YAXKKPEAGZZ
?GuidToString@@YAJPEAU_GUID@@PEAGK@Z
?InsertUnique@CRtlMap@@QEAAHAEAVCRtlEntry@@0@Z
?IsNoAutoMount@@YAHXZ
?IsEfiFirmware@@YAHXZ
?Clear@CPrvEnumObject@@QEAAXXZ
?LockDismountVolume@@YAKPEAXHE@Z
?GetDeviceNumber@@YAKPEAXPEAU_STORAGE_DEVICE_NUMBER@@@Z
?IsDriveLetter@@YAHPEAG@Z
?Next@CPrvEnumObject@@UEAAJKPEAPEAUIUnknown@@PEAK@Z
?Skip@CPrvEnumObject@@UEAAJK@Z
?Reset@CPrvEnumObject@@UEAAJXZ
?Clone@CPrvEnumObject@@UEAAJPEAPEAUIEnumVdsObject@@@Z
??0CVdsAsyncObjectBase@@QEAA@XZ
??1CVdsAsyncObjectBase@@QEAA@XZ
?SetCompletionStatus@CVdsAsyncObjectBase@@QEAAXJK@Z
?Signal@CVdsAsyncObjectBase@@QEAAXXZ
?VdsIscsiIpAddressToString@@YAJPEAU_VDS_IPADDRESS@@KPEAG@Z
?VdsWmiFindInstanceOfClass@@YAJPEAUIWbemServices@@PEAG1PEAPEAUIWbemClassObject@@@Z
?VdsWmiGetUlonglongFromInstance@@YAJPEAUIWbemClassObject@@PEAGPEA_K@Z
?QueryStatus@CVdsAsyncObjectBase@@UEAAJPEAJPEAK@Z
?VdsIscsiIpsecIdToIpAddress@@YAJEKPEAEPEAU_VDS_IPADDRESS@@@Z
?VdsIscsiCheckEqualIpAddress@@YAHU_VDS_IPADDRESS@@0@Z
?VdsIscsiIpAddressToIpsecId@@YAJPEAU_VDS_IPADDRESS@@PEAEPEAKPEAPEAE@Z
?WriteBootCode@@YAKPEAX@Z
?CoFreeStringArray@@YAXPEAPEAGJ@Z
?GetFMIFSFormatEx2Routine@@YAP6AXPEAGW4_FMIFS_MEDIA_TYPE@@0PEAUFMIFS_FORMATEX2_PARAM@@P6AEW4_FMIFS_PACKET_TYPE@@KPEAX@Z@ZXZ
?GetFMIFSEnableCompressionRoutine@@YAP6AEPEAGG@ZXZ
?RemoveTempVolumeName@@YAXPEAG0@Z
?MountVolume@@YAKPEAG@Z
?GetFileSystemRecognitionName@@YAJPEAXPEAPEAG@Z
?GetFMIFSGetDefaultFilesystemRoutine@@YAP6AEPEAUFMIFS_DEF_FS_PARAM@@PEAUFMIFS_DEF_FS_OUT@@PEAK@ZXZ
?AssignTempVolumeName@@YAJPEAGQEAG@Z
?GetVolumeName@@YAJPEAGK0@Z
?GetVolumeDiskExtentInfo@@YAKPEAXPEAPEAU_VOLUME_DISK_EXTENTS@@@Z
?GarbageCollectDriveLetters@@YAXXZ
?LockVolume@@YAKPEAXE@Z
?DeleteNetworkShare@@YAHPEAG@Z
?GetVolumeUniqueId@@YAKPEAU_VDS_VOLUME_PROP2@@@Z
?GetVolumeGuidPathnames@@YAJPEAGPEAKPEAPEAPEAG@Z
?DeleteBcdObjects@@YAJPEAU_VDS_PARTITION_IDENTITY@@@Z
?VdsIscsiCacheSessionDevices@@YAJPEAUIEnumWbemClassObject@@PEAPEAU_VDSISCSI_SESSION_DEVICES_CACHE@@@Z
?VdsWmiGetObjectInVariantObjectArray@@YAJPEAUIWbemClassObject@@PEAGJPEAPEAU1@@Z
?VdsIscsiGetIpAddressFromInstance@@YAJPEAUIWbemClassObject@@PEAGPEAU_VDS_IPADDRESS@@@Z
?VdsWmiCreateClassInstance@@YAJPEAUIWbemServices@@PEAGPEAPEAUIWbemClassObject@@@Z
?VdsWmiSetUlongInInstance@@YAJPEAUIWbemClassObject@@PEAGK@Z
?VdsWmiCreateVariantArray@@YAJGJPEAUtagVARIANT@@@Z
?VdsWmiSetUlonglongInInstance@@YAJPEAUIWbemClassObject@@PEAG_K@Z
?VdsWmiGetMethodArgumentObject@@YAJPEAUIWbemServices@@PEAG1PEAPEAUIWbemClassObject@@@Z
?VdsWmiSetObjectInInstance@@YAJPEAUIWbemClassObject@@PEAG0@Z
?VdsWmiCallMethod@@YAJPEAUIWbemServices@@PEAUIWbemClassObject@@PEAG1PEAPEAU2@@Z
?UnregisterHandle@CVdsPnPNotificationBase@@QEAAXPEAX@Z
?GetMediaGeometryEx@@YAKPEAXPEAU_VDS_DISK_PROP2@@@Z
?IsDiskClustered@@YAKPEAXPEAE1@Z
?IsDiskReadOnly@@YAKPEAXPEAE@Z
?IsDiskCurrentStateReadOnly@@YAKPEAXPEAE@Z
?CreateDeviceInfoSet@@YAKPEAGPEAPEAXPEAU_SP_DEVINFO_DATA@@@Z
?GetDeviceRegistryProperty@@YAKPEAXPEAU_SP_DEVINFO_DATA@@KPEAPEAEK@Z
?VdsAllocateEmptyString@@YAPEAGXZ
?GetDeviceRegistryProperty@@YAKKKPEAPEAEK@Z
?GetDeviceLocationEx@@YAKPEAXKPEAU_VDS_DISK_PROP2@@@Z
?VdsDoesDiskHaveArcPath@@YAKKPEAE@Z
?GetBootFromDiskNumber@@YAJPEAK@Z
?GetDiskOfflineReason@@YAKPEAXPEAW4_VDS_DISK_OFFLINE_REASON@@@Z
?WaitImpl@CVdsAsyncObjectBase@@QEAAJPEAJ@Z
VdsDisableCOMFatalExceptionHandling
??1CGlobalResource@@QEAA@XZ
?UnInitializeGlobalResouce@@YAJXZ
?Initialize@CGlobalResource@@QEAAJXZ
??0CGlobalResource@@QEAA@XZ
?RemoveEventSource@@YAKPEAG@Z
?VdsHeapAlloc@@YAPEAXPEAXK_K@Z
?AddEventSource@@YAKPEAGPEAUHINSTANCE__@@@Z
?InitializeSecurityDescriptor@@YAKKPEAXPEAPEAU_ACL@@PEAPEAX22@Z
?LogInfo@@YAXPEAGKKPEAXK0PEAD@Z
?LogError@@YAXPEAGKKPEAXKK0PEAD@Z
?VdsHeapFree@@YAHPEAXK0@Z
?AllocateAndGetVolumePathName@@YAJPEBGPEAPEAG@Z
?VdsTraceEx@@YAXKKPEADZZ
??0CRtlMap@@QEAA@KP6AXPEAVCRtlEntry@@@Z1@Z
??0CRtlList@@QEAA@P6AXPEAVCRtlEntry@@@Z@Z
??1CRtlList@@QEAA@XZ
?Begin@CRtlList@@QEAA?AVCRtlListIter@@XZ
?End@CRtlList@@QEAA?AVCRtlListIter@@XZ
?RemoveAll@CRtlList@@QEAAXXZ
?GetEntry@CRtlListIter@@QEAAPEAVCRtlEntry@@XZ
?Next@CRtlListIter@@QEAAAEAV1@XZ
?Prev@CRtlListIter@@QEAAAEAV1@XZ
??0CVdsCallTracer@@QEAA@KPEBD@Z
??1CVdsCallTracer@@QEAA@XZ
?Append@CPrvEnumObject@@QEAAJPEAUIUnknown@@@Z
kernel32
WaitForMultipleObjects
CreateSemaphoreW
LoadLibraryW
FindFirstVolumeMountPointW
GetVolumeNameForVolumeMountPointW
FindNextVolumeMountPointW
RtlCompareMemory
VirtualAlloc
ReadFile
GetFileAttributesW
VirtualFree
GetCurrentThread
GetSystemDirectoryW
DelayLoadFailureHook
FindVolumeMountPointClose
SetVolumeMountPointW
GetVolumePathNamesForVolumeNameW
Exports
Exports
??0?$CVdsCoTaskPtr@G@@QEAA@XZ
??0?$CVdsHandleImpl@$0?0@@QEAA@XZ
??0?$CVdsHandleImpl@$0A@@@QEAA@XZ
??0?$CVdsHeapPtr@D@@QEAA@XZ
??0?$CVdsHeapPtr@G@@QEAA@XZ
??0?$CVdsHeapPtr@J@@QEAA@XZ
??0?$CVdsHeapPtr@UFMIFS_DEF_FS_OUT@@@@QEAA@XZ
??0?$CVdsHeapPtr@U_AUCTION_THREAD_PARAMETER@@@@QEAA@XZ
??0?$CVdsHeapPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QEAA@XZ
??0?$CVdsHeapPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAA@XZ
??0?$CVdsHeapPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QEAA@XZ
??0?$CVdsHeapPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QEAA@XZ
??0?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINT@@@@QEAA@XZ
??0?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QEAA@XZ
??0?$CVdsHeapPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEAA@XZ
??0?$CVdsPtr@D@@QEAA@XZ
??0?$CVdsPtr@G@@QEAA@XZ
??0?$CVdsPtr@J@@QEAA@XZ
??0?$CVdsPtr@UFMIFS_DEF_FS_OUT@@@@QEAA@XZ
??0?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QEAA@XZ
??0?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QEAA@XZ
??0?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAA@XZ
??0?$CVdsPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QEAA@XZ
??0?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QEAA@XZ
??0?$CVdsPtr@U_MOUNTMGR_MOUNT_POINT@@@@QEAA@XZ
??0?$CVdsPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QEAA@XZ
??0?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEAA@XZ
??0CPrvEnumObject@@QEAA@XZ
??0CRtlSharedLock@@QEAA@XZ
??0CVdsCriticalSection@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
??0CVdsPnPNotificationBase@@QEAA@XZ
??0CVdsUnlockIt@@QEAA@AEAJ@Z
??1?$CVdsCoTaskPtr@G@@QEAA@XZ
??1?$CVdsHandleImpl@$0?0@@QEAA@XZ
??1?$CVdsHandleImpl@$0A@@@QEAA@XZ
??1?$CVdsHeapPtr@D@@QEAA@XZ
??1?$CVdsHeapPtr@G@@QEAA@XZ
??1?$CVdsHeapPtr@J@@QEAA@XZ
??1?$CVdsHeapPtr@UFMIFS_DEF_FS_OUT@@@@QEAA@XZ
??1?$CVdsHeapPtr@U_AUCTION_THREAD_PARAMETER@@@@QEAA@XZ
??1?$CVdsHeapPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QEAA@XZ
??1?$CVdsHeapPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAA@XZ
??1?$CVdsHeapPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QEAA@XZ
??1?$CVdsHeapPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QEAA@XZ
??1?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINT@@@@QEAA@XZ
??1?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QEAA@XZ
??1?$CVdsHeapPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEAA@XZ
??1?$CVdsPtr@D@@QEAA@XZ
??1?$CVdsPtr@G@@QEAA@XZ
??1?$CVdsPtr@J@@QEAA@XZ
??1?$CVdsPtr@UFMIFS_DEF_FS_OUT@@@@QEAA@XZ
??1?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QEAA@XZ
??1?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QEAA@XZ
??1?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAA@XZ
??1?$CVdsPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QEAA@XZ
??1?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QEAA@XZ
??1?$CVdsPtr@U_MOUNTMGR_MOUNT_POINT@@@@QEAA@XZ
??1?$CVdsPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QEAA@XZ
??1?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEAA@XZ
??1CPrvEnumObject@@QEAA@XZ
??1CRtlSharedLock@@QEAA@XZ
??1CVdsCriticalSection@@QEAA@XZ
??1CVdsDebugLog@@QEAA@XZ
??1CVdsPnPNotificationBase@@QEAA@XZ
??1CVdsUnlockIt@@QEAA@XZ
??4?$CVdsHandleImpl@$0?0@@QEAAPEAXPEAX@Z
??4?$CVdsHandleImpl@$0A@@@QEAAPEAXPEAX@Z
??4?$CVdsHeapPtr@D@@QEAAPEADPEAD@Z
??4?$CVdsHeapPtr@G@@QEAAPEAGPEAG@Z
??4?$CVdsHeapPtr@J@@QEAAPEAJPEAJ@Z
??4?$CVdsHeapPtr@UFMIFS_DEF_FS_OUT@@@@QEAAPEAUFMIFS_DEF_FS_OUT@@PEAU1@@Z
??4?$CVdsHeapPtr@U_AUCTION_THREAD_PARAMETER@@@@QEAAPEAU_AUCTION_THREAD_PARAMETER@@PEAU1@@Z
??4?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINT@@@@QEAAPEAU_MOUNTMGR_MOUNT_POINT@@PEAU1@@Z
??4?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QEAAPEAU_MOUNTMGR_MOUNT_POINTS@@PEAU1@@Z
??4?$CVdsHeapPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEAAPEAU_SHRINK_VOLUME_THREAD_PARAMETER@@PEAU1@@Z
??8?$CVdsHandleImpl@$0?0@@QEBA_NPEAX@Z
??8?$CVdsHandleImpl@$0A@@@QEBA_NPEAX@Z
??8?$CVdsPtr@D@@QEBA_NPEAD@Z
??8?$CVdsPtr@G@@QEBA_NPEAG@Z
??8?$CVdsPtr@J@@QEBA_NPEAJ@Z
??8?$CVdsPtr@UFMIFS_DEF_FS_OUT@@@@QEBA_NPEAUFMIFS_DEF_FS_OUT@@@Z
??8?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QEBA_NPEAU_AUCTION_THREAD_PARAMETER@@@Z
??8?$CVdsPtr@U_MOUNTMGR_MOUNT_POINT@@@@QEBA_NPEAU_MOUNTMGR_MOUNT_POINT@@@Z
??8?$CVdsPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QEBA_NPEAU_MOUNTMGR_MOUNT_POINTS@@@Z
??8?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEBA_NPEAU_SHRINK_VOLUME_THREAD_PARAMETER@@@Z
??9?$CVdsHandleImpl@$0?0@@QEBA_NPEAX@Z
??9?$CVdsPtr@G@@QEBA_NPEAG@Z
??9?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEBA_NPEAU_DRIVE_LAYOUT_INFORMATION_EX@@@Z
??A?$CVdsPtr@J@@QEAAAEAJJ@Z
??A?$CVdsPtr@UFMIFS_DEF_FS_OUT@@@@QEAAAEAUFMIFS_DEF_FS_OUT@@K@Z
??B?$CVdsHandleImpl@$0?0@@QEAAPEAXXZ
??B?$CVdsHandleImpl@$0A@@@QEAAPEAXXZ
??B?$CVdsPtr@G@@QEBAPEAGXZ
??B?$CVdsPtr@J@@QEBAPEAJXZ
??B?$CVdsPtr@UFMIFS_DEF_FS_OUT@@@@QEBAPEAUFMIFS_DEF_FS_OUT@@XZ
??B?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QEBAPEAU_AUCTION_THREAD_PARAMETER@@XZ
??B?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QEBAPEAU_CLEAN_DISK_HANDLER_PARAMETER@@XZ
??B?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QEBAPEAU_FORMAT_VOLUME_THREAD_PARAMETER@@XZ
??B?$CVdsPtr@U_MOUNTMGR_MOUNT_POINT@@@@QEBAPEAU_MOUNTMGR_MOUNT_POINT@@XZ
??B?$CVdsPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QEBAPEAU_MOUNTMGR_MOUNT_POINTS@@XZ
??B?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEBAPEAU_SHRINK_VOLUME_THREAD_PARAMETER@@XZ
??C?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QEBAPEAU_AUCTION_THREAD_PARAMETER@@XZ
??C?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QEBAPEAU_CLEAN_DISK_HANDLER_PARAMETER@@XZ
??C?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEBAPEAU_DRIVE_LAYOUT_INFORMATION_EX@@XZ
??C?$CVdsPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QEBAPEAU_EXTEND_VOLUME_HANDLER_PARAMETER@@XZ
??C?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QEBAPEAU_FORMAT_VOLUME_THREAD_PARAMETER@@XZ
??C?$CVdsPtr@U_MOUNTMGR_MOUNT_POINT@@@@QEBAPEAU_MOUNTMGR_MOUNT_POINT@@XZ
??C?$CVdsPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QEBAPEAU_MOUNTMGR_MOUNT_POINTS@@XZ
??C?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEBAPEAU_SHRINK_VOLUME_THREAD_PARAMETER@@XZ
??I?$CVdsHandleImpl@$0?0@@QEAAPEAPEAXXZ
??I?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAAPEAPEAU_DRIVE_LAYOUT_INFORMATION_EX@@XZ
??_FCRtlList@@QEAAXXZ
??_FCRtlMap@@QEAAXXZ
?AcquireRead@CRtlSharedLock@@AEAAXXZ
?AcquireWrite@CRtlSharedLock@@AEAAXXZ
?AllowCancel@CVdsAsyncObjectBase@@QEAAXXZ
?Attach@?$CVdsPtr@G@@QEAAXPEAG@Z
?Attach@?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QEAAXPEAU_CLEAN_DISK_HANDLER_PARAMETER@@@Z
?Attach@?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAAXPEAU_DRIVE_LAYOUT_INFORMATION_EX@@@Z
?Attach@?$CVdsPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QEAAXPEAU_EXTEND_VOLUME_HANDLER_PARAMETER@@@Z
?Attach@?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QEAAXPEAU_FORMAT_VOLUME_THREAD_PARAMETER@@@Z
?Attach@?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEAAXPEAU_SHRINK_VOLUME_THREAD_PARAMETER@@@Z
?Close@?$CVdsHandleImpl@$0?0@@QEAAXXZ
?CurrentThreadIsWriter@CRtlSharedLock@@QEAAHXZ
?Detach@?$CVdsHandleImpl@$0?0@@QEAAPEAXXZ
?Detach@?$CVdsHandleImpl@$0A@@@QEAAPEAXXZ
?Detach@?$CVdsPtr@G@@QEAAPEAGXZ
?Detach@?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QEAAPEAU_AUCTION_THREAD_PARAMETER@@XZ
?Detach@?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QEAAPEAU_CLEAN_DISK_HANDLER_PARAMETER@@XZ
?Detach@?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAAPEAU_DRIVE_LAYOUT_INFORMATION_EX@@XZ
?Detach@?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEAAPEAU_SHRINK_VOLUME_THREAD_PARAMETER@@XZ
?DisallowCancel@CVdsAsyncObjectBase@@QEAAXXZ
?Downgrade@CRtlSharedLock@@AEAAXXZ
?GetOutputType@CVdsAsyncObjectBase@@QEAA?AW4_VDS_ASYNC_OUTPUT_TYPE@@XZ
?IsCancelRequested@CVdsAsyncObjectBase@@QEAAHXZ
?Release@CRtlSharedLock@@AEAAXXZ
?SetOutput@CVdsAsyncObjectBase@@QEAAXU_VDS_ASYNC_OUTPUT@@@Z
?SetOutputType@CVdsAsyncObjectBase@@QEAAXW4_VDS_ASYNC_OUTPUT_TYPE@@@Z
?SetPositionToLast@CPrvEnumObject@@QEAAXXZ
?StartReferenceHistory@@YAKXZ
?StopReferenceHistory@@YAXXZ
?Upgrade@CRtlSharedLock@@AEAAXXZ
?ZeroAsyncOut@CVdsAsyncObjectBase@@QEAAXXZ
?m_NoDebuggerLogging@CVdsDebugLog@@QEAAHXZ
?m_TracingLogEnabled@CVdsDebugLog@@QEAAHXZ
Sections
.text Size: 502KB - Virtual size: 501KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 568KB - Virtual size: 572KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE