d:\Desktop\Desktop\branches\13.0.16\bin\Win32\Release\vsserv.pdb
Behavioral task
behavioral1
Sample
649c0db4b383e9c8e0de91f460fb7e9a_JaffaCakes118.exe
Resource
win7-20240704-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
649c0db4b383e9c8e0de91f460fb7e9a_JaffaCakes118.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
649c0db4b383e9c8e0de91f460fb7e9a_JaffaCakes118
-
Size
1.6MB
-
MD5
649c0db4b383e9c8e0de91f460fb7e9a
-
SHA1
1c0788028d5b604db42e9a7e848cfa033d7bd2d3
-
SHA256
0236be668a72153d98af5e2a9569fbbcd83c213f83b8dd0a7ad7d150eacc81e0
-
SHA512
03cdb8f8d98cbb42d29fd12c51de7b5154398598a7e9b8856c05c5529d685a527a8825459a2a7383b471002bfd3556d7497293a83c1e574d3b8c3f2c90549632
-
SSDEEP
49152:+EXiP4Or+moajmDPrxqAOoewkr8HnN8p5358:hZajmDNqAOf6
Score
7/10
Malware Config
Signatures
-
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 649c0db4b383e9c8e0de91f460fb7e9a_JaffaCakes118
Files
-
649c0db4b383e9c8e0de91f460fb7e9a_JaffaCakes118.exe windows:5 windows x86 arch:x86
d9b2c4b7b5bcfae2682a5a33c1bf4a05
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
winhttp
WinHttpOpen
WinHttpCloseHandle
npcomm
?delRef@NpcPipeEndpoint@@SAPAV1@PAV1@@Z
?delRef@NpcClient@@SAPAV1@PAV1@@Z
?addRef@NpcPipeEndpoint@@SAPAV1@PAV1@@Z
?addRef@NpcClient@@SAPAV1@PAV1@@Z
?getNewEndpoint@NpcPipeEndpoint@@SAPAV1@XZ
?releaseEndpoint@NpcPipeEndpoint@@SAXPAV1@@Z
ws2_32
htonl
WSACreateEvent
gethostname
WSACleanup
WSAStartup
WSARecvFrom
closesocket
WSAGetOverlappedResult
WSAGetLastError
WSASendTo
WSASocketW
bind
htons
inet_addr
setsockopt
rpcrt4
RpcStringFreeW
UuidToStringW
UuidCreateSequential
UuidFromStringW
version
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
bdutils
?SetFileMode@CBDDebug@@QAEXH@Z
?SetMaxFileSize@CBDDebug@@QAEXH@Z
?load_tdfile@@YAPAU_TDFILE@@PB_W@Z
?set_value@@YAHPAU_TDFILE@@PB_W1PBX1H@Z
?section_exists@@YAHPAU_TDFILE@@PA_W@Z
?delete_section@@YAHPAU_TDFILE@@PA_W@Z
?dup_section@@YAHPAU_TDFILE@@PA_W1@Z
?save_tdfile@@YAHPAU_TDFILE@@@Z
?close_tdfile@@YAXPAU_TDFILE@@@Z
?get_value@@YAHPAU_TDFILE@@PB_W1PAXI1H@Z
?GetMode@CBDDebug@@QAEHXZ
?Trace@CBDDebug@@QAAXPB_WZZ
?SetOutputFile@CBDDebug@@QAEXPB_W@Z
??0CBDDebug@@QAE@H@Z
??1CBDDebug@@QAE@XZ
?SetMode@CBDDebug@@QAEXH@Z
?TraceImpl@CBDDebug@@IAEXPB_WPAD@Z
wslib
WSLibNew
WSLibDelete
kernel32
IsDebuggerPresent
ResumeThread
SetThreadPriority
GetFileType
GetLastError
SizeofResource
LockResource
LoadResource
FreeLibrary
GetLocalTime
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
SetEvent
ResetEvent
Sleep
InterlockedExchange
InitializeCriticalSectionAndSpinCount
CloseHandle
ReleaseSemaphore
GetCurrentThreadId
ReleaseMutex
WaitForSingleObject
lstrlenA
InterlockedExchangeAdd
MoveFileExW
GetCurrentProcessId
QueryPerformanceCounter
GetVersion
OpenProcess
SetProcessWorkingSetSize
GetStdHandle
GetExitCodeProcess
TerminateProcess
TryEnterCriticalSection
LocalFree
LocalAlloc
DeviceIoControl
ProcessIdToSessionId
FindClose
GetSystemTimeAsFileTime
ExitProcess
GetCommandLineW
CreateThread
WaitForMultipleObjects
GetSystemTime
FileTimeToSystemTime
GetFileTime
InterlockedCompareExchange
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
UnmapViewOfFile
MapViewOfFile
TerminateThread
SystemTimeToFileTime
GetFileSize
CompareFileTime
LoadLibraryA
CompareStringA
GetModuleHandleA
SetLastError
GetTickCount
GetLogicalDrives
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcessHeap
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetCurrentProcess
netapi32
NetUserDel
NetApiBufferFree
NetUserAdd
NetUserGetInfo
NetUserSetInfo
NetUserEnum
NetServerGetInfo
wtsapi32
WTSQuerySessionInformationW
WTSFreeMemory
txmlx
?SaveCustom@txmlx_bld_custom@@YAIPAVTiXmlElement@@AAU?$_custom_base@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_W@txmlx_struct@@K@Z
?null_attr@_attr@?$_custom_base@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_W@txmlx_struct@@2QAU123@A
?LoadCustom@txmlx_ldr_custom@@YAIPAVTiXmlElement@@PAU?$_custom_base@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_W@txmlx_struct@@K@Z
?null_node@?$_custom_base@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_W@txmlx_struct@@2QAU12@A
crypt32
CryptProtectData
CryptUnprotectData
psapi
GetModuleFileNameExW
productinfo
?ReplaceVariables@CProductInfo@@QAEPB_WPA_WI@Z
?GetInstance@CProductInfo@@SAPAV1@XZ
bdelev
?GetProperHelperForOS@CElevatedHelperFactory@@SAJPAUHWND__@@PAPAVIElevatedHelper@@@Z
setupapi
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
bdsubmit
ord19
ord18
ord3
ord17
ord2
ord1
ord22
ord15
ord21
ord14
txmlutil
?RemoveAllButRoot@CBDTinyXml@@QAEXXZ
?ToText@CBDTinyXml@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_N@Z
?ElementToText@CBDTinyXml@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PBVTiXmlElement@@_N@Z
?NewElementFromText@CBDTinyXml@@SAPAVTiXmlElement@@PB_W@Z
?QueryIntAttribute@TiXmlElement@@QBEHPB_WPAH@Z
?Value@TiXmlNode@@QBEPB_WXZ
?ErrorDesc@TiXmlDocument@@QBEPB_WXZ
?LoadFile@TiXmlDocument@@QAE_NPB_WW4TiXmlEncoding@@@Z
?Clear@TiXmlNode@@QAEXXZ
?LoadFile@TiXmlDocument@@QAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@W4TiXmlEncoding@@@Z
?SaveFile@CBDTinyXml@@UBE_NPB_W@Z
?RemoveAll@CBDTinyXml@@QAEXXZ
??0CBDTinyXml@@QAE@ABVTiXmlDocument@@@Z
??0TiXmlDocument@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?SetText@CBDTinyXml@@SAPAVTiXmlText@@PAVTiXmlElement@@H@Z
?SetAttribute@CBDTinyXml@@SAXPAVTiXmlElement@@PB_WH@Z
?GetRootElement@CBDTinyXml@@QAEPAVTiXmlElement@@XZ
?Parent@TiXmlNode@@QBEPBV1@XZ
?GetText@TiXmlElement@@QBEPB_WXZ
?SetText@CBDTinyXml@@SAPAVTiXmlText@@PAVTiXmlElement@@PB_W@Z
?CompareChildren@CBDTinyXml@@SA_NPBVTiXmlElement@@0@Z
?IterateChildren@CBDTinyXml@@QAEHPAVTiXmlElement@@P6A_NPBV2@@Z_N@Z
?GetDocument@CBDTinyXml@@QAEAAVTiXmlDocument@@XZ
?InsertEndChild@TiXmlNode@@QAEPAV1@ABV1@@Z
?RemoveAttribute@TiXmlElement@@QAEXPB_W@Z
?SetAttribute@CBDTinyXml@@SAXPAVTiXmlElement@@PB_W1@Z
?InsertChildElement@CBDTinyXml@@SAPAVTiXmlElement@@PAV2@PB_W@Z
??0CBDTinyXml@@QAE@PB_W@Z
?FirstChildElement@TiXmlNode@@QBEPBVTiXmlElement@@PB_W@Z
??1TiXmlElement@@UAE@XZ
??1TiXmlText@@UAE@XZ
??0TiXmlText@@QAE@PB_W@Z
??0TiXmlElement@@QAE@PB_W@Z
?NextSiblingElement@TiXmlNode@@QBEPBVTiXmlElement@@PB_W@Z
?GetRootElement@CBDTinyXml@@QBEPBVTiXmlElement@@XZ
?SetAttribute@TiXmlElement@@QAEXPB_WH@Z
??0TiXmlDeclaration@@QAE@PB_W00@Z
?Print@TiXmlDeclaration@@UBEXPAU_iobuf@@H@Z
?Parse@TiXmlDeclaration@@UAEPB_WPB_WPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?ToDocument@TiXmlNode@@UAEPAVTiXmlDocument@@XZ
?ToDocument@TiXmlNode@@UBEPBVTiXmlDocument@@XZ
?ToElement@TiXmlNode@@UAEPAVTiXmlElement@@XZ
?ToElement@TiXmlNode@@UBEPBVTiXmlElement@@XZ
?SetValue@CBDTinyXml@@QAE_NPAVTiXmlElement@@PB_W1@Z
?SetValue@TiXmlNode@@QAEXPB_W@Z
?ToUnknown@TiXmlNode@@UAEPAVTiXmlUnknown@@XZ
?ToUnknown@TiXmlNode@@UBEPBVTiXmlUnknown@@XZ
?ToText@TiXmlNode@@UAEPAVTiXmlText@@XZ
?ToText@TiXmlNode@@UBEPBVTiXmlText@@XZ
?ToDeclaration@TiXmlDeclaration@@UAEPAV1@XZ
?ToDeclaration@TiXmlDeclaration@@UBEPBV1@XZ
?Clone@TiXmlDeclaration@@UBEPAVTiXmlNode@@XZ
?Accept@TiXmlDeclaration@@UBE_NPAVTiXmlVisitor@@@Z
?StreamIn@TiXmlDeclaration@@MAEXPAV?$basic_istream@_WU?$char_traits@_W@std@@@std@@PAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@3@@Z
?Print@TiXmlDeclaration@@UBEXPAU_iobuf@@HPAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?Print@TiXmlElement@@UBEXPAU_iobuf@@H@Z
?Parse@TiXmlElement@@UAEPB_WPB_WPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?ToElement@TiXmlElement@@UAEPAV1@XZ
?ToElement@TiXmlElement@@UBEPBV1@XZ
?ToDeclaration@TiXmlNode@@UAEPAVTiXmlDeclaration@@XZ
?ToDeclaration@TiXmlNode@@UBEPBVTiXmlDeclaration@@XZ
?Clone@TiXmlElement@@UBEPAVTiXmlNode@@XZ
?Accept@TiXmlElement@@UBE_NPAVTiXmlVisitor@@@Z
?StreamIn@TiXmlElement@@MAEXPAV?$basic_istream@_WU?$char_traits@_W@std@@@std@@PAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@3@@Z
??1TiXmlDeclaration@@UAE@XZ
?GetElement@CBDTinyXml@@QBEPBVTiXmlElement@@PBV2@PB_W@Z
?GetDeepestElement@CBDTinyXml@@QAEPAVTiXmlElement@@PB_W@Z
?Compare@CBDTinyXml@@SA_NPBVTiXmlElement@@0@Z
?Parent@TiXmlNode@@QAEPAV1@XZ
?ValueStr@TiXmlNode@@QBEABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?SaveFile@TiXmlDocument@@QBE_NXZ
??4TiXmlDocument@@QAEXABV0@@Z
??4TiXmlElement@@QAEXABV0@@Z
?SetAttribute@TiXmlElement@@QAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0@Z
?ReplaceChild@TiXmlNode@@QAEPAV1@PAV1@ABV1@@Z
?Attribute@TiXmlElement@@QBEPB_WPB_WPAH@Z
?InsertRootElement@CBDTinyXml@@QAEPAVTiXmlElement@@PB_W@Z
?InsertAfterChild@TiXmlNode@@QAEPAV1@PAV1@ABV1@@Z
?Print@TiXmlDocument@@UBEXPAU_iobuf@@H@Z
?Parse@TiXmlDocument@@UAEPB_WPB_WPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?ToDocument@TiXmlDocument@@UAEPAV1@XZ
?ToDocument@TiXmlDocument@@UBEPBV1@XZ
?Clone@TiXmlDocument@@MBEPAVTiXmlNode@@XZ
?Accept@TiXmlDocument@@UBE_NPAVTiXmlVisitor@@@Z
?StreamIn@TiXmlDocument@@MAEXPAV?$basic_istream@_WU?$char_traits@_W@std@@@std@@PAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@3@@Z
?CreatePath@CBDTinyXml@@QAEPAVTiXmlElement@@PBV2@PB_W@Z
?Attach@CBDTinyXml@@QAEXAAVTiXmlDocument@@@Z
?InsertDeclaration@CBDTinyXml@@QAEPAVTiXmlDeclaration@@PB_W00@Z
?Type@TiXmlNode@@QBEHXZ
?SetAttribute@CBDTinyXml@@SAXPAVTiXmlElement@@PB_W_J@Z
?SetText@CBDTinyXml@@SAPAVTiXmlText@@PAVTiXmlElement@@_J@Z
?FirstChild@TiXmlNode@@QAEPAV1@XZ
?SaveFile@TiXmlDocument@@QBE_NPB_W@Z
?ToComment@TiXmlNode@@UBEPBVTiXmlComment@@XZ
??0TiXmlDocument@@QAE@XZ
??1CBDTinyXml@@QAE@XZ
?NextSiblingElement@TiXmlNode@@QAEPAVTiXmlElement@@XZ
?Attribute@TiXmlElement@@QBEPB_WPB_W@Z
?FirstChildElement@TiXmlNode@@QAEPAVTiXmlElement@@XZ
?GetElement@CBDTinyXml@@QAEPAVTiXmlElement@@PAV2@PB_W@Z
?GetValue@CBDTinyXml@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PBVTiXmlElement@@PB_W1PA_N@Z
?RootElement@TiXmlDocument@@QAEPAVTiXmlElement@@XZ
?GetInt64Value@CBDTinyXml@@QBE_JPBVTiXmlElement@@PB_W_JPA_N@Z
?LoadFile@CBDTinyXml@@UAE_NPB_W@Z
??0CBDTinyXml@@QAE@XZ
?Parse@CBDTinyXml@@QAE_NPB_W@Z
??1TiXmlDocument@@UAE@XZ
?SaveFile@TiXmlDocument@@QBE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?LinkEndChild@TiXmlNode@@QAEPAV1@PAV1@@Z
?SetAttribute@TiXmlElement@@QAEXPB_W0@Z
?RemoveChild@TiXmlNode@@QAE_NPAV1@@Z
?NextSiblingElement@TiXmlNode@@QAEPAVTiXmlElement@@PB_W@Z
?ToComment@TiXmlNode@@UAEPAVTiXmlComment@@XZ
?FirstChildElement@TiXmlNode@@QAEPAVTiXmlElement@@PB_W@Z
?GetIntValue@CBDTinyXml@@QBEHPBVTiXmlElement@@PB_WHPA_N@Z
iphlpapi
NotifyAddrChange
wintrust
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseContext
WinVerifyTrust
CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
advapi32
InitializeAcl
RegCloseKey
AllocateAndInitializeSid
CloseServiceHandle
RegisterEventSourceA
ReportEventA
DeregisterEventSource
SetFileSecurityW
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenServiceW
OpenSCManagerW
RevertToSelf
ImpersonateLoggedOnUser
OpenProcessToken
DuplicateTokenEx
LogonUserW
LookupAccountSidW
DeleteService
ControlService
EnumServicesStatusW
QueryServiceStatus
SetServiceStatus
RegisterServiceCtrlHandlerExW
CreateServiceW
UnlockServiceDatabase
ChangeServiceConfigW
QueryServiceLockStatusW
LockServiceDatabase
StartServiceW
StartServiceCtrlDispatcherW
RegQueryValueExA
AddAce
SetSecurityInfo
IsValidSid
GetLengthSid
CopySid
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
GetTokenInformation
GetUserNameW
LookupPrivilegeValueW
AdjustTokenPrivileges
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExA
strdecoder
??0CCharsetsInterface@@QAE@XZ
??1CCharsetsInterface@@QAE@XZ
?ReloadCharsets@CCharsetsInterface@@UAEXXZ
?GetCodePage@CCharsetsInterface@@UAEHPA_W@Z
?GetCodePage@CCharsetsInterface@@UAEHPAD@Z
user32
SetForegroundWindow
SendMessageTimeoutW
LoadImageW
BringWindowToTop
GetThreadDesktop
GetUserObjectInformationW
GetForegroundWindow
PeekMessageW
MsgWaitForMultipleObjects
AllowSetForegroundWindow
ShowWindow
TranslateMessage
PostQuitMessage
EnumWindows
RegisterWindowMessageW
GetProcessWindowStation
GetDesktopWindow
MessageBoxA
KillTimer
shell32
SHGetFolderPathW
ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderPathW
ole32
CLSIDFromProgID
CoTaskMemFree
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoMarshalInterface
CoGetClassObject
CoReleaseMarshalData
CoTaskMemAlloc
CoTaskMemRealloc
OleRun
CoCreateGuid
CoInitialize
StringFromGUID2
CoRegisterClassObject
CoRevokeClassObject
CoGetObject
CoCreateInstance
oleaut32
GetErrorInfo
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysStringLen
VarUI4FromStr
SysAllocString
VariantClear
VariantInit
SysFreeString
SetErrorInfo
SysAllocStringLen
CreateErrorInfo
msvcp90
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHPB_W@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIPB_W@Z
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IBEPBDXZ
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IBEPB_WXZ
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
?insert@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IPB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
shlwapi
PathIsRelativeW
PathRemoveFileSpecW
PathAddBackslashW
PathFileExistsW
PathRemoveBackslashW
PathRemoveExtensionW
PathStripPathW
PathAppendW
msvcr90
_snwprintf_s
fprintf
_wcsnicmp
wcstok_s
strncmp
_beginthreadex
_endthreadex
wcsncmp
_ultow_s
_wtoi
_wcsdup
_ui64tow_s
_itow_s
_difftime64
wcsncat_s
tolower
isdigit
feof
fgetws
fwprintf
rand
_wfopen_s
fwrite
fclose
memcpy
_wtoi64
wcscat_s
swscanf_s
wcsrchr
??_V@YAXPAX@Z
swprintf_s
wcsnlen
memset
_vsnwprintf
_time64
vswprintf_s
_vscwprintf
_recalloc
malloc
__RTDynamicCast
_wcsicmp
calloc
free
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
wcsncpy_s
wcscpy_s
strncpy_s
strcpy_s
??2@YAPAXI@Z
_purecall
iswdigit
wcstol
_wcslwr_s
memmove_s
memcpy_s
_CxxThrowException
__CxxFrameHandler3
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
wcsstr
wcschr
strstr
strchr
??3@YAXPAX@Z
ferror
fread
strcat_s
_strnicmp
_vsnprintf
isspace
_i64tow_s
srand
iswalpha
_strdup
_stricmp
_localtime64_s
iswspace
iswpunct
memmove
realloc
wcscmp
wcslen
_mktime64
_localtime64
_vsnwprintf_s
_close
_write
_read
strlen
strnlen
_wcsupr_s
sprintf_s
abs
fwscanf_s
towlower
iswupper
towupper
iswlower
wcstoul
_wfsopen
fwprintf_s
strtoul
getenv
vfprintf
__iob_func
abort
?terminate@@YAXXZ
_except_handler4_common
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_invoke_watson
_controlfp_s
_wsopen_s
mfc90u
ord2694
ord4324
ord3736
ord1298
ord5603
ord813
ord3185
ord2326
ord1314
ord280
ord296
ord2702
ord5851
ord4235
ord909
ord600
ord1250
ord1254
ord935
ord938
ord933
ord1607
ord6630
ord285
ord3220
ord1248
ord267
ord2084
ord6703
ord5979
ord2676
ord286
sqlite3
?nextRow@SQLite3Query@sqlite@@QAEXXZ
?execQuery@SQLite3DB@sqlite@@QAEPAVSQLite3Query@2@PB_W@Z
?execScalarStr@SQLite3Statement@sqlite@@QAE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?bind@SQLite3Statement@sqlite@@QAEXHH@Z
?getIntField@SQLite3Query@sqlite@@QAEHHH@Z
?reset@SQLite3Statement@sqlite@@QAEXXZ
?execDML@SQLite3Statement@sqlite@@QAEHXZ
?numFields@SQLite3Query@sqlite@@QAEHXZ
?eof@SQLite3Query@sqlite@@QAE_NXZ
?execQuery@SQLite3Statement@sqlite@@QAEPAVSQLite3Query@2@XZ
?bind@SQLite3Statement@sqlite@@QAEXHPB_W@Z
?finalize@SQLite3Statement@sqlite@@QAEXXZ
?compileStatement@SQLite3DB@sqlite@@QAEPAVSQLite3Statement@2@PB_W@Z
?execDML@SQLite3DB@sqlite@@QAEHPB_W@Z
?close@SQLite3DB@sqlite@@QAEXXZ
?open@SQLite3DB@sqlite@@QAEXPB_W@Z
??1SQLite3DB@sqlite@@UAE@XZ
??0SQLite3DB@sqlite@@QAE@XZ
?getStringField@SQLite3Query@sqlite@@QAEPB_WHPB_W@Z
?finalize@SQLite3Query@sqlite@@QAEXXZ
Sections
.text Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 338KB - Virtual size: 338KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 41KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 28KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
UPX0 Size: 144KB - Virtual size: 380KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE