d:\vss_wd\_source\Products\WinLine\WinAntiVirusPro2006\avkernel\WA6P Release\avkernel.pdb
Static task
static1
Behavioral task
behavioral1
Sample
ceaf84b10044008f55cfd27e4a99cb8a_JaffaCakes118.dll
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
ceaf84b10044008f55cfd27e4a99cb8a_JaffaCakes118.dll
Resource
win10v2004-20240802-en
General
-
Target
ceaf84b10044008f55cfd27e4a99cb8a_JaffaCakes118
-
Size
336KB
-
MD5
ceaf84b10044008f55cfd27e4a99cb8a
-
SHA1
eba617a96f43cc4f286f6c98520fccaac375cdc0
-
SHA256
e315611693a99726ba746c09d41e361491e4ea1059faa15eb958970eb0787454
-
SHA512
c813b33356596f1f0d45d1ee6795bbae6bce4c25c6f4468be9da1e55661623dfb23624b7336e696b7a043a0dfa12832b2c386ed7aa769856dc7c9e84b15ee41f
-
SSDEEP
6144:49jkQ+5fbMTsfAoRg35+U5MI8/1O9RlIVDElro2:6kQ+qsfAoR/U6I8/10E6o2
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ceaf84b10044008f55cfd27e4a99cb8a_JaffaCakes118
Files
-
ceaf84b10044008f55cfd27e4a99cb8a_JaffaCakes118.dll windows:4 windows x86 arch:x86
434b9bcbc5ff53493d81da265b2e9475
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
bdcore
CoreSet
CoreDeleteInstance
CoreUninit
CoreGet
CoreNewInstance
CoreInit
shfolder
SHGetFolderPathW
SHGetFolderPathA
kernel32
ReadFile
CreateFileA
GetFileAttributesA
lstrcpynA
Sleep
SetEvent
ResetEvent
FindClose
FindNextFileA
GetTickCount
FindFirstFileA
lstrcmpiA
Module32Next
Module32First
CreateToolhelp32Snapshot
OpenProcess
Process32Next
Process32First
lstrcpyA
FreeLibrary
CreateEventA
GetProcAddress
LoadLibraryA
GetModuleFileNameA
CreateDirectoryA
SetFileAttributesA
GetLastError
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
GetWindowsDirectoryA
DeleteFileA
GetDriveTypeA
WaitForSingleObject
ReleaseMutex
MultiByteToWideChar
GetFileTime
MoveFileA
GetTempFileNameA
GetLogicalDriveStringsA
CreateMutexA
RaiseException
lstrlenW
lstrcmpA
GetEnvironmentVariableA
LocalFree
lstrcatW
lstrcpyW
lstrcmpW
CreateFileW
GetFileAttributesW
WritePrivateProfileSectionA
GetModuleHandleA
GetPrivateProfileSectionA
GetShortPathNameA
MoveFileExA
TerminateProcess
GetLongPathNameA
GetTempPathA
GetSystemDirectoryA
ExpandEnvironmentStringsA
InterlockedIncrement
InterlockedDecrement
MapViewOfFileEx
GetFileAttributesExA
GetCurrentProcess
GetCurrentThread
DeviceIoControl
CopyFileA
QueryPerformanceCounter
ExitProcess
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
LocalAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetVersion
lstrcatA
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
WideCharToMultiByte
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
CloseHandle
GetLocalTime
lstrlenA
WriteFile
InitializeCriticalSection
FlushFileBuffers
DeleteCriticalSection
user32
wvsprintfA
wsprintfA
MsgWaitForMultipleObjects
PeekMessageA
IsWindowUnicode
GetMessageW
GetMessageA
TranslateMessage
DispatchMessageW
DispatchMessageA
advapi32
RegOpenKeyExW
QueryServiceStatus
StartServiceA
OpenServiceA
DeleteService
OpenSCManagerA
CloseServiceHandle
CreateServiceA
CryptCreateHash
CryptGetHashParam
CryptHashData
CryptAcquireContextA
CryptReleaseContext
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenThreadToken
OpenProcessToken
RegQueryValueExW
RegSetValueExW
RegEnumValueA
RegEnumKeyA
RegSetValueExA
RegCreateKeyExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
RegGetKeySecurity
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CryptDestroyHash
shell32
SHGetSpecialFolderPathA
SHFileOperationA
ole32
CoUninitialize
StgCreateDocfile
StgOpenStorage
CoCreateGuid
CoTaskMemFree
CoInitialize
StringFromCLSID
StringFromGUID2
oleaut32
SysAllocStringLen
SysFreeString
LoadTypeLi
msvcp71
?_Nomemory@std@@YAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
shlwapi
PathStripPathA
PathRemoveFileSpecA
PathCombineA
PathFileExistsA
StrCmpNIA
PathAppendA
PathUnquoteSpacesA
StrChrA
StrRChrA
StrStrIA
PathFindExtensionA
SHDeleteValueA
SHDeleteKeyA
PathMatchSpecA
SHCreateStreamOnFileA
PathCanonicalizeA
PathIsDirectoryA
PathAddBackslashA
msvcr71
free
_mbsnbcat
_mbsrchr
_mbscmp
realloc
_beginthreadex
_local_unwind2
_mbspbrk
floor
_atoi64
_i64toa
_callnewh
memset
??1type_info@@UAE@XZ
_mbctoupper
?terminate@@YAXXZ
__dllonexit
_onexit
_initterm
__CppXcptFilter
__security_error_handler
_mbsicmp
_purecall
_mbsspn
_mbscspn
_mbslwr
_adjust_fdiv
_mbsnbcpy
_mbsstr
wcscpy
_except_handler3
_resetstkoflw
_mbschr
_mbsinc
fopen
fclose
fread
tolower
fwrite
vsprintf
_vscprintf
ftell
fseek
time
srand
rand
??1exception@@UAE@XZ
??0exception@@QAE@XZ
__CxxFrameHandler
??3@YAXPAX@Z
_CxxThrowException
??_V@YAXPAX@Z
??0exception@@QAE@ABV0@@Z
memmove
malloc
Exports
Exports
??0CAVKernel@@QAE@ABV0@@Z
??0CAVKernel@@QAE@XZ
??0CAVLog@@QAE@PBD00PAUHKEY__@@@Z
??0CAVQuarantine@@IAE@XZ
??0CAVQuarantine@@QAE@ABV0@@Z
??0CAVQuarantineSync@@IAE@XZ
??0CAVQuarantineSync@@QAE@ABV0@@Z
??0CBDCoreManip@@IAE@XZ
??0CDevLog@@QAE@H@Z
??1CAVKernel@@QAE@XZ
??1CAVLog@@QAE@XZ
??1CAVQuarantine@@MAE@XZ
??1CAVQuarantineSync@@MAE@XZ
??1CBDCoreManip@@IAE@XZ
??4CAVKernel@@QAEAAV0@ABV0@@Z
??4CAVLog@@QAEAAV0@ABV0@@Z
??4CAVQuarantine@@QAEAAV0@ABV0@@Z
??4CAVQuarantineSync@@QAEAAV0@ABV0@@Z
??RCDevLog@@QBAXKIPBDZZ
??_7CAVQuarantine@@6B@
??_7CAVQuarantineSync@@6B@
??_7CBDCoreManip@@6B@
?AddCallbackEx@CBDCoreManip@@QAEXPAVIBDCoreManipEvents@1@@Z
?AddDangerousFile@CBDCoreManip@@QAEXPBD@Z
?AddIndexItem@CAVQuarantine@@IAE_NAAUQuarantinedObjectInfoEx@1@ABV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@PAK@Z
?AddInvalidItem@CAVQuarantine@@AAE_NDABV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@@Z
?AddLogEntry@CAVLog@@QAAXKIPBDZZ
?AddLogEntryEx@CAVLog@@QAAXKIIPBDPAD@Z
?AllowAdwareLastScanObjectUpdate@CBDCoreManip@@ABE_NXZ
?AppendScanData@CBDCoreManip@@QAEXXZ
?AsEngineInit@CBDCoreManip@@QAE_NXZ
?AsEngineRelease@CBDCoreManip@@QAEXXZ
?AsEngineScanResultRelease@CBDCoreManip@@QAEXXZ
?AsQuickScan@CBDCoreManip@@QAEXXZ
?BeginUpdate@CAVQuarantine@@UAE?AW4QuarantineError@1@XZ
?ChekScanExtensions@CBDCoreManip@@AAE_NAAV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@@Z
?ClearDangerousFiles@CBDCoreManip@@AAEXXZ
?ClearScanResults@CBDCoreManip@@QAEXXZ
?ContinueScan@CBDCoreManip@@AAE_NXZ
?CoreCallback@CBDCoreManip@@KAKKPAU__ObjectInfoEntry@@@Z
?CoreVirusListCallback@CBDCoreManip@@SAHPBD@Z
?CoreVirusListCallbackRBMap@CBDCoreManip@@SAHPBD@Z
?CreateDirectoryTree@@YA_NPBD_NK@Z
?CreateNew@CAVKernel@@QAEHAAPAVCBDCoreManip@@@Z
?DeleteAdware@@YAJKPAVCBDCoreManip@@@Z
?DeleteBDCoreManip@CAVKernel@@QAEHPAVCBDCoreManip@@@Z
?DeleteFileA@CAVQuarantine@@IAE?AW4QuarantineError@1@PBD@Z
?DeleteFileA@CAVQuarantine@@UAE?AW4QuarantineError@1@K@Z
?DeleteFileA@CAVQuarantineSync@@UAE?AW4QuarantineError@CAVQuarantine@@K@Z
?DeleteObject@CBDCoreManip@@QAE_NPAUSCANRESULTEX@@@Z
?DeleteRegKey@CBDCoreManip@@SA_NPBD@Z
?DeleteRegValue@CBDCoreManip@@SA_NPBD@Z
?DoQuarantine@CAVQuarantine@@IAE?AW4QuarantineError@1@PBDK0_NPAK@Z
?DoSimpleDeletion@CAVQuarantine@@SA_NPBD@Z
?EnableAdwareEngine@CBDCoreManip@@QAEXH@Z
?EnableBDCoreEngine@CBDCoreManip@@QAEXH@Z
?EnableImmediateScanResults@CBDCoreManip@@QAEX_N@Z
?EndUpdate@CAVQuarantine@@UAEXXZ
?EnsureMoveFile@CAVQuarantine@@SA_NPBD0@Z
?FillVirusesArray@CBDCoreManip@@QAE_NXZ
?FillVirusesRBMap@CBDCoreManip@@QAE_NXZ
?Fire_BeforeScanObjectFix@CBDCoreManip@@IAEXXZ
?Fire_OnBeforeObjectRestore@CAVQuarantine@@IAE_NAAUQuarantinedObjectInfoEx@1@@Z
?Fire_OnQuarantineUpdated@CAVQuarantine@@IAEXXZ
?Fire_ScanObjectChanged@CBDCoreManip@@IAEXXZ
?Fire_ScanResultCallback@CBDCoreManip@@QAEXPAUSCANRESULTEX@@@Z
?Fire_ScanStarted@CBDCoreManip@@IAEXXZ
?FixFile@CBDCoreManip@@QAEHPBD@Z
?Flush@CAVLog@@QAEXK@Z
?GetAdwareSpywareCount@@YAKXZ
?GetCurrenSessionFoundFileWithThreat@CBDCoreManip@@QAEKXZ
?GetCurrentSessionFoundProcessWithThreat@CBDCoreManip@@QAEKXZ
?GetCurrentSessionFoundRegEntriesWithThreat@CBDCoreManip@@QAEKXZ
?GetCurrentSessionScanedFileCounter@CBDCoreManip@@QAEKXZ
?GetCurrentSessionScannedProcessCounter@CBDCoreManip@@QAEKXZ
?GetCurrentSessionScannedRegEntries@CBDCoreManip@@QAEKXZ
?GetErrorDescription@CAVQuarantine@@SAPBDH@Z
?GetFilterThreats@CBDCoreManip@@ABE_NXZ
?GetGlobalDataPath@@YAPBDPAD@Z
?GetInstallPath@@YAPBDPAD@Z
?GetLastScanned@CBDCoreManip@@QAEXPAD@Z
?GetLogPath@@YA_NPAD_N@Z
?GetNewID@CBDCoreManip@@UAEIXZ
?GetNewerVirusesList@CBDCoreManip@@QAEPAV?$CAtlArray@V?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@V?$CElementTraits@V?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@@2@@ATL@@XZ
?GetProgressEngine@CBDCoreManip@@QAEPAVIProgressEngine@@XZ
?GetQuarantineFolder@CAVQuarantine@@SAPBDD@Z
?GetQuarantineFolder@CAVQuarantine@@SA_NDAAV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@_N@Z
?GetQuarantineInstance@CAVKernel@@QAEPAVCAVQuarantine@@XZ
?GetQuarantinedCount@CAVQuarantine@@UAE?AW4QuarantineError@1@PAK@Z
?GetQuarantinedCount@CAVQuarantineSync@@UAE?AW4QuarantineError@CAVQuarantine@@PAK@Z
?GetQuarantinedFileInfo@CAVQuarantine@@UAE?AW4QuarantineError@1@KPAUQuarantinedObjectInfoEx@1@@Z
?GetQuarantinedFileInfo@CAVQuarantineSync@@UAE?AW4QuarantineError@CAVQuarantine@@KPAUQuarantinedObjectInfoEx@3@@Z
?GetQuarantinedList@CAVQuarantine@@UAE?AW4QuarantineError@1@PAK0@Z
?GetQuarantinedList@CAVQuarantineSync@@UAE?AW4QuarantineError@CAVQuarantine@@PAK0@Z
?GetRandomString@@YAPADPADH@Z
?GetState@CAVQuarantine@@UAE?AW4QuarantineState@1@XZ
?GetState@CAVQuarantineSync@@UAE?AW4QuarantineState@CAVQuarantine@@XZ
?GetUniqQuarantinedFile@CAVQuarantine@@KAXABV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@0AAV23@1@Z
?GetUserDataPath@@YA_NPAD@Z
?GetVirusSignatureCount@CBDCoreManip@@QAEKXZ
?GetVirusSignatureCountReload@CBDCoreManip@@QAEKXZ
?Go@CBDCoreManip@@QAEXXZ
?ImmediateScanResultsEnabled@CBDCoreManip@@QBE_NXZ
?InitWAS@@YAJXZ
?Initialize@CAVQuarantine@@UAE?AW4QuarantineError@1@XZ
?Initialize@CAVQuarantineSync@@UAE?AW4QuarantineError@CAVQuarantine@@XZ
?Initialize@CBDCoreManip@@QAEHXZ
?Initialize@CBDCoreManip@@QAEH_N@Z
?Initialize@CBDCoreManip@@QAEH_NPBD@Z
?InitializeQuickScan@CBDCoreManip@@QAEJPAVIProgressEngine@@@Z
?IsFileDangerous@CBDCoreManip@@QAE_NPBD@Z
?IsInvalidItem@CAVQuarantine@@AAE_NDABV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@@Z
?IsItemOnDrive@CAVQuarantine@@IAE_NPBDABUQuarantinedObjectInfoEx@1@@Z
?IsQuarantineForDriveAllowed@CAVQuarantine@@SA_ND@Z
?IsRegKeyValuePresent@@YA_NPBDAAK@Z
?IsWinNT@CAVQuarantine@@IBE_NXZ
?LoadQuarantineIndex@CAVQuarantine@@IAEXXZ
?LoadQuarantineIndex@CAVQuarantine@@MAEXABV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@@Z
?LoadQuarantineIndex@CAVQuarantineSync@@MAEXABV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@@Z
?Lock@CAVKernel@@QAEXXZ
?LockDatFile@CAVQuarantine@@MAE_NXZ
?LockDatFile@CAVQuarantineSync@@MAE_NXZ
?LockEvents@CBDCoreManip@@AAEXXZ
?ManageRegKeyBranchSecurity@CBDCoreManip@@SAXPAUHKEY__@@PBD@Z
?ManageRegKeySecurity@CBDCoreManip@@SA_NPAUHKEY__@@PBD_NPAPAX@Z
?MemoryScan@CBDCoreManip@@QAEXXZ
?OnObjectScanned@CBDCoreManip@@QAEXABH@Z
?OnQuickScanOperationHandler@CBDCoreManip@@QAEXPBD@Z
?OnThreatObjectFound@CBDCoreManip@@QAEXABH@Z
?Pause@CBDCoreManip@@QAEXXZ
?PerformIntegrityCheck@CAVQuarantine@@IAE_NABV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@@Z
?PerformNormalInitialization@CAVQuarantine@@MAEXXZ
?PerformQuickScan@CBDCoreManip@@QAEXXZ
?PostponeDelete@CAVQuarantine@@UAE?AW4QuarantineError@1@PBD@Z
?PostponeDelete@CAVQuarantineSync@@UAE?AW4QuarantineError@CAVQuarantine@@PBD@Z
?PostponeQuarantine@CAVQuarantine@@UAE?AW4QuarantineError@1@PBDK0@Z
?PostponeQuarantine@CAVQuarantineSync@@UAE?AW4QuarantineError@CAVQuarantine@@PBDK0@Z
?Put_optExtensions@CBDCoreManip@@QAEHPBD@Z
?Put_optHeuristics@CBDCoreManip@@QAEHH@Z
?Put_optReloadDataBase@CAVKernel@@QAEHXZ
?Put_optReloadDataBase@CBDCoreManip@@QAEHXZ
?Put_optScanArchives@CBDCoreManip@@QAEHH@Z
?Put_optScanEmail@CBDCoreManip@@QAEHH@Z
?Put_optScanPacked@CBDCoreManip@@QAEHH@Z
?QuarantineFile@CAVQuarantine@@UAE?AW4QuarantineError@1@PBDK0PAK@Z
?QuarantineFile@CAVQuarantineSync@@UAE?AW4QuarantineError@CAVQuarantine@@PBDK0PAK@Z
?QuarantineObject@CAVQuarantine@@UAE?AW4QuarantineError@1@PAUSCANRESULTEX@@PAK@Z
?QuarantineObject@CAVQuarantineSync@@UAE?AW4QuarantineError@CAVQuarantine@@PAUSCANRESULTEX@@PAK@Z
?QuarantineRegKey@CAVQuarantine@@IAE?AW4QuarantineError@1@ABUSCANRESULTEX@@PAK@Z
?QuarantineRegValue@CAVQuarantine@@IAE?AW4QuarantineError@1@ABUSCANRESULTEX@@PAK@Z
?ReadObjectInfo1@CAVQuarantine@@AAE_NAAUQuarantinedObjectInfoBase@1@PAU_iobuf@@@Z
?ReadObjectInfo2@CAVQuarantine@@AAE_NAAUQuarantinedObjectInfoBase@1@PAU_iobuf@@@Z
?ReadWriteObjectInfo@CAVQuarantine@@IAE_NAAUQuarantinedObjectInfoEx@1@PAU_iobuf@@_NI@Z
?RefreshQuarantineData@CAVQuarantineSync@@IAEXXZ
?ReloadAdwareDatabase@CAVKernel@@QAEHXZ
?RemoveCallbackEx@CBDCoreManip@@QAEXPAVIBDCoreManipEvents@1@@Z
?RemoveInvalidItem@CAVQuarantine@@AAEXDABV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@@Z
?ResetCurrentSessionStatistics@CBDCoreManip@@QAEXXZ
?ResetLastScannedProcessInfo@CBDCoreManip@@AAEXXZ
?RestoreFile@CAVQuarantine@@UAE?AW4QuarantineError@1@K@Z
?RestoreFile@CAVQuarantineSync@@UAE?AW4QuarantineError@CAVQuarantine@@K@Z
?RestoreObject@CAVQuarantine@@IAE?AW4QuarantineError@1@ABUQuarantinedObjectInfoEx@1@PBD@Z
?RestoreRegEntry@CAVQuarantine@@IAE?AW4QuarantineError@1@ABUQuarantinedObjectInfoEx@1@PBD@Z
?SaveModificationDate@CAVQuarantineSync@@IAEXPBD@Z
?ScanBoot@CBDCoreManip@@QAEHPBD@Z
?ScanFile@CBDCoreManip@@QAEHPBD@Z
?ScanFolder@CBDCoreManip@@QAEHPBD@Z
?ScanFolderOnly@CBDCoreManip@@QAEHPBD@Z
?SetCallback@CBDCoreManip@@QAEXP6AXPAUSCANRESULTEX@@PAX@Z1@Z
?SetCurrenSessionFoundFileWithThreat@CBDCoreManip@@QAEXK_N@Z
?SetCurrenSessionScannedProcesses@CBDCoreManip@@QAEXK_N@Z
?SetCurrentSessionScanedFileCounter@CBDCoreManip@@QAEXK_N@Z
?SetCurrentSessionScannedRegEntries@CBDCoreManip@@QAEXK_N@Z
?SetDefaultAction@CBDCoreManip@@QAEXH@Z
?SetEventsHandler@CAVQuarantine@@QAEXPAUIQuarantineEvents@1@@Z
?SetFilterThreats@CBDCoreManip@@QAEX_N@Z
?SetLastScanned@CBDCoreManip@@QAEXPBD@Z
?SetLastScannedProcess@CBDCoreManip@@IAEXPBD0@Z
?SetProgressCallback@CBDCoreManip@@QAEHP6AXPBDK_KPAX@Z2@Z
?SetScanResultArray@CBDCoreManip@@QAEXPAV?$CAtlArray@PAUSCANRESULTEX@@V?$CElementTraits@PAUSCANRESULTEX@@@ATL@@@ATL@@@Z
?Stop@CBDCoreManip@@QAEXXZ
?StoreQuarantineIndex@CAVQuarantine@@MAE_NABV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@_N@Z
?StoreQuarantineIndex@CAVQuarantineSync@@MAE_NABV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@_N@Z
?TrustAdware@@YAHKPAVCBDCoreManip@@@Z
?Unlock@CAVKernel@@QAEXXZ
?UnlockDatFile@CAVQuarantine@@MAEXXZ
?UnlockDatFile@CAVQuarantineSync@@MAEXXZ
?UnlockEvents@CBDCoreManip@@AAEXXZ
?UpdateAllowedDrivesList@CAVQuarantine@@MAEHXZ
?UpdateAllowedDrivesList@CAVQuarantineSync@@MAEHXZ
?UpdateFromVer1ToVer2@CAVQuarantine@@CAXAAUQuarantinedObjectInfoBase@1@@Z
?UpdateIndexModificationDate@CAVQuarantineSync@@AAE_NPBD@Z
?UpdateQuarantineList@CAVQuarantineSync@@IAEXABV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@_N@Z
?UpdateToTheLatestVer@CAVQuarantine@@AAEXAAUQuarantinedObjectInfoBase@1@I@Z
?ValidateIndexHeader@CAVQuarantine@@CA_NAAUQuarantineIndexHeader@1@PAU_iobuf@@@Z
?ValidateQuarantinedNameLen@CAVQuarantine@@CA_NH@Z
?ValidateSourcePathLen@CAVQuarantine@@CA_NH@Z
?ValidateVirusNameLen@CAVQuarantine@@CA_NH@Z
?WASRegistryScan@CBDCoreManip@@QAEXXZ
?_ClearScanExtensions@CBDCoreManip@@AAEXXZ
?_PutScanExtensions@CBDCoreManip@@AAEXV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@@Z
?_ScanFile@CBDCoreManip@@IAEHPBDK0@Z
?_ScanFolder@CBDCoreManip@@IAEHPBDH@Z
?_ScanProcess@CBDCoreManip@@IAEXAAUtagPROCESSENTRY32@@@Z
?fnavkernel@@YAHXZ
?g_pLog@@3PAVCAVLog@@A
?getDateChange@CAVQuarantineSync@@AAEAAU_FILETIME@@H@Z
?getDateChange@CAVQuarantineSync@@AAEPAU_FILETIME@@D@Z
?getDrive@CAVQuarantineSync@@ABEDH@Z
?getDrivesCount@CAVQuarantineSync@@ABEHXZ
?getFireUpdateEvents@CAVQuarantine@@IBE_NXZ
?getFirstAllowedDrive@CAVQuarantine@@IAEDXZ
?getNewID@CAVQuarantine@@IAEKXZ
?m_arNewerViruses@CBDCoreManip@@0V?$CAtlArray@V?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@V?$CElementTraits@V?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@@2@@ATL@@A
?m_arViri@CBDCoreManip@@0V?$CAtlArray@V?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@V?$CElementTraits@V?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@@2@@ATL@@A
?m_mapViri@CBDCoreManip@@0V?$CRBMap@V?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@KV?$CElementTraits@V?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@@2@V?$CElementTraits@K@2@@ATL@@A
?navkernel@@3HA
Sections
.text Size: 248KB - Virtual size: 245KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 56KB - Virtual size: 53KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 896B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ