Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: abdd8e92097e5641d196b597f83e6424 --

Hashes
MD5: abdd8e92097e5641d196b597f83e6424
SHA1: 22c3988a3f7181c7dba536fb548eb02cdf8e36cf
SHA256: 8d8000fa1545a94007ffa2aa0d9b9262f5028ce0138e5dd6d1c02d33405295b2
SSDEEP: 768:p9vtCE5OwNQs3HwRr/GEz/YRHFVF2s502fJ1u4yO8:NJOwNQs3U/p/YfVf02fJ1u4yO8
Details
File Type: 80386
Yara Hits
CuckooSandbox/shellcode | CuckooSandbox/embedded_win_api | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 |
Source
http://103.68.190.250/Sources//Advance/BJWJ/Builds/BOT_PLUG/Objs/Release%20DEBUGCONFIG/FileGrabber.obj
Strings
		.drectve
.debug$S
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.debug$T
B   /DEFAULTLIB:"uuid.lib" /DEFAULTLIB:"uuid.lib" /DEFAULTLIB:"LIBCMT" /DEFAULTLIB:"OLDNAMES" 
e:\Projects\progs\Petrosjan\BJWJ\Builds\BOT_PLUG\Objs\Release DEBUGCONFIG\FileGrabber.obj
Microsoft (R) Optimizing Compiler
e:\Projects\progs\Petrosjan\BJWJ\Builds\BOT_PLUG
D:\Program Files\Microsoft Visual Studio 9.0\VC\bin\cl.exe
-O1 -Oi -Ie:\Projects\progs\Petrosjan\BJWJ\Builds\BootkitDropper -Ie:\Projects\progs\Petrosjan\BJWJ\Source\Misc -Ie:\Projects\progs\Petrosjan\BJWJ\Source\Common -Ie:\Projects\progs\Petrosjan\BJWJ\Source\Core -Ie:\Projects\progs\Petrosjan\BJWJ\Source -Ie:\Projects\progs\Petrosjan\BJWJ\Builds\BOT_PLUG\Modules -Ie:\Projects\progs\Petrosjan\BJWJ\include -Ie:\Projects\progs\Petrosjan\BJWJ\Source\RuBnk -DWIN32 -DNDEBUG -D_WINDOWS -D_USRDLL -DWHITE_JOE_DLL_EXPORTS -DDEBUGCONFIG -DBOTPLUG -D_WINDLL -FD -MT -GS- -Gy -GR- -Fo"e:\Projects\progs\Petrosjan\BJWJ\Builds\BOT_PLUG\Objs\Release DEBUGCONFIG\\" -Fd"e:\Projects\progs\Petrosjan\BJWJ\Builds\BOT_PLUG\Objs\Release DEBUGCONFIG\vc90.pdb" -W3 -c -Zi -TP -nologo -errorreport:prompt -I"D:\Program Files\Microsoft Visual Studio 9.0\VC\include" -I"D:\Program Files\Microsoft Visual Studio 9.0\VC\atlmfc\include" -I"C:\Program Files\Microsoft SDKs\Windows\v6.0A\include" -I"C:\Program Files\Microsoft SDKs\Windows\v6.0A\include" -X
..\..\Source\Common\FileGrabber.cpp
e:\Projects\progs\Petrosjan\BJWJ\Builds\BOT_PLUG\Objs\Release DEBUGCONFIG\vc90.pdb
fcmRead
fcmWrite
fcmReadWrite
fcmCreate
PARSE_CANONICALIZE
PARSE_FRIENDLY
PARSE_SECURITY_URL
PARSE_ROOTDOCUMENT
PARSE_DOCUMENT
PARSE_ENCODE
PARSE_DECODE
PARSE_PATH_FROM_URL
PARSE_URL_FROM_PATH
PARSE_MIME
PARSE_SERVER
PARSE_SCHEMA
PARSE_SITE
PARSE_DOMAIN
PARSE_LOCATION
PARSE_SECURITY_DOMAIN
PARSE_ESCAPE
PSU_DEFAULT
BINDSTATUS_FINDINGRESOURCE
QUERY_IS_INSTALLEDENTRY
BINDSTATUS_CONNECTING
BINDSTATUS_REDIRECTING
BINDSTATUS_BEGINDOWNLOADDATA
BINDSTATUS_ENDDOWNLOADDATA
BINDSTATUS_BEGINDOWNLOADCOMPONENTS
BINDSTATUS_INSTALLINGCOMPONENTS
BINDSTATUS_ENDDOWNLOADCOMPONENTS
BINDSTATUS_USINGCACHEDCOPY
BINDSTATUS_SENDINGREQUEST
BINDSTATUS_MIMETYPEAVAILABLE
BINDSTATUS_CACHEFILENAMEAVAILABLE
BINDSTATUS_BEGINSYNCOPERATION
BINDSTATUS_ENDSYNCOPERATION
BINDSTATUS_BEGINUPLOADDATA
BINDSTATUS_ENDUPLOADDATA
BINDSTATUS_PROTOCOLCLASSID
BINDSTATUS_ENCODING
BINDSTATUS_VERIFIEDMIMETYPEAVAILABLE
BINDSTATUS_CLASSINSTALLLOCATION
BINDSTATUS_DECODING
BINDSTATUS_LOADINGMIMEHANDLER
BINDSTATUS_CONTENTDISPOSITIONATTACH
SYS_WIN32
SYS_MAC
BINDSTATUS_CLSIDCANINSTANTIATE
BINDSTATUS_IUNKNOWNAVAILABLE
BINDSTATUS_DIRECTBIND
BINDSTATUS_RAWMIMETYPE
BINDSTATUS_PROXYDETECTING
BINDSTATUS_ACCEPTRANGES
BINDSTATUS_COOKIE_SENT
BINDSTATUS_COMPACT_POLICY_RECEIVED
BINDSTATUS_COOKIE_SUPPRESSED
BINDSTATUS_COOKIE_STATE_ACCEPT
BINDSTATUS_COOKIE_STATE_REJECT
BINDSTATUS_COOKIE_STATE_PROMPT
BINDSTATUS_PERSISTENT_COOKIE_RECEIVED
BINDSTATUS_CACHECONTROL
BINDSTATUS_CONTENTDISPOSITIONFILENAME
BINDSTATUS_MIMETEXTPLAINMISMATCH
BINDSTATUS_PUBLISHERAVAILABLE
BINDSTATUS_DISPLAYNAMEAVAILABLE
DLL_KERNEL32
FEATURE_OBJECT_CACHING
FEATURE_ZONE_ELEVATION
FEATURE_MIME_HANDLING
FEATURE_MIME_SNIFFING
FEATURE_WINDOW_RESTRICTIONS
FEATURE_WEBOC_POPUPMANAGEMENT
FEATURE_BEHAVIORS
FEATURE_DISABLE_MK_PROTOCOL
FEATURE_LOCALMACHINE_LOCKDOWN
FEATURE_SECURITYBAND
FEATURE_RESTRICT_ACTIVEXINSTALL
FEATURE_RESTRICT_FILEDOWNLOAD
FEATURE_ADDON_MANAGEMENT
FEATURE_PROTOCOL_LOCKDOWN
FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
FEATURE_SAFE_BINDTOOBJECT
FEATURE_UNC_SAVEDFILECHECK
DLL_SHLWAPI
FEATURE_GET_URL_DOM_FILEPATH_UNENCODED
TKIND_INTERFACE
FEATURE_TABBED_BROWSING
FEATURE_SSLUX
TKIND_DISPATCH
FEATURE_DISABLE_NAVIGATION_SOUNDS
FEATURE_DISABLE_LEGACY_COMPRESSION
TKIND_ALIAS
FEATURE_FORCE_ADDR_AND_STATUS
FEATURE_XMLHTTP
FEATURE_DISABLE_TELNET_PROTOCOL
FEATURE_FEEDS
FEATURE_BLOCK_INPUT_PROMPTS
CIP_DISK_FULL
CIP_ACCESS_DENIED
CIP_NEWER_VERSION_EXISTS
CHANGEKIND_ADDMEMBER
CIP_OLDER_VERSION_EXISTS
CIP_NAME_CONFLICT
CHANGEKIND_DELETEMEMBER
CIP_TRUST_VERIFICATION_COMPONENT_MISSING
CHANGEKIND_SETNAMES
CIP_EXE_SELF_REGISTERATION_TIMEOUT
CHANGEKIND_SETDOCUMENTATION
CHANGEKIND_GENERAL
CIP_UNSAFE_TO_ABORT
CHANGEKIND_INVALIDATE
CIP_NEED_REBOOT
CHANGEKIND_CHANGEFAILED
Uri_PROPERTY_STRING_START
Uri_PROPERTY_AUTHORITY
Uri_PROPERTY_DISPLAY_URI
Uri_PROPERTY_STRING_LAST
CREATEFILEA
CREATEFILEW
LOADFILE
SENDFILE
Uri_PROPERTY_ZONE
FILEISBIN
CURRNAMEFILE
FILEISBASE64
CURRFULLNAMEFILE
SENDFOLDER
Uri_HOST_DNS
IGNOREHOOK
Uri_HOST_IPV4
INHOOK
STOPRECEIVER
MaxIgnoreBeg
MaxLenIgnoreBeg
CC_CDECL
CC_MSCPASCAL
CC_PASCAL
CC_MACPASCAL
CC_STDCALL
Hash_CreateFileA
CC_FPFASTCALL
Hash_CreateFileW
CC_SYSCALL
FileGrabber::Real_CreateFileW
CC_MPWCDECL
FileGrabber::Real_CreateFileA
CC_MPWPASCAL
FileGrabber::receivers
ApiCacheSize
COR_VERSION_MAJOR_V2
VAR_STATIC
IdleShutdown
URLZONE_INTRANET
NoAccess
ReadWrite
URLZONEREG_DEFAULT
URLZONEREG_HKLM
SA_Yes
SA_Maybe
SA_NoAccess
SA_Read
SA_Write
SA_ReadWrite
VT_BSTR
VT_DISPATCH
VT_RECORD
VT_RESERVED
TYSPEC_MIMETYPE
TYSPEC_FILENAME
TYSPEC_PROGID
TYSPEC_PACKAGENAME
DESCKIND_IMPLICITAPPOBJ
BINDSTRING_POST_COOKIE
BINDSTRING_FLAG_BIND_TO_OBJECT
FileGrabber::PID
FileGrabber::stateGrabber
NODE_INVALID
NODE_ELEMENT
NODE_ATTRIBUTE
NODE_TEXT
NODE_CDATA_SECTION
NODE_ENTITY_REFERENCE
NODE_ENTITY
NODE_COMMENT
NODE_DOCUMENT
NODE_DOCUMENT_TYPE
NODE_DOCUMENT_FRAGMENT
XMLELEMTYPE_DOCUMENT
tagPARAMDESC
tagPARAMDESCEX
tagBINDPTR
LPPARAMDESCEX
CALLCONV
BINDPTR
TYPEKIND
FUNCKIND
PARAMDESC
tagTLIBATTR
ELEMDESC
VARIANTARG
_LIST_ENTRY
SAFEARRAYBOUND
tagELEMDESC
DESCKIND
TYPEDESC
tagEXCEPINFO
tagSTATSTG
VARKIND
LPOLESTR
tagFUNCDESC
tagIDLDESC
TMemory
LONGLONG
tagApplicationType
tagCABSTR
PIDMSI_STATUS_VALUE
LONG_PTR
PROPVAR_PAD3
LPVOID
STRBUF::TStrRec
FUNCDESC
tagCACLSID
tagCADBL
SIZE_T
HREFTYPE
_SECURITY_ATTRIBUTES
tagTYPEKIND
tagDESCKIND
tagCACY
tagSYSKIND
tagXMLEMEM_TYPE
OLECHAR
tagVARKIND
EXCEPINFO
LPCSTR
_FILETIME
ULONGLONG
VARDESC
LPCOLESTR
IUnknown
MEMBERID
tagARRAYDESC
DOUBLE
tagVARDESC
TGrabber
tagBINDSTRING
DECIMAL
LPCWSTR
SYSKIND
__MIDL_IUri_0001
TListTemplate<void *>
BSTRBLOB
tagCAH
_tagQUERYOPTION
TBotEvent
_TP_CALLBACK_ENVIRON
_TP_CALLBACK_ENVIRON::<unnamed-type-u>
_TP_CALLBACK_ENVIRON::<unnamed-type-u>::<unnamed-type-s>
ITypeComp
tagCAUI
tagCAFILETIME
tagDISPPARAMS
VARIANT_BOOL
tagSAFEARRAY
PROPVARIANT
LIST_ENTRY
CAPROPVARIANT
tagTYSPEC
HCRYPTKEY
tagTYPEDESC
tagCLIPDATA
CADATE
tagCAC
IDLDESC
PTP_CALLBACK_INSTANCE
tagTYPEATTR
tagSAFEARRAYBOUND
PWCHAR
HWND__
tagBLOB
tagURLZONE
_LARGE_INTEGER
_LARGE_INTEGER::<unnamed-type-u>
ReplacesCorHdrNumericDefines
LPSECURITY_ATTRIBUTES
_ULARGE_INTEGER
_ULARGE_INTEGER::<unnamed-type-u>
ISequentialStream
VARENUM
tagCAI
tagCAUB
tagFUNCKIND
PCUWSTR
LPSAFEARRAY
_URLZONEREG
RTL_CRITICAL_SECTION
TListNotifyEvent
tagBSTRBLOB
TLIBATTR
LARGE_INTEGER
IEnumSTATSTG
VARTYPE
TBotCollectionItem
TP_VERSION
ITypeLib
TBotStrings
tagDEC
TValue
CLIPDATA
TYPEATTR
tagVARIANT
DISPID
PRTL_CRITICAL_SECTION
vc_attributes::YesNoMaybe
vc_attributes::PreAttribute
vc_attributes::PostAttribute
vc_attributes::AccessType
USHORT
tagCADATE
TBotStream
tagCAUH
ULARGE_INTEGER
IRecordInfo
TKeyLogger
_RTL_CRITICAL_SECTION
ldiv_t
CASCODE
TDataBlock
PRTL_CRITICAL_SECTION_DEBUG
CAFILETIME
DISPPARAMS
LPVARIANT
TFreeItemMethod
INVOKEKIND
STATSTG
__MIDL_IUri_0002
HANDLE
tagCALPWSTR
HCRYPTPROV
_tagPSUACTION
PROPVAR_PAD1
CALPSTR
HCRYPTHASH
PTP_POOL
LPBYTE
SAFEARRAY
tagCABOOL
_RTL_CRITICAL_SECTION_DEBUG
FileGrabber::Receiver
TypeCreateFileW
FileGrabber::ParamEvent
TypeFuncReceiver
TypeCreateFileA
IStorage
TWinCrypt
CALPWSTR
PUWSTR
TString<char>
TBotList
TBotObject
tagCALPSTR
TEventContainer
ITypeInfo
LPWSTR
LPVERSIONEDSTREAM
IStream
size_t
tagPROPVARIANT
CABSTRBLOB
TBotFileStream
tagVersionedStream
FILETIME
tagCAFLT
tagCACLIPDATA
TDllId
tagBINDSTATUS
VARIANT
IDispatch
tagDOMNodeType
tagShutdownType
tagCAL
tagCAPROPVARIANT
tagCABSTRBLOB
PTP_SIMPLE_CALLBACK
tagCHANGEKIND
CACLIPDATA
PTP_CLEANUP_GROUP_CANCEL_CALLBACK
TValues
PTP_CALLBACK_ENVIRON
PTP_CLEANUP_GROUP
CACLSID
ULONG_PTR
PROPVAR_PAD2
_ldiv_t
__MIDL_ICodeInstall_0001
HRESULT
TBotCollection
tagCALLCONV
_tagINTERNETFEATURELIST
CABOOL
string
_tagPARSEACTION
TStrEnum
tagCASCODE
tagCAUL
CABSTR
Iakytp[O:ac
wn:ph>
c:\program files\microsoft sdks\windows\v6.0a\include\mmsystem.h
c:\program files\microsoft sdks\windows\v6.0a\include\msxml.h
c:\program files\microsoft sdks\windows\v6.0a\include\cguid.h
d:\program files\microsoft visual studio 9.0\vc\include\io.h
c:\program files\microsoft sdks\windows\v6.0a\include\winnetwk.h
e:\projects\progs\petrosjan\bjwj\source\core\utils.h
c:\program files\microsoft sdks\windows\v6.0a\include\nb30.h
e:\projects\progs\petrosjan\bjwj\source\common\filegrabber.h
e:\projects\progs\petrosjan\bjwj\source\common\wndutils.h
e:\projects\progs\petrosjan\bjwj\source\core\splice.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcdcep.h
e:\projects\progs\petrosjan\bjwj\source\core\dbgtemplates.h
c:\program files\microsoft sdks\windows\v6.0a\include\winefs.h
c:\program files\microsoft sdks\windows\v6.0a\include\mcx.h
d:\program files\microsoft visual studio 9.0\vc\include\vadefs.h
c:\program files\microsoft sdks\windows\v6.0a\include\winnt.h
d:\program files\microsoft visual studio 9.0\vc\include\ctype.h
e:\projects\progs\petrosjan\bjwj\source\common\filegrabber.cpp
c:\program files\microsoft sdks\windows\v6.0a\include\wincon.h
c:\program files\microsoft sdks\windows\v6.0a\include\guiddef.h
e:\projects\progs\petrosjan\bjwj\source\common\keylogger.h
c:\program files\microsoft sdks\windows\v6.0a\include\oaidl.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpc.h
c:\program files\microsoft sdks\windows\v6.0a\include\winerror.h
e:\projects\progs\petrosjan\bjwj\source\core\crypt.h
e:\projects\progs\petrosjan\bjwj\source\core\strings.h
e:\projects\progs\petrosjan\bjwj\source\core\memory.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcdce.h
c:\program files\microsoft sdks\windows\v6.0a\include\wingdi.h
e:\projects\progs\petrosjan\bjwj\source\core\botclasses.h
c:\program files\microsoft sdks\windows\v6.0a\include\winbase.h
e:\projects\progs\petrosjan\bjwj\source\core\getapi.h
c:\program files\microsoft sdks\windows\v6.0a\include\pshpack8.h
c:\program files\microsoft sdks\windows\v6.0a\include\pshpack4.h
e:\projects\progs\petrosjan\bjwj\source\core\strimplementation.cpp
d:\program files\microsoft visual studio 9.0\vc\include\string.h
c:\program files\microsoft sdks\windows\v6.0a\include\winsock.h
c:\program files\microsoft sdks\windows\v6.0a\include\winreg.h
c:\program files\microsoft sdks\windows\v6.0a\include\propidl.h
c:\program files\microsoft sdks\windows\v6.0a\include\ole2.h
c:\program files\microsoft sdks\windows\v6.0a\include\objbase.h
d:\program files\microsoft visual studio 9.0\vc\include\stdlib.h
d:\program files\microsoft visual studio 9.0\vc\include\limits.h
c:\program files\microsoft sdks\windows\v6.0a\include\winspool.h
c:\program files\microsoft sdks\windows\v6.0a\include\poppack.h
c:\program files\microsoft sdks\windows\v6.0a\include\prsht.h
c:\program files\microsoft sdks\windows\v6.0a\include\winver.h
c:\program files\microsoft sdks\windows\v6.0a\include\tvout.h
c:\program files\microsoft sdks\windows\v6.0a\include\imm.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcnterr.h
c:\program files\microsoft sdks\windows\v6.0a\include\commdlg.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcasync.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcnsi.h
c:\program files\microsoft sdks\windows\v6.0a\include\winperf.h
c:\program files\microsoft sdks\windows\v6.0a\include\shellapi.h
c:\program files\microsoft sdks\windows\v6.0a\include\dlgs.h
c:\program files\microsoft sdks\windows\v6.0a\include\winscard.h
c:\program files\microsoft sdks\windows\v6.0a\include\urlmon.h
c:\program files\microsoft sdks\windows\v6.0a\include\wtypes.h
c:\program files\microsoft sdks\windows\v6.0a\include\winsmcrd.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcndr.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcnsip.h
c:\program files\microsoft sdks\windows\v6.0a\include\winnls.h
e:\projects\progs\petrosjan\bjwj\source\common\unhook.h
c:\program files\microsoft sdks\windows\v6.0a\include\servprov.h
c:\program files\microsoft sdks\windows\v6.0a\include\bcrypt.h
c:\program files\microsoft sdks\windows\v6.0a\include\stralign.h
c:\program files\microsoft sdks\windows\v6.0a\include\lzexpand.h
c:\program files\microsoft sdks\windows\v6.0a\include\ddeml.h
c:\program files\microsoft sdks\windows\v6.0a\include\specstrings.h
c:\program files\microsoft sdks\windows\v6.0a\include\wincrypt.h
c:\program files\microsoft sdks\windows\v6.0a\include\specstrings_adt.h
c:\program files\microsoft sdks\windows\v6.0a\include\pshpack2.h
c:\program files\microsoft sdks\windows\v6.0a\include\reason.h
c:\program files\microsoft sdks\windows\v6.0a\include\winsvc.h
c:\program files\microsoft sdks\windows\v6.0a\include\ncrypt.h
c:\program files\microsoft sdks\windows\v6.0a\include\specstrings_strict.h
c:\program files\microsoft sdks\windows\v6.0a\include\specstrings_undef.h
c:\program files\microsoft sdks\windows\v6.0a\include\basetsd.h
e:\projects\progs\petrosjan\bjwj\source\core\listtemplate.cpp
c:\program files\microsoft sdks\windows\v6.0a\include\winioctl.h
c:\program files\microsoft sdks\windows\v6.0a\include\oleauto.h
c:\program files\microsoft sdks\windows\v6.0a\include\winuser.h
e:\projects\progs\petrosjan\bjwj\source\common\cabpacker.h
e:\projects\progs\petrosjan\bjwj\source\core\botdebug.h
c:\program files\microsoft sdks\windows\v6.0a\include\fci.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcsal.h
c:\program files\microsoft sdks\windows\v6.0a\include\cderr.h
c:\program files\microsoft sdks\windows\v6.0a\include\ktmtypes.h
c:\program files\microsoft sdks\windows\v6.0a\include\dde.h
e:\projects\progs\petrosjan\bjwj\source\common\universalkeylogger.h
c:\program files\microsoft sdks\windows\v6.0a\include\windows.h
c:\program files\microsoft sdks\windows\v6.0a\include\sdkddkver.h
d:\program files\microsoft visual studio 9.0\vc\include\fcntl.h
d:\program files\microsoft visual studio 9.0\vc\include\excpt.h
d:\program files\microsoft visual studio 9.0\vc\include\crtdefs.h
d:\program files\microsoft visual studio 9.0\vc\include\sal.h
c:\program files\microsoft sdks\windows\v6.0a\include\objidl.h
d:\program files\microsoft visual studio 9.0\vc\include\codeanalysis\sourceannotations.h
d:\program files\microsoft visual studio 9.0\vc\include\stdarg.h
c:\program files\microsoft sdks\windows\v6.0a\include\pshpack1.h
c:\program files\microsoft sdks\windows\v6.0a\include\windef.h
c:\program files\microsoft sdks\windows\v6.0a\include\oleidl.h
c:\program files\microsoft sdks\windows\v6.0a\include\unknwn.h
c:\program files\microsoft sdks\windows\v6.0a\include\inaddr.h
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 1028 - ^ =
$T0 .raSearch = $eip $T0 ^ = $esp $T0 4 + =
$T0 .raSearch = $eip $T0 ^ = $esp $T0 4 + = $ebx $T0 4 - ^ =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 12 - ^ =
$T0 .raSearch = $eip $T0 ^ = $esp $T0 4 + = $ebx $T0 8 - ^ =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 8 - ^ =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 32 - ^ =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 816 - ^ =
FileGrabber::IsBin
szData
FileGrabber::IsBase64
szData
FileGrabber::CalcExtHash
fileName
FileGrabber::CalcExtHash
fileName
FileGrabber::IsExt
9^0tlj.P8
FileGrabber::FilterExt
FileGrabber::IsFormatBeg
FileGrabber::DelReceiver
FileGrabber::Release
FileGrabber::CreateReceiver
FileGrabber::AddReceiver
FileGrabber::AddIgnoreBeg
FileGrabber::CopyArrayExt
FileGrabber::AddIgnoreExt
FileGrabber::AddNeededExt
pushargEx<1,1216340331,26,void *,unsigned char *,int,unsigned long *,int>
newfunc
pushargEx<1,4014530618,27,void *,int,int,int>
newfunc
pushargEx<1,2935475185,37,void *,unsigned long *>
newfunc
FILEGRABBERDEBUGSTRINGS::DBGOutMessage<char const *,char const *,wchar_t *,int,int>
Module
FILEGRABBERDEBUGSTRINGS::DBGOutMessage<char const *,char const *,char *,int,int>
Module
FILEGRABBERDEBUGSTRINGS::DBGOutMessage<char const *,char const *,char *,char const *>
Module
pushargEx<19,3873697281,521,char *>
newfunc
FILEGRABBERDEBUGSTRINGS::DBGOutMessage<char const *,char const *,char *,char *>
Module
FileGrabber::LoadFile
FileGrabber::SendEvent
filters
currState
 '%s' 
 '%s' 
FileGrabber
FileGrabberA
 '%s'(%d), size: %d
FileGrabberW
 '%ls'(%d), size: %d
</t?<\t;
FileGrabber::Hook_CreateFileA
lpFileName
dwDesiredAccess
dwShareMode
lpSecurityAttributes
dwCreationDisposition
dwFlagsAndAttributes
hTemplateFile
FileGrabber::Hook_CreateFileW
lpFileName
dwDesiredAccess
dwShareMode
lpSecurityAttributes
dwCreationDisposition
dwFlagsAndAttributes
hTemplateFile
FileGrabber::Init
e:\projects\progs\petrosjan\bjwj\builds\bot_plug\objs\release debugconfig\vc90.pdb
@comp.id	x
@feat.00
.drectve
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.debug$S
.debug$S
.debug$S
.debug$T
?Real_CreateFileA@FileGrabber@@3P6GPAXPBDKKPAU_SECURITY_ATTRIBUTES@@KKPAX@ZA
?Real_CreateFileW@FileGrabber@@3P6GPAXPB_WKKPAU_SECURITY_ATTRIBUTES@@KKPAX@ZA
?receivers@FileGrabber@@3PAXA
?PID@FileGrabber@@3KA
?stateGrabber@FileGrabber@@3HA
?IsBin@FileGrabber@@YA_NPAEH@Z
?m_memset@@YAPAXPAXKK@Z
?IsBase64@FileGrabber@@YA_NPAEH@Z
?CalcExtHash@FileGrabber@@YAKPBD@Z
?GetHash@STR@@YAKPADK_N@Z
?ScanEnd@STR@@YAPADPADD@Z
?CalcExtHash@FileGrabber@@YAKPB_W@Z
?GetHash@WSTR@@YAKQA_WK_N@Z
?ScanEnd@WSTR@@YAPA_WPA_W_W@Z
?IsExt@FileGrabber@@YA_NKPAK@Z
?FilterExt@FileGrabber@@YAHABUParamEvent@1@PAUReceiver@1@@Z
?IsFormatBeg@FileGrabber@@YA_NABUParamEvent@1@PAUReceiver@1@@Z
?DelReceiver@FileGrabber@@YAXPAX@Z
?MemFree@@YAXPAX@Z
?Release@FileGrabber@@YAXXZ
?Free@List@@YAXPAX@Z
?UnhookCreateFile@@YAXXZ
?CreateReceiver@FileGrabber@@YAPAUReceiver@1@XZ
?MemAlloc@@YAPAXK@Z
?AddReceiver@FileGrabber@@YA_NPAUReceiver@1@@Z
?Add@List@@YAHPAX0@Z
?AddIgnoreBeg@FileGrabber@@YA_NPAUReceiver@1@PBD@Z
?CopyArrayExt@FileGrabber@@YAPAKPBK@Z
?m_memcpy@@YAPAXPAXPBXH@Z
?AddIgnoreExt@FileGrabber@@YA_NPAUReceiver@1@PBK@Z
?AddNeededExt@FileGrabber@@YA_NPAUReceiver@1@PBK@Z
??$pushargEx@$00$0EIHPOBGL@$0BK@PAXPAEHPAKH@@YAPAXPAXPAEHPAKH@Z
?GetProcAddressEx2@@YAPAXPADKKH@Z
??$pushargEx@$00$0OPEIOADK@$0BL@PAXHHH@@YAPAXPAXHHH@Z
??$pushargEx@$00$0KOPHMLPB@$0CF@PAXPAK@@YAPAXPAXPAK@Z
??$DBGOutMessage@PBDPBDPA_WHH@FILEGRABBERDEBUGSTRINGS@@YAXPBD0PA_WHH@Z
?MessageEx@Debug@@YAXPADK000ZZ
??$DBGOutMessage@PBDPBDPADHH@FILEGRABBERDEBUGSTRINGS@@YAXPBD0PADHH@Z
??$DBGOutMessage@PBDPBDPADPBD@FILEGRABBERDEBUGSTRINGS@@YAXPBD0PAD0@Z
??$pushargEx@$0BD@$0OGODOOAB@$0CAJ@PAD@@YAPAXPAD@Z
??$DBGOutMessage@PBDPBDPADPAD@FILEGRABBERDEBUGSTRINGS@@YAXPBD0PAD1@Z
?LoadFile@FileGrabber@@YA_NAAUParamEvent@1@@Z
?SendEvent@FileGrabber@@YAXAAUParamEvent@1@@Z
?Free@STR@@YAXPAD@Z
?AddDirectory@KeyLogger@@YAXPAD0@Z
??_C@_0CG@CKJIILDJ@?N?r?o?p?$OA?b?k?$PP?e?l?5?o?$OA?o?j?s?5?8?$CFs?8?5?o?n?d?5?h?l?e?m?e?l@
?m_lstrlen@@YGKPBD@Z
?AddFile@KeyLogger@@YAXPAD0PAXK@Z
??_C@_0CE@DKMCCCPB@?N?r?o?p?$OA?b?h?k?h?5?t?$OA?i?k?5?8?$CFs?8?5?o?n?d?5?h?l?e?m?e?l?5?8@
??_C@_0M@BHANHMDL@FileGrabber?$AA@
?ExtractFileNameA@File@@YAPADPAD_N@Z
??_C@_0N@FIHOJKBM@FileGrabberA?$AA@
??_C@_0CJ@JPAOEOFD@?N?r?p?e?$OA?c?h?p?n?b?$OA?k?h?5?m?$OA?5?t?$OA?i?k?5?8?$CFs?8?$CI?$CFd?$CJ?0?5@
?ToAnsi@WSTR@@YAPADPB_WK@Z
??_C@_0N@EEOGCPML@FileGrabberW?$AA@
??_C@_0CK@ENIEJJKJ@?N?r?p?e?$OA?c?h?p?n?b?$OA?k?h?5?m?$OA?5?t?$OA?i?k?5?8?$CFls?8?$CI?$CFd?$CJ?0@
?WildCmp@@YA_NPBD0@Z
?GetItem@List@@YAPAXPAXK@Z
?Count@List@@YAKPAX@Z
?Hook_CreateFileA@FileGrabber@@YGPAXPBDKKPAU_SECURITY_ATTRIBUTES@@KKPAX@Z
?m_lstrcpy@@YGXPADPBD@Z
?Hook_CreateFileW@FileGrabber@@YGPAXPB_WKKPAU_SECURITY_ATTRIBUTES@@KKPAX@Z
?m_wcslen@@YGKPB_W@Z
?Init@FileGrabber@@YA_NH@Z
?HookApi@@YAPAXKKPAX0@Z
?SetFreeItemMehod@List@@YAXPAXP6AX0@Z@Z
?Create@List@@YAPAXXZ
?IsNewProcess@@YA_NAAKPAK@Z