Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 3c87b55b3ca3fa1f86c4751500fd9b8e --

Hashes
MD5: 3c87b55b3ca3fa1f86c4751500fd9b8e
SHA1: 768f84eafaa90677ab15973d74b1f1c05a81cc36
SHA256: 5cfc2bac6b59a8e377e299b341add43ab0c4228d93cb13ee2d7300e6ac6dc19c
SSDEEP: 768:gFphp+F+UPEK+bj3ug3/YQfLvKMqP2nuqkraLerrsmxLYC:ApuL+bLug3/3fLa+nuqkrKerrDx
Details
File Type: 80386
Yara Hits
CuckooSandbox/embedded_win_api | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 |
Source
http://103.68.190.250/Sources//Advance/BJWJ/Builds/BootkitRunBot/Objs/Release/BotUtils.obj
Strings
		.drectve
.debug$S
`.debug$S
B.rdata
0@.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.rdata
0@.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.rdata
0@.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.rdata
0@.text
`.debug$S
B.rdata
0@.text
`.debug$S
B.text
`.debug$S
B.debug$T
B   /manifestdependency:"type='win32' name='Microsoft.VC90.CRT' version='9.0.21022.8' processorArchitecture='x86' publicKeyToken='1fc8b3b9a1e18e3b'" /DEFAULTLIB:"uuid.lib" /DEFAULTLIB:"uuid.lib" /DEFAULTLIB:"uuid.lib" /DEFAULTLIB:"uuid.lib" /DEFAULTLIB:"MSVCRT" /DEFAULTLIB:"OLDNAMES" 
e:\Projects\progs\Petrosjan\BJWJ\Builds\BootkitRunBot\Objs\Release\BotUtils.obj
Microsoft (R) Optimizing Compiler
e:\Projects\progs\Petrosjan\BJWJ\Builds\BootkitRunBot
D:\Program Files\Microsoft Visual Studio 9.0\VC\bin\cl.exe
-O1 -Oi -Ie:\Projects\progs\Petrosjan\BJWJ\Source\Misc -Ie:\Projects\progs\Petrosjan\BJWJ\Source\Common -Ie:\Projects\progs\Petrosjan\BJWJ\Source\Core -Ie:\Projects\progs\Petrosjan\BJWJ\Source -Ie:\Projects\progs\Petrosjan\BJWJ\Builds\BootkitRunBot\Modules -Ie:\Projects\progs\Petrosjan\BJWJ\include -Ie:\Projects\progs\Petrosjan\BJWJ\Builds\BootkitDropper -DWIN32 -DNDEBUG -D_WINDOWS -D_WINDLL -FD -MD -GS- -Gy -GR- -Foe:\Projects\progs\Petrosjan\BJWJ\Builds\BootkitRunBot\Objs\Release\ -Fde:\Projects\progs\Petrosjan\BJWJ\Builds\BootkitRunBot\Objs\Release\vc90.pdb -W3 -c -Zi -TP -nologo -errorreport:prompt -I"D:\Program Files\Microsoft Visual Studio 9.0\VC\include" -I"D:\Program Files\Microsoft Visual Studio 9.0\VC\atlmfc\include" -I"C:\Program Files\Microsoft SDKs\Windows\v6.0A\include" -I"C:\Program Files\Microsoft SDKs\Windows\v6.0A\include" -X
..\..\Source\Core\BotUtils.cpp
e:\Projects\progs\Petrosjan\BJWJ\Builds\BootkitRunBot\Objs\Release\vc90.pdb
DLL_SHELL32
SPACTION_NONE
SPACTION_MOVING
SPACTION_COPYING
SPACTION_RECYCLING
SPACTION_APPLYINGATTRIBS
SPACTION_DOWNLOADING
SPACTION_SEARCHING_INTERNET
SPACTION_CALCULATING
SPACTION_UPLOADING
SPACTION_SEARCHING_FILES
SPACTION_DELETING
SPACTION_RENAMING
PARSE_CANONICALIZE
PARSE_FRIENDLY
PARSE_SECURITY_URL
PARSE_ROOTDOCUMENT
PARSE_DOCUMENT
PARSE_ENCODE
PARSE_DECODE
PARSE_PATH_FROM_URL
PARSE_URL_FROM_PATH
PARSE_MIME
PARSE_SERVER
PARSE_SCHEMA
PARSE_SITE
PARSE_DOMAIN
PARSE_LOCATION
PARSE_SECURITY_DOMAIN
PARSE_ESCAPE
PSU_DEFAULT
OFS_INACTIVE
OFS_ONLINE
OFS_OFFLINE
OFS_SERVERBACK
BINDSTATUS_FINDINGRESOURCE
QUERY_IS_INSTALLEDENTRY
BINDSTATUS_CONNECTING
BINDSTATUS_REDIRECTING
BINDSTATUS_BEGINDOWNLOADDATA
BINDSTATUS_ENDDOWNLOADDATA
BINDSTATUS_BEGINDOWNLOADCOMPONENTS
BINDSTATUS_INSTALLINGCOMPONENTS
BINDSTATUS_ENDDOWNLOADCOMPONENTS
BINDSTATUS_USINGCACHEDCOPY
BINDSTATUS_SENDINGREQUEST
BINDSTATUS_MIMETYPEAVAILABLE
BINDSTATUS_CACHEFILENAMEAVAILABLE
BINDSTATUS_BEGINSYNCOPERATION
BINDSTATUS_ENDSYNCOPERATION
BINDSTATUS_BEGINUPLOADDATA
BINDSTATUS_ENDUPLOADDATA
BINDSTATUS_PROTOCOLCLASSID
BINDSTATUS_ENCODING
BINDSTATUS_VERIFIEDMIMETYPEAVAILABLE
BINDSTATUS_CLASSINSTALLLOCATION
BINDSTATUS_DECODING
BINDSTATUS_LOADINGMIMEHANDLER
BINDSTATUS_CONTENTDISPOSITIONATTACH
SYS_WIN32
SYS_MAC
BINDSTATUS_CLSIDCANINSTANTIATE
BINDSTATUS_IUNKNOWNAVAILABLE
BINDSTATUS_DIRECTBIND
BINDSTATUS_RAWMIMETYPE
BINDSTATUS_PROXYDETECTING
BINDSTATUS_ACCEPTRANGES
BINDSTATUS_COOKIE_SENT
BINDSTATUS_COMPACT_POLICY_RECEIVED
BINDSTATUS_COOKIE_SUPPRESSED
BINDSTATUS_COOKIE_STATE_ACCEPT
BINDSTATUS_COOKIE_STATE_REJECT
BINDSTATUS_COOKIE_STATE_PROMPT
BINDSTATUS_PERSISTENT_COOKIE_RECEIVED
BINDSTATUS_CACHECONTROL
BINDSTATUS_CONTENTDISPOSITIONFILENAME
BINDSTATUS_MIMETEXTPLAINMISMATCH
BINDSTATUS_PUBLISHERAVAILABLE
BINDSTATUS_DISPLAYNAMEAVAILABLE
MPOS_FULLCANCEL
MPOS_SELECTLEFT
fcmRead
fcmWrite
fcmReadWrite
fcmCreate
ApiCacheSize
FEATURE_OBJECT_CACHING
FEATURE_ZONE_ELEVATION
FEATURE_MIME_HANDLING
FEATURE_MIME_SNIFFING
FEATURE_WINDOW_RESTRICTIONS
FEATURE_WEBOC_POPUPMANAGEMENT
FEATURE_BEHAVIORS
FEATURE_DISABLE_MK_PROTOCOL
FEATURE_LOCALMACHINE_LOCKDOWN
FEATURE_SECURITYBAND
FEATURE_RESTRICT_ACTIVEXINSTALL
FEATURE_RESTRICT_FILEDOWNLOAD
FEATURE_ADDON_MANAGEMENT
FEATURE_PROTOCOL_LOCKDOWN
FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
FEATURE_SAFE_BINDTOOBJECT
FEATURE_UNC_SAVEDFILECHECK
FEATURE_GET_URL_DOM_FILEPATH_UNENCODED
TKIND_INTERFACE
FEATURE_TABBED_BROWSING
FEATURE_SSLUX
TKIND_DISPATCH
FEATURE_DISABLE_NAVIGATION_SOUNDS
FEATURE_DISABLE_LEGACY_COMPRESSION
TKIND_ALIAS
FEATURE_FORCE_ADDR_AND_STATUS
FEATURE_XMLHTTP
FEATURE_DISABLE_TELNET_PROTOCOL
FEATURE_FEEDS
FEATURE_BLOCK_INPUT_PROMPTS
DVEXTENT_CONTENT
	'BANKING_SIGNAL_FILE_HASH
CIP_DISK_FULL
CIP_ACCESS_DENIED
CIP_NEWER_VERSION_EXISTS
CHANGEKIND_ADDMEMBER
CIP_OLDER_VERSION_EXISTS
CIP_NAME_CONFLICT
CHANGEKIND_DELETEMEMBER
CIP_TRUST_VERIFICATION_COMPONENT_MISSING
CHANGEKIND_SETNAMES
CIP_EXE_SELF_REGISTERATION_TIMEOUT
CHANGEKIND_SETDOCUMENTATION
CHANGEKIND_GENERAL
CIP_UNSAFE_TO_ABORT
CHANGEKIND_INVALIDATE
CIP_NEED_REBOOT
CHANGEKIND_CHANGEFAILED
Uri_PROPERTY_STRING_START
Uri_PROPERTY_AUTHORITY
Uri_PROPERTY_DISPLAY_URI
Uri_PROPERTY_STRING_LAST
Uri_PROPERTY_ZONE
Uri_HOST_DNS
Uri_HOST_IPV4
CC_CDECL
CC_MSCPASCAL
CC_PASCAL
CC_MACPASCAL
CC_STDCALL
CC_FPFASTCALL
CC_SYSCALL
CC_MPWCDECL
CC_MPWPASCAL
COR_VERSION_MAJOR_V2
VAR_STATIC
IdleShutdown
StrBotWorkPath
NoAccess
URLZONE_INTRANET
ReadWrite
AL_MACHINE
AT_URLPROTOCOL
AT_STARTMENUCLIENT
URLZONEREG_DEFAULT
URLZONEREG_HKLM
BOT_WORK_FOLDER_NAME
BOT_FILE_NAME
BOT_STOPAV_NAME
BOT_MINIAV_NAME
BOT_STAV_HASH
BOT_MNAV_HASH
CT_AND_CONDITION
SA_Yes
SA_Maybe
SA_NoAccess
SA_Read
SA_Write
SA_ReadWrite
COP_VALUE_NOTCONTAINS
SQPE_NONE
SQPE_EXTRA_OPENING_PARENTHESIS
SQPE_IGNORED_MODIFIER
SQPE_IGNORED_CONNECTOR
SQPE_IGNORED_KEYWORD
VT_BSTR
VT_DISPATCH
ILK_NEGATIVE_INFINITY
QPMO_PRELOCALIZED_SCHEMA_BINARY_PATH
QPMO_LOCALIZED_SCHEMA_BINARY_PATH
QPMO_APPEND_LCID_TO_LOCALIZED_PATH
MARKUPSIZE_CALCWIDTH
MARKUPLINKTEXT_URL
MARKUPLINKTEXT_ID
VT_RECORD
MARKUPMESSAGE_KEYEXECUTE
VT_RESERVED
TYSPEC_MIMETYPE
TYSPEC_FILENAME
TYSPEC_PROGID
TYSPEC_PACKAGENAME
MiniAVPath
DESCKIND_IMPLICITAPPOBJ
StopAVPath
BINDSTRING_POST_COOKIE
BINDSTRING_FLAG_BIND_TO_OBJECT
NODE_INVALID
NODE_ELEMENT
NODE_ATTRIBUTE
NODE_TEXT
NODE_CDATA_SECTION
NODE_ENTITY_REFERENCE
NODE_ENTITY
NODE_COMMENT
NODE_DOCUMENT
NODE_DOCUMENT_TYPE
NODE_DOCUMENT_FRAGMENT
XMLELEMTYPE_DOCUMENT
FFFP_EXACTMATCH
NEC_MEDIUM
DLL_KERNEL32
tagPARAMDESC
tagPARAMDESCEX
tagBINDPTR
LPPARAMDESCEX
CALLCONV
BINDPTR
TYPEKIND
FUNCKIND
PARAMDESC
tagTLIBATTR
ELEMDESC
VARIANTARG
_LIST_ENTRY
SAFEARRAYBOUND
tagELEMDESC
DESCKIND
TYPEDESC
tagEXCEPINFO
tagSTATSTG
VARKIND
LPOLESTR
tagFUNCDESC
tagIDLDESC
TMemory
LONGLONG
tagApplicationType
tagCABSTR
PIDMSI_STATUS_VALUE
LONG_PTR
PROPVAR_PAD3
LPVOID
STRBUF::TStrRec
FUNCDESC
TBotApplication
tagCACLSID
tagCADBL
SIZE_T
tagBANDSITECID
HREFTYPE
tagTYPEKIND
tagDESCKIND
tagCACY
tagSYSKIND
tagXMLEMEM_TYPE
OLECHAR
tagVARKIND
EXCEPINFO
PFNDACOMPARE
_FILETIME
ULONGLONG
VARDESC
LPCOLESTR
tagSTRUCTURED_QUERY_SINGLE_OPTION
IUnknown
MEMBERID
tagARRAYDESC
DOUBLE
tagVARDESC
tagBINDSTRING
DECIMAL
LPCWSTR
SYSKIND
__MIDL_IUri_0001
tagCONDITION_OPERATION
TListTemplate<void *>
TBotSocket
BSTRBLOB
tagCAH
_tagQUERYOPTION
TBotEvent
_TP_CALLBACK_ENVIRON
_TP_CALLBACK_ENVIRON::<unnamed-type-u>
_TP_CALLBACK_ENVIRON::<unnamed-type-u>::<unnamed-type-s>
ITypeComp
TProcessType
tagCAUI
tagCAFILETIME
LPITEMIDLIST
tagDISPPARAMS
VARIANT_BOOL
tagSAFEARRAY
PROPVARIANT
LIST_ENTRY
CAPROPVARIANT
tagTYSPEC
HCRYPTKEY
TMultiPartData
TMultiPartData::TReadPart
tagTYPEDESC
FOLDERTYPEID
tagCLIPDATA
CADATE
PFNDPAMERGE
tagPKA_FLAGS
tagCAC
KNOWNFOLDERID
IDLDESC
PTP_CALLBACK_INSTANCE
tagTYPEATTR
tagSAFEARRAYBOUND
PWCHAR
HWND__
tagBLOB
tagURLZONE
_LARGE_INTEGER
_LARGE_INTEGER::<unnamed-type-u>
ReplacesCorHdrNumericDefines
_ULARGE_INTEGER
_ULARGE_INTEGER::<unnamed-type-u>
ISequentialStream
tagSTRUCTURED_QUERY_MULTIOPTION
VARENUM
tagCAI
tagCAUB
tagFUNCKIND
PCUWSTR
LPSAFEARRAY
tagFILE_USAGE_TYPE
tagQUERY_PARSER_MANAGER_OPTION
_URLZONEREG
RTL_CRITICAL_SECTION
THTTPRequest
TListNotifyEvent
tagBSTRBLOB
TLIBATTR
LARGE_INTEGER
IEnumSTATSTG
VARTYPE
TBotCollectionItem
TP_VERSION
ITypeLib
TBotStrings
tagDEC
TValue
PFNDAENUMCALLBACK
CLIPDATA
TYPEATTR
tagVARIANT
DISPID
PRTL_CRITICAL_SECTION
vc_attributes::YesNoMaybe
vc_attributes::PreAttribute
vc_attributes::PostAttribute
vc_attributes::AccessType
USHORT
tagCADATE
TBotStream
tagMARKUPMESSAGE
tagCAUH
ULARGE_INTEGER
IRecordInfo
LPARAM
_RTL_CRITICAL_SECTION
ldiv_t
CASCODE
_SPTEXT
TDataBlock
PRTL_CRITICAL_SECTION_DEBUG
tagASSOCIATIONTYPE
CAFILETIME
HIMAGELIST
KF_CATEGORY
DISPPARAMS
LPVARIANT
INVOKEKIND
ITEMIDLIST
tagFFFP_MODE
STATSTG
__MIDL_IUri_0002
HANDLE
tagCALPWSTR
HCRYPTPROV
_tagPSUACTION
PROPVAR_PAD1
CALPSTR
HCRYPTHASH
PTP_POOL
tagINTERVAL_LIMIT_KIND
STRUTILS<wchar_t>
LPBYTE
SAFEARRAY
tagMARKUPSIZE
tagCABOOL
_RTL_CRITICAL_SECTION_DEBUG
IStorage
TWinCrypt
tagCONDITION_TYPE
tagSTRUCTURED_QUERY_PARSE_ERROR
tagKNOWNFOLDER_DEFINITION
CALPWSTR
PUWSTR
TString<char>
TBotList
TBotObject
tagMARKUPLINKTEXT
KF_DEFINITION_FLAGS
tagCALPSTR
TEventContainer
ITypeInfo
LPWSTR
LPVERSIONEDSTREAM
IStream
size_t
tagPROPVARIANT
CABSTRBLOB
TBotFileStream
tagVersionedStream
tagASSOCIATIONLEVEL
tagMENUPOPUPSELECT
FILETIME
tagCAFLT
tagCACLIPDATA
TDllId
tagBINDSTATUS
OfflineFolderStatus
VARIANT
IDispatch
tagDOMNodeType
tagShutdownType
_ITEMIDLIST
tagCAL
tagCAPROPVARIANT
tagExtentMode
tagCABSTRBLOB
SHITEMID
PTP_SIMPLE_CALLBACK
tagCHANGEKIND
CACLIPDATA
PTP_CLEANUP_GROUP_CANCEL_CALLBACK
TValues
PTP_CALLBACK_ENVIRON
PTP_CLEANUP_GROUP
__MIDL___MIDL_itf_structuredquery_0000_0013_0001
CACLSID
ULONG_PTR
_SPACTION
STRUTILS<char>
PROPVAR_PAD2
_ldiv_t
PFNDACOMPARECONST
__MIDL_ICodeInstall_0001
TMultiPartDataItem
PFNDAENUMCALLBACKCONST
HRESULT
KNOWNFOLDER_DEFINITION
TBotCollection
tagCALLCONV
_tagINTERNETFEATURELIST
PFNDPAMERGECONST
CABOOL
string
_tagPARSEACTION
TStrEnum
tagCASCODE
tagCAUL
_SHITEMID
CABSTR
Iakytp[O:ac
v>.kD0
c:\program files\microsoft sdks\windows\v6.0a\include\mmsystem.h
c:\program files\microsoft sdks\windows\v6.0a\include\structuredquery.h
c:\program files\microsoft sdks\windows\v6.0a\include\objidl.h
c:\program files\microsoft sdks\windows\v6.0a\include\winnetwk.h
e:\projects\progs\petrosjan\bjwj\source\core\config.h
c:\program files\microsoft sdks\windows\v6.0a\include\nb30.h
c:\program files\microsoft sdks\windows\v6.0a\include\shlguid.h
c:\program files\microsoft sdks\windows\v6.0a\include\oleidl.h
c:\program files\microsoft sdks\windows\v6.0a\include\unknwn.h
c:\program files\microsoft sdks\windows\v6.0a\include\msxml.h
c:\program files\microsoft sdks\windows\v6.0a\include\cguid.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcdcep.h
c:\program files\microsoft sdks\windows\v6.0a\include\winefs.h
e:\projects\progs\petrosjan\bjwj\source\core\listtemplate.cpp
d:\program files\microsoft visual studio 9.0\vc\include\crtassem.h
c:\program files\microsoft sdks\windows\v6.0a\include\comcat.h
d:\program files\microsoft visual studio 9.0\vc\include\vadefs.h
c:\program files\microsoft sdks\windows\v6.0a\include\winnt.h
d:\program files\microsoft visual studio 9.0\vc\include\ctype.h
e:\projects\progs\petrosjan\bjwj\source\core\botutils.cpp
c:\program files\microsoft sdks\windows\v6.0a\include\wincon.h
c:\program files\microsoft sdks\windows\v6.0a\include\guiddef.h
c:\program files\microsoft sdks\windows\v6.0a\include\mcx.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpc.h
c:\program files\microsoft sdks\windows\v6.0a\include\winerror.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcdce.h
c:\program files\microsoft sdks\windows\v6.0a\include\wingdi.h
c:\program files\microsoft sdks\windows\v6.0a\include\winbase.h
c:\program files\microsoft sdks\windows\v6.0a\include\sherrors.h
c:\program files\microsoft sdks\windows\v6.0a\include\shtypes.h
c:\program files\microsoft sdks\windows\v6.0a\include\pshpack8.h
c:\program files\microsoft sdks\windows\v6.0a\include\knownfolders.h
c:\program files\microsoft sdks\windows\v6.0a\include\oaidl.h
c:\program files\microsoft sdks\windows\v6.0a\include\pshpack4.h
d:\program files\microsoft visual studio 9.0\vc\include\string.h
c:\program files\microsoft sdks\windows\v6.0a\include\winsock.h
c:\program files\microsoft sdks\windows\v6.0a\include\winreg.h
c:\program files\microsoft sdks\windows\v6.0a\include\shlobj.h
c:\program files\microsoft sdks\windows\v6.0a\include\commctrl.h
e:\projects\progs\petrosjan\bjwj\source\core\botsocket.h
c:\program files\microsoft sdks\windows\v6.0a\include\shobjidl.h
e:\projects\progs\petrosjan\bjwj\source\core\utils.h
c:\program files\microsoft sdks\windows\v6.0a\include\ole2.h
c:\program files\microsoft sdks\windows\v6.0a\include\objbase.h
c:\program files\microsoft sdks\windows\v6.0a\include\shldisp.h
d:\program files\microsoft visual studio 9.0\vc\include\stdlib.h
d:\program files\microsoft visual studio 9.0\vc\include\limits.h
c:\program files\microsoft sdks\windows\v6.0a\include\winspool.h
c:\program files\microsoft sdks\windows\v6.0a\include\poppack.h
c:\program files\microsoft sdks\windows\v6.0a\include\prsht.h
c:\program files\microsoft sdks\windows\v6.0a\include\winver.h
c:\program files\microsoft sdks\windows\v6.0a\include\tvout.h
e:\projects\progs\petrosjan\bjwj\source\core\strings.h
e:\projects\progs\petrosjan\bjwj\builds\bootkitrunbot\modules\modules.h
c:\program files\microsoft sdks\windows\v6.0a\include\propidl.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcnterr.h
e:\projects\progs\petrosjan\bjwj\source\core\botutils.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcasync.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcnsi.h
c:\program files\microsoft sdks\windows\v6.0a\include\winperf.h
c:\program files\microsoft sdks\windows\v6.0a\include\shellapi.h
c:\program files\microsoft sdks\windows\v6.0a\include\dlgs.h
c:\program files\microsoft sdks\windows\v6.0a\include\winscard.h
c:\program files\microsoft sdks\windows\v6.0a\include\wtypes.h
c:\program files\microsoft sdks\windows\v6.0a\include\winsmcrd.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcndr.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcnsip.h
c:\program files\microsoft sdks\windows\v6.0a\include\winnls.h
c:\program files\microsoft sdks\windows\v6.0a\include\bcrypt.h
c:\program files\microsoft sdks\windows\v6.0a\include\imm.h
c:\program files\microsoft sdks\windows\v6.0a\include\commdlg.h
c:\program files\microsoft sdks\windows\v6.0a\include\lzexpand.h
c:\program files\microsoft sdks\windows\v6.0a\include\ddeml.h
c:\program files\microsoft sdks\windows\v6.0a\include\specstrings.h
c:\program files\microsoft sdks\windows\v6.0a\include\wincrypt.h
c:\program files\microsoft sdks\windows\v6.0a\include\specstrings_adt.h
c:\program files\microsoft sdks\windows\v6.0a\include\urlmon.h
c:\program files\microsoft sdks\windows\v6.0a\include\pshpack2.h
c:\program files\microsoft sdks\windows\v6.0a\include\reason.h
c:\program files\microsoft sdks\windows\v6.0a\include\ncrypt.h
c:\program files\microsoft sdks\windows\v6.0a\include\isguids.h
c:\program files\microsoft sdks\windows\v6.0a\include\specstrings_strict.h
c:\program files\microsoft sdks\windows\v6.0a\include\servprov.h
c:\program files\microsoft sdks\windows\v6.0a\include\specstrings_undef.h
c:\program files\microsoft sdks\windows\v6.0a\include\basetsd.h
c:\program files\microsoft sdks\windows\v6.0a\include\exdisp.h
c:\program files\microsoft sdks\windows\v6.0a\include\stralign.h
c:\program files\microsoft sdks\windows\v6.0a\include\winioctl.h
e:\projects\progs\petrosjan\bjwj\source\core\botcore.h
c:\program files\microsoft sdks\windows\v6.0a\include\propsys.h
e:\projects\progs\petrosjan\bjwj\source\core\memory.h
c:\program files\microsoft sdks\windows\v6.0a\include\winuser.h
c:\program files\microsoft sdks\windows\v6.0a\include\winsvc.h
e:\projects\progs\petrosjan\bjwj\source\core\strconsts.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcsal.h
c:\program files\microsoft sdks\windows\v6.0a\include\cderr.h
c:\program files\microsoft sdks\windows\v6.0a\include\ktmtypes.h
c:\program files\microsoft sdks\windows\v6.0a\include\dde.h
e:\projects\progs\petrosjan\bjwj\source\core\getapi.h
e:\projects\progs\petrosjan\bjwj\source\core\crypt.h
c:\program files\microsoft sdks\windows\v6.0a\include\windows.h
c:\program files\microsoft sdks\windows\v6.0a\include\sdkddkver.h
d:\program files\microsoft visual studio 9.0\vc\include\excpt.h
e:\projects\progs\petrosjan\bjwj\source\core\bothttp.h
d:\program files\microsoft visual studio 9.0\vc\include\crtdefs.h
e:\projects\progs\petrosjan\bjwj\source\core\botclasses.h
d:\program files\microsoft visual studio 9.0\vc\include\sal.h
d:\program files\microsoft visual studio 9.0\vc\include\codeanalysis\sourceannotations.h
e:\projects\progs\petrosjan\bjwj\source\core\strimplementation.cpp
c:\program files\microsoft sdks\windows\v6.0a\include\propkeydef.h
c:\program files\microsoft sdks\windows\v6.0a\include\docobj.h
c:\program files\microsoft sdks\windows\v6.0a\include\oleauto.h
c:\program files\microsoft sdks\windows\v6.0a\include\ocidl.h
d:\program files\microsoft visual studio 9.0\vc\include\stdarg.h
c:\program files\microsoft sdks\windows\v6.0a\include\pshpack1.h
c:\program files\microsoft sdks\windows\v6.0a\include\windef.h
c:\program files\microsoft sdks\windows\v6.0a\include\inaddr.h
$T0 .raSearch = $eip $T0 ^ = $esp $T0 4 + =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + =
$T0 .raSearch = $eip $T0 ^ = $esp $T0 4 + = $ebx $T0 4 - ^ =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 52 - ^ =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 16 - ^ =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 20 - ^ =
TBotObject::~TBotObject
TBotObject::`scalar deleting destructor'
TBotObject::TBotObject
TString<char>::t_str
STRUTILS<char>::IsEmpty
STRUTILS<char>::Length
pushargEx<7,3378349382,444,HWND__ *,wchar_t *,int,bool>
newfunc
pushargEx<1,1235302236,53,wchar_t *,int>
newfunc
pushargEx<1,748795376,127,wchar_t *,wchar_t *>
newfunc
pushargEx<1,150532354,21,wchar_t *,unsigned long,int,int,int,int,int>
newfunc
pushargEx<1,2920792177,41,void *,_FILETIME *,_FILETIME *,_FILETIME *>
newfunc
pushargEx<1,1916711125,17,void *>
newfunc
pushargEx<1,150532372,20,char *,long,int,int,int,int,int>
newfunc
pushargEx<1,2920793457,42,void *,_FILETIME *,_FILETIME *,_FILETIME *>
newfunc
pushargEx<1,1196787617,85,wchar_t *>
newfunc
pushargEx<1,1297450913,59,wchar_t *,int>
newfunc
pushargEx<1,786755867,30,wchar_t *,wchar_t *,int>
newfunc
pushargEx<1,2180051145,36,wchar_t *>
newfunc
pushargEx<1,150532354,21,wchar_t *,long,int,int,int,int,int>
newfunc
pushargEx<1,255840707,22,void *,void *,unsigned long,unsigned long *,int>
newfunc
pushargEx<1,749073264,129,wchar_t *,wchar_t *>
newfunc
pushargEx<1,1493072552,55,int,wchar_t *>
newfunc
pushargEx<1,262468884,103,wchar_t *,wchar_t const *,int,wchar_t *>
newfunc
STRUTILS<wchar_t>::Hash
LowerCase
h`@Tlj
pushargEx<1,1817460832,156,int>
newfunc
pushargEx<1,168244599,169,char *,int>
newfunc
pushargEx<1,1297450935,58,char *,int>
newfunc
STRUTILS<char>::Hash
LowerCase
STRUTILS<char>::LongToString
STRBUF::GetRec<char>
STRBUF::Alloc<char>
GetShellFoldersKey
dwParam
0SWj\Xjsf
SetFakeFileDateTime
SetFakeFileDateTimeW
AddToAutoRun
TempFileName
AddToAutoRun
written
GetMiniAVPath
GetStopAVPath
GetTempName
IsHideFile
FileName
FileNameLen
ControlPoint
CopyFileToTemp
DisableShowFatalErrorDialog
TString<char>::TString<char>
STRUTILS<char>::Hash
STRBUF::AddRef<char>
STRBUF::Release<char>
STRBUF::CreateFromStr<char>
StrLen
ResultStrSize
TString<char>::TString<char>
TString<char>::~TString<char>
TString<char>::SetLength
NewLength
STRBUF::Append<char>
SrcLen
BOT::MakeBotPath
BOT::MakeWorkFolder
WorkPath
TString<char>::`scalar deleting destructor'
TString<char>::LongToStr
TString<char>::operator+=
Source
BOT::MakeWorkPath
CreateInfectedProcessHandle
Prefix
BOT::MarkAsInfcted
BOT::ProcessInfected
e:\projects\progs\petrosjan\bjwj\builds\bootkitrunbot\objs\release\vc90.pdb
@comp.id	x
@feat.00
.drectve
.debug$S
.debug$S
.rdata
.debug$S
.debug$S
.debug$S
.rdata
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.rdata
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.rdata
.debug$S
.rdata
.debug$S
.debug$S
.debug$T
?StopAVPath@@3PA_WA
?BOT_WORK_FOLDER_NAME@@3PADA
?BOT_FILE_NAME@@3PA_WA
?BOT_STOPAV_NAME@@3PA_WA
?BOT_MINIAV_NAME@@3PA_WA
?BOT_STAV_HASH@@3KA
?BOT_MNAV_HASH@@3KA
?MiniAVPath@@3PA_WA
??1TBotObject@@UAE@XZ
??_7TBotObject@@6B@
??_GTBotObject@@UAEPAXI@Z
??_ETBotObject@@UAEPAXI@Z
??_GTBotObject@@UAEPAXI@Z
??3TBotObject@@SAXPAX@Z
??0TBotObject@@QAE@XZ
?t_str@?$TString@D@@QBEPADXZ
??_C@_11LOCGONAA@?$AA?$AA@
?IsEmpty@?$STRUTILS@D@@SA_NPBD@Z
?Length@?$STRUTILS@D@@SAKPBD@Z
??$pushargEx@$06$0MJFNIFEG@$0BLM@PAUHWND__@@PA_WH_N@@YAPAXPAUHWND__@@PA_WH_N@Z
?GetProcAddressEx2@@YAPAXPADKKH@Z
??$pushargEx@$00$0EJKBDHFM@$0DF@PA_WH@@YAPAXPA_WH@Z
??$pushargEx@$00$0CMKBLFPA@$0HP@PA_WPA_W@@YAPAXPA_W0@Z
??$pushargEx@$00$0IPIPBAC@$0BF@PA_WKHHHHH@@YAPAXPA_WKHHHHH@Z
??$pushargEx@$00$0KOBHMAHB@$0CJ@PAXPAU_FILETIME@@PAU1@PAU1@@@YAPAXPAXPAU_FILETIME@@11@Z
??$pushargEx@$00$0HCDOLANF@$0BB@PAX@@YAPAXPAX@Z
??$pushargEx@$00$0IPIPBBE@$0BE@PADJHHHHH@@YAPAXPADJHHHHH@Z
??$pushargEx@$00$0KOBHMFHB@$0CK@PAXPAU_FILETIME@@PAU1@PAU1@@@YAPAXPAXPAU_FILETIME@@11@Z
??$pushargEx@$00$0EHFFIHKB@$0FF@PA_W@@YAPAXPA_W@Z
??$pushargEx@$00$0ENFFIHKB@$0DL@PA_WH@@YAPAXPA_WH@Z
??$pushargEx@$00$0COOEPBBL@$0BO@PA_WPA_WH@@YAPAXPA_W0H@Z
??$pushargEx@$00$0IBPAPAMJ@$0CE@PA_W@@YAPAXPA_W@Z
??$pushargEx@$00$0IPIPBAC@$0BF@PA_WJHHHHH@@YAPAXPA_WJHHHHH@Z
??$pushargEx@$00$0PDPNBMD@$0BG@PAXPAXKPAKH@@YAPAXPAX0KPAKH@Z
??$pushargEx@$00$0CMKFPDHA@$0IB@PA_WPA_W@@YAPAXPA_W0@Z
??$pushargEx@$00$0FIPOHKKI@$0DH@HPA_W@@YAPAXHPA_W@Z
??$pushargEx@$00$0PKEPFBE@$0GH@PA_WPB_WHPA_W@@YAPAXPA_WPB_WH0@Z
?Hash@?$STRUTILS@_W@@SAKPB_WK_N@Z
??$pushargEx@$00$0GMFEEAGA@$0JM@H@@YAPAXH@Z
??$pushargEx@$00$0KAHDFHH@$0KJ@PADH@@YAPAXPADH@Z
??$pushargEx@$00$0ENFFIHLH@$0DK@PADH@@YAPAXPADH@Z
?Hash@?$STRUTILS@D@@SAKPBDK_N@Z
?LongToString@?$STRUTILS@D@@SAXKPADAAH@Z
??$GetRec@D@STRBUF@@YAAAUTStrRec@0@PAD@Z
??$Alloc@D@STRBUF@@YAPADK@Z
?Alloc@HEAP@@YAPAXK@Z
?GetShellFoldersKey@@YAPA_WK@Z
?MemAlloc@@YAPAXK@Z
?SetFakeFileDateTime@@YAXPAD@Z
?MemFree@@YAXPAX@Z
?SetFakeFileDateTimeW@@YAXPA_W@Z
?Free@STR@@YAXPAD@Z
?ToAnsi@WSTR@@YAPADPB_WK@Z
?AddToAutoRun@@YAXPA_W@Z
?AddToAutoRun@@YAXPAXK@Z
?GetMiniAVPath@@YAPA_WXZ
?GetStopAVPath@@YAPA_WXZ
?GetTempName@@YAPA_WXZ
?IsHideFile@@YAHPA_WKH@Z
?IsHiddenFile@BOT@@YA_NK@Z
?CopyFileToTemp@@YAXPA_W0@Z
?DisableShowFatalErrorDialog@@YAXXZ
??0?$TString@D@@QAE@XZ
??_7?$TString@D@@6B@
??_G?$TString@D@@UAEPAXI@Z
??_E?$TString@D@@UAEPAXI@Z
?Hash@?$STRUTILS@D@@SAKPBD@Z
??$AddRef@D@STRBUF@@YAPADPAD@Z
??$Release@D@STRBUF@@YAXAAPAD@Z
?Free@HEAP@@YAXPAX@Z
??$CreateFromStr@D@STRBUF@@YAPADPBDKK@Z
?m_memcpy@@YAPAXPAXPBXH@Z
??0?$TString@D@@QAE@ABV0@@Z
??1?$TString@D@@UAE@XZ
?SetLength@?$TString@D@@QAEXK@Z
??$Append@D@STRBUF@@YAXAAPADPBDK@Z
?MakeBotPath@BOT@@YA?AV?$TString@D@@XZ
?GetSpecialFolderPathA@@YA?AV?$TString@D@@HPBD@Z
?MakeWorkFolder@BOT@@YAPADXZ
?AddHiddenFile@BOT@@YAXK@Z
?CryptFileName@UIDCrypt@@YAPADPBD_N@Z
?GetStr@@YA?AV?$TString@D@@PBD@Z
?StrBotWorkPath@@3PADA
??_G?$TString@D@@UAEPAXI@Z
?LongToStr@?$TString@D@@QAEAAV1@K@Z
??Y?$TString@D@@QAEAAV0@PBD@Z
?MakeWorkPath@BOT@@YA?AV?$TString@D@@XZ
?DirExists@@YA_NPAD@Z
??_C@_01KICIPPFI@?2?$AA@
?CreateInfectedProcessHandle@@YAPAXK@Z
?TryCreateSingleInstance@@YAPAXPBD@Z
??_C@_02ENLJPMBB@PI?$AA@
?PID@TBotApplication@@QAEKXZ
?Bot@@3PAVTBotApplication@@A
?MarkAsInfcted@BOT@@YAXXZ
?ProcessInfected@BOT@@YA_NK@Z