wbemcomn.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
a8d4743cb59a1868ca299bc2002fda44_JaffaCakes118.dll
Resource
win7-20240611-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
a8d4743cb59a1868ca299bc2002fda44_JaffaCakes118.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
a8d4743cb59a1868ca299bc2002fda44_JaffaCakes118
-
Size
209KB
-
MD5
a8d4743cb59a1868ca299bc2002fda44
-
SHA1
179b567e91de2d3bf15561ee32d1d9b54b9737fb
-
SHA256
3965b1f77534502080988ce039c1493c7f5382d43a74a1c414a42767d870deeb
-
SHA512
64b9ddc82ccad95c28cd8193d948997dc36a8663df95b340eb154ab9558b2191862add69c0451b097d8bcc31efce3ae1787a0d57e7090f0d4178ac6d0b7d154e
-
SSDEEP
6144:Too8gxcGIlAQxAwoUcwizudnmaDnktmI:TQDltiwEvzuJDnHI
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a8d4743cb59a1868ca299bc2002fda44_JaffaCakes118
Files
-
a8d4743cb59a1868ca299bc2002fda44_JaffaCakes118.dll windows:5 windows x86 arch:x86
d7378fba12f442e45e99ae520c9b0f84
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
advapi32
IsValidSid
IsValidSecurityDescriptor
SetThreadToken
GetKernelObjectSecurity
SetKernelObjectSecurity
AddAce
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
MakeAbsoluteSD
ConvertSidToStringSidW
LookupAccountNameW
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorSacl
GetSecurityDescriptorLength
InitializeSecurityDescriptor
GetSecurityDescriptorControl
MakeSelfRelativeSD
GetSecurityDescriptorDacl
GetAclInformation
DeleteAce
GetAce
InitializeAcl
LookupAccountSidW
CopySid
EqualSid
RevertToSelf
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyW
RegCreateKeyW
RegSetValueExW
LookupPrivilegeValueW
RegDeleteKeyW
RegCloseKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
OpenThreadToken
OpenProcessToken
DuplicateToken
GetLengthSid
AdjustTokenPrivileges
GetTokenInformation
IsValidAcl
kernel32
SetLastError
HeapDestroy
HeapCreate
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
DebugBreak
GetProcessHeap
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GlobalMemoryStatus
EnterCriticalSection
CloseHandle
GetLastError
LocalFree
LocalAlloc
GetCurrentProcess
GetCurrentThread
DuplicateHandle
SystemTimeToFileTime
FileTimeToSystemTime
CompareFileTime
GetTimeZoneInformation
GetSystemTime
GetStringTypeExW
GetLocaleInfoW
lstrcmpiW
GetStringTypeExA
LCMapStringW
FormatMessageA
LoadLibraryW
lstrlenW
TlsFree
CreateEventW
SetEvent
TlsAlloc
TlsSetValue
Sleep
TlsGetValue
WaitForSingleObject
GetTickCount
CreateThread
InitializeCriticalSection
GetVersionExW
GetComputerNameW
GetModuleFileNameW
CreateDirectoryW
DeleteFileW
GetFileAttributesW
ExpandEnvironmentStringsW
GetCurrentThreadId
ResetEvent
OpenEventW
ReleaseMutex
GetSystemDirectoryW
MoveFileW
GetFileSizeEx
SetFilePointerEx
CreateFileW
WriteFile
CreateMutexA
ReadFile
SetFilePointer
GetFileSize
FlushFileBuffers
SetEndOfFile
GetSystemInfo
GetSystemTimeAdjustment
GetModuleHandleW
DisableThreadLibraryCalls
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetProcAddress
msvcrt
wcslen
_CxxThrowException
wcstoul
__CxxFrameHandler
_except_handler3
swscanf
_ftol
_vsnwprintf
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
__dllonexit
_adjust_fdiv
malloc
_initterm
free
mbstowcs
time
localtime
asctime
iswspace
_vsnprintf
wcstombs
wcschr
_purecall
fopen
fclose
fprintf
wcstol
_wunlink
_filelengthi64
_write
_lseek
_wopen
_read
_close
_wstat
qsort
printf
memmove
_wtoi
wcstok
wcscmp
ole32
CoTaskMemFree
CoGetCallContext
CoCreateInstance
StringFromGUID2
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
oleaut32
SysFreeString
SysAllocString
SysAllocStringByteLen
SysReAllocString
SysAllocStringLen
SysReAllocStringLen
VariantChangeType
VariantInit
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
VariantClear
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
SafeArrayCopy
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayRedim
VariantChangeTypeEx
SysStringLen
SafeArrayGetVartype
user32
GetLastInputInfo
DispatchMessageA
PeekMessageA
MsgWaitForMultipleObjects
LoadStringW
Exports
Exports
??0C9XAce@@QAE@ABV0@@Z
??0C9XAce@@QAE@KKKPAG@Z
??0C9XAce@@QAE@XZ
??0CAbstractQl1Parser@@QAE@ABV0@@Z
??0CAbstractQl1Parser@@QAE@PAVCGenLexSource@@@Z
??0CArena@@QAE@ABV0@@Z
??0CArena@@QAE@XZ
??0CBaseAce@@QAE@ABV0@@Z
??0CBaseAce@@QAE@XZ
??0CBasicUnloadInstruction@@IAE@XZ
??0CBasicUnloadInstruction@@QAE@ABV0@@Z
??0CBasicUnloadInstruction@@QAE@VCWbemInterval@@@Z
??0CBuffer@@QAE@ABV0@@Z
??0CBuffer@@QAE@PAEKH@Z
??0CCheckedInCritSec@@QAE@PAVCCritSec@@@Z
??0CContainerControl@@QAE@ABV0@@Z
??0CContainerControl@@QAE@PAUIUnknown@@@Z
??0CCritSec@@QAE@XZ
??0CDMTFParser@@QAE@PBG@Z
??0CDatePart@@QAE@XZ
??0CDateTimeParser@@IAE@XZ
??0CDateTimeParser@@QAE@PBG@Z
??0CEnterWbemCriticalSection@@QAE@PAVCWbemCriticalSection@@K@Z
??0CEventLog@@QAE@ABV0@@Z
??0CEventLog@@QAE@PBG0K@Z
??0CEventLogRecord@@QAE@AAV0@@Z
??0CEventLogRecord@@QAE@GKVCInsertionString@@000000000@Z
??0CExecQueue@@QAE@AAV0@@Z
??0CExecQueue@@QAE@XZ
??0CExecRequest@@QAE@ABV0@@Z
??0CExecRequest@@QAE@XZ
??0CFlexArray@@QAE@AAV0@@Z
??0CFlexArray@@QAE@HH@Z
??0CFlexQueue@@QAE@H@Z
??0CHaltable@@QAE@ABV0@@Z
??0CHaltable@@QAE@XZ
??0CHex@@QAE@J@Z
??0CIdentityTest@@QAE@ABV0@@Z
??0CIdentityTest@@QAE@PAVCTimerInstruction@@@Z
??0CInCritSec@@QAE@PAU_RTL_CRITICAL_SECTION@@@Z
??0CInsertionString@@QAE@ABV0@@Z
??0CInsertionString@@QAE@J@Z
??0CInsertionString@@QAE@PBD@Z
??0CInsertionString@@QAE@PBG@Z
??0CInsertionString@@QAE@VCHex@@@Z
??0CInsertionString@@QAE@XZ
??0CInstructionQueue@@QAE@XZ
??0CInstructionTest@@QAE@ABV0@@Z
??0CInstructionTest@@QAE@XZ
??0CLifeControl@@QAE@ABV0@@Z
??0CLifeControl@@QAE@XZ
??0CLike@@QAE@ABV0@@Z
??0CLike@@QAE@PBGG@Z
??0CLike@@QAE@XZ
??0CLimitControl@@QAE@ABV0@@Z
??0CLimitControl@@QAE@XZ
??0CMRCICompression@@QAE@XZ
??0CMRCIControl@@QAE@XZ
??0CMinMaxLimitControl@@QAE@ABV0@@Z
??0CMinMaxLimitControl@@QAE@HPBG@Z
??0CNtAce@@QAE@ABV0@@Z
??0CNtAce@@QAE@KKKAAVCNtSid@@@Z
??0CNtAce@@QAE@KKKPAG0@Z
??0CNtAce@@QAE@PAU_ACCESS_ALLOWED_ACE@@@Z
??0CNtAce@@QAE@XZ
??0CNtAcl@@QAE@ABV0@@Z
??0CNtAcl@@QAE@K@Z
??0CNtAcl@@QAE@PAU_ACL@@@Z
??0CNtSecurityDescriptor@@QAE@AAV0@@Z
??0CNtSecurityDescriptor@@QAE@PAXH@Z
??0CNtSecurityDescriptor@@QAE@XZ
??0CNtSid@@QAE@ABV0@@Z
??0CNtSid@@QAE@PAG0@Z
??0CNtSid@@QAE@PAX@Z
??0CNtSid@@QAE@W4SidType@0@@Z
??0CNtSid@@QAE@XZ
??0CPropertyName@@QAE@ABV0@@Z
??0CPropertyName@@QAE@XZ
??0CQl1ParseSink@@QAE@ABV0@@Z
??0CQl1ParseSink@@QAE@XZ
??0CRegistryMinMaxLimitControl@@QAE@ABV0@@Z
??0CRegistryMinMaxLimitControl@@QAE@HPBG0000@Z
??0CSafeArray@@QAE@AAV0@@Z
??0CSafeArray@@QAE@HHHH@Z
??0CSafeArray@@QAE@PAUtagSAFEARRAY@@HHH@Z
??0CTimerGenerator@@QAE@ABV0@@Z
??0CTimerGenerator@@QAE@XZ
??0CTimerInstruction@@QAE@ABV0@@Z
??0CTimerInstruction@@QAE@XZ
??0CUnk@@QAE@ABV0@@Z
??0CUnk@@QAE@PAVCLifeControl@@PAUIUnknown@@@Z
??0CUnkInternal@@QAE@ABV0@@Z
??0CUnkInternal@@QAE@PAVCLifeControl@@@Z
??0CUnloadInstruction@@QAE@ABV0@@Z
??0CUnloadInstruction@@QAE@PBGPAUIWbemContext@@@Z
??0CVar@@QAE@ABV0@@Z
??0CVar@@QAE@D@Z
??0CVar@@QAE@E@Z
??0CVar@@QAE@F@Z
??0CVar@@QAE@FH@Z
??0CVar@@QAE@G@Z
??0CVar@@QAE@HPAG@Z
??0CVar@@QAE@HPAUtagSAFEARRAY@@@Z
??0CVar@@QAE@HVauto_bstr@@@Z
??0CVar@@QAE@J@Z
??0CVar@@QAE@K@Z
??0CVar@@QAE@M@Z
??0CVar@@QAE@N@Z
??0CVar@@QAE@PADH@Z
??0CVar@@QAE@PAGH@Z
??0CVar@@QAE@PAU_FILETIME@@@Z
??0CVar@@QAE@PAU_GUID@@H@Z
??0CVar@@QAE@PAUtagBLOB@@H@Z
??0CVar@@QAE@PAUtagVARIANT@@@Z
??0CVar@@QAE@PAVCVarVector@@H@Z
??0CVar@@QAE@XZ
??0CVarVector@@QAE@AAV0@@Z
??0CVarVector@@QAE@HHH@Z
??0CVarVector@@QAE@HPAUtagSAFEARRAY@@H@Z
??0CVarVector@@QAE@XZ
??0CWQLScanner@@QAE@AAV0@@Z
??0CWQLScanner@@QAE@PAVCGenLexSource@@@Z
??0CWStringArray@@QAE@AAV0@@Z
??0CWStringArray@@QAE@HH@Z
??0CWbemCallSecurity@@AAE@ABV0@@Z
??0CWbemCallSecurity@@AAE@XZ
??0CWbemCriticalSection@@QAE@XZ
??0CWbemInterval@@IAE@K@Z
??0CWbemInterval@@QAE@XZ
??0CWbemTime@@IAE@_J@Z
??0CWbemTime@@QAE@ABV0@@Z
??0CWbemTime@@QAE@XZ
??0CWbemTimeSpan@@QAE@HHHHHHH@Z
??0CWin32DefaultArena@@QAE@ABV0@@Z
??0CWin32DefaultArena@@QAE@XZ
??0QL1_Parser@@QAE@ABV0@@Z
??0QL1_Parser@@QAE@PAVCGenLexSource@@@Z
??0QL_LEVEL_1_RPN_EXPRESSION@@QAE@ABU0@@Z
??0QL_LEVEL_1_RPN_EXPRESSION@@QAE@XZ
??0QL_LEVEL_1_TOKEN@@QAE@ABU0@@Z
??0QL_LEVEL_1_TOKEN@@QAE@XZ
??0Registry@@QAE@PAGK@Z
??0Registry@@QAE@PAUHKEY__@@KKPAG@Z
??0Registry@@QAE@PAUHKEY__@@KPAG@Z
??0Registry@@QAE@XZ
??0WString@@QAE@ABV0@@Z
??0WString@@QAE@KPAUHINSTANCE__@@@Z
??0WString@@QAE@PAGH@Z
??0WString@@QAE@PBD@Z
??0WString@@QAE@PBG@Z
??0WString@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??1C9XAce@@UAE@XZ
??1CAbstractQl1Parser@@UAE@XZ
??1CBaseAce@@UAE@XZ
??1CBasicUnloadInstruction@@UAE@XZ
??1CBuffer@@QAE@XZ
??1CCheckedInCritSec@@QAE@XZ
??1CCritSec@@QAE@XZ
??1CDMTFParser@@QAE@XZ
??1CDatePart@@QAE@XZ
??1CDateTimeParser@@QAE@XZ
??1CEnterWbemCriticalSection@@QAE@XZ
??1CEventLog@@QAE@XZ
??1CEventLogRecord@@QAE@XZ
??1CExecQueue@@QAE@XZ
??1CExecRequest@@UAE@XZ
??1CFlexArray@@QAE@XZ
??1CFlexQueue@@QAE@XZ
??1CHaltable@@UAE@XZ
??1CIdentityTest@@QAE@XZ
??1CInCritSec@@QAE@XZ
??1CInsertionString@@QAE@XZ
??1CInstructionQueue@@QAE@XZ
??1CLike@@QAE@XZ
??1CLimitControl@@UAE@XZ
??1CMRCICompression@@QAE@XZ
??1CMinMaxLimitControl@@UAE@XZ
??1CNtAce@@UAE@XZ
??1CNtAcl@@QAE@XZ
??1CNtSecurityDescriptor@@QAE@XZ
??1CNtSid@@QAE@XZ
??1CPropertyName@@QAE@XZ
??1CRegistryMinMaxLimitControl@@UAE@XZ
??1CSafeArray@@QAE@XZ
??1CTimerGenerator@@UAE@XZ
??1CTimerInstruction@@UAE@XZ
??1CUnk@@UAE@XZ
??1CUnkInternal@@UAE@XZ
??1CUnloadInstruction@@UAE@XZ
??1CVar@@QAE@XZ
??1CVarVector@@QAE@XZ
??1CWQLScanner@@QAE@XZ
??1CWStringArray@@QAE@XZ
??1CWbemCallSecurity@@AAE@XZ
??1CWbemCriticalSection@@QAE@XZ
??1CWin32DefaultArena@@QAE@XZ
??1QL1_Parser@@UAE@XZ
??1QL_LEVEL_1_RPN_EXPRESSION@@QAE@XZ
??1QL_LEVEL_1_TOKEN@@QAE@XZ
??1Registry@@QAE@XZ
??1WString@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??4C9XAce@@QAEAAV0@ABV0@@Z
??4CAbstractQl1Parser@@QAEAAV0@ABV0@@Z
??4CArena@@QAEAAV0@ABV0@@Z
??4CBaseAce@@QAEAAV0@ABV0@@Z
??4CBaseMrciCompression@@QAEAAV0@ABV0@@Z
??4CBasicUnloadInstruction@@QAEAAV0@ABV0@@Z
??4CBuffer@@QAEAAV0@ABV0@@Z
??4CCheckedInCritSec@@QAEAAV0@ABV0@@Z
??4CContainerControl@@QAEAAV0@ABV0@@Z
??4CCritSec@@QAEAAV0@ABV0@@Z
??4CDMTFParser@@QAEAAV0@ABV0@@Z
??4CDatePart@@QAEAAV0@ABV0@@Z
??4CDateTimeParser@@QAEAAV0@ABV0@@Z
??4CEnterWbemCriticalSection@@QAEAAV0@ABV0@@Z
??4CEventLog@@QAEAAV0@ABV0@@Z
??4CEventLogRecord@@QAEAAV0@AAV0@@Z
??4CExecQueue@@QAEAAV0@AAV0@@Z
??4CExecRequest@@QAEAAV0@ABV0@@Z
??4CFlexArray@@QAEAAV0@AAV0@@Z
??4CFlexQueue@@QAEAAV0@ABV0@@Z
??4CHaltable@@QAEAAV0@ABV0@@Z
??4CHex@@QAEAAV0@ABV0@@Z
??4CIdentityTest@@QAEAAV0@ABV0@@Z
??4CInCritSec@@QAEAAV0@ABV0@@Z
??4CInsertionString@@QAEAAV0@ABV0@@Z
??4CInstructionQueue@@QAEAAV0@ABV0@@Z
??4CInstructionTest@@QAEAAV0@ABV0@@Z
??4CLifeControl@@QAEAAV0@ABV0@@Z
??4CLike@@QAEAAV0@ABV0@@Z
??4CLimitControl@@QAEAAV0@ABV0@@Z
??4CMRCICompression@@QAEAAV0@ABV0@@Z
??4CMRCIControl@@QAEAAV0@ABV0@@Z
??4CMinMaxLimitControl@@QAEAAV0@ABV0@@Z
??4CNtAce@@QAEAAV0@ABV0@@Z
??4CNtAcl@@QAEAAV0@ABV0@@Z
??4CNtSecurity@@QAEAAV0@ABV0@@Z
??4CNtSecurityDescriptor@@QAEAAV0@AAV0@@Z
??4CNtSid@@QAEAAV0@ABV0@@Z
??4CPersistentConfig@@QAEAAV0@ABV0@@Z
??4CPropertyName@@QAEXABU_tag_WbemPropertyName@@@Z
??4CPropertyName@@QAEXABV0@@Z
??4CQl1ParseSink@@QAEAAV0@ABV0@@Z
??4CRegistryMinMaxLimitControl@@QAEAAV0@ABV0@@Z
??4CSafeArray@@QAEAAV0@AAV0@@Z
??4CSmallArrayBlob@@QAEAAV0@ABV0@@Z
??4CTimerGenerator@@QAEAAV0@ABV0@@Z
??4CTimerInstruction@@QAEAAV0@ABV0@@Z
??4CUnk@@QAEAAV0@ABV0@@Z
??4CUnkInternal@@QAEAAV0@ABV0@@Z
??4CUnloadInstruction@@QAEAAV0@ABV0@@Z
??4CVar@@QAEAAV0@ABV0@@Z
??4CVarVector@@QAEAAV0@AAV0@@Z
??4CWQLScanner@@QAEAAV0@AAV0@@Z
??4CWStringArray@@QAEAAV0@AAV0@@Z
??4CWbemCallSecurity@@AAEAAV0@ABV0@@Z
??4CWbemCriticalSection@@QAEAAV0@ABV0@@Z
??4CWbemInterval@@QAEAAV0@ABV0@@Z
??4CWbemTime@@QAEXABV0@@Z
??4CWbemTimeSpan@@QAEAAV0@ABV0@@Z
??4CWin32DefaultArena@@QAEAAV0@ABV0@@Z
??4MD5@@QAEAAV0@ABV0@@Z
??4QL1_Parser@@QAEAAV0@ABV0@@Z
??4QL_LEVEL_1_RPN_EXPRESSION@@QAEAAU0@ABU0@@Z
??4QL_LEVEL_1_TOKEN@@QAEAAU0@ABU0@@Z
??4QL_LEVEL_1_TOKEN@@QAEAAU0@ABU_tag_WbemQl1Token@@@Z
??4Registry@@QAEAAV0@ABV0@@Z
??4WString@@QAEAAV0@ABV0@@Z
??4WString@@QAEAAV0@PBG@Z
??4_Lockit@std@@QAEAAV01@ABV01@@Z
??8CEventLogRecord@@QAEHABV0@@Z
??8CNtSid@@QAEHAAV0@@Z
??8CPropertyName@@QAEHABU_tag_WbemPropertyName@@@Z
??8CVar@@QAEHAAV0@@Z
??8CVarVector@@QAEHAAV0@@Z
??ACFlexArray@@QAEAAPAXH@Z
??ACFlexArray@@QBEPAXH@Z
??ACSmallArrayBlob@@QBEPAXH@Z
??ACVarVector@@QAEAAVCVar@@H@Z
??ACWStringArray@@QBEPAGH@Z
??AWString@@QBEGH@Z
??BCHex@@QAEJXZ
??BCVar@@QAE?AU_FILETIME@@XZ
??BCVar@@QAEDXZ
??BCVar@@QAEEXZ
??BCVar@@QAEFXZ
??BCVar@@QAEGXZ
??BCVar@@QAEJXZ
??BCVar@@QAEKXZ
??BCVar@@QAEMXZ
??BCVar@@QAENXZ
??BCVar@@QAEPADXZ
??BCVar@@QAEPAGXZ
??BCVar@@QAEPAU_GUID@@XZ
??BCVar@@QAEPAUtagBLOB@@XZ
??BCVar@@QAEPAVCVarVector@@XZ
??BWString@@QAEPAGXZ
??BWString@@QBEPBGXZ
??DCWbemInterval@@QBE?AV0@N@Z
??GCWbemTime@@QBE?AV0@ABVCWbemTimeSpan@@@Z
??GCWbemTime@@QBE?AVCWbemInterval@@ABV0@@Z
??HCWbemInterval@@QBE?AV0@V0@@Z
??HCWbemTime@@QBE?AV0@ABVCWbemInterval@@@Z
??HCWbemTime@@QBE?AV0@ABVCWbemTimeSpan@@@Z
??MCWbemInterval@@QAEHV0@@Z
??MCWbemTime@@QBEHABV0@@Z
??MWString@@QBEHPBG@Z
??NCWbemTime@@QBEHABV0@@Z
??NWString@@QBEHPBG@Z
??OCWbemInterval@@QAEHV0@@Z
??OCWbemTime@@QBEHABV0@@Z
??OWString@@QBEHPBG@Z
??PCWbemTime@@QBEHABV0@@Z
??PWString@@QBEHPBG@Z
??RCIdentityTest@@UAEHPAVCTimerInstruction@@@Z
??RWString@@QBE?AV0@HH@Z
??YCWbemInterval@@QAEXV0@@Z
??YWString@@QAEAAV0@ABV0@@Z
??YWString@@QAEAAV0@G@Z
??YWString@@QAEAAV0@PBG@Z
??_7C9XAce@@6B@
??_7CAbstractQl1Parser@@6B@
??_7CArena@@6B@
??_7CBaseAce@@6B@
??_7CBasicUnloadInstruction@@6B@
??_7CBuffer@@6B@
??_7CContainerControl@@6B@
??_7CExecQueue@@6B@
??_7CExecRequest@@6B@
??_7CHaltable@@6B@
??_7CIdentityTest@@6B@
??_7CInstructionTest@@6B@
??_7CLifeControl@@6B@
??_7CLimitControl@@6B@
??_7CMinMaxLimitControl@@6B@
??_7CNtAce@@6B@
??_7CQl1ParseSink@@6B@
??_7CRegistryMinMaxLimitControl@@6B@
??_7CTimerGenerator@@6B@
??_7CTimerInstruction@@6B@
??_7CUnk@@6B@
??_7CUnkInternal@@6B@
??_7CUnloadInstruction@@6B@
??_7CWbemCallSecurity@@6B@
??_7CWin32DefaultArena@@6B@
??_7QL1_Parser@@6B@
??_7QL_LEVEL_1_RPN_EXPRESSION@@6B@
??_FCBuffer@@QAEXXZ
??_FCEventLog@@QAEXXZ
??_FCFlexArray@@QAEXXZ
??_FCFlexQueue@@QAEXXZ
??_FCNtAcl@@QAEXXZ
??_FCUnk@@QAEXXZ
??_FCWStringArray@@QAEXXZ
?AbortCompression@CMRCIControl@@QAEXXZ
?AbortRequested@CMRCIControl@@QAEHXZ
?Access@CSafeArray@@QAEJPAPAX@Z
?AccessRawArray@CVarVector@@QAEJPAPAX@Z
?Add@CFlexArray@@QAEHPAX@Z
?Add@CMinMaxLimitControl@@UAEJKKPAK@Z
?Add@CVarVector@@QAEHAAVCVar@@@Z
?Add@CVarVector@@QAEHPAVCVar@@@Z
?Add@CWStringArray@@QAEHPBG@Z
?AddAce@CNtAcl@@QAEHPAVCNtAce@@@Z
?AddAggregationProperty@QL_LEVEL_1_RPN_EXPRESSION@@UAEXABVCPropertyName@@@Z
?AddAllAggregationProperties@QL_LEVEL_1_RPN_EXPRESSION@@UAEXXZ
?AddAllProperties@QL_LEVEL_1_RPN_EXPRESSION@@UAEXXZ
?AddAppropriateToken@CAbstractQl1Parser@@IAEXABU_tag_WbemQl1Token@@@Z
?AddBSTR@CSafeArray@@QAEHPAG@Z
?AddBool@CSafeArray@@QAEHF@Z
?AddByte@CSafeArray@@QAEHE@Z
?AddDispatch@CSafeArray@@QAEHPAUIDispatch@@@Z
?AddDouble@CSafeArray@@QAEHN@Z
?AddElement@CPropertyName@@QAEXPBG@Z
?AddFloat@CSafeArray@@QAEHM@Z
?AddHavingToken@QL_LEVEL_1_RPN_EXPRESSION@@UAEXABU_tag_WbemQl1Token@@@Z
?AddInsertionString@CEventLogRecord@@IAEXAAVCInsertionString@@@Z
?AddLong@CSafeArray@@QAEHJ@Z
?AddMember@CLimitControl@@UAEJXZ
?AddProperty@QL_LEVEL_1_RPN_EXPRESSION@@UAEXABVCPropertyName@@@Z
?AddRecord@CEventLog@@IAEXPAVCEventLogRecord@@@Z
?AddRef@CBasicUnloadInstruction@@UAEXXZ
?AddRef@CBuffer@@UAGKXZ
?AddRef@CContainerControl@@UAEXPAUIUnknown@@@Z
?AddRef@CExecQueue@@QAEXXZ
?AddRef@CUnk@@UAGKXZ
?AddRef@CUnkInternal@@UAGKXZ
?AddRef@CWbemCallSecurity@@UAGKXZ
?AddRef@QL_LEVEL_1_RPN_EXPRESSION@@QAEXXZ
?AddScalar@CSafeArray@@AAEHTSA_ArrayScalar@@@Z
?AddShort@CSafeArray@@QAEHF@Z
?AddToken@QL_LEVEL_1_RPN_EXPRESSION@@QAEXABUQL_LEVEL_1_TOKEN@@@Z
?AddToken@QL_LEVEL_1_RPN_EXPRESSION@@UAEXABU_tag_WbemQl1Token@@@Z
?AddUnknown@CSafeArray@@QAEHPAUIUnknown@@@Z
?AddVariant@CSafeArray@@QAEHPAUtagVARIANT@@@Z
?AdjustInitialPriority@CExecQueue@@MAEXPAVCExecRequest@@@Z
?AdjustPriorityForPassing@CExecQueue@@MAEXPAVCExecRequest@@@Z
?AdjustPrivIfLocalSystem@@YGXPAX@Z
?Advance@CBuffer@@QAEJK@Z
?AliasToTable@CWQLScanner@@QAEQAGPAG@Z
?Alloc@CWin32DefaultArena@@UAEPAXK@Z
?AllocAmPm@CDateTimeParser@@IAEPAGXZ
?AllocWCHARToMBS@@YGHPAGPAPAD@Z
?Bind@CFlexArray@@QAEXAAV1@@Z
?BindPtr@WString@@QAEXPAG@Z
?BlobAssign@@YGXPAUtagBLOB@@PAXKH@Z
?BlobClear@@YGXPAUtagBLOB@@@Z
?BlobCopy@@YG?AUtagBLOB@@PBU1@@Z
?BreakOnDbgAndRenterLoop@CCritSec@@SGKXZ
?BreakOnDbgAndRenterLoop@CInCritSec@@SGKXZ
?BreakWait@CInstructionQueue@@QAEXXZ
?BuildSWQLColRef@CWQLScanner@@AAEHAAVCFlexArray@@AAUSWQLColRef@@@Z
?CalcSitOutPenalty@CExecQueue@@MAEKJ@Z
?CanDelete@CVar@@QAEHXZ
?Change@CInstructionQueue@@QAEJPAVCTimerInstruction@@VCWbemTime@@@Z
?ChangeTypeTo@CVar@@QAEHG@Z
?ChangeTypeToEx@CVar@@QAEHGK@Z
?ChangeVariantToCIMTYPE@@YGJPAUtagVARIANT@@0J@Z
?CheckDMTFDateTimeFormat@CDateTimeParser@@SGHPBGHH@Z
?CheckDMTFDateTimeFormatInternal@CDateTimeParser@@IAEHPBG@Z
?CheckDMTFDateTimeInterval@CDateTimeParser@@SGHPBG@Z
?CheckDateFormat@CDateTimeParser@@IAEHPBGH@Z
?CheckTimeFormat@CDateTimeParser@@IAEHPBGH@Z
?CheckType@CSafeArray@@AAEXH@Z
?Clear@CUnloadInstruction@@SGXXZ
?ClearPropRefs@CWQLScanner@@AAEXXZ
?ClearTableRefs@CWQLScanner@@AAEXXZ
?ClearTokens@CWQLScanner@@AAEXXZ
?Clone@CBuffer@@UAGJPAPAUIStream@@@Z
?CloneData@CSmallArrayBlob@@QAEPAPAXXZ
?CloneThreadContext@CWbemCallSecurity@@UAEJH@Z
?CloneThreadToken@CWbemCallSecurity@@AAEJK@Z
?Close@CEventLog@@QAEHXZ
?Commit@CBuffer@@UAGJK@Z
?CompareEls@CFlexArray@@KAHPBX0@Z
?CompareEls@CSmallArrayBlob@@KAHPBX0@Z
?CompareTo@CVar@@QAEHAAV1@H@Z
?CompareTo@CVarVector@@QAEHAAV1@H@Z
?Compress@CFlexArray@@QAEXXZ
?Compress@CWStringArray@@QAEXXZ
?CompressBuffer@CMRCICompression@@QAEIPAEK0KW4CompressionLevel@1@@Z
?CompressFile@CMRCICompression@@QAEHPBG0KW4CompressionLevel@1@PAVCMRCIControl@@@Z
?CompressFileV1@CMRCICompression@@IAEHHHKW4CompressionLevel@1@PAVCMRCIControl@@@Z
?ComputePenalty@CMinMaxLimitControl@@IAEJKKPAKPAH@Z
?ContainsSid@CNtAcl@@QAEHAAVCNtSid@@AAE@Z
?ContinueTransform@MD5@@SGXPAXIQAE@Z
?CopyData@CSmallArrayBlob@@IAEXPAV1@@Z
?CopyDataFrom@CFlexArray@@QAEHABV1@@Z
?CopyTo@CBuffer@@UAGJPAUIStream@@T_ULARGE_INTEGER@@PAT3@2@Z
?CopyTo@CNtSid@@QAEHPAX@Z
?CountQuery@CWQLScanner@@QAEHXZ
?CreateBlob@CSmallArrayBlob@@SGPAV1@H@Z
?CreateInst@CWbemCallSecurity@@SGPAVIWbemCallSecurity@@XZ
?CreateNewThread@CExecQueue@@MAEHXZ
?CriticalFailADAPTrace@@YGHPBD@Z
?CurrentLine@CAbstractQl1Parser@@QAEHXZ
?CurrentToken@CAbstractQl1Parser@@QAEPAGXZ
?DateFormat10@CDateTimeParser@@IAEHPBG0H@Z
?DateFormat11@CDateTimeParser@@IAEHPBG0H@Z
?DateFormat12@CDateTimeParser@@IAEHPBG0H@Z
?DateFormat13@CDateTimeParser@@IAEHPBG0H@Z
?DateFormat14@CDateTimeParser@@IAEHPBG0H@Z
?DateFormat15@CDateTimeParser@@IAEHPBGH@Z
?DateFormat1@CDateTimeParser@@IAEHPBGH@Z
?DateFormat2@CDateTimeParser@@IAEHPBGH@Z
?DateFormat3@CDateTimeParser@@IAEHPBGH@Z
?DateFormat4@CDateTimeParser@@IAEHPBGH@Z
?DateFormat5@CDateTimeParser@@IAEHPBGH@Z
?DateFormat6@CDateTimeParser@@IAEHPBGH@Z
?DateFormat7@CDateTimeParser@@IAEHPBGH@Z
?DateFormat8@CDateTimeParser@@IAEHPBGH@Z
?DateFormat9@CDateTimeParser@@IAEHPBG0H@Z
?DebugDump@CFlexArray@@QAEXXZ
?DebugTrace@@YAHDPBDZZ
?DecrementIndex@CFlexQueue@@IAEXAAH@Z
?DeleteAce@CNtAcl@@QAEHH@Z
?DeletePropertyName@CAbstractQl1Parser@@IAEXXZ
?DeleteStr@CWStringArray@@QAEHH@Z
?DeleteString@WString@@AAEXPAG@Z
?DeleteValue@Registry@@QAEHPAG@Z
?Dequeue@CFlexQueue@@QAEPAXXZ
?Dequeue@CInstructionQueue@@QAEJAAPAVCTimerInstruction@@AAVCWbemTime@@@Z
?Deserialize@C9XAce@@UAE_NPAE@Z
?Deserialize@CNtAce@@UAE_NPAE@Z
?Difference@CWStringArray@@SGXAAV1@00@Z
?DoLike@CLike@@IAE_NPBG0G@Z
?DoesNeedNewThread@CExecQueue@@MAEHPAVCExecRequest@@@Z
?DoesVectorTypeMatchArrayType@CVarVector@@QAEHXZ
?Dump@CWQLScanner@@QAEXXZ
?Dump@QL_LEVEL_1_RPN_EXPRESSION@@QAEXPBD@Z
?Dump@QL_LEVEL_1_TOKEN@@QAEXPAU_iobuf@@@Z
?DumpError@CExecRequest@@UAEXXZ
?DumpText@CVar@@QAEHPAU_iobuf@@@Z
?ElementSize@CSafeArray@@QAEHXZ
?Empty@CFlexArray@@QAEXXZ
?Empty@CPropertyName@@QAEXXZ
?Empty@CSafeArray@@QAEXXZ
?Empty@CVar@@QAEXXZ
Sections
.text Size: 192KB - Virtual size: 191KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 968B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ