vds.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c88eb0b55df778d3971399187b46c440N.exe
Resource
win7-20240708-en
windows7-x64
0 signatures
120 seconds
Behavioral task
behavioral2
Sample
c88eb0b55df778d3971399187b46c440N.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
1 signatures
120 seconds
General
-
Target
c88eb0b55df778d3971399187b46c440N
-
Size
1008KB
-
MD5
c88eb0b55df778d3971399187b46c440
-
SHA1
1a8bf694143de55c6176ebaff0bd992e11b1241c
-
SHA256
83c534e672e2cb0245c76ca08612680feb29265c3c1242b332a5ed4091e86a10
-
SHA512
daf16a8efae5e7daccca5aa7cd84d533b3f5eca2b346cd468201b9307a41f4d6e03d5f16262a7de455b979c6d10c7259e8735b496482b0354a925c756ecea9b0
-
SSDEEP
24576:3Tud4g/6eEbNcXVM5/KSVg5mIMiuFVQFcFH3BKfWXw3XsPWKATDfdlfdVUTcyHgi:3Tud4gXEbNcXVM5/KSy5mIJuFVQAXBpn
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource c88eb0b55df778d3971399187b46c440N
Files
-
c88eb0b55df778d3971399187b46c440N.exe windows:6 windows x86 arch:x86
c858f76a8370d348efe4d7101b5a10a4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
user32
RegisterDeviceNotificationW
PeekMessageW
UnregisterDeviceNotification
GetMessageW
DefWindowProcW
CharNextW
PostThreadMessageW
LoadStringW
MessageBoxW
DispatchMessageW
msvcrt
_wcmdln
_exit
_cexit
__wgetmainargs
_ltow
swscanf_s
_ftol2
wcscpy_s
towupper
wcsncmp
wcsstr
_controlfp
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_XcptFilter
exit
memset
_purecall
??3@YAXPAX@Z
_vsnwprintf
??2@YAPAXI@Z
_wcsnicmp
_wcsicmp
memcpy
_wtol
rand
srand
time
atl
ord18
ord16
ord57
ord23
ord17
ord20
ord30
ord32
ntdll
RtlInitializeResource
RtlDeleteResource
RtlReleaseResource
RtlAcquireResourceShared
RtlAcquireResourceExclusive
RtlConvertSharedToExclusive
RtlConvertExclusiveToShared
RtlAdjustPrivilege
NtQueryVolumeInformationFile
RtlCompareMemory
api-ms-win-core-debug-l1-1-0
OutputDebugStringW
api-ms-win-core-errorhandling-l1-1-0
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
api-ms-win-core-file-l1-1-0
DefineDosDeviceW
DeleteVolumeMountPointW
GetVolumePathNameW
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetDriveTypeW
CreateFileW
SetFilePointerEx
WriteFile
QueryDosDeviceW
RemoveDirectoryW
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-heap-l1-1-0
HeapFree
HeapSetInformation
HeapAlloc
GetProcessHeap
api-ms-win-core-interlocked-l1-1-0
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
api-ms-win-core-io-l1-1-0
DeviceIoControl
api-ms-win-core-libraryloader-l1-1-0
GetModuleFileNameW
GetProcAddress
GetModuleHandleW
FreeLibrary
LoadLibraryExA
GetModuleHandleA
api-ms-win-core-localregistry-l1-1-0
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
api-ms-win-core-misc-l1-1-0
lstrlenW
lstrcmpiW
LocalFree
FormatMessageW
Sleep
api-ms-win-core-processenvironment-l1-1-0
GetCommandLineW
api-ms-win-core-processthreads-l1-1-0
SetThreadToken
OpenProcessToken
GetCurrentThreadId
OpenThreadToken
ResumeThread
GetStartupInfoW
GetCurrentProcessId
CreateThread
TerminateProcess
GetCurrentProcess
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-string-l1-1-0
WideCharToMultiByte
api-ms-win-core-synch-l1-1-0
WaitForSingleObject
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetEvent
CreateEventW
ReleaseSemaphore
api-ms-win-core-sysinfo-l1-1-0
GetTickCount
GetSystemTimeAsFileTime
api-ms-win-security-base-l1-1-0
DuplicateTokenEx
FreeSid
AddAccessAllowedAce
GetLengthSid
IsValidSid
MakeAbsoluteSD
GetSecurityDescriptorLength
MakeSelfRelativeSD
AdjustTokenPrivileges
api-ms-win-service-core-l1-1-0
StartServiceCtrlDispatcherW
SetServiceStatus
api-ms-win-service-winsvc-l1-1-0
RegisterServiceCtrlHandlerW
ControlService
api-ms-win-service-management-l1-1-0
CloseServiceHandle
OpenSCManagerW
OpenServiceW
DeleteService
CreateServiceW
api-ms-win-service-management-l2-1-0
QueryServiceObjectSecurity
SetServiceObjectSecurity
ChangeServiceConfig2W
setupapi
SetupDiEnumDeviceInterfaces
CM_Get_Parent
CM_Reenumerate_DevNode_Ex
SetupDiEnumDeviceInfo
CM_Get_DevNode_Status
SetupDiGetCustomDevicePropertyW
SetupDiCallClassInstaller
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
CM_Query_And_Remove_SubTreeW
SetupDiGetDeviceInterfaceDetailW
osuninst
IsUninstallImageValid
vdsutil
_VdsDisableCOMFatalExceptionHandling@0
?UnInitializeGlobalResouce@@YGJXZ
?Initialize@CGlobalResource@@QAEJXZ
??0CGlobalResource@@QAE@XZ
?Next@CRtlMapIter@@QAEAAV1@XZ
?Begin@CRtlMap@@QAE?AVCRtlMapIter@@XZ
?GetEntryPointer@CRtlListIter@@QAEPAXXZ
?Uninitialize@CVdsPnPNotificationBase@@QAEXXZ
?InsertTailPointer@CRtlList@@QAEHPAX@Z
?Remove@CRtlList@@QAEXAAVCRtlListIter@@@Z
?Remove@CRtlMap@@QAEHAAVCRtlEntry@@@Z
?FindPtr@CRtlMap@@QAEHAAVCRtlEntry@@PAPAV2@@Z
?VdsTraceW@@YAXKPAGZZ
?VdsTraceExW@@YAXKKPAGZZ
?GuidToString@@YGJPAU_GUID@@PAGK@Z
?IsLoggingEnabledW@@YGEXZ
?RemoveAll@CRtlMap@@QAEXH@Z
?Insert@CRtlMap@@QAEHAAVCRtlEntry@@0@Z
?Find@CRtlMap@@QAEHAAVCRtlEntry@@PAV2@@Z
?AcquireRundownProtection@@YGEPAU_RUNDOWN_REF@@@Z
?ReleaseRundownProtection@@YGXPAU_RUNDOWN_REF@@@Z
?IsDriveLetter@@YGHPAG@Z
?OpenDevice@@YGKPAGKPAPAX@Z
??1CRtlMap@@UAE@XZ
?InsertTail@CRtlList@@QAEHAAVCRtlEntry@@@Z
?VdsTrace@@YAXKPADZZ
?GetDeviceName@@YGKPAXHKPAG@Z
?InsertUnique@CRtlMap@@QAEHAAVCRtlEntry@@0@Z
?GetInterfaceDetailData@@YGKPAXPAU_SP_DEVICE_INTERFACE_DATA@@PAPAU_SP_DEVICE_INTERFACE_DETAIL_DATA_W@@@Z
?GetDeviceNumber@@YGKPAXPAU_STORAGE_DEVICE_NUMBER@@@Z
?Next@CPrvEnumObject@@UAGJKPAPAUIUnknown@@PAK@Z
?Skip@CPrvEnumObject@@UAGJK@Z
?Reset@CPrvEnumObject@@UAGJXZ
?Clone@CPrvEnumObject@@UAGJPAPAUIEnumVdsObject@@@Z
?Uninitialize@CVdsAsyncObjectBase@@SGXXZ
?InsertHeadPointer@CRtlList@@QAEHPAX@Z
?GetDiskLayout@@YGKPAXPAPAU_DRIVE_LAYOUT_INFORMATION_EX@@@Z
?IsEfiFirmware@@YGHXZ
?IsNoAutoMount@@YGHXZ
??1CVdsWmiVariantObjectArrayEnum@@QAE@XZ
?Detach@CVdsWmiVariantObjectArrayEnum@@QAEJXZ
?VdsWmiCopyFromVariantByteArray@@YGJPAUIWbemClassObject@@PAGJPAE@Z
?VdsWmiGetObjectFromInstance@@YGJPAUIWbemClassObject@@PAGPAPAU1@@Z
?InitializeRundownProtection@@YGXPAU_RUNDOWN_REF@@@Z
?VdsWmiGetByteFromInstance@@YGJPAUIWbemClassObject@@PAGPAE@Z
?Next@CVdsWmiVariantObjectArrayEnum@@QAEJPAPAUIWbemClassObject@@@Z
?Attach@CVdsWmiVariantObjectArrayEnum@@QAEJPAUtagVARIANT@@@Z
?VdsWmiConnectToNamespace@@YGJPAGPAPAUIWbemLocator@@PAPAUIWbemServices@@@Z
??0CVdsWmiVariantObjectArrayEnum@@QAE@XZ
?Append@CPrvEnumObject@@QAEJPAUIUnknown@@@Z
?Clear@CPrvEnumObject@@QAEXXZ
?LockDismountVolume@@YGKPAXHE@Z
?RegisterHandle@CVdsPnPNotificationBase@@QAEKPAXPAPAX@Z
?GetPartitionInformation@@YGKPAXPAU_PARTITION_INFORMATION_EX@@@Z
?GetDeviceAndMediaType@@YGKPAGPAXPAK2@Z
?InvalidateDiskCache@@YGJPAG@Z
?Initialize@CVdsPnPNotificationBase@@QAEKXZ
?Initialize@CVdsAsyncObjectBase@@SGKXZ
?IsWinPE@@YGHXZ
?VdsInitializeCriticalSection@@YGKPAU_RTL_CRITICAL_SECTION@@@Z
??0CVdsAsyncObjectBase@@QAE@XZ
??1CVdsAsyncObjectBase@@QAE@XZ
?Signal@CVdsAsyncObjectBase@@QAEXXZ
?SetCompletionStatus@CVdsAsyncObjectBase@@QAEXJK@Z
?QueryStatus@CVdsAsyncObjectBase@@UAGJPAJPAK@Z
?VdsIscsiIpAddressToString@@YGJPAU_VDS_IPADDRESS@@KPAG@Z
?VdsWmiGetUlonglongFromInstance@@YGJPAUIWbemClassObject@@PAGPA_K@Z
?VdsWmiFindInstanceOfClass@@YGJPAUIWbemServices@@PAG1PAPAUIWbemClassObject@@@Z
?VdsIscsiCheckEqualIpAddress@@YGHU_VDS_IPADDRESS@@0@Z
?VdsIscsiIpsecIdToIpAddress@@YGJEKPAEPAU_VDS_IPADDRESS@@@Z
?VdsIscsiIpAddressToIpsecId@@YGJPAU_VDS_IPADDRESS@@PAEPAKPAPAE@Z
?WriteBootCode@@YGKPAX@Z
?CoFreeStringArray@@YGXPAPAGJ@Z
?GetVolumeGuidPathnames@@YGJPAGPAKPAPAPAG@Z
?MountVolume@@YGKPAG@Z
?GetFileSystemRecognitionName@@YGJPAXPAPAG@Z
?GetFMIFSGetDefaultFilesystemRoutine@@YGP6GEPAUFMIFS_DEF_FS_PARAM@@PAUFMIFS_DEF_FS_OUT@@PAK@ZXZ
?GetVolumeName@@YGJPAGK0@Z
?AssignTempVolumeName@@YGJPAGQAG@Z
?GetVolumeDiskExtentInfo@@YGKPAXPAPAU_VOLUME_DISK_EXTENTS@@@Z
?RemoveTempVolumeName@@YGXPAG0@Z
?GarbageCollectDriveLetters@@YGXXZ
?DeleteNetworkShare@@YGHPAG@Z
?LockVolume@@YGKPAXE@Z
?GetVolumeUniqueId@@YGKPAU_VDS_VOLUME_PROP2@@@Z
?GetFMIFSEnableCompressionRoutine@@YGP6GEPAGG@ZXZ
?GetFMIFSFormatEx2Routine@@YGP6GXPAGW4_FMIFS_MEDIA_TYPE@@0PAUFMIFS_FORMATEX2_PARAM@@P6GEW4_FMIFS_PACKET_TYPE@@KPAX@Z@ZXZ
?VdsIscsiGetIpAddressFromInstance@@YGJPAUIWbemClassObject@@PAGPAU_VDS_IPADDRESS@@@Z
?VdsWmiGetObjectInVariantObjectArray@@YGJPAUIWbemClassObject@@PAGJPAPAU1@@Z
?VdsIscsiCacheSessionDevices@@YGJPAUIEnumWbemClassObject@@PAPAU_VDSISCSI_SESSION_DEVICES_CACHE@@@Z
?VdsWmiCallMethod@@YGJPAUIWbemServices@@PAUIWbemClassObject@@PAG1PAPAU2@@Z
?VdsWmiSetObjectInInstance@@YGJPAUIWbemClassObject@@PAG0@Z
?VdsWmiGetMethodArgumentObject@@YGJPAUIWbemServices@@PAG1PAPAUIWbemClassObject@@@Z
?VdsWmiSetUlonglongInInstance@@YGJPAUIWbemClassObject@@PAG_K@Z
?VdsWmiCreateVariantArray@@YGJGJPAUtagVARIANT@@@Z
?VdsWmiSetUlongInInstance@@YGJPAUIWbemClassObject@@PAGK@Z
?VdsWmiCreateClassInstance@@YGJPAUIWbemServices@@PAGPAPAUIWbemClassObject@@@Z
?DeleteBcdObjects@@YGJPAU_VDS_PARTITION_IDENTITY@@@Z
?UnregisterHandle@CVdsPnPNotificationBase@@QAEXPAX@Z
?GetBootFromDiskNumber@@YGJPAK@Z
?VdsDoesDiskHaveArcPath@@YGKKPAE@Z
?GetDeviceLocationEx@@YGKPAXKPAU_VDS_DISK_PROP2@@@Z
?GetDeviceRegistryProperty@@YGKKKPAPAEK@Z
?VdsAllocateEmptyString@@YGPAGXZ
?GetDeviceRegistryProperty@@YGKPAXPAU_SP_DEVINFO_DATA@@KPAPAEK@Z
?CreateDeviceInfoSet@@YGKPAGPAPAXPAU_SP_DEVINFO_DATA@@@Z
?IsDiskCurrentStateReadOnly@@YGKPAXPAE@Z
?IsDiskReadOnly@@YGKPAXPAE@Z
?IsDiskClustered@@YGKPAXPAE1@Z
?GetMediaGeometryEx@@YGKPAXPAU_VDS_DISK_PROP2@@@Z
?GetDiskOfflineReason@@YGKPAXPAW4_VDS_DISK_OFFLINE_REASON@@@Z
?WaitImpl@CVdsAsyncObjectBase@@QAEJPAJ@Z
?WaitForRundownProtectionRelease@@YGXPAU_RUNDOWN_REF@@@Z
?RemoveEventSource@@YGKPAG@Z
?AddEventSource@@YGKPAGPAUHINSTANCE__@@@Z
?VdsHeapAlloc@@YGPAXPAXKK@Z
?InitializeSecurityDescriptor@@YGKKPAXPAPAU_ACL@@PAPAX22@Z
??1CGlobalResource@@QAE@XZ
?LogInfo@@YGXPAGKKPAXK0PAD@Z
?LogError@@YGXPAGKKPAXKK0PAD@Z
?AllocateAndGetVolumePathName@@YGJPBGPAPAG@Z
?VdsHeapFree@@YGHPAXK0@Z
?VdsTraceEx@@YAXKKPADZZ
??0CVdsCallTracer@@QAE@KPBD@Z
?Begin@CRtlList@@QAE?AVCRtlListIter@@XZ
?GetEntry@CRtlListIter@@QAEPAVCRtlEntry@@XZ
?RemoveAll@CRtlList@@QAEXXZ
??1CVdsCallTracer@@QAE@XZ
??1CRtlList@@QAE@XZ
?End@CRtlList@@QAE?AVCRtlListIter@@XZ
??0CRtlList@@QAE@P6GXPAVCRtlEntry@@@Z@Z
?Prev@CRtlListIter@@QAEAAV1@XZ
?Next@CRtlListIter@@QAEAAV1@XZ
??0CRtlMap@@QAE@KP6GXPAVCRtlEntry@@@Z1@Z
?VdsWmiGetUlongFromInstance@@YGJPAUIWbemClassObject@@PAGPAK@Z
kernel32
FindNextVolumeMountPointW
VirtualAlloc
FindVolumeMountPointClose
CreateSemaphoreW
GetVolumeNameForVolumeMountPointW
FindFirstVolumeMountPointW
LoadLibraryW
GetVolumePathNamesForVolumeNameW
SetVolumeMountPointW
WaitForMultipleObjects
DelayLoadFailureHook
GetSystemDirectoryW
ReadFile
VirtualFree
GetFileAttributesW
GetCurrentThread
Exports
Exports
??0?$CVdsCoTaskPtr@G@@QAE@XZ
??0?$CVdsHandleImpl@$0A@@@QAE@XZ
??0?$CVdsHandleImpl@$0PPPPPPPP@@@QAE@XZ
??0?$CVdsHeapPtr@D@@QAE@XZ
??0?$CVdsHeapPtr@G@@QAE@XZ
??0?$CVdsHeapPtr@J@@QAE@XZ
??0?$CVdsHeapPtr@UFMIFS_DEF_FS_OUT@@@@QAE@XZ
??0?$CVdsHeapPtr@U_AUCTION_THREAD_PARAMETER@@@@QAE@XZ
??0?$CVdsHeapPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QAE@XZ
??0?$CVdsHeapPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QAE@XZ
??0?$CVdsHeapPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QAE@XZ
??0?$CVdsHeapPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QAE@XZ
??0?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINT@@@@QAE@XZ
??0?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QAE@XZ
??0?$CVdsHeapPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QAE@XZ
??0?$CVdsPtr@D@@QAE@XZ
??0?$CVdsPtr@G@@QAE@XZ
??0?$CVdsPtr@J@@QAE@XZ
??0?$CVdsPtr@UFMIFS_DEF_FS_OUT@@@@QAE@XZ
??0?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QAE@XZ
??0?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QAE@XZ
??0?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QAE@XZ
??0?$CVdsPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QAE@XZ
??0?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QAE@XZ
??0?$CVdsPtr@U_MOUNTMGR_MOUNT_POINT@@@@QAE@XZ
??0?$CVdsPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QAE@XZ
??0?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QAE@XZ
??0CPrvEnumObject@@QAE@XZ
??0CRtlSharedLock@@QAE@XZ
??0CVdsCriticalSection@@QAE@PAU_RTL_CRITICAL_SECTION@@@Z
??0CVdsPnPNotificationBase@@QAE@XZ
??0CVdsUnlockIt@@QAE@AAJ@Z
??1?$CVdsCoTaskPtr@G@@QAE@XZ
??1?$CVdsHandleImpl@$0A@@@QAE@XZ
??1?$CVdsHandleImpl@$0PPPPPPPP@@@QAE@XZ
??1?$CVdsHeapPtr@D@@QAE@XZ
??1?$CVdsHeapPtr@G@@QAE@XZ
??1?$CVdsHeapPtr@J@@QAE@XZ
??1?$CVdsHeapPtr@UFMIFS_DEF_FS_OUT@@@@QAE@XZ
??1?$CVdsHeapPtr@U_AUCTION_THREAD_PARAMETER@@@@QAE@XZ
??1?$CVdsHeapPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QAE@XZ
??1?$CVdsHeapPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QAE@XZ
??1?$CVdsHeapPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QAE@XZ
??1?$CVdsHeapPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QAE@XZ
??1?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINT@@@@QAE@XZ
??1?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QAE@XZ
??1?$CVdsHeapPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QAE@XZ
??1?$CVdsPtr@D@@QAE@XZ
??1?$CVdsPtr@G@@QAE@XZ
??1?$CVdsPtr@J@@QAE@XZ
??1?$CVdsPtr@UFMIFS_DEF_FS_OUT@@@@QAE@XZ
??1?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QAE@XZ
??1?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QAE@XZ
??1?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QAE@XZ
??1?$CVdsPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QAE@XZ
??1?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QAE@XZ
??1?$CVdsPtr@U_MOUNTMGR_MOUNT_POINT@@@@QAE@XZ
??1?$CVdsPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QAE@XZ
??1?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QAE@XZ
??1CPrvEnumObject@@QAE@XZ
??1CRtlSharedLock@@QAE@XZ
??1CVdsCriticalSection@@QAE@XZ
??1CVdsDebugLog@@QAE@XZ
??1CVdsPnPNotificationBase@@QAE@XZ
??1CVdsUnlockIt@@QAE@XZ
??4?$CVdsHandleImpl@$0A@@@QAEPAXPAX@Z
??4?$CVdsHandleImpl@$0PPPPPPPP@@@QAEPAXPAX@Z
??4?$CVdsHeapPtr@D@@QAEPADPAD@Z
??4?$CVdsHeapPtr@G@@QAEPAGPAG@Z
??4?$CVdsHeapPtr@J@@QAEPAJPAJ@Z
??4?$CVdsHeapPtr@UFMIFS_DEF_FS_OUT@@@@QAEPAUFMIFS_DEF_FS_OUT@@PAU1@@Z
??4?$CVdsHeapPtr@U_AUCTION_THREAD_PARAMETER@@@@QAEPAU_AUCTION_THREAD_PARAMETER@@PAU1@@Z
??4?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINT@@@@QAEPAU_MOUNTMGR_MOUNT_POINT@@PAU1@@Z
??4?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QAEPAU_MOUNTMGR_MOUNT_POINTS@@PAU1@@Z
??4?$CVdsHeapPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QAEPAU_SHRINK_VOLUME_THREAD_PARAMETER@@PAU1@@Z
??8?$CVdsHandleImpl@$0A@@@QBE_NPAX@Z
??8?$CVdsHandleImpl@$0PPPPPPPP@@@QBE_NPAX@Z
??8?$CVdsPtr@D@@QBE_NPAD@Z
??8?$CVdsPtr@G@@QBE_NPAG@Z
??8?$CVdsPtr@J@@QBE_NPAJ@Z
??8?$CVdsPtr@UFMIFS_DEF_FS_OUT@@@@QBE_NPAUFMIFS_DEF_FS_OUT@@@Z
??8?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QBE_NPAU_AUCTION_THREAD_PARAMETER@@@Z
??8?$CVdsPtr@U_MOUNTMGR_MOUNT_POINT@@@@QBE_NPAU_MOUNTMGR_MOUNT_POINT@@@Z
??8?$CVdsPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QBE_NPAU_MOUNTMGR_MOUNT_POINTS@@@Z
??8?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QBE_NPAU_SHRINK_VOLUME_THREAD_PARAMETER@@@Z
??9?$CVdsHandleImpl@$0PPPPPPPP@@@QBE_NPAX@Z
??9?$CVdsPtr@G@@QBE_NPAG@Z
??9?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QBE_NPAU_DRIVE_LAYOUT_INFORMATION_EX@@@Z
??A?$CVdsPtr@J@@QAEAAJJ@Z
??A?$CVdsPtr@UFMIFS_DEF_FS_OUT@@@@QAEAAUFMIFS_DEF_FS_OUT@@K@Z
??B?$CVdsHandleImpl@$0A@@@QAEPAXXZ
??B?$CVdsHandleImpl@$0PPPPPPPP@@@QAEPAXXZ
??B?$CVdsPtr@G@@QBEPAGXZ
??B?$CVdsPtr@J@@QBEPAJXZ
??B?$CVdsPtr@UFMIFS_DEF_FS_OUT@@@@QBEPAUFMIFS_DEF_FS_OUT@@XZ
??B?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QBEPAU_AUCTION_THREAD_PARAMETER@@XZ
??B?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QBEPAU_CLEAN_DISK_HANDLER_PARAMETER@@XZ
??B?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QBEPAU_FORMAT_VOLUME_THREAD_PARAMETER@@XZ
??B?$CVdsPtr@U_MOUNTMGR_MOUNT_POINT@@@@QBEPAU_MOUNTMGR_MOUNT_POINT@@XZ
??B?$CVdsPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QBEPAU_MOUNTMGR_MOUNT_POINTS@@XZ
??B?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QBEPAU_SHRINK_VOLUME_THREAD_PARAMETER@@XZ
??C?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QBEPAU_AUCTION_THREAD_PARAMETER@@XZ
??C?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QBEPAU_CLEAN_DISK_HANDLER_PARAMETER@@XZ
??C?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QBEPAU_DRIVE_LAYOUT_INFORMATION_EX@@XZ
??C?$CVdsPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QBEPAU_EXTEND_VOLUME_HANDLER_PARAMETER@@XZ
??C?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QBEPAU_FORMAT_VOLUME_THREAD_PARAMETER@@XZ
??C?$CVdsPtr@U_MOUNTMGR_MOUNT_POINT@@@@QBEPAU_MOUNTMGR_MOUNT_POINT@@XZ
??C?$CVdsPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QBEPAU_MOUNTMGR_MOUNT_POINTS@@XZ
??C?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QBEPAU_SHRINK_VOLUME_THREAD_PARAMETER@@XZ
??I?$CVdsHandleImpl@$0PPPPPPPP@@@QAEPAPAXXZ
??I?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QAEPAPAU_DRIVE_LAYOUT_INFORMATION_EX@@XZ
??_FCRtlList@@QAEXXZ
??_FCRtlMap@@QAEXXZ
?AcquireRead@CRtlSharedLock@@AAEXXZ
?AcquireWrite@CRtlSharedLock@@AAEXXZ
?AllowCancel@CVdsAsyncObjectBase@@QAEXXZ
?Attach@?$CVdsPtr@G@@QAEXPAG@Z
?Attach@?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QAEXPAU_CLEAN_DISK_HANDLER_PARAMETER@@@Z
?Attach@?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QAEXPAU_DRIVE_LAYOUT_INFORMATION_EX@@@Z
?Attach@?$CVdsPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QAEXPAU_EXTEND_VOLUME_HANDLER_PARAMETER@@@Z
?Attach@?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QAEXPAU_FORMAT_VOLUME_THREAD_PARAMETER@@@Z
?Attach@?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QAEXPAU_SHRINK_VOLUME_THREAD_PARAMETER@@@Z
?Close@?$CVdsHandleImpl@$0PPPPPPPP@@@QAEXXZ
?CurrentThreadIsWriter@CRtlSharedLock@@QAEHXZ
?Detach@?$CVdsHandleImpl@$0A@@@QAEPAXXZ
?Detach@?$CVdsHandleImpl@$0PPPPPPPP@@@QAEPAXXZ
?Detach@?$CVdsPtr@G@@QAEPAGXZ
?Detach@?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QAEPAU_AUCTION_THREAD_PARAMETER@@XZ
?Detach@?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QAEPAU_CLEAN_DISK_HANDLER_PARAMETER@@XZ
?Detach@?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QAEPAU_DRIVE_LAYOUT_INFORMATION_EX@@XZ
?Detach@?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QAEPAU_SHRINK_VOLUME_THREAD_PARAMETER@@XZ
?DisallowCancel@CVdsAsyncObjectBase@@QAEXXZ
?Downgrade@CRtlSharedLock@@AAEXXZ
?GetOutputType@CVdsAsyncObjectBase@@QAE?AW4_VDS_ASYNC_OUTPUT_TYPE@@XZ
?IsCancelRequested@CVdsAsyncObjectBase@@QAEHXZ
?Release@CRtlSharedLock@@AAEXXZ
?SetOutput@CVdsAsyncObjectBase@@QAEXU_VDS_ASYNC_OUTPUT@@@Z
?SetOutputType@CVdsAsyncObjectBase@@QAEXW4_VDS_ASYNC_OUTPUT_TYPE@@@Z
?SetPositionToLast@CPrvEnumObject@@QAEXXZ
?StartReferenceHistory@@YGKXZ
?StopReferenceHistory@@YGXXZ
?Upgrade@CRtlSharedLock@@AAEXXZ
?ZeroAsyncOut@CVdsAsyncObjectBase@@QAEXXZ
?m_NoDebuggerLogging@CVdsDebugLog@@QAEHXZ
?m_TracingLogEnabled@CVdsDebugLog@@QAEHXZ
Sections
.text Size: 422KB - Virtual size: 422KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 580KB - Virtual size: 584KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE