e:\code\audit8.0\target\Release\symbols\Utility.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4a8f7003fba0bf61eafb8ed85a3b0f98_JaffaCakes118.dll
Resource
win7-20240705-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
4a8f7003fba0bf61eafb8ed85a3b0f98_JaffaCakes118.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
4a8f7003fba0bf61eafb8ed85a3b0f98_JaffaCakes118
-
Size
212KB
-
MD5
4a8f7003fba0bf61eafb8ed85a3b0f98
-
SHA1
53e33dc0388fd063628cecf0059a307659636358
-
SHA256
4312aebdc4925e0b38a93f3fc61b058923fc8b0bceb76dd0ab94449d78061d1f
-
SHA512
65b436cc4fc431e085b495f4702e8e0ee5484eca787f08190fcc7da2fc3109a9fe887278e120a06666ef46b63f158d74a02f78808d5165974e22a1fbe8f6a324
-
SSDEEP
3072:YHeeYoRQ4L5485bhpPochrsb4bubTUPXb1NufDJyTq3DXcaxNXRJ3:YHJ548HpAchryi7ufDQO3DXRxNX
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4a8f7003fba0bf61eafb8ed85a3b0f98_JaffaCakes118
Files
-
4a8f7003fba0bf61eafb8ed85a3b0f98_JaffaCakes118.dll windows:4 windows x86 arch:x86
5145c6fe1f12a31b78387dc0953276c9
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
netapi32
Netbios
kernel32
SetFilePointer
SetEndOfFile
ReadFile
WriteFile
FlushFileBuffers
GetFileTime
GetFileSize
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetTempPathA
SetUnhandledExceptionFilter
FreeLibrary
SetErrorMode
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
FlushViewOfFile
WaitForSingleObject
ReleaseMutex
OpenMutexA
CreateMutexA
GetModuleHandleA
CreateProcessA
OpenProcess
GetLocalTime
GetSystemInfo
CreateThread
GetExitCodeThread
GlobalMemoryStatus
SetLocalTime
GetSystemDirectoryA
GetWindowsDirectoryA
ReadProcessMemory
GetVersion
GetCommandLineA
SystemTimeToFileTime
GetSystemTime
GetProcessTimes
CopyFileA
TerminateProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
Module32Next
Module32First
Thread32Next
ResumeThread
OpenThread
Thread32First
SuspendThread
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceA
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
FlushInstructionCache
VirtualFreeEx
Sleep
CreateSemaphoreA
OpenSemaphoreA
ReleaseSemaphore
SetEvent
ResetEvent
OpenEventA
CreateEventA
WideCharToMultiByte
MultiByteToWideChar
ReadDirectoryChangesW
GetQueuedCompletionStatus
CancelIo
PostQueuedCompletionStatus
GetModuleFileNameA
FileTimeToSystemTime
GetFileInformationByHandle
GetTickCount
QueryPerformanceCounter
ExitProcess
FindFirstFileA
FindNextFileA
GetVersionExA
MoveFileExA
DeleteFileA
GetFileAttributesA
RemoveDirectoryA
CreateDirectoryA
FindClose
LoadLibraryA
GetProcAddress
DeviceIoControl
CreateFileA
CloseHandle
GetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetSystemTimeAsFileTime
GetPriorityClass
CreateIoCompletionPort
user32
ExitWindowsEx
GetDesktopWindow
advapi32
RegRestoreKeyA
RegSaveKeyA
RegDeleteValueA
RegQueryValueExA
RegFlushKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
DeleteService
RegDeleteKeyA
RegCreateKeyA
RegSetValueExA
RegCloseKey
ChangeServiceConfigA
StartServiceA
OpenSCManagerA
OpenServiceA
ControlService
CloseServiceHandle
CreateServiceA
RegOpenKeyExA
RegCreateKeyExA
RegLoadKeyA
shell32
SHGetFileInfoA
SHGetFolderPathA
msvcp71
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Nomemory@std@@YAXXZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
?_Register@facet@locale@std@@QAEXXZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
??Bid@locale@std@@QAEIXZ
?id@?$ctype@D@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@@Z
?id@?$ctype@G@std@@2V0locale@2@A
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?clear@ios_base@std@@QAEXH_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1locale@std@@QAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?is@?$ctype@G@std@@QBE_NFG@Z
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
msvcr71
_adjust_fdiv
__CppXcptFilter
_initterm
_itoa
??0exception@@QAE@ABV0@@Z
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@PBD@Z
__CxxFrameHandler
_CxxThrowException
_mbsnbcpy
_mbsstr
strlen
_mbsicmp
sprintf
??3@YAXPAX@Z
??_V@YAXPAX@Z
_mbsrchr
abs
rand
srand
time
memmove
_mbschr
_mbscmp
fclose
_stat
rename
strcpy
memset
fwrite
fopen
clearerr
fread
fgets
fputs
ftell
fseek
fflush
fputc
strcat
memcpy
localtime
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_mbstok
_mbsnbcmp
strcmp
strncmp
atoi
mktime
strncpy
_except_handler3
strstr
tolower
strrchr
_mbslwr
fprintf
_iob
strerror
_errno
free
vsprintf
rewind
malloc
_fdopen
calloc
_callnewh
??1type_info@@UAE@XZ
__security_error_handler
?terminate@@YAXXZ
__dllonexit
_onexit
ws2_32
gethostname
gethostbyname
inet_ntoa
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
psapi
EnumProcessModules
GetModuleFileNameExA
winmm
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutClose
waveOutReset
waveOutOpen
waveInClose
waveInStop
waveInAddBuffer
waveInUnprepareHeader
waveInStart
waveInPrepareHeader
waveInOpen
waveOutWrite
Exports
Exports
??0?$CRunable@VCProtect@@@@QAE@XZ
??0?$CRunable@VCSoundPlay@@@@QAE@XZ
??0?$CRunable@VCWatchDirectory@@@@QAE@XZ
??0CConfiguration@@QAE@ABV0@@Z
??0CConfiguration@@QAE@PBD0@Z
??0CConfiguration@@QAE@PBD@Z
??0CConfiguration@@QAE@XZ
??0CCrc32Dynamic@@QAE@ABV0@@Z
??0CCrc32Dynamic@@QAE@XZ
??0CDriverHelper@@QAE@ABV0@@Z
??0CDriverHelper@@QAE@XZ
??0CDriverHelperEx@@QAE@ABV0@@Z
??0CDriverHelperEx@@QAE@XZ
??0CEncryptUtilPub@@QAE@ABV0@@Z
??0CEncryptUtilPub@@QAE@XZ
??0CFileEx@@QAE@ABV0@@Z
??0CFileEx@@QAE@PAU_iobuf@@@Z
??0CFileEx@@QAE@PBD0@Z
??0CFileEx@@QAE@XZ
??0CMMapFile@@QAE@XZ
??0CMd5@@AAE@XZ
??0CMiniDumper@@AAE@XZ
??0CNetAdapter@@AAE@XZ
??0COSOperation@@AAE@XZ
??0CPreDefinedDirectory@@AAE@XZ
??0CProcess@@QAE@XZ
??0CProtect@@QAE@ABV0@@Z
??0CProtect@@QAE@KP6AHPBD@Z@Z
??0CProtect@@QAE@PADP6AHPBD@Z@Z
??0CRegistry@@QAE@XZ
??0CRzxgzip@@QAE@ABV0@@Z
??0CRzxgzip@@QAE@XZ
??0CSoundPlay@@QAE@ABV0@@Z
??0CSoundPlay@@QAE@XZ
??0CSoundRecord@@QAE@XZ
??0CSyncEvent@@QAE@PBDH@Z
??0CSyncEvent@@QAE@XZ
??0CSyncSemaphore@@QAE@PADJJ@Z
??0CSyncSemaphore@@QAE@XZ
??0CTextEncoding@@AAE@XZ
??0CTextEncoding@@QAE@ABV0@@Z
??0CVersion@@QAE@PBD@Z
??0CWatchDirectory@@QAE@ABV0@@Z
??0CWatchDirectory@@QAE@XZ
??0CWin32File@@QAE@PBDKKKK@Z
??0CWin32File@@QAE@XZ
??0CriticalSection@@QAE@XZ
??0Mutex@@QAE@PBD@Z
??0Mutex@@QAE@XZ
??1?$CRunable@VCProtect@@@@QAE@XZ
??1?$CRunable@VCSoundPlay@@@@QAE@XZ
??1?$CRunable@VCWatchDirectory@@@@QAE@XZ
??1CConfiguration@@QAE@XZ
??1CCrc32Dynamic@@UAE@XZ
??1CDriverHelper@@QAE@XZ
??1CDriverHelperEx@@QAE@XZ
??1CEncryptUtilPub@@UAE@XZ
??1CFileEx@@UAE@XZ
??1CMMapFile@@QAE@XZ
??1CMiniDumper@@AAE@XZ
??1CProcess@@QAE@XZ
??1CProtect@@QAE@XZ
??1CRegistry@@QAE@XZ
??1CRzxgzip@@UAE@XZ
??1CSoundPlay@@QAE@XZ
??1CSoundRecord@@QAE@XZ
??1CSyncEvent@@QAE@XZ
??1CSyncSemaphore@@QAE@XZ
??1CTextEncoding@@EAE@XZ
??1CVersion@@QAE@XZ
??1CWatchDirectory@@QAE@XZ
??1CWin32File@@QAE@XZ
??1CriticalSection@@QAE@XZ
??1Mutex@@QAE@XZ
??4?$CRunable@VCProtect@@@@QAEAAV0@ABV0@@Z
??4?$CRunable@VCSoundPlay@@@@QAEAAV0@ABV0@@Z
??4?$CRunable@VCWatchDirectory@@@@QAEAAV0@ABV0@@Z
??4CCmdLine@@QAEAAV0@ABV0@@Z
??4CConfiguration@@QAEAAV0@ABV0@@Z
??4CCrc32Dynamic@@QAEAAV0@ABV0@@Z
??4CDriverHelper@@QAEAAV0@ABV0@@Z
??4CDriverHelperEx@@QAEAAV0@ABV0@@Z
??4CEncryptUtilPub@@QAEAAV0@ABV0@@Z
??4CFileEx@@QAEAAV0@ABV0@@Z
??4CMMapFile@@QAEAAV0@ABV0@@Z
??4CMd5@@QAEAAV0@ABV0@@Z
??4CMiniDumper@@QAEAAV0@ABV0@@Z
??4CNetAdapter@@QAEAAV0@ABV0@@Z
??4COSOperation@@QAEAAV0@ABV0@@Z
??4CPreDefinedDirectory@@QAEAAV0@ABV0@@Z
??4CProcess@@QAEAAV0@ABV0@@Z
??4CProtect@@QAEAAV0@ABV0@@Z
??4CRegistry@@QAEAAV0@ABV0@@Z
??4CRzxgzip@@QAEAAV0@ABV0@@Z
??4CSoundPlay@@QAEAAV0@ABV0@@Z
??4CSoundRecord@@QAEAAV0@ABV0@@Z
??4CSyncEvent@@QAEAAV0@ABV0@@Z
??4CSyncSemaphore@@QAEAAV0@ABV0@@Z
??4CTextEncoding@@QAEAAV0@ABV0@@Z
??4CVersion@@QAEAAV0@ABV0@@Z
??4CWatchDirectory@@QAEAAV0@ABV0@@Z
??4CWin32File@@QAEAAV0@ABV0@@Z
??4CriticalSection@@QAEAAV0@ABV0@@Z
??4Mutex@@QAEAAV0@ABV0@@Z
??BCFileEx@@QBEPAU_iobuf@@XZ
??BCProcess@@QBEPAXXZ
??BCSyncEvent@@QAEPAXXZ
??BCSyncSemaphore@@QAEPAXXZ
??BCWin32File@@QBEPAXXZ
??BMutex@@QAEPAXXZ
??_7CCrc32Dynamic@@6B@
??_7CEncryptUtilPub@@6B@
??_7CFileEx@@6B@
??_7CRzxgzip@@6B@
??_7CTextEncoding@@6B@
?AddWatchDir@CWatchDirectory@@QAEHPBD0PAVIChangeNotify@@KH@Z
?Alloc@CProcess@@QAEPAXKK@Z
?Attach@CProcess@@QAEXPAX@Z
?Big5toGB@CTextEncoding@@SAPADPADH@Z
?BinToHexString@CTextEncoding@@SAXPBDHPAD@Z
?CalcCrc32@CCrc32Dynamic@@IBEXEAAK@Z
?ChangeTime@COSOperation@@SAHJ@Z
?Close@CFileEx@@QAEHXZ
?Close@CProcess@@QAEHXZ
?Close@CSyncEvent@@QAEXXZ
?Close@CWin32File@@QAEHXZ
?Close@Mutex@@QAEXXZ
?CloseKey@CRegistry@@QAEXXZ
?CloseZipZ@@YAKPAUHZIP__@@@Z
?Compress@CRzxgzip@@QAEHPAEK0KPAKH@Z
?CompressFile@CRzxgzip@@QAEHPAD0H@Z
?CopyDirectory@FileOps@@YAXPBD0H@Z
?CopyFileA@FileOps@@YAHPBD0H@Z
?CpFile@FileOps@@YAHPBD0H@Z
?Create@CSyncEvent@@QAEHPBDH@Z
?Create@CSyncSemaphore@@QAEHPADJJ@Z
?Create@Mutex@@QAEHPBD@Z
?CreateDirectoryA@FileOps@@YA_NPBD@Z
?CreateKey@CRegistry@@QAEHPAUHKEY__@@PBD@Z
?CreateNewFile@FileOps@@YA_NPBDI_N@Z
?CreateRegistryValues@CDriverHelperEx@@AAEHXZ
?CreateServiceA@CDriverHelper@@AAEPAUSC_HANDLE__@@PAU2@@Z
?CreateThread@COSOperation@@SAHAAPAXPAX1@Z
?CreateThreadInProcess@CProcess@@QAEHP6GKPAX@Z0AAPAX@Z
?CreateZip@@YAPAUHZIP__@@PAXIPBD@Z
?CreateZip@@YAPAUHZIP__@@PBD0@Z
?CreateZipHandle@@YAPAUHZIP__@@PAXPBD@Z
?CutProcessRelationShip@CProtect@@SAHXZ
?DecodeUTF8@CTextEncoding@@SAXPADH@Z
?DeleteDirectory@FileOps@@YAHPBD_N@Z
?DeleteDirectoryIfEmpty@FileOps@@YA_NPBD@Z
?DeleteFileA@FileOps@@YAHPBD@Z
?DeleteFileAfterReboot@FileOps@@YAHPBD@Z
?DeleteFiles@FileOps@@YAXPBD@Z
?DeleteKey@CRegistry@@SAHPAUHKEY__@@PBD@Z
?DeleteRegistryValues@CDriverHelperEx@@AAEXXZ
?DeleteValue@CRegistry@@QAEHPBD@Z
?Detach@CProcess@@QAEXXZ
?DirExist@FileOps@@YAHPBD@Z
?EnableShutdownPrivilege@COSOperation@@CAXXZ
?ExtractFileFromResource@CProcess@@SAHIPBD0PAUHINSTANCE__@@@Z
?F@CMd5@@CAKKKK@Z
?FF@CMd5@@CAXAAKKKKKHK@Z
?FastShutdown@COSOperation@@SAHXZ
?FileExist@FileOps@@YAHPBD@Z
?FilterIllegalChars@FileOps@@YAXPAD@Z
?Flush@CFileEx@@QAEHXZ
?Flush@CProcess@@QAEHPAXK@Z
?Flush@CWin32File@@QAEHXZ
?FormatZipMessageZ@@YAIKPADI@Z
?Free@CCrc32Dynamic@@IAEXXZ
?Free@CProcess@@QAEHPAX@Z
?G@CMd5@@CAKKKK@Z
?GG@CMd5@@CAXAAKKKKKHK@Z
?GetAllLocalAdapterMacAddr@CNetAdapter@@SAHAAV?$vector@EV?$allocator@E@std@@@std@@@Z
?GetAllProcessID@CProcess@@SAHAAV?$vector@KV?$allocator@K@std@@@std@@@Z
?GetAllVersionInfo@CVersion@@QAEPAUtagVS_FIXEDFILEINFO@@XZ
?GetCommand@CCmdLine@@SA_NPADPBD0@Z
?GetCurrent@CSyncSemaphore@@QAEHXZ
?GetCurrentDir@FileOps@@YAXPAD@Z
?GetDirectorySize@FileOps@@YAIPBD@Z
?GetDriverDir@CPreDefinedDirectory@@SAXPADK@Z
?GetDriverHandle@CDriverHelper@@QAEPAXXZ
?GetEvent@CSyncEvent@@QAEPAXXZ
?GetFileBaseName@FileOps@@YAPBDPBD@Z
?GetFileCreationTime@FileOps@@YAJPBD@Z
?GetFileDescription@CVersion@@QAEPADXZ
?GetFileExtName@FileOps@@YAPBDPBD@Z
?GetFileLastAccessTime@FileOps@@YAJPBD@Z
?GetFileLastWriteTime@CWin32File@@QAEHPAU_FILETIME@@@Z
?GetFileLastWriteTime@FileOps@@YAJPBD@Z
?GetFileMD5@CMd5@@SAHPBDPADH@Z
?GetFileName@CFileEx@@QAEPBDXZ
?GetFileParentDir@FileOps@@YAHPBDPAD@Z
?GetFileSize@FileOps@@YAIPBD@Z
?GetFileTypeName@FileOps@@YAHPBDPADH@Z
?GetFileVersion@COSOperation@@SAHPADAAK1@Z
?GetLastErrorMsg@CRzxgzip@@QAEHPAD@Z
?GetLength@CFileEx@@QBE_KXZ
?GetLength@CWin32File@@QAE_KXZ
?GetLocalIPAddress@NetAddress@@YAHPADPBD@Z
?GetLocalIPAddressCount@NetAddress@@YAHXZ
?GetMainProgramName@FileOps@@YAXPAD@Z
?GetMainProgramPath@FileOps@@YAXPAD@Z
?GetPath@CProcess@@QAEHAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetPosition@CFileEx@@QBE_KXZ
?GetPosition@CWin32File@@QBE_KXZ
?GetPreDefinedDir@CPreDefinedDirectory@@SAHPBDPADK@Z
?GetPreDirType@CPreDefinedDirectory@@SAHPBDPAD@Z
?GetPriority@CProcess@@QAEHAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetProcessCmdLine@CProcess@@SAHKPAD@Z
?GetProcessIDByName@CProcess@@SAHPBDPAK@Z
?GetProcessList@CProcess@@SAHPAV?$vector@UProcessInfo@@V?$allocator@UProcessInfo@@@std@@@std@@@Z
?GetProcessNames@CProcess@@SAHPAV?$list@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z
?GetProcessTime@CProcess@@SAHKAA_J@Z
?GetProcessTime@CProcess@@SAHPAXAA_J@Z
?GetProcessorCount@COSOperation@@SAIXZ
?GetProgramFilesDir@COSOperation@@SAXPAD@Z
?GetRunningTime@CProcess@@QAEHAA_J@Z
?GetSystem32Dir@CPreDefinedDirectory@@SAXPADK@Z
?GetSystemDir@CPreDefinedDirectory@@SAXPADK@Z
?GetTextMD5@CMd5@@SAHPBDHPADH@Z
?GetTickCount@COSOperation@@SAJXZ
?GetTime@COSOperation@@SAXAAU_SYSTEMTIME@@@Z
?GetTmpPath@COSOperation@@SAXPAD@Z
?GetTotalMemoryPerBytes@COSOperation@@SAKXZ
?GetValue@CRegistry@@QAEHPBDAAK@Z
?GetValue@CRegistry@@QAEHPBDPADH@Z
?GetVersionInfo@CVersion@@AAEHXZ
?GetWindowsDir@CPreDefinedDirectory@@SAXPADK@Z
?H@CMd5@@CAKKKK@Z
?HH@CMd5@@CAXAAKKKKKHK@Z
?HexCharToBin@CTextEncoding@@SAEE@Z
?HexCharToBin@CTextEncoding@@SAEEE@Z
?I@CMd5@@CAKKKK@Z
?II@CMd5@@CAXAAKKKKKHK@Z
?Init@CCrc32Dynamic@@IAEXXZ
?InitDriver@CDriverHelper@@QAEKPBD00@Z
?InitDriver@CDriverHelper@@QAEKPBD@Z
?Initialize@CSoundPlay@@QAEHHHH@Z
?IsEof@CFileEx@@QAEHXZ
?IsInitialized@CDriverHelper@@QAEHXZ
?IsLoaded@CDriverHelper@@QAEHXZ
?IsLocalAddress@NetAddress@@YAHPBD@Z
?IsModuleInProcess@CProcess@@SAHPADK@Z
?IsProcessRunning@CProcess@@SAHPBD@Z
?IsStarted@CDriverHelper@@QAEHXZ
?IsValidAddress@NetAddress@@YAHPBD@Z
?IsZipHandleZ@@YA_NPAUHZIP__@@@Z
?Job@?$CRunable@VCProtect@@@@AAEXXZ
?Job@?$CRunable@VCSoundPlay@@@@AAEXXZ
?Job@?$CRunable@VCWatchDirectory@@@@AAEXXZ
?JobThread@?$CRunable@VCProtect@@@@CAKPAX@Z
?JobThread@?$CRunable@VCSoundPlay@@@@CAKPAX@Z
?JobThread@?$CRunable@VCWatchDirectory@@@@CAKPAX@Z
?KillProcess@CProcess@@SAHK@Z
?KillProcessByName@CProcess@@SAHPBD@Z
?LRotate@CMd5@@CAKKH@Z
?LoadDriver@CDriverHelper@@QAEKH@Z
?LoadDriver@CDriverHelper@@QAEKPBD00H@Z
?LoadDriver@CDriverHelper@@QAEKPBDH@Z
?LoadDriver@CDriverHelperEx@@QAEHPAD0@Z
?LoadKey@CRegistry@@QAEHPAUHKEY__@@PBD1@Z
?Logoff@COSOperation@@SAHH@Z
?MakeDir@FileOps@@YA_NPBD@Z
?MakeSureDirExist@FileOps@@YAHPBD@Z
?MakeTime@COSOperation@@SAJAAU_SYSTEMTIME@@@Z
?MakeTime@COSOperation@@SAXJAAU_SYSTEMTIME@@@Z
?MakesureStartService@CDriverHelper@@QAEKPAUSC_HANDLE__@@@Z
?MergeFile@FileOps@@YAHPBD00@Z
?MoveDirectory@FileOps@@YAXPBD0@Z
?MoveFileA@FileOps@@YAHPBD0H@Z
?MoveFileAfterReboot@FileOps@@YAHPBD0@Z
?MvFile@FileOps@@YAHPBD0H@Z
?NotifyProcessor@CSoundRecord@@AAEXPAUHWAVEIN__@@PAUwavehdr_tag@@@Z
?OnDone@CSoundPlay@@AAEXPAUwavehdr_tag@@@Z
?Open@CFileEx@@QAEHPBD0@Z
?Open@CProcess@@QAEHKK@Z
?Open@CSyncEvent@@QAEHPBD@Z
?Open@CWin32File@@QAEHPBDKKKK@Z
?Open@Mutex@@QAEHPBD@Z
?OpenDevice@CDriverHelper@@QAEKXZ
?OpenKey@CRegistry@@QAEHPAUHKEY__@@PBD@Z
?OpenKey@CRegistry@@QAEHPAUHKEY__@@PBDK@Z
?Play@CSoundPlay@@QAEHPADK@Z
?ProtectByPath@CProtect@@AAEXXZ
?ProtectByPid@CProtect@@AAEXXZ
?RC4@CEncryptUtilPub@@QAEHPBDHPADH1H@Z
?RC4@CEncryptUtilPub@@QAE_NPBDHPADH@Z
?RC4Crypt@CEncryptUtilPub@@AAEXPAURC4KEY@1@PAEH@Z
?RC4ExpandKey@CEncryptUtilPub@@AAEXPAURC4KEY@1@PBEH@Z
?RandomKey@CEncryptUtilPub@@QAE_NPADH@Z
?RawIo@CDriverHelper@@QAEKKPAXK0K@Z
?Read@CFileEx@@QAEIPAXI@Z
?Read@CProcess@@QAEHPAX0K@Z
?Read@CWin32File@@QAEIPAXI@Z
?ReadBool@CConfiguration@@QAEHPBDH@Z
?ReadInt@CConfiguration@@QAEHPBDH@Z
?ReadIo@CDriverHelper@@QAEKKPAXK@Z
?ReadLine@CFileEx@@QAEPADPADI@Z
?ReadString@CConfiguration@@QAEKPBDPADK0@Z
?Reboot@COSOperation@@SAHH@Z
?RegisterComService@COSOperation@@SAJPBD_N@Z
?Release@CSyncSemaphore@@QAEHJPAJ@Z
?RemoveEncodedSpace@CTextEncoding@@SAXPAD@Z
?RemoveFile@FileOps@@YAHPBD@Z
?RenameFile@FileOps@@YAHPBD0H@Z
?ResetEvent@CSyncEvent@@QAEXXZ
?RestoreKey@CRegistry@@QAEHPBDK@Z
?ResumeProcess@CProcess@@SAHK@Z
?ResumeProcess@CProcess@@SAHPBD@Z
?RtlAnsiStringToUnicodeString@CDriverHelperEx@@0P6GKPAX0K@ZA
?RtlFreeUnicodeString@CDriverHelperEx@@0P6GKPAX@ZA
?Run@CProtect@@QAEXXZ
?Run@CSoundPlay@@QAEXXZ
?Run@CWatchDirectory@@QAEXXZ
?RunProcess@COSOperation@@SAHPBDHH@Z
?SaveKey@CRegistry@@QAEHPBD@Z
?Seek@CFileEx@@QAE_K_JI@Z
?Seek@CWin32File@@QAE_K_JK@Z
?SeekToBegin@CFileEx@@QAEXXZ
?SeekToEnd@CFileEx@@QAEXXZ
?SetAppName@CConfiguration@@QAEXPBD@Z
?SetConfigFilePath@CConfiguration@@QAEXPBD@Z
?SetEvent@CSyncEvent@@QAEXXZ
?SetLength@CWin32File@@QAEH_K@Z
?SetPrivilege@CProcess@@SAHPAXPBDH@Z
?SetProcessor@CSoundRecord@@QAEXPAVIWaveInProcessor@@@Z
?SetValue@CRegistry@@QAEHPBD0@Z
?SetValue@CRegistry@@QAEHPBDK@Z
?Setup@CMiniDumper@@SAXPBDP6AXPAX@Z1H@Z
?SfxZipDir@z7@ZipUtil@@YAHPBD0@Z
?Shutdown@COSOperation@@SAHH@Z
?Start@CProtect@@QAEXXZ
?Start@CSoundRecord@@QAEHHHH@Z
?Start@CWatchDirectory@@QAEHXZ
?StartDriver@CDriverHelper@@QAEKXZ
?StartThread@?$CRunable@VCProtect@@@@QAEHXZ
?StartThread@?$CRunable@VCSoundPlay@@@@QAEHXZ
?StartThread@?$CRunable@VCWatchDirectory@@@@QAEHXZ
?Stop@CProtect@@QAEXXZ
?Stop@CSoundPlay@@QAEHXZ
?Stop@CSoundRecord@@QAEHXZ
?Stop@CWatchDirectory@@QAEXXZ
?StopDriver@CDriverHelper@@QAEKXZ
?StopDriver@CDriverHelperEx@@QAEXPAD0@Z
?StringCrc32@CCrc32Dynamic@@QBEKPBDKAAK@Z
?SuspendProcess@CProcess@@SAHK@Z
?SuspendProcess@CProcess@@SAHPBD@Z
?TopLevelFilter@CMiniDumper@@CGJPAU_EXCEPTION_POINTERS@@@Z
?TransForm@CMd5@@CAXXZ
?UTF8ToGbk@CTextEncoding@@SAPADPADAAH@Z
?UnCompress@CRzxgzip@@QAEHPAEK0KPAK@Z
?UnCompressFile@@YAHPAD0@Z
?UnCompressFile@CRzxgzip@@QAEHPAD0@Z
?UnLoadDriver@CDriverHelperEx@@QAEHXZ
?UnloadDriver@CDriverHelper@@QAEKH@Z
?UnzipFile@z7@ZipUtil@@YAHPBD0@Z
?UpdateFile@FileOps@@YAXPBD00@Z
?Wait@CSyncSemaphore@@QAEKK@Z
?WaitForEvent@CSyncEvent@@QAEKK@Z
?WaitProcess@COSOperation@@SAHKK@Z
?WaitStop@?$CRunable@VCProtect@@@@QAEXK@Z
?WaitStop@?$CRunable@VCSoundPlay@@@@QAEXK@Z
?WaitStop@?$CRunable@VCWatchDirectory@@@@QAEXK@Z
?WaitThread@COSOperation@@SAXPAXK@Z
?Write@CFileEx@@QAEHPBXI@Z
?Write@CProcess@@QAEHPAX0K@Z
?Write@CWin32File@@QAEHPBXI@Z
?WriteInt@CConfiguration@@QAEHPBDH@Z
?WriteIo@CDriverHelper@@QAEKKPAXK@Z
?WriteString@CConfiguration@@QAEHPBD0@Z
?WriteString@CFileEx@@QAEHPBD@Z
?ZipAdd@@YAKPAUHZIP__@@PBD1@Z
?ZipAdd@@YAKPAUHZIP__@@PBDPAXI@Z
?ZipAddFolder@@YAKPAUHZIP__@@PBD@Z
?ZipAddHandle@@YAKPAUHZIP__@@PBDPAX@Z
?ZipAddHandle@@YAKPAUHZIP__@@PBDPAXI@Z
?ZipDir@z7@ZipUtil@@YAHPBD0@Z
?ZipFiles@z7@ZipUtil@@YAHPBD0@Z
?ZipGetMemory@@YAKPAUHZIP__@@PAPAXPAK@Z
?ZwLoadDriver@CDriverHelperEx@@0P6GKPAX@ZA
?ZwUnLoadDriver@CDriverHelperEx@@0P6GKPAX@ZA
?begin@CMMapFile@@QBEPADXZ
?close@CMMapFile@@QAEXXZ
?create@CMMapFile@@QAEHPBD0H@Z
?end@CMMapFile@@QBEPADXZ
?flush@CMMapFile@@QAEXK@Z
?length@CMMapFile@@QBEKXZ
?lock@CriticalSection@@QAEXXZ
?lock@Mutex@@QAEXXZ
?m_context@CMd5@@1QBIB
?m_digest@CMd5@@1PAIA
?m_pContent@CMd5@@1PAIA
?map@CMMapFile@@QAEHK@Z
?s_bPfnLoaded@CDriverHelperEx@@0_NA
?s_dmpFileName@CMiniDumper@@0V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@A
?s_miniDumpWriter@CMiniDumper@@0P6GHPAXK0W4_MINIDUMP_TYPE@@QAU_MINIDUMP_EXCEPTION_INFORMATION@@QAU_MINIDUMP_USER_STREAM_INFORMATION@@QAU_MINIDUMP_CALLBACK_INFORMATION@@@ZA
?s_pContext@CMiniDumper@@0PAXA
?s_pfnExpCallBack@CMiniDumper@@0P6AXPAX@ZA
?trylock@Mutex@@QAE_NH@Z
?unlock@CriticalSection@@QAEXXZ
?unlock@Mutex@@QAEXXZ
?unmap@CMMapFile@@QAEXXZ
?waveInProc@CSoundRecord@@CGXPAUHWAVEIN__@@IKKK@Z
?waveOutProc@CSoundPlay@@CGXPAUHWAVEOUT__@@IKKK@Z
Compress
CompressFile
UnCompress
Sections
.text Size: 132KB - Virtual size: 130KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 44KB - Virtual size: 41KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 16KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 8KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ