vds.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
01eb7df24677ed82dd160b2444d01989_JaffaCakes118.exe
Resource
win7-20240508-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
01eb7df24677ed82dd160b2444d01989_JaffaCakes118.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
01eb7df24677ed82dd160b2444d01989_JaffaCakes118
-
Size
451KB
-
MD5
01eb7df24677ed82dd160b2444d01989
-
SHA1
22c3283d7fe5f79525c8f7b0825e4095319b18b7
-
SHA256
41b0def808a6234909d3deff2cac01cfef7cffa932517d8e180c1165016ee85b
-
SHA512
bdbb3d59794496b632c51d8f83fbfca9fdee62a6b0e345c817ed5623e1bdc1a32e2486b0842532d652707b2d5f555e59ed917881c6caecdee07a030717c32e70
-
SSDEEP
12288:AGLKHz7vIJDKAnkf764TspNCNeeAPcTH2fiu:TQvIJWAkT64wjjVUk
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 01eb7df24677ed82dd160b2444d01989_JaffaCakes118
Files
-
01eb7df24677ed82dd160b2444d01989_JaffaCakes118.exe windows:6 windows x86 arch:x86
bdeed6655abbd59566f99dc88ba3120c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
advapi32
SetServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
FreeSid
SetServiceObjectSecurity
AddAccessAllowedAce
GetLengthSid
IsValidSid
MakeAbsoluteSD
QueryServiceObjectSecurity
ChangeServiceConfig2W
CreateServiceW
DeleteService
ControlService
RegCloseKey
RegSetValueExW
RegOpenKeyW
GetSecurityDescriptorLength
MakeSelfRelativeSD
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
RegQueryValueExW
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
InitiateSystemShutdownExW
RegDeleteValueW
kernel32
CreateSemaphoreW
GetCurrentThreadId
GetModuleFileNameW
OutputDebugStringW
GetCommandLineW
HeapSetInformation
DeviceIoControl
CreateFileW
WaitForSingleObject
GetProcAddress
lstrlenW
ReleaseSemaphore
LocalFree
FormatMessageW
GetModuleHandleW
FindVolumeClose
FindNextVolumeW
FindVolumeMountPointClose
FindNextVolumeMountPointW
RemoveDirectoryW
GetVolumeNameForVolumeMountPointW
FindFirstVolumeMountPointW
FindFirstVolumeW
QueryDosDeviceW
FreeLibrary
Sleep
GetLastError
SetEvent
CreateThread
CreateEventW
lstrcmpiW
GetVolumePathNamesForVolumeNameW
GetSystemDirectoryW
DeleteVolumeMountPointW
DefineDosDeviceW
SetVolumeMountPointW
GetVolumePathNameW
WriteFile
ResumeThread
SetFilePointerEx
WaitForMultipleObjects
ReadFile
VirtualFree
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
OutputDebugStringA
GetStartupInfoW
InterlockedCompareExchange
LoadLibraryW
CloseHandle
VirtualAlloc
GetProcessHeap
HeapFree
InterlockedExchange
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
user32
CharNextW
LoadStringW
DispatchMessageW
GetMessageW
PostThreadMessageW
UnregisterDeviceNotification
PeekMessageW
RegisterDeviceNotificationW
DefWindowProcW
MessageBoxW
msvcrt
memcpy
memmove_s
memcpy_s
_wcsicmp
__wgetmainargs
malloc
_callnewh
free
_wtol
_ltow
swscanf_s
_ftol2
towupper
time
__CxxFrameHandler3
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
??1exception@@UAE@XZ
rand
srand
_controlfp
_onexit
_lock
memset
__dllonexit
_unlock
_except_handler4_common
??1type_info@@UAE@XZ
_purecall
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_XcptFilter
_exit
?what@exception@@UBEPBDXZ
_cexit
wcsncmp
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
_wcsnicmp
_vsnwprintf
_CxxThrowException
atl
ord30
ord32
ord20
ord17
ord23
ord57
ord18
ord16
oleaut32
VariantClear
SafeArrayPutElement
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocString
VariantInit
SysStringLen
SysFreeString
ntdll
NtQueryVolumeInformationFile
RtlAdjustPrivilege
ole32
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoInitializeEx
CoUninitialize
CoInitializeSecurity
StringFromGUID2
CoCreateGuid
CoTaskMemRealloc
CLSIDFromString
setupapi
SetupDiEnumDeviceInterfaces
CM_Get_Parent
CM_Reenumerate_DevNode_Ex
CM_Get_DevNode_Status
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiSetClassInstallParamsW
SetupDiCallClassInstaller
SetupDiGetDeviceInstallParamsW
shlwapi
SHDeleteKeyW
netapi32
NetShareAdd
osuninst
IsUninstallImageValid
clusapi
GetNodeClusterState
vdsutil
?OpenDevice@@YGKPAGKPAPAX@Z
?GetInterfaceDetailData@@YGKPAXPAU_SP_DEVICE_INTERFACE_DATA@@PAPAU_SP_DEVICE_INTERFACE_DETAIL_DATA_W@@@Z
?IsDriveLetter@@YGHPAG@Z
??M@YG_NABU_GUID@@0@Z
?GetDeviceNumber@@YGKPAXPAU_STORAGE_DEVICE_NUMBER@@@Z
?IsNoAutoMount@@YGHXZ
?VdsTraceExW@@YAXKKPAGZZ
?GuidToString@@YGJPAU_GUID@@PAGK@Z
?IsLoggingEnabledW@@YGEXZ
?Next@CPrvEnumObject@@UAGJKPAPAUIUnknown@@PAK@Z
?Skip@CPrvEnumObject@@UAGJK@Z
?Reset@CPrvEnumObject@@UAGJXZ
?Clone@CPrvEnumObject@@UAGJPAPAUIEnumVdsObject@@@Z
?Uninitialize@CVdsAsyncObjectBase@@SGXXZ
?Uninitialize@CVdsPnPNotificationBase@@QAEXXZ
?Append@CPrvEnumObject@@QAEJPAUIUnknown@@@Z
?Clear@CPrvEnumObject@@QAEXXZ
?LockDismountVolume@@YGKPAXHE@Z
?GetDiskLayout@@YGKPAXPAPAU_DRIVE_LAYOUT_INFORMATION_EX@@@Z
?VdsTrace@@YAXKPADZZ
??1CVdsWmiVariantObjectArrayEnum@@QAE@XZ
?Detach@CVdsWmiVariantObjectArrayEnum@@QAEJXZ
?VdsWmiCopyFromVariantByteArray@@YGJPAUIWbemClassObject@@PAGJPAE@Z
?VdsWmiGetObjectFromInstance@@YGJPAUIWbemClassObject@@PAGPAPAU1@@Z
?VdsWmiGetUlongFromInstance@@YGJPAUIWbemClassObject@@PAGPAK@Z
?VdsWmiGetByteFromInstance@@YGJPAUIWbemClassObject@@PAGPAE@Z
?Next@CVdsWmiVariantObjectArrayEnum@@QAEJPAPAUIWbemClassObject@@@Z
?Attach@CVdsWmiVariantObjectArrayEnum@@QAEJPAUtagVARIANT@@@Z
?VdsWmiConnectToNamespace@@YGJPAGPAPAUIWbemLocator@@PAPAUIWbemServices@@@Z
??0CVdsWmiVariantObjectArrayEnum@@QAE@XZ
?RegisterHandle@CVdsPnPNotificationBase@@QAEKPAXPAPAX@Z
?GetPartitionInformation@@YGKPAXPAU_PARTITION_INFORMATION_EX@@@Z
?GetDeviceAndMediaType@@YGKPAGPAXPAK2@Z
?Initialize@CVdsPnPNotificationBase@@QAEKXZ
?Initialize@CVdsAsyncObjectBase@@SGKXZ
?IsWinPE@@YGHXZ
??1CVdsAsyncObjectBase@@QAE@XZ
??0CVdsAsyncObjectBase@@QAE@XZ
?Signal@CVdsAsyncObjectBase@@QAEXXZ
?SetCompletionStatus@CVdsAsyncObjectBase@@QAEXJK@Z
?QueryStatus@CVdsAsyncObjectBase@@UAGJPAJPAK@Z
?VdsIscsiIpAddressToString@@YGJPAU_VDS_IPADDRESS@@KPAG@Z
?VdsWmiGetUlonglongFromInstance@@YGJPAUIWbemClassObject@@PAGPA_K@Z
?VdsWmiFindInstanceOfClass@@YGJPAUIWbemServices@@PAG1PAPAUIWbemClassObject@@@Z
?VdsIscsiCheckEqualIpAddress@@YGHU_VDS_IPADDRESS@@0@Z
?VdsIscsiIpsecIdToIpAddress@@YGJEKPAEPAU_VDS_IPADDRESS@@@Z
?VdsIscsiIpAddressToIpsecId@@YGJPAU_VDS_IPADDRESS@@PAEPAKPAPAE@Z
?WriteBootCode@@YGKPAX@Z
?CoFreeStringArray@@YGXPAPAGJ@Z
?GetVolumeName@@YGJPAGK0@Z
?AssignTempVolumeName@@YGJPAGQAG@Z
?GetVolumeDiskExtentInfo@@YGKPAXPAPAU_VOLUME_DISK_EXTENTS@@@Z
?RemoveTempVolumeName@@YGXPAG0@Z
?GarbageCollectDriveLetters@@YGXXZ
?DeleteNetworkShare@@YGHPAG@Z
?LockVolume@@YGKPAXE@Z
?MountVolume@@YGKPAG@Z
?VdsIscsiGetIpAddressFromInstance@@YGJPAUIWbemClassObject@@PAGPAU_VDS_IPADDRESS@@@Z
?VdsWmiGetObjectInVariantObjectArray@@YGJPAUIWbemClassObject@@PAGJPAPAU1@@Z
?VdsIscsiCacheSessionDevices@@YGJPAUIEnumWbemClassObject@@PAPAU_VDSISCSI_SESSION_DEVICES_CACHE@@@Z
?VdsWmiCallMethod@@YGJPAUIWbemServices@@PAUIWbemClassObject@@PAG1PAPAU2@@Z
?VdsWmiSetObjectInInstance@@YGJPAUIWbemClassObject@@PAG0@Z
?VdsWmiGetMethodArgumentObject@@YGJPAUIWbemServices@@PAG1PAPAUIWbemClassObject@@@Z
?VdsWmiSetUlonglongInInstance@@YGJPAUIWbemClassObject@@PAG_K@Z
?VdsWmiCreateVariantArray@@YGJGJPAUtagVARIANT@@@Z
?VdsWmiSetUlongInInstance@@YGJPAUIWbemClassObject@@PAGK@Z
?VdsWmiCreateClassInstance@@YGJPAUIWbemServices@@PAGPAPAUIWbemClassObject@@@Z
?DeleteBcdObjects@@YGJPAU_VDS_PARTITION_IDENTITY@@@Z
?UnregisterHandle@CVdsPnPNotificationBase@@QAEXPAX@Z
?GetDeviceRegistryProperty@@YGKKKPAPAEK@Z
?VdsAllocateEmptyString@@YGPAGXZ
?GetDeviceRegistryProperty@@YGKPAXPAU_SP_DEVINFO_DATA@@KPAPAEK@Z
?CreateDeviceInfoSet@@YGKPAGPAPAXPAU_SP_DEVINFO_DATA@@@Z
?GetDeviceLocation@@YGKPAXPAU_VDS_DISK_PROP@@@Z
?IsDiskClustered@@YGKPAXPAE1@Z
?GetMediaGeometry@@YGKPAXPAU_VDS_DISK_PROP@@@Z
?WaitImpl@CVdsAsyncObjectBase@@QAEJPAJ@Z
?GetDeviceName@@YGKPAXHKPAG@Z
?VdsTraceW@@YAXKPAGZZ
?RemoveEventSource@@YGKPAG@Z
?AddEventSource@@YGKPAGPAUHINSTANCE__@@@Z
?VdsTraceEx@@YAXKKPADZZ
?InitializeSecurityDescriptor@@YGKKPAXPAPAU_ACL@@PAPAX22@Z
?VdsHeapFree@@YGHPAXK0@Z
?VdsInitializeCriticalSection@@YGKPAU_RTL_CRITICAL_SECTION@@@Z
?LogInfo@@YGXPAGKKPAXK0PAD@Z
?LogError@@YGXPAGKKPAXKK0PAD@Z
??0CVdsCallTracer@@QAE@KPBD@Z
??1CVdsCallTracer@@QAE@XZ
?VdsSeTranslator@CVdsStructuredExceptionTranslator@@SGXIPAU_EXCEPTION_POINTERS@@@Z
?VdsHeapAlloc@@YGPAXPAXKK@Z
Exports
Exports
??0?$CVdsCoTaskPtr@G@@QAE@XZ
??0?$CVdsHandleImpl@$0A@@@QAE@XZ
??0?$CVdsHandleImpl@$0PPPPPPPP@@@QAE@XZ
??0?$CVdsHeapPtr@D@@QAE@XZ
??0?$CVdsHeapPtr@G@@QAE@XZ
??0?$CVdsHeapPtr@J@@QAE@XZ
??0?$CVdsHeapPtr@UFMIFS_DEF_FS_OUT@@@@QAE@XZ
??0?$CVdsHeapPtr@U_AUCTION_THREAD_PARAMETER@@@@QAE@XZ
??0?$CVdsHeapPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QAE@XZ
??0?$CVdsHeapPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QAE@XZ
??0?$CVdsHeapPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QAE@XZ
??0?$CVdsHeapPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QAE@XZ
??0?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINT@@@@QAE@XZ
??0?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QAE@XZ
??0?$CVdsHeapPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QAE@XZ
??0?$CVdsHeapPtr@U_VDS_DRIVE_LAYOUT_INFORMATION_EX@@@@QAE@XZ
??0?$CVdsPtr@D@@QAE@XZ
??0?$CVdsPtr@G@@QAE@XZ
??0?$CVdsPtr@J@@QAE@XZ
??0?$CVdsPtr@UFMIFS_DEF_FS_OUT@@@@QAE@XZ
??0?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QAE@XZ
??0?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QAE@XZ
??0?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QAE@XZ
??0?$CVdsPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QAE@XZ
??0?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QAE@XZ
??0?$CVdsPtr@U_MOUNTMGR_MOUNT_POINT@@@@QAE@XZ
??0?$CVdsPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QAE@XZ
??0?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QAE@XZ
??0?$CVdsPtr@U_VDS_DRIVE_LAYOUT_INFORMATION_EX@@@@QAE@XZ
??0CPrvEnumObject@@QAE@XZ
??0CVdsCriticalSection@@QAE@PAU_RTL_CRITICAL_SECTION@@@Z
??0CVdsPnPNotificationBase@@QAE@XZ
??0CVdsStructuredExceptionTranslator@@QAE@XZ
??0CVdsUnlockIt@@QAE@AAJ@Z
??1?$CVdsCoTaskPtr@G@@QAE@XZ
??1?$CVdsHandleImpl@$0A@@@QAE@XZ
??1?$CVdsHandleImpl@$0PPPPPPPP@@@QAE@XZ
??1?$CVdsHeapPtr@D@@QAE@XZ
??1?$CVdsHeapPtr@G@@QAE@XZ
??1?$CVdsHeapPtr@J@@QAE@XZ
??1?$CVdsHeapPtr@UFMIFS_DEF_FS_OUT@@@@QAE@XZ
??1?$CVdsHeapPtr@U_AUCTION_THREAD_PARAMETER@@@@QAE@XZ
??1?$CVdsHeapPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QAE@XZ
??1?$CVdsHeapPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QAE@XZ
??1?$CVdsHeapPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QAE@XZ
??1?$CVdsHeapPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QAE@XZ
??1?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINT@@@@QAE@XZ
??1?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QAE@XZ
??1?$CVdsHeapPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QAE@XZ
??1?$CVdsHeapPtr@U_VDS_DRIVE_LAYOUT_INFORMATION_EX@@@@QAE@XZ
??1?$CVdsPtr@D@@QAE@XZ
??1?$CVdsPtr@G@@QAE@XZ
??1?$CVdsPtr@J@@QAE@XZ
??1?$CVdsPtr@UFMIFS_DEF_FS_OUT@@@@QAE@XZ
??1?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QAE@XZ
??1?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QAE@XZ
??1?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QAE@XZ
??1?$CVdsPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QAE@XZ
??1?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QAE@XZ
??1?$CVdsPtr@U_MOUNTMGR_MOUNT_POINT@@@@QAE@XZ
??1?$CVdsPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QAE@XZ
??1?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QAE@XZ
??1?$CVdsPtr@U_VDS_DRIVE_LAYOUT_INFORMATION_EX@@@@QAE@XZ
??1CPrvEnumObject@@QAE@XZ
??1CVdsCriticalSection@@QAE@XZ
??1CVdsDebugLog@@QAE@XZ
??1CVdsPnPNotificationBase@@QAE@XZ
??1CVdsStructuredExceptionTranslator@@QAE@XZ
??1CVdsUnlockIt@@QAE@XZ
??4?$CVdsHandleImpl@$0A@@@QAEPAXPAX@Z
??4?$CVdsHandleImpl@$0PPPPPPPP@@@QAEPAXPAX@Z
??4?$CVdsHeapPtr@D@@QAEPADPAD@Z
??4?$CVdsHeapPtr@G@@QAEPAGPAG@Z
??4?$CVdsHeapPtr@J@@QAEPAJPAJ@Z
??4?$CVdsHeapPtr@UFMIFS_DEF_FS_OUT@@@@QAEPAUFMIFS_DEF_FS_OUT@@PAU1@@Z
??4?$CVdsHeapPtr@U_AUCTION_THREAD_PARAMETER@@@@QAEPAU_AUCTION_THREAD_PARAMETER@@PAU1@@Z
??4?$CVdsHeapPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QAEPAU_FORMAT_VOLUME_THREAD_PARAMETER@@PAU1@@Z
??4?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINT@@@@QAEPAU_MOUNTMGR_MOUNT_POINT@@PAU1@@Z
??4?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QAEPAU_MOUNTMGR_MOUNT_POINTS@@PAU1@@Z
??4?$CVdsHeapPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QAEPAU_SHRINK_VOLUME_THREAD_PARAMETER@@PAU1@@Z
??8?$CVdsHandleImpl@$0A@@@QBE_NPAX@Z
??8?$CVdsHandleImpl@$0PPPPPPPP@@@QBE_NPAX@Z
??8?$CVdsPtr@D@@QBE_NPAD@Z
??8?$CVdsPtr@G@@QBE_NPAG@Z
??8?$CVdsPtr@J@@QBE_NPAJ@Z
??8?$CVdsPtr@UFMIFS_DEF_FS_OUT@@@@QBE_NPAUFMIFS_DEF_FS_OUT@@@Z
??8?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QBE_NPAU_FORMAT_VOLUME_THREAD_PARAMETER@@@Z
??8?$CVdsPtr@U_MOUNTMGR_MOUNT_POINT@@@@QBE_NPAU_MOUNTMGR_MOUNT_POINT@@@Z
??8?$CVdsPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QBE_NPAU_MOUNTMGR_MOUNT_POINTS@@@Z
??8?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QBE_NPAU_SHRINK_VOLUME_THREAD_PARAMETER@@@Z
??9?$CVdsHandleImpl@$0PPPPPPPP@@@QBE_NPAX@Z
??9?$CVdsPtr@G@@QBE_NPAG@Z
??9?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QBE_NPAU_AUCTION_THREAD_PARAMETER@@@Z
??9?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QBE_NPAU_DRIVE_LAYOUT_INFORMATION_EX@@@Z
??A?$CVdsPtr@G@@QAEAAGH@Z
??A?$CVdsPtr@J@@QAEAAJJ@Z
??A?$CVdsPtr@UFMIFS_DEF_FS_OUT@@@@QAEAAUFMIFS_DEF_FS_OUT@@K@Z
??B?$CVdsHandleImpl@$0A@@@QAEPAXXZ
??B?$CVdsHandleImpl@$0PPPPPPPP@@@QAEPAXXZ
??B?$CVdsPtr@G@@QBEPAGXZ
??B?$CVdsPtr@J@@QBEPAJXZ
??B?$CVdsPtr@UFMIFS_DEF_FS_OUT@@@@QBEPAUFMIFS_DEF_FS_OUT@@XZ
??B?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QBEPAU_AUCTION_THREAD_PARAMETER@@XZ
??B?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QBEPAU_CLEAN_DISK_HANDLER_PARAMETER@@XZ
??B?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QBEPAU_FORMAT_VOLUME_THREAD_PARAMETER@@XZ
??B?$CVdsPtr@U_MOUNTMGR_MOUNT_POINT@@@@QBEPAU_MOUNTMGR_MOUNT_POINT@@XZ
??B?$CVdsPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QBEPAU_MOUNTMGR_MOUNT_POINTS@@XZ
??B?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QBEPAU_SHRINK_VOLUME_THREAD_PARAMETER@@XZ
??B?$CVdsPtr@U_VDS_DRIVE_LAYOUT_INFORMATION_EX@@@@QBEPAU_VDS_DRIVE_LAYOUT_INFORMATION_EX@@XZ
??C?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QBEPAU_AUCTION_THREAD_PARAMETER@@XZ
??C?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QBEPAU_CLEAN_DISK_HANDLER_PARAMETER@@XZ
??C?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QBEPAU_DRIVE_LAYOUT_INFORMATION_EX@@XZ
??C?$CVdsPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QBEPAU_EXTEND_VOLUME_HANDLER_PARAMETER@@XZ
??C?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QBEPAU_FORMAT_VOLUME_THREAD_PARAMETER@@XZ
??C?$CVdsPtr@U_MOUNTMGR_MOUNT_POINT@@@@QBEPAU_MOUNTMGR_MOUNT_POINT@@XZ
??C?$CVdsPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QBEPAU_MOUNTMGR_MOUNT_POINTS@@XZ
??C?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QBEPAU_SHRINK_VOLUME_THREAD_PARAMETER@@XZ
??C?$CVdsPtr@U_VDS_DRIVE_LAYOUT_INFORMATION_EX@@@@QBEPAU_VDS_DRIVE_LAYOUT_INFORMATION_EX@@XZ
??I?$CVdsHandleImpl@$0PPPPPPPP@@@QAEPAPAXXZ
??I?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QAEPAPAU_DRIVE_LAYOUT_INFORMATION_EX@@XZ
??I?$CVdsPtr@U_VDS_DRIVE_LAYOUT_INFORMATION_EX@@@@QAEPAPAU_VDS_DRIVE_LAYOUT_INFORMATION_EX@@XZ
?AllowCancel@CVdsAsyncObjectBase@@QAEXXZ
?Attach@?$CVdsPtr@G@@QAEXPAG@Z
?Attach@?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QAEXPAU_CLEAN_DISK_HANDLER_PARAMETER@@@Z
?Attach@?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QAEXPAU_DRIVE_LAYOUT_INFORMATION_EX@@@Z
?Attach@?$CVdsPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QAEXPAU_EXTEND_VOLUME_HANDLER_PARAMETER@@@Z
?Attach@?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QAEXPAU_FORMAT_VOLUME_THREAD_PARAMETER@@@Z
?Attach@?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QAEXPAU_SHRINK_VOLUME_THREAD_PARAMETER@@@Z
?Close@?$CVdsHandleImpl@$0PPPPPPPP@@@QAEXXZ
?Detach@?$CVdsHandleImpl@$0A@@@QAEPAXXZ
?Detach@?$CVdsHandleImpl@$0PPPPPPPP@@@QAEPAXXZ
?Detach@?$CVdsPtr@G@@QAEPAGXZ
?Detach@?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QAEPAU_AUCTION_THREAD_PARAMETER@@XZ
?Detach@?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QAEPAU_CLEAN_DISK_HANDLER_PARAMETER@@XZ
?Detach@?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QAEPAU_DRIVE_LAYOUT_INFORMATION_EX@@XZ
?Detach@?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QAEPAU_FORMAT_VOLUME_THREAD_PARAMETER@@XZ
?Detach@?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QAEPAU_SHRINK_VOLUME_THREAD_PARAMETER@@XZ
?DisallowCancel@CVdsAsyncObjectBase@@QAEXXZ
?GetOutputType@CVdsAsyncObjectBase@@QAE?AW4_VDS_ASYNC_OUTPUT_TYPE@@XZ
?IsCancelRequested@CVdsAsyncObjectBase@@QAEHXZ
?SetOutput@CVdsAsyncObjectBase@@QAEXU_VDS_ASYNC_OUTPUT@@@Z
?SetOutputType@CVdsAsyncObjectBase@@QAEXW4_VDS_ASYNC_OUTPUT_TYPE@@@Z
?SetPositionToLast@CPrvEnumObject@@QAEXXZ
?ZeroAsyncOut@CVdsAsyncObjectBase@@QAEXXZ
?m_NoDebuggerLogging@CVdsDebugLog@@QAEHXZ
?m_TracingLogEnabled@CVdsDebugLog@@QAEHXZ
Sections
.text Size: 361KB - Virtual size: 360KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 1024B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 86KB - Virtual size: 88KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE