y:\authentication\WindowsADAuthen\ReleaseW\secWinAD.pdb
Static task
static1
Behavioral task
behavioral1
Sample
0e578644f7c6ef6f325b0c94e1342975_JaffaCakes118.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0e578644f7c6ef6f325b0c94e1342975_JaffaCakes118.dll
Resource
win10v2004-20240508-en
General
-
Target
0e578644f7c6ef6f325b0c94e1342975_JaffaCakes118
-
Size
2.9MB
-
MD5
0e578644f7c6ef6f325b0c94e1342975
-
SHA1
882004a5565f5a5957a4c22eb8cecd452f657d54
-
SHA256
62fd22528894c694072cd402d82c0b126c1313de5c6af319abe04438c2f66350
-
SHA512
d5005a2e1c37849f323b243dcf910f09a3b89f8f17d53a05488e1ac327f52788da629e27d78d85fe886d6f64d1b5d036cb0f21928b81db14ccb4d3d469040d7d
-
SSDEEP
49152:wi88C8CUe6qsnVu2iAAA5DK2CJDQkbytbO76b6jW6b1Xz+DoDa:i8C8CUe6qYVuVAAA5D/SQUAby6bP
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0e578644f7c6ef6f325b0c94e1342975_JaffaCakes118
Files
-
0e578644f7c6ef6f325b0c94e1342975_JaffaCakes118.dll regsvr32 windows:4 windows x86 arch:x86
7a6cd6b1b89a6fd78605c2c1e3c5b438
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
libocasecurityw-1-6
?InitSSOProvider@CSSOWrapper@Ocalibsecurity106@@QAEXPBGPBUlinkedParasList@@@Z
?GetParams@CSSOWrapper@Ocalibsecurity106@@QAEXPBGPAPAUlinkedParasList@@@Z
?TermPackage@CSSOWrapper@Ocalibsecurity106@@QAEXXZ
??1CSSOWrapper@Ocalibsecurity106@@UAE@XZ
??0CSSOWrapper@Ocalibsecurity106@@QAE@XZ
?InitPackage@CSSOWrapper@Ocalibsecurity106@@QAEXXZ
?getDetails@CSSOException@Ocalibsecurity106@@QAE?AVSWCharString@CXLib206@@XZ
?FreeParams@CSSOWrapper@Ocalibsecurity106@@QAEXPAUlinkedParasList@@@Z
?Revert@CSSOWrapper@Ocalibsecurity106@@QAEXPBG@Z
?ThrowException@CSSOException@Ocalibsecurity106@@SAXABVSWCharString@CXLib206@@@Z
?Impersonate@CSSOWrapper@Ocalibsecurity106@@QAEXPBG@Z
?AcceptLogin@CSSOWrapper@Ocalibsecurity106@@QAEKPBG0PBEIPAPAEPAIPAPAUlinkedParasList@@PAPAG@Z
?AssociateSecurityContext@CSSOWrapper@Ocalibsecurity106@@QAEXPBG0@Z
?StartLogin@CSSOWrapper@Ocalibsecurity106@@QAEKPBG00PBUlinkedParasList@@PAPAGPAPAEPAI@Z
?PackBuffer@CSSOBufferHelper@Ocalibsecurity106@@SAXEABVSWCharString@CXLib206@@000PBEKPAPAEPAI@Z
?UnPackBuffer@CSSOBufferHelper@Ocalibsecurity106@@SAXPBEIAAVSWCharString@CXLib206@@111AAEPAPBEPAK@Z
?ContinueLogin@CSSOWrapper@Ocalibsecurity106@@QAEKPBGPBEIPAPAEPAI@Z
?FreeString@CSSOWrapper@Ocalibsecurity106@@QAEXPAG@Z
?FreeBuffer@CSSOWrapper@Ocalibsecurity106@@QAEXPAE@Z
?FreeBuffer@CSSOBufferHelper@Ocalibsecurity106@@SAXPAPAE@Z
?ReleaseAllSecurityContexts@CSSOWrapper@Ocalibsecurity106@@QAEXXZ
etc-1-0-12-3
?join@JTCThread@Etc1001203@@QAEXJ@Z
??0JTCAdoptCurrentThread@Etc1001203@@QAE@XZ
??1JTCAdoptCurrentThread@Etc1001203@@QAE@XZ
?isAlive@JTCThread@Etc1001203@@QBE_NXZ
?unlock@JTCMonitor@Etc1001203@@ABEXXZ
?unlock@JTCRecursiveMutex@Etc1001203@@QBEXXZ
?get@JTCTSS@Etc1001203@@SAPAXK@Z
?start@JTCThread@Etc1001203@@QAEXXZ
?set@JTCTSS@Etc1001203@@SAXKPAX@Z
?release@JTCTSS@Etc1001203@@SAXK@Z
?allocate@JTCTSS@Etc1001203@@SAKXZ
ebus-3-3-2-4
?OBRelease@@YAXPAVOCI_Current@@@Z
?_OB_instance@CORBA_ORB@@SAPAV1@XZ
?OBRelease@@YAXPAVCORBA_Object@@@Z
?OBRelease@@YAXPAVCORBA_ORB@@@Z
?OBRelease@@YAXPAVOCI_TransportInfo@@@Z
?OBRelease@@YAXPAVOCI_IIOP_TransportInfo@@@Z
?_narrow@OCI_Current@@SAPAV1@PAVCORBA_Object@@@Z
?_narrow@OCI_IIOP_TransportInfo@@SAPAV1@PAVCORBA_Object@@@Z
?resolve_initial_references@CORBA_ORB@@QAEPAVCORBA_Object@@PBD@Z
cxlibw-2-6
?Lock@CS_Wrapper@CXLib206@@QAEXXZ
?Unlock@CS_Wrapper@CXLib206@@QAEXXZ
?release@CRefCount@CXLib206@@UBEJXZ
?addRef@CRefCount@CXLib206@@UBEJXZ
??1CRefCount@CXLib206@@MAE@XZ
??0CRWLock@CXLib206@@QAE@XZ
??0CRefCount@CXLib206@@QAE@XZ
?asmExchangeAdd@SInterlockedBase@CXLib206@@KAJPAJJ@Z
??0SCrypt@CXLib206@@QAE@XZ
?getCount@CRefCount@CXLib206@@QBEJXZ
?asmExchange@SInterlockedBase@CXLib206@@KAJPAJJ@Z
??1?$SString_t@D$0A@@CXLib206@@QAE@XZ
??0SAnsiString@CXLib206@@QAE@ABV?$SString_t@D$0A@@1@@Z
??H?$SString_t@D$0A@@CXLib206@@QBE?AV01@ABV01@@Z
??0?$SString_t@D$0A@@CXLib206@@QAE@PBD@Z
?IsWin95@SPlat@CXLib206@@SA_NN@Z
?ToString@SWCharStringConv@CXLib206@@SA?AVSWCharString@2@KH@Z
?FromString@SWCharStringConv@CXLib206@@SA_NABVSWCharString@2@AAHH@Z
??0STraceParameter@CXLib206@@QAE@PBG@Z
?compare@?$SString_t@G$00@CXLib206@@QBEHABV12@@Z
?FromString@SWCharStringConv@CXLib206@@SA_NABVSWCharString@2@AAJH@Z
?LoadStringW@SResManager@CXLib206@@SA?AVSWCharString@2@KK@Z
?STrace@CXLib206@@YAXPBGABVSTraceParameter@1@11111111111@Z
??1CS_Wrapper@CXLib206@@QAE@XZ
?Terminate@SLogger@CXLib206@@SA_NXZ
?Terminate@SResManager@CXLib206@@SA_NXZ
?Initialize@SResManager@CXLib206@@SA_NXZ
?Initialize@SLogger@CXLib206@@SA_NXZ
?ToString@SWCharStringConv@CXLib206@@SA?AVSWCharString@2@_JH@Z
?DigestToString@MD5@CXLib206@@SA?AVSWCharString@2@AAY0BA@E@Z
?FromString@MD5@CXLib206@@SAXPBGAAY0BA@E_N@Z
?isEmpty@?$SString_t@D$0A@@CXLib206@@QBE_NXZ
??Y?$SString_t@D$0A@@CXLib206@@QAEAAV01@V?$SChar_t@D$0A@@1@@Z
??0?$SChar_t@D$0A@@CXLib206@@QAE@D@Z
?random@SCrypt@CXLib206@@QAE?AW4Status@12@PAEH@Z
?setBufferSize@?$SString_t@D$0A@@CXLib206@@QAEXI@Z
?makeKey@SCrypt@CXLib206@@QAE?AW4Status@12@PBGAAUKey@12@@Z
?encrypt@SCrypt@CXLib206@@QAE?AW4Status@12@ABVSWCharString@2@ABUKey@12@AAV42@@Z
?decrypt@SCrypt@CXLib206@@QAE?AW4Status@12@ABVSWCharString@2@ABUKey@12@AAV42@@Z
??6CXLib206@@YAAAVSWCharString@0@AAV10@PBG@Z
?EncryptPasswordDB@SScrambler@CXLib206@@SA?AVSAnsiString@2@ABV32@@Z
?mid@?$SString_t@G$00@CXLib206@@QBE?AV12@I@Z
??1SSimpleBuffer@CXLib206@@UAE@XZ
??BSSimpleBuffer@CXLib206@@QBEPBEXZ
?getNBytes@SSimpleBuffer@CXLib206@@QBEIXZ
?TToExplicitCodeset@MBCSCodesetConverter@CXLib206@@SA?AVSSimpleBuffer@2@ABVSWCharString@2@W4ExplicitCodeset@12@@Z
?getTotalBytes@SWCharString@CXLib206@@QBEIXZ
?ExplicitCodesetToT@MBCSCodesetConverter@CXLib206@@SA?AVSWCharString@2@QBDW4ExplicitCodeset@12@@Z
??9?$SChar_t@D$0A@@CXLib206@@QBE_NABV01@@Z
?DecryptPasswordDB@SScrambler@CXLib206@@SA_NABVSAnsiString@2@AAV32@@Z
?DecryptPasswordDB@SScrambler@CXLib206@@SA_NABVSWCharString@2@AAV32@@Z
??MSTimeSpan@CXLib206@@QBE_NABV01@@Z
??0STimeSpan@CXLib206@@QAE@_J@Z
??0SDateTime@CXLib206@@QAE@XZ
??0SInterlockedBase@CXLib206@@IAE@XZ
??1?$JTCHandleT@VTerminatingThread@CXLib206@@@Etc1001203@@QAE@XZ
??0?$JTCHandleT@VTerminatingThread@CXLib206@@@Etc1001203@@QAE@PAVTerminatingThread@CXLib206@@@Z
??OSTimeSpan@CXLib206@@QBE_NABV01@@Z
??0SDateTime@CXLib206@@QAE@ABV01@@Z
??GSDateTime@CXLib206@@QBE?AVSTimeSpan@1@ABV01@@Z
??Yiterator@?$SString_t@G$00@CXLib206@@QAEAAV012@I@Z
??6CXLib206@@YAAAVSWCharString@0@AAV10@K@Z
??1CSmartReadLocker@CXLib206@@QAE@XZ
??0CSmartReadLocker@CXLib206@@QAE@AAVCRWLock@1@@Z
??1CSmartWriteLocker@CXLib206@@QAE@XZ
?ReadValue@Registry@CXLib206@@QBE?AVSWCharString@2@ABV32@@Z
??0CSmartWriteLocker@CXLib206@@QAE@AAVCRWLock@1@@Z
?appendKey@CompanyRegistry@CXLib206@@IAEXABVSWCharString@2@@Z
??1CompanyRegistry@CXLib206@@UAE@XZ
??0CompanyRegistry@CXLib206@@IAE@ABVSWCharString@1@_N@Z
?sleep_with_stop_alarm@TerminatingThread@CXLib206@@UAE_NJ@Z
?awake@TerminatingThread@CXLib206@@UAEXXZ
?stop@TerminatingThread@CXLib206@@UAEXXZ
?isStopped@TerminatingThread@CXLib206@@UAE_NXZ
??1TerminatingThread@CXLib206@@UAE@XZ
??HSDateTime@CXLib206@@QBE?AV01@ABVSTimeSpan@1@@Z
??4?$JTCHandleT@VTerminatingThread@CXLib206@@@Etc1001203@@QAEAAV01@ABV01@@Z
??C?$JTCHandleT@VTerminatingThread@CXLib206@@@Etc1001203@@QBEPAVTerminatingThread@CXLib206@@XZ
??9?$JTCHandleT@VTerminatingThread@CXLib206@@@Etc1001203@@QBE_NABV01@@Z
??B?$JTCHandleT@VTerminatingThread@CXLib206@@@Etc1001203@@QBE_NXZ
?getnthipstring@CSISocket@CXLib206@@SA_NGAAVSWCharString@2@@Z
?GetCurrentThreadID@CSIProcess@CXLib206@@SAKXZ
?EncryptPasswordDB@SScrambler@CXLib206@@SA?AVSWCharString@2@ABV32@@Z
?ToString@SWCharStringConv@CXLib206@@SA?AVSWCharString@2@IH@Z
?LoadResource@SResManager@CXLib206@@SA_NKPBGAAVSSimpleBuffer@2@QAUHINSTANCE__@@@Z
??0SSimpleBuffer@CXLib206@@QAE@XZ
??8?$SString_t@G$00@CXLib206@@QBE_NPBG@Z
??6CXLib206@@YAAAVSWCharString@0@AAV10@ABV10@@Z
??0SAnsiString@CXLib206@@QAE@XZ
?copyFrom@?$SString_t@D$0A@@CXLib206@@QAE_NPBG@Z
?getNChars@?$SString_t@D$0A@@CXLib206@@QBEIXZ
??0SAnsiString@CXLib206@@QAE@PBD@Z
?getAt@?$SString_t@D$0A@@CXLib206@@QBE?AV?$SChar_t@D$0A@@2@I@Z
?setAt@?$SString_t@D$0A@@CXLib206@@QAEXIV?$SChar_t@D$0A@@2@@Z
??B?$SString_t@D$0A@@CXLib206@@QBEPBDXZ
??1SAnsiString@CXLib206@@QAE@XZ
??0STraceParameter@CXLib206@@QAE@I@Z
??4iterator@?$SString_t@G$00@CXLib206@@QAEAAV012@ABV012@@Z
?SAssert@CXLib206@@YAXPBDH0PBG@Z
??0iterator@?$SString_t@G$00@CXLib206@@QAE@ABV12@@Z
?getAt@?$SString_t@G$00@CXLib206@@QBE?AV?$SChar_t@G$00@2@Viterator@12@@Z
??4SWCharString@CXLib206@@QAEAAV01@PBG@Z
?ToString@SWCharStringConv@CXLib206@@SA?AVSWCharString@2@HH@Z
??0?$SChar_t@G$00@CXLib206@@QAE@ABV01@@Z
??Y?$SString_t@G$00@CXLib206@@QAEAAV01@V?$SChar_t@G$00@1@@Z
?makeWords@SStringHelper@CXLib206@@SAXABVSWCharString@2@AAV?$SIArray@VSWCharString@CXLib206@@@2@0_N2@Z
??0?$SString_t@G$00@CXLib206@@QAE@PBG@Z
?find@?$SString_t@G$00@CXLib206@@QBE?AViterator@12@ABV12@@Z
??0STraceParameter@CXLib206@@QAE@PBD@Z
?ShouldAssert@CXLib206@@YA_NPBD@Z
?SAssert@CXLib206@@YAXPBDH0@Z
?ToString@SWCharStringConv@CXLib206@@SA?AVSWCharString@2@JH@Z
??8?$SString_t@G$00@CXLib206@@QBE_NABV01@@Z
?compareNoCase@?$SString_t@G$00@CXLib206@@QBEHABV12@@Z
?SAssert@CXLib206@@YAXPBDH00@Z
??0SWCharString@CXLib206@@QAE@PBG@Z
??0?$SChar_t@G$00@CXLib206@@QAE@G@Z
?getAt@?$SString_t@G$00@CXLib206@@QBE?AV?$SChar_t@G$00@2@I@Z
??8?$SChar_t@G$00@CXLib206@@QBE_NABV01@@Z
??9?$SChar_t@G$00@CXLib206@@QBE_NABV01@@Z
?findLast@?$SString_t@G$00@CXLib206@@QBE?AViterator@12@V?$SChar_t@G$00@2@@Z
??0iterator@?$SString_t@G$00@CXLib206@@QAE@ABV012@@Z
?getCharIndex@?$SString_t@G$00@CXLib206@@QBEIViterator@12@@Z
?left@?$SString_t@G$00@CXLib206@@QBE?AV12@Viterator@12@@Z
??4SWCharString@CXLib206@@QAEAAV01@ABV?$SString_t@G$00@1@@Z
??1?$SString_t@G$00@CXLib206@@QAE@XZ
??Eiterator@?$SString_t@G$00@CXLib206@@QAEAAV012@XZ
??Biterator@?$SString_t@G$00@CXLib206@@QBE_NXZ
?right@?$SString_t@G$00@CXLib206@@QBE?AV12@Viterator@12@@Z
?findFirst@?$SString_t@G$00@CXLib206@@QBE?AViterator@12@V?$SChar_t@G$00@2@@Z
??7iterator@?$SString_t@G$00@CXLib206@@QBE_NXZ
??Y?$SString_t@G$00@CXLib206@@QAEAAV01@PBG@Z
??Y?$SString_t@G$00@CXLib206@@QAEAAV01@ABV01@@Z
??0SWCharString@CXLib206@@QAE@ABV?$SString_t@G$00@1@@Z
??0STraceParameter@CXLib206@@QAE@K@Z
??0STraceParameter@CXLib206@@QAE@H@Z
??0STraceParameter@CXLib206@@QAE@J@Z
??B?$SString_t@G$00@CXLib206@@QBEPBGXZ
?toUpper@?$SString_t@G$00@CXLib206@@QAEXXZ
?copyFrom@?$SString_t@G$00@CXLib206@@QAE_NPBG@Z
??0SWCharString@CXLib206@@QAE@ABV01@@Z
?isEmpty@?$SString_t@G$00@CXLib206@@QBE_NXZ
?ShouldTrace@CXLib206@@YA_NHPBD@Z
??0STraceParameter@CXLib206@@QAE@AAVThisIsASillyCompilerWorkAround@1@@Z
?STrace@CXLib206@@YAXPBDABVSTraceParameter@1@11111111111@Z
??1STraceParameter@CXLib206@@QAE@XZ
??4SWCharString@CXLib206@@QAEAAV01@ABV01@@Z
??0STraceParameter@CXLib206@@QAE@ABVSWCharString@1@@Z
??0SWCharString@CXLib206@@QAE@XZ
??1SWCharString@CXLib206@@QAE@XZ
??0STimeSpan@CXLib206@@QAE@ABV01@@Z
??4STimeSpan@CXLib206@@QAEAAV01@ABV01@@Z
??0STraceParameter@CXLib206@@QAE@_J@Z
??4SDateTime@CXLib206@@QAEAAV01@ABV01@@Z
?GetTotalMilliseconds@STimeSpan@CXLib206@@QBE_JXZ
?GetCurrentDateTime@SDateTime@CXLib206@@SA?AV12@XZ
??OSDateTime@CXLib206@@QBE_NABV01@@Z
?isAtEnd@iterator@?$SString_t@G$00@CXLib206@@QBE_NXZ
?find@iterator@?$SString_t@G$00@CXLib206@@QBE?AV123@ABV23@@Z
?mid@?$SString_t@G$00@CXLib206@@QBE?AV12@Viterator@12@0@Z
??0?$SString_t@G$00@CXLib206@@QAE@V?$SChar_t@G$00@1@@Z
??9?$SString_t@G$00@CXLib206@@QBE_NABV01@@Z
?copyFrom@?$SString_t@G$00@CXLib206@@QAE_NPBD@Z
??H?$SString_t@G$00@CXLib206@@QBE?AV01@ABV01@@Z
??0CReadLocker@CXLib206@@QAE@PAVCRWLock@1@@Z
??1CReadLocker@CXLib206@@QAE@XZ
??0CWriteLocker@CXLib206@@QAE@PAVCRWLock@1@@Z
??1CWriteLocker@CXLib206@@QAE@XZ
??1CRWLock@CXLib206@@QAE@XZ
??M?$SString_t@G$00@CXLib206@@QBE_NABV01@@Z
?replaceSubString@SStringHelper@CXLib206@@SAXAAVSWCharString@2@ABV32@1@Z
?getNChars@?$SString_t@G$00@CXLib206@@QBEIXZ
?trimLeft@?$SString_t@G$00@CXLib206@@QAEXXZ
??0TerminatingThread@CXLib206@@QAE@XZ
?trimRight@?$SString_t@G$00@CXLib206@@QAEXXZ
??0CS_Wrapper@CXLib206@@QAE@XZ
activeds
ord9
ord3
ord13
ord15
ord7
libocahelperw-2-13
?ReportSeagateError@Ocalibhelper213@@YAJABU_GUID@@0KABV?$SIArray@VSWCharString@CXLib206@@@CXLib206@@J@Z
fssl-1-2-1-1
?_narrow@OCI_SSL_TransportInfo@@SAPAV1@PAVCORBA_Object@@@Z
?OBRelease@@YAXPAVOCI_SSL_TransportInfo@@@Z
kernel32
ExitProcess
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetLastError
LoadLibraryA
InitializeCriticalSection
DeleteCriticalSection
RaiseException
FreeLibrary
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
LocalFree
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
GetCurrentThread
SetLastError
GetSystemDirectoryA
CloseHandle
SizeofResource
LoadResource
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
CompareStringA
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
GetVersionExA
advapi32
LookupAccountSidW
FreeSid
LookupAccountNameW
GetLengthSid
GetSidSubAuthority
GetSidIdentifierAuthority
IsValidSid
GetSidSubAuthorityCount
AllocateAndInitializeSid
OpenProcessToken
OpenThreadToken
GetTokenInformation
ImpersonateLoggedOnUser
LogonUserW
RevertToSelf
RegCloseKey
ole32
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
StringFromGUID2
oleaut32
LoadTypeLi
SafeArrayAccessData
OleCreatePictureIndirect
SafeArrayCreate
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
SysStringLen
LoadRegTypeLi
UnRegisterTypeLi
SafeArrayUnaccessData
RegisterTypeLi
VarUI4FromStr
VariantClear
VariantInit
SysFreeString
SysAllocString
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
shlwapi
PathFindExtensionW
msvcp71
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?_Nomemory@std@@YAXXZ
msvcr71
__CppXcptFilter
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
__security_error_handler
??1type_info@@UAE@XZ
_callnewh
strlen
time
srand
memcpy
_CxxThrowException
??3@YAXPAX@Z
__CxxFrameHandler
sscanf
wcslen
swscanf
wcscmp
wcstok
wcscpy
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_except_handler3
free
isprint
malloc
__RTDynamicCast
_purecall
_wcsicmp
memcmp
??_V@YAXPAX@Z
swprintf
memset
memmove
abs
strcmp
wcsncpy
realloc
rand
_wcsdup
user32
UnregisterClassA
Exports
Exports
AcceptLogin
AcquireLogin
ContinueLogin
DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
FreeBuffer
FreeError
FreeImpersonationParameters
FreeParasSeq
FreeString
FreeStringSeq
FreeUsers
GetChildren
GetError
GetGroupId
GetMsgContent
GetName
GetPackageVersion
GetParasSeq
GetParents
GetUserDesc
GetUserId
GetUsers
InitPackage
ReleaseHandle
SetClientParasSeq
SetImpersonationParasSeq
SetParasSeq
StartLogin
TermPackage
Sections
.text Size: 2.0MB - Virtual size: 2.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 548KB - Virtual size: 544KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 32KB - Virtual size: 46KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 24KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 20KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 140KB - Virtual size: 137KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.text Size: 152KB - Virtual size: 152KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE