d:\_vss\Products\WinLine\GenericAntiVirus\avkernel\avkernel.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
dde0e89c05cffd2506a865a810ec4f9b_JaffaCakes118.dll
Resource
win7-20240903-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
dde0e89c05cffd2506a865a810ec4f9b_JaffaCakes118.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
dde0e89c05cffd2506a865a810ec4f9b_JaffaCakes118
-
Size
568KB
-
MD5
dde0e89c05cffd2506a865a810ec4f9b
-
SHA1
55a11aeef024016e57deed706fec5bd8f4de0fe3
-
SHA256
f2996b6d2c9d4212aa2b5f18a79403e6d10838b459a46998047b9c69daa914db
-
SHA512
67c3d5149d14a22c72f843bc107d7b761b26efb6ecdca1ff2528e2695ce730883f469bf12c46bc6dd689ef0611fa0b1b960b3d1101c08e3ba426765ec6edfe54
-
SSDEEP
6144:NkKMZlVG9M8gOgspGOVFOdY5JKggMZBHajawopnVbMLNSx/VP5ond51ZvYhgOB4q:NNg8gOg0FOdY5JKFeBHajubAA1W9q
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource dde0e89c05cffd2506a865a810ec4f9b_JaffaCakes118
Files
-
dde0e89c05cffd2506a865a810ec4f9b_JaffaCakes118.dll windows:4 windows x86 arch:x86
5fd0dae90f828d94ccb9c3fee64fa01d
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
version
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
shfolder
SHGetFolderPathW
SHGetFolderPathA
kernel32
FreeLibrary
GetTempPathA
DeleteFileA
GetTempFileNameA
GetVersion
Sleep
TlsGetValue
TlsSetValue
lstrcatA
lstrcpyA
FindClose
FindNextFileA
GetTickCount
FindFirstFileA
Module32Next
Module32First
CreateToolhelp32Snapshot
OpenProcess
Process32Next
Process32First
CreateEventA
LoadLibraryA
SetFileAttributesA
GetLastError
CreateDirectoryA
WaitForSingleObject
GetCurrentThreadId
RemoveDirectoryA
GetDriveTypeA
MultiByteToWideChar
MoveFileA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
GetWindowsDirectoryA
GetShortPathNameA
CopyFileA
GetLogicalDriveStringsA
ReleaseMutex
GetFileTime
LoadLibraryExA
WritePrivateProfileStringA
GetPrivateProfileStringA
RaiseException
lstrlenW
GetEnvironmentVariableA
HeapDestroy
LocalFree
InterlockedDecrement
GetCurrentProcess
GetCurrentThread
CreateProcessA
GetModuleFileNameA
SetLastError
TerminateProcess
GetLongPathNameA
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionA
GetSystemDirectoryA
lstrcatW
lstrcpyW
lstrcmpW
CreateFileW
GetFileAttributesW
GetModuleHandleA
InterlockedIncrement
MapViewOfFileEx
GetFileAttributesExA
WritePrivateProfileSectionA
MoveFileExA
ExpandEnvironmentStringsA
DeviceIoControl
DisableThreadLibraryCalls
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetProcAddress
lstrcpynA
SetEvent
ResetEvent
GetFileAttributesA
CreateFileA
ReadFile
lstrcmpA
SetFilePointer
WideCharToMultiByte
FindResourceExA
FindResourceA
LocalAlloc
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
CloseHandle
GetLocalTime
lstrlenA
WriteFile
FlushFileBuffers
TlsAlloc
TlsFree
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ExitProcess
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
CreateMutexA
user32
SetWindowTextA
DispatchMessageW
TranslateMessage
DispatchMessageA
PeekMessageA
wsprintfA
wvsprintfA
MsgWaitForMultipleObjects
IsWindowUnicode
GetMessageW
GetMessageA
advapi32
RegSetValueExW
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenThreadToken
OpenProcessToken
CryptCreateHash
CryptGetHashParam
CryptHashData
CryptAcquireContextA
CryptReleaseContext
RegSetValueExA
RegCreateKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegDeleteValueA
RegDeleteKeyA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
RegGetKeySecurity
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CryptDestroyHash
RegQueryValueExW
RegOpenKeyExW
GetUserNameA
RegSaveKeyA
CreateServiceA
CloseServiceHandle
OpenSCManagerA
DeleteService
OpenServiceA
StartServiceA
QueryServiceStatus
RegEnumKeyA
shell32
SHGetSpecialFolderPathA
SHFileOperationA
ShellExecuteA
ole32
CoTaskMemFree
StringFromGUID2
CoInitialize
CoUninitialize
CoCreateGuid
CoInitializeEx
StringFromCLSID
CoCreateInstance
OleRun
StgOpenStorage
StgCreateDocfile
oleaut32
VariantClear
SysFreeString
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
LoadTypeLi
GetErrorInfo
msvcp71
?do_length@?$codecvt@DDH@std@@MBEHABHPBD1I@Z
?do_unshift@?$codecvt@DDH@std@@MBEHAAHPAD1AAPAD@Z
?do_out@?$codecvt@DDH@std@@MBEHAAHPBD1AAPBDPAD3AAPAD@Z
?do_in@?$codecvt@DDH@std@@MBEHAAHPBD1AAPBDPAD3AAPAD@Z
?do_encoding@codecvt_base@std@@MBEHXZ
?do_max_length@codecvt_base@std@@MBEHXZ
??0?$codecvt@DDH@std@@QAE@I@Z
?_Id_cnt@id@locale@std@@0HA
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?pubimbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
??0_Locimp@locale@std@@AAE@ABV012@@Z
??_7facet@locale@std@@6B@
??_7codecvt_base@std@@6B@
??_7?$codecvt@DDH@std@@6B@
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?seekpos@strstreambuf@std@@MAE?AV?$fpos@H@2@V32@H@Z
?_Nomemory@std@@YAXXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@Viterator@12@0ABV12@@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
?_Register@facet@locale@std@@QAEXXZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
??Bid@locale@std@@QAEIXZ
?id@?$ctype@D@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?width@ios_base@std@@QAEHH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?is@?$ctype@D@std@@QBE_NFD@Z
?to_char_type@?$char_traits@D@std@@SADABH@Z
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?eof@?$char_traits@D@std@@SAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?width@ios_base@std@@QBEHXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??1locale@std@@QAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??7ios_base@std@@QBE_NXZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??Bios_base@std@@QBEPAXXZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PADH@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?seekoff@strstreambuf@std@@MAE?AV?$fpos@H@2@JHH@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPBDH@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPADH@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?underflow@strstreambuf@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?pbackfail@strstreambuf@std@@MAEHH@Z
?overflow@strstreambuf@std@@MAEHH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Init@strstreambuf@std@@IAEXHPAD0H@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?freeze@strstreambuf@std@@QAEX_N@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??1strstreambuf@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1istrstream@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1ostrstream@std@@UAE@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?sgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPADH@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Fpz@std@@3_JA
?open@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
?close@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?eof@ios_base@std@@QBE_NXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?classic@locale@std@@SAABV12@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
shlwapi
PathAddBackslashA
PathStripPathA
PathFileExistsA
PathCombineA
PathFindFileNameA
PathAppendA
PathRemoveFileSpecA
StrChrA
StrRChrA
PathFindExtensionA
SHDeleteValueA
PathMatchSpecA
PathIsDirectoryA
PathCanonicalizeA
StrStrIA
SHDeleteKeyA
PathUnquoteSpacesA
SHCreateStreamOnFileA
StrCmpNIA
msvcr71
_mbstok
_mbsnbcpy
_strnicmp
_mbspbrk
_local_unwind2
_beginthreadex
wcschr
wcscmp
wcslen
??8type_info@@QBEHABV0@@Z
_mbsicoll
atoi
wcscpy
__security_error_handler
__CppXcptFilter
_adjust_fdiv
_initterm
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
__dllonexit
?before@type_info@@QBEHABV1@@Z
memset
_callnewh
floor
isdigit
strtol
_strlwr
strncmp
__CxxFrameHandler
??3@YAXPAX@Z
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
_CxxThrowException
memmove
_mbsnbcat
_mbsrchr
_mbscmp
_mbsicmp
_purecall
_mbsinc
_mbsspn
_mbscspn
_mbslwr
_vscprintf
vsprintf
??_V@YAXPAX@Z
free
malloc
_except_handler3
_mbctoupper
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@PBD@Z
_strupr
rand
srand
time
_mbsstr
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
fseek
ftell
_mbschr
fwrite
fread
fclose
fopen
tolower
__RTtypeid
__RTDynamicCast
_resetstkoflw
realloc
Exports
Exports
??$instantiate_pointer_iserializer@Vbinary_iarchive@archive@boost@@VCFileObjRef@@@detail@archive@boost@@YAABVbasic_pointer_iserializer@012@PAVbinary_iarchive@12@PAVCFileObjRef@@@Z
??$instantiate_pointer_iserializer@Vbinary_iarchive@archive@boost@@VCIniFileObjRef@@@detail@archive@boost@@YAABVbasic_pointer_iserializer@012@PAVbinary_iarchive@12@PAVCIniFileObjRef@@@Z
??$instantiate_pointer_iserializer@Vbinary_iarchive@archive@boost@@VCRegKeyObjRef@@@detail@archive@boost@@YAABVbasic_pointer_iserializer@012@PAVbinary_iarchive@12@PAVCRegKeyObjRef@@@Z
??$instantiate_pointer_iserializer@Vbinary_iarchive@archive@boost@@VCRegValueObjRef@@@detail@archive@boost@@YAABVbasic_pointer_iserializer@012@PAVbinary_iarchive@12@PAVCRegValueObjRef@@@Z
??$instantiate_pointer_oserializer@Vbinary_oarchive@archive@boost@@VCFileObjRef@@@detail@archive@boost@@YAABVbasic_pointer_oserializer@012@PAVbinary_oarchive@12@PAVCFileObjRef@@@Z
??$instantiate_pointer_oserializer@Vbinary_oarchive@archive@boost@@VCIniFileObjRef@@@detail@archive@boost@@YAABVbasic_pointer_oserializer@012@PAVbinary_oarchive@12@PAVCIniFileObjRef@@@Z
??$instantiate_pointer_oserializer@Vbinary_oarchive@archive@boost@@VCRegKeyObjRef@@@detail@archive@boost@@YAABVbasic_pointer_oserializer@012@PAVbinary_oarchive@12@PAVCRegKeyObjRef@@@Z
??$instantiate_pointer_oserializer@Vbinary_oarchive@archive@boost@@VCRegValueObjRef@@@detail@archive@boost@@YAABVbasic_pointer_oserializer@012@PAVbinary_oarchive@12@PAVCRegValueObjRef@@@Z
??$void_cast_register@VCFileObjRef@@VCQuarantineObjRefBase@@@serialization@boost@@YAABVvoid_caster@void_cast_detail@01@PBVCFileObjRef@@PBVCQuarantineObjRefBase@@@Z
??$void_cast_register@VCIniFileObjRef@@VCQuarantineObjRefBase@@@serialization@boost@@YAABVvoid_caster@void_cast_detail@01@PBVCIniFileObjRef@@PBVCQuarantineObjRefBase@@@Z
??$void_cast_register@VCRegKeyObjRef@@VCQuarantineObjRefBase@@@serialization@boost@@YAABVvoid_caster@void_cast_detail@01@PBVCRegKeyObjRef@@PBVCQuarantineObjRefBase@@@Z
??$void_cast_register@VCRegValueObjRef@@VCQuarantineObjRefBase@@@serialization@boost@@YAABVvoid_caster@void_cast_detail@01@PBVCRegValueObjRef@@PBVCQuarantineObjRefBase@@@Z
??0?$pointer_iserializer@VCFileObjRef@@Vbinary_iarchive@archive@boost@@@detail@archive@boost@@AAE@XZ
??0?$pointer_iserializer@VCIniFileObjRef@@Vbinary_iarchive@archive@boost@@@detail@archive@boost@@AAE@XZ
??0?$pointer_iserializer@VCRegKeyObjRef@@Vbinary_iarchive@archive@boost@@@detail@archive@boost@@AAE@XZ
??0?$pointer_iserializer@VCRegValueObjRef@@Vbinary_iarchive@archive@boost@@@detail@archive@boost@@AAE@XZ
??0?$pointer_oserializer@VCFileObjRef@@Vbinary_oarchive@archive@boost@@@detail@archive@boost@@AAE@XZ
??0?$pointer_oserializer@VCIniFileObjRef@@Vbinary_oarchive@archive@boost@@@detail@archive@boost@@AAE@XZ
??0?$pointer_oserializer@VCRegKeyObjRef@@Vbinary_oarchive@archive@boost@@@detail@archive@boost@@AAE@XZ
??0?$pointer_oserializer@VCRegValueObjRef@@Vbinary_oarchive@archive@boost@@@detail@archive@boost@@AAE@XZ
??0CAVLog@@QAE@PBD00PAUHKEY__@@@Z
??0CDevLog@@QAE@H@Z
??0CHashChecker@@QAE@XZ
??0CHashMD5@@QAE@XZ
??0CHashProvider@@QAE@XZ
??0CheckDigitalCertificates@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1CAVLog@@QAE@XZ
??1CHashChecker@@QAE@XZ
??1CHashMD5@@UAE@XZ
??4CAVLog@@QAEAAV0@ABV0@@Z
??RCDevLog@@QBAXKIPBDZZ
?AddLogEntry@CAVLog@@QAAXKIPBDZZ
?AddLogEntryEx@CAVLog@@QAAXKIIPBDPAD@Z
?Create@CPostponedQuarantineObjRefTask@AVPostponedTasks@@SAPAV12@XZ
?Create@CPostponedRegKeyTask@AVPostponedTasks@@SAPAV12@XZ
?Create@CPostponedRegValueTask@AVPostponedTasks@@SAPAV12@XZ
?CreateDirectoryTree@@YA_NPBD_NK@Z
?CreateInstance@CAVQuarantineSync@@SAPAV1@XZ
?DeleteAdware@@YAJKPAVCCoreManip@@@Z
?DeleteObject@CCoreManip@@SA_NABV?$shared_ptr@USCANRESULTEX@@@boost@@@Z
?DeleteRegKey@CCoreManip@@SA_NPBD@Z
?DeleteRegValue@CCoreManip@@SA_NPBD@Z
?DoSimpleDeletion@CAVQuarantine@@SA_NPBD@Z
?EnsureMoveFile@CAVQuarantine@@SA_NPBD0@Z
?Flush@CAVLog@@QAEXK@Z
?FlushLog@@YAXK@Z
?GetAdwareSpywareCount@@YAKXZ
?GetErrorDescription@CAVQuarantine@@SAPBDH@Z
?GetInstance@CPostponedTasks@AVPostponedTasks@@SAPAV12@XZ
?GetModuleInfo@ProcessHandler@@YA_NAAVModulesMap@1@PBDAAUModInfo@1@@Z
?GetRandomString@@YAPADPADH@Z
?HandleProcess@ProcessHandler@@YA?AW4ePHResult@1@W4ePHActions@1@PAUSCANRESULTEX@@AAUModInfo@1@PAUIProcessHandlerEvents@1@@Z
?InitAVEngine@CCoreManip@@QAE_NXZ
?InitAVEngine@CCoreManip@@UAE_NAAUInitAVEngineData@1@@Z
?IsQuarantineForDriveAllowed@CAVQuarantine@@SA_ND@Z
?IsRegKeyValuePresent@@YA_NPBDAAK@Z
?Log@@YAXKIPBDZZ
?MakeProcessesSnapShot@ProcessHandler@@YAXAAVModulesMap@1@@Z
?ManageRegKeyBranchSecurity@CCoreManip@@SAXPAUHKEY__@@PBD@Z
?ManageRegKeySecurity@CCoreManip@@SA_NPAUHKEY__@@PBD_NPAPAX@Z
?TrustAdware@@YAHKPAVCCoreManip@@@Z
?UninitAVEngine@CCoreManip@@UAEXXZ
?checkFile@CheckDigitalCertificates@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?fnavkernel@@YAHXZ
?getInstance@CAVKernel@@SAPAV1@_N@Z
?getInstance@CFileObjRef@@SAPAV1@XZ
?getInstance@CIniFileObjRef@@SAPAV1@XZ
?getInstance@CRegKeyObjRef@@SAPAV1@XZ
?getInstance@CRegValueObjRef@@SAPAV1@XZ
?instantiate@?$pointer_iserializer@VCFileObjRef@@Vbinary_iarchive@archive@boost@@@detail@archive@boost@@SAABV1234@XZ
?instantiate@?$pointer_iserializer@VCIniFileObjRef@@Vbinary_iarchive@archive@boost@@@detail@archive@boost@@SAABV1234@XZ
?instantiate@?$pointer_iserializer@VCRegKeyObjRef@@Vbinary_iarchive@archive@boost@@@detail@archive@boost@@SAABV1234@XZ
?instantiate@?$pointer_iserializer@VCRegValueObjRef@@Vbinary_iarchive@archive@boost@@@detail@archive@boost@@SAABV1234@XZ
?instantiate@?$pointer_oserializer@VCFileObjRef@@Vbinary_oarchive@archive@boost@@@detail@archive@boost@@SAABV1234@XZ
?instantiate@?$pointer_oserializer@VCIniFileObjRef@@Vbinary_oarchive@archive@boost@@@detail@archive@boost@@SAABV1234@XZ
?instantiate@?$pointer_oserializer@VCRegKeyObjRef@@Vbinary_oarchive@archive@boost@@@detail@archive@boost@@SAABV1234@XZ
?instantiate@?$pointer_oserializer@VCRegValueObjRef@@Vbinary_oarchive@archive@boost@@@detail@archive@boost@@SAABV1234@XZ
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@UIniData@CIniFileObjRef@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@V?$list@UIniData@CIniFileObjRef@@V?$allocator@UIniData@CIniFileObjRef@@@std@@@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@PAVCQuarantineObjRefBase@@V?$allocator@PAVCQuarantineObjRefBase@@@std@@@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VCFileObjRef@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VCIniFileObjRef@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VCRegKeyObjRef@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VCRegValueObjRef@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_ptr@?$pointer_iserializer@VCFileObjRef@@Vbinary_iarchive@archive@boost@@@detail@archive@boost@@EBEXAAVbasic_iarchive@234@AAPAXI@Z
?load_object_ptr@?$pointer_iserializer@VCIniFileObjRef@@Vbinary_iarchive@archive@boost@@@detail@archive@boost@@EBEXAAVbasic_iarchive@234@AAPAXI@Z
?load_object_ptr@?$pointer_iserializer@VCRegKeyObjRef@@Vbinary_iarchive@archive@boost@@@detail@archive@boost@@EBEXAAVbasic_iarchive@234@AAPAXI@Z
?load_object_ptr@?$pointer_iserializer@VCRegValueObjRef@@Vbinary_iarchive@archive@boost@@@detail@archive@boost@@EBEXAAVbasic_iarchive@234@AAPAXI@Z
?navkernel@@3HA
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@UIniData@CIniFileObjRef@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@V?$list@UIniData@CIniFileObjRef@@V?$allocator@UIniData@CIniFileObjRef@@@std@@@std@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@PAVCQuarantineObjRefBase@@V?$allocator@PAVCQuarantineObjRefBase@@@std@@@std@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VCFileObjRef@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VCIniFileObjRef@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VCRegKeyObjRef@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VCRegValueObjRef@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_ptr@?$pointer_oserializer@VCFileObjRef@@Vbinary_oarchive@archive@boost@@@detail@archive@boost@@EBEXAAVbasic_oarchive@234@PBX@Z
?save_object_ptr@?$pointer_oserializer@VCIniFileObjRef@@Vbinary_oarchive@archive@boost@@@detail@archive@boost@@EBEXAAVbasic_oarchive@234@PBX@Z
?save_object_ptr@?$pointer_oserializer@VCRegKeyObjRef@@Vbinary_oarchive@archive@boost@@@detail@archive@boost@@EBEXAAVbasic_oarchive@234@PBX@Z
?save_object_ptr@?$pointer_oserializer@VCRegValueObjRef@@Vbinary_oarchive@archive@boost@@@detail@archive@boost@@EBEXAAVbasic_oarchive@234@PBX@Z
?setAutoRun@CPostponedTasks@AVPostponedTasks@@SAXPBD_N@Z
Sections
.text Size: 416KB - Virtual size: 412KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 92KB - Virtual size: 91KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 40KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ