Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: d9383750ad5aca8f4bb6352607c22991 --

Hashes
MD5: d9383750ad5aca8f4bb6352607c22991
SHA1: 91e20738c8bd3f5aabb782e5d0e7a8147688edb7
SHA256: 1874a44bdf1c19d905627614db015e56b8156b864f51585390accc50809e6098
SSDEEP: 768:EKFb3MCw91AN3dZAx/sUUlTgF+x2QiDdXx+or3ilh3:/MCw9MtZU/sUUlcFX1Rx+hp
Details
File Type: 80386
Yara Hits
CuckooSandbox/embedded_win_api | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 |
Source
http://103.68.190.250/Sources//Advance/BJWJ/Builds/FakeDllInstaller/Obj/Release%20DEBUGCONFIG/DllLoader.obj
Strings
		.drectve
.debug$S
B.data
`.debug$S
B.rdata
0@.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.rdata
0@.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.debug$T
B   /DEFAULTLIB:"uuid.lib" /DEFAULTLIB:"uuid.lib" 
e:\Projects\progs\Petrosjan\BJWJ\Builds\FakeDllInstaller\Obj\Release DEBUGCONFIG\DllLoader.obj
Microsoft (R) Optimizing Compiler
e:\Projects\progs\Petrosjan\BJWJ\Builds\FakeDllInstaller
D:\Program Files\Microsoft Visual Studio 9.0\VC\bin\cl.exe
-O1 -Oi -Ie:\Projects\progs\Petrosjan\BJWJ\Builds\FakeDllInstaller\Source -Ie:\Projects\progs\Petrosjan\BJWJ\Builds\FakeDllInstaller\Modules -Ie:\Projects\progs\Petrosjan\BJWJ\Source\Core -Ie:\Projects\progs\Petrosjan\BJWJ\Source\Common -Ie:\Projects\progs\Petrosjan\BJWJ\Source\Misc -DWIN32 -DNDEBUG -D_WINDOWS -D_USRDLL -DDEBUGCONFIG -D_WINDLL -D_MBCS -Gm -MT -GS- -GR- -Fo"e:\Projects\progs\Petrosjan\BJWJ\Builds\FakeDllInstaller\Obj\Release DEBUGCONFIG\\" -Fd"e:\Projects\progs\Petrosjan\BJWJ\Builds\FakeDllInstaller\Obj\Release DEBUGCONFIG\vc90.pdb" -W3 -c -Zi -TP -Zl -nologo -errorreport:prompt -I"D:\Program Files\Microsoft Visual Studio 9.0\VC\include" -I"D:\Program Files\Microsoft Visual Studio 9.0\VC\atlmfc\include" -I"C:\Program Files\Microsoft SDKs\Windows\v6.0A\include" -I"C:\Program Files\Microsoft SDKs\Windows\v6.0A\include" -X
..\..\Source\Core\DllLoader.cpp
e:\Projects\progs\Petrosjan\BJWJ\Builds\FakeDllInstaller\Obj\Release DEBUGCONFIG\vc90.pdb
PARSE_CANONICALIZE
PARSE_FRIENDLY
PARSE_SECURITY_URL
PARSE_ROOTDOCUMENT
PARSE_DOCUMENT
PARSE_ENCODE
PARSE_DECODE
PARSE_PATH_FROM_URL
PARSE_URL_FROM_PATH
PARSE_MIME
PARSE_SERVER
PARSE_SCHEMA
PARSE_SITE
PARSE_DOMAIN
PARSE_LOCATION
PARSE_SECURITY_DOMAIN
PARSE_ESCAPE
PSU_DEFAULT
BINDSTATUS_FINDINGRESOURCE
QUERY_IS_INSTALLEDENTRY
BINDSTATUS_CONNECTING
BINDSTATUS_REDIRECTING
BINDSTATUS_BEGINDOWNLOADDATA
BINDSTATUS_ENDDOWNLOADDATA
BINDSTATUS_BEGINDOWNLOADCOMPONENTS
BINDSTATUS_INSTALLINGCOMPONENTS
BINDSTATUS_ENDDOWNLOADCOMPONENTS
BINDSTATUS_USINGCACHEDCOPY
BINDSTATUS_SENDINGREQUEST
BINDSTATUS_MIMETYPEAVAILABLE
BINDSTATUS_CACHEFILENAMEAVAILABLE
BINDSTATUS_BEGINSYNCOPERATION
BINDSTATUS_ENDSYNCOPERATION
BINDSTATUS_BEGINUPLOADDATA
BINDSTATUS_ENDUPLOADDATA
BINDSTATUS_PROTOCOLCLASSID
BINDSTATUS_ENCODING
BINDSTATUS_VERIFIEDMIMETYPEAVAILABLE
BINDSTATUS_CLASSINSTALLLOCATION
BINDSTATUS_DECODING
BINDSTATUS_LOADINGMIMEHANDLER
BINDSTATUS_CONTENTDISPOSITIONATTACH
SYS_WIN32
SYS_MAC
BINDSTATUS_CLSIDCANINSTANTIATE
BINDSTATUS_IUNKNOWNAVAILABLE
BINDSTATUS_DIRECTBIND
BINDSTATUS_RAWMIMETYPE
BINDSTATUS_PROXYDETECTING
BINDSTATUS_ACCEPTRANGES
BINDSTATUS_COOKIE_SENT
BINDSTATUS_COMPACT_POLICY_RECEIVED
BINDSTATUS_COOKIE_SUPPRESSED
BINDSTATUS_COOKIE_STATE_ACCEPT
BINDSTATUS_COOKIE_STATE_REJECT
BINDSTATUS_COOKIE_STATE_PROMPT
BINDSTATUS_PERSISTENT_COOKIE_RECEIVED
BINDSTATUS_CACHECONTROL
BINDSTATUS_CONTENTDISPOSITIONFILENAME
BINDSTATUS_MIMETEXTPLAINMISMATCH
BINDSTATUS_PUBLISHERAVAILABLE
BINDSTATUS_DISPLAYNAMEAVAILABLE
DLL_KERNEL32
FEATURE_OBJECT_CACHING
FEATURE_ZONE_ELEVATION
FEATURE_MIME_HANDLING
FEATURE_MIME_SNIFFING
FEATURE_WINDOW_RESTRICTIONS
FEATURE_WEBOC_POPUPMANAGEMENT
FEATURE_BEHAVIORS
FEATURE_DISABLE_MK_PROTOCOL
FEATURE_LOCALMACHINE_LOCKDOWN
FEATURE_SECURITYBAND
FEATURE_RESTRICT_ACTIVEXINSTALL
FEATURE_RESTRICT_FILEDOWNLOAD
FEATURE_ADDON_MANAGEMENT
FEATURE_PROTOCOL_LOCKDOWN
FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
FEATURE_SAFE_BINDTOOBJECT
FEATURE_UNC_SAVEDFILECHECK
FEATURE_GET_URL_DOM_FILEPATH_UNENCODED
TKIND_INTERFACE
FEATURE_TABBED_BROWSING
FEATURE_SSLUX
TKIND_DISPATCH
FEATURE_DISABLE_NAVIGATION_SOUNDS
FEATURE_DISABLE_LEGACY_COMPRESSION
TKIND_ALIAS
FEATURE_FORCE_ADDR_AND_STATUS
FEATURE_XMLHTTP
FEATURE_DISABLE_TELNET_PROTOCOL
FEATURE_FEEDS
FEATURE_BLOCK_INPUT_PROMPTS
CIP_DISK_FULL
CIP_ACCESS_DENIED
CIP_NEWER_VERSION_EXISTS
CHANGEKIND_ADDMEMBER
CIP_OLDER_VERSION_EXISTS
CIP_NAME_CONFLICT
CHANGEKIND_DELETEMEMBER
CIP_TRUST_VERIFICATION_COMPONENT_MISSING
CHANGEKIND_SETNAMES
CIP_EXE_SELF_REGISTERATION_TIMEOUT
CHANGEKIND_SETDOCUMENTATION
CHANGEKIND_GENERAL
CIP_UNSAFE_TO_ABORT
CHANGEKIND_INVALIDATE
CIP_NEED_REBOOT
CHANGEKIND_CHANGEFAILED
Uri_PROPERTY_STRING_START
Uri_PROPERTY_AUTHORITY
Uri_PROPERTY_DISPLAY_URI
Uri_PROPERTY_STRING_LAST
Uri_PROPERTY_ZONE
Uri_HOST_DNS
Uri_HOST_IPV4
CC_CDECL
CC_MSCPASCAL
CC_PASCAL
CC_MACPASCAL
CC_STDCALL
CC_FPFASTCALL
CC_SYSCALL
CC_MPWCDECL
CC_MPWPASCAL
ApiCacheSize
COR_VERSION_MAJOR_V2
VAR_STATIC
IdleShutdown
URLZONE_INTRANET
NoAccess
ReadWrite
URLZONEREG_DEFAULT
URLZONEREG_HKLM
	'BANKING_SIGNAL_FILE_HASH
SA_Yes
SA_Maybe
SA_NoAccess
SA_Read
SA_Write
SA_ReadWrite
VT_BSTR
VT_DISPATCH
VT_RECORD
ProtectionFlags
VT_RESERVED
TYSPEC_MIMETYPE
TYSPEC_FILENAME
TYSPEC_PROGID
TYSPEC_PACKAGENAME
DESCKIND_IMPLICITAPPOBJ
BINDSTRING_POST_COOKIE
BINDSTRING_FLAG_BIND_TO_OBJECT
NODE_INVALID
NODE_ELEMENT
NODE_ATTRIBUTE
NODE_TEXT
NODE_CDATA_SECTION
NODE_ENTITY_REFERENCE
NODE_ENTITY
NODE_COMMENT
NODE_DOCUMENT
NODE_DOCUMENT_TYPE
NODE_DOCUMENT_FRAGMENT
XMLELEMTYPE_DOCUMENT
tagPARAMDESC
tagPARAMDESCEX
tagBINDPTR
LPPARAMDESCEX
CALLCONV
BINDPTR
TYPEKIND
FUNCKIND
PARAMDESC
tagTLIBATTR
PIMAGE_NT_HEADERS32
ELEMDESC
VARIANTARG
SAFEARRAYBOUND
tagELEMDESC
DESCKIND
TYPEDESC
tagEXCEPINFO
tagSTATSTG
VARKIND
LPOLESTR
tagFUNCDESC
tagIDLDESC
TMemory
LONGLONG
tagApplicationType
HMEMORYMODULE
tagCABSTR
PIDMSI_STATUS_VALUE
LONG_PTR
PROPVAR_PAD3
LPVOID
STRBUF::TStrRec
FUNCDESC
tagCACLSID
tagCADBL
SIZE_T
BOOLEAN
HREFTYPE
tagTYPEKIND
tagDESCKIND
tagCACY
PIMAGE_DATA_DIRECTORY
tagSYSKIND
tagXMLEMEM_TYPE
OLECHAR
tagVARKIND
EXCEPINFO
_FILETIME
ULONGLONG
VARDESC
LPCOLESTR
IUnknown
MEMBERID
EPrintPropertyType
tagARRAYDESC
DOUBLE
tagVARDESC
tagBINDSTRING
DECIMAL
_IMAGE_OPTIONAL_HEADER
SYSKIND
__MIDL_IUri_0001
BSTRBLOB
tagCAH
_tagQUERYOPTION
PIMAGE_BASE_RELOCATION
PIMAGE_NT_HEADERS
_TP_CALLBACK_ENVIRON
_TP_CALLBACK_ENVIRON::<unnamed-type-u>
_TP_CALLBACK_ENVIRON::<unnamed-type-u>::<unnamed-type-s>
PIMAGE_SECTION_HEADER
ITypeComp
tagCAUI
tagCAFILETIME
_IMAGE_FILE_HEADER
tagDISPPARAMS
VARIANT_BOOL
tagSAFEARRAY
PROPVARIANT
CAPROPVARIANT
tagTYSPEC
HCRYPTKEY
tagTYPEDESC
tagCLIPDATA
CADATE
tagCAC
IDLDESC
PTP_CALLBACK_INSTANCE
tagTYPEATTR
tagSAFEARRAYBOUND
tagBLOB
tagURLZONE
_LARGE_INTEGER
_LARGE_INTEGER::<unnamed-type-u>
ReplacesCorHdrNumericDefines
_ULARGE_INTEGER
_ULARGE_INTEGER::<unnamed-type-u>
ISequentialStream
VARENUM
tagCAI
tagCAUB
tagFUNCKIND
PCUWSTR
LPSAFEARRAY
_URLZONEREG
tagBSTRBLOB
TLIBATTR
LARGE_INTEGER
IEnumSTATSTG
VARTYPE
TP_VERSION
ITypeLib
tagDEC
CLIPDATA
TYPEATTR
tagVARIANT
DISPID
__vc_attributes::helper_attributes::source_annotation_attributeAttribute
__vc_attributes::helper_attributes::repeatableAttribute
vc_attributes::YesNoMaybe
vc_attributes::PreAttribute
vc_attributes::PostAttribute
vc_attributes::AccessType
USHORT
tagCADATE
HMODULE
SYSTEM_POWER_STATE
_IMAGE_SECTION_HEADER
_IMAGE_SECTION_HEADER::<unnamed-type-Misc>
tagCAUH
ULARGE_INTEGER
IRecordInfo
FARPROC
ldiv_t
CASCODE
DllEntryProc
IMAGE_OPTIONAL_HEADER32
CAFILETIME
DISPPARAMS
LPVARIANT
PMEMORYMODULE
TMemoryDLL
INVOKEKIND
STATSTG
HINSTANCE
__MIDL_IUri_0002
HANDLE
tagCALPWSTR
_IMAGE_DOS_HEADER
POWER_ACTION
PIMAGE_IMPORT_DESCRIPTOR
HCRYPTPROV
_tagPSUACTION
PROPVAR_PAD1
CALPSTR
HCRYPTHASH
PTP_POOL
DWORD64
LPBYTE
SAFEARRAY
tagCABOOL
IStorage
TWinCrypt
PIMAGE_EXPORT_DIRECTORY
IMAGE_DATA_DIRECTORY
CALPWSTR
PUWSTR
TString<char>
TBotObject
tagCALPSTR
ITypeInfo
LPWSTR
LPVERSIONEDSTREAM
_IMAGE_BASE_RELOCATION
IStream
size_t
PDWORD
PIMAGE_IMPORT_BY_NAME
tagPROPVARIANT
BATTERY_REPORTING_SCALE
PPM_WMI_IDLE_STATE
PPM_WMI_PERF_STATE
PPM_IDLE_STATE_ACCOUNTING
POWER_ACTION_POLICY
SYSTEM_POWER_LEVEL
PROCESSOR_IDLESTATE_INFO
SCARD_T0_COMMAND
PrintPropertyValue
PrintPropertyValue::<unnamed-type-value>
PrintPropertyValue::<unnamed-type-value>::<unnamed-type-propertyBlob>
MEMORYMODULE
CABSTRBLOB
_IMAGE_DATA_DIRECTORY
POWER_ACTION_POLICY
_IMAGE_NT_HEADERS
tagVersionedStream
FILETIME
tagCAFLT
tagCACLIPDATA
TDllId
tagBINDSTATUS
VARIANT
IDispatch
tagDOMNodeType
MEMORYMODULE
tagShutdownType
_IMAGE_EXPORT_DIRECTORY
tagCAL
tagCAPROPVARIANT
tagCABSTRBLOB
PTP_SIMPLE_CALLBACK
_IMAGE_IMPORT_BY_NAME
tagCHANGEKIND
CACLIPDATA
PTP_CLEANUP_GROUP_CANCEL_CALLBACK
IMAGE_FILE_HEADER
PTP_CALLBACK_ENVIRON
PTP_CLEANUP_GROUP
CACLSID
IMAGE_IMPORT_DESCRIPTOR
ULONG_PTR
HINSTANCE__
_IMAGE_IMPORT_DESCRIPTOR
STRUTILS<char>
PROPVAR_PAD2
_ldiv_t
__MIDL_ICodeInstall_0001
HRESULT
IMAGE_BASE_RELOCATION
tagCALLCONV
_tagINTERNETFEATURELIST
CABOOL
string
_tagPARSEACTION
PIMAGE_DOS_HEADER
TStrEnum
tagCASCODE
tagCAUL
CABSTR
ljMwkU#
Iakytp[O:ac
c:\program files\microsoft sdks\windows\v6.0a\include\msxml.h
c:\program files\microsoft sdks\windows\v6.0a\include\cguid.h
c:\program files\microsoft sdks\windows\v6.0a\include\winnetwk.h
c:\program files\microsoft sdks\windows\v6.0a\include\nb30.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcdcep.h
c:\program files\microsoft sdks\windows\v6.0a\include\winefs.h
c:\program files\microsoft sdks\windows\v6.0a\include\mcx.h
e:\projects\progs\petrosjan\bjwj\source\core\config.h
d:\program files\microsoft visual studio 9.0\vc\include\vadefs.h
e:\projects\progs\petrosjan\bjwj\source\core\memory.h
c:\program files\microsoft sdks\windows\v6.0a\include\winnt.h
d:\program files\microsoft visual studio 9.0\vc\include\ctype.h
c:\program files\microsoft sdks\windows\v6.0a\include\wincon.h
e:\projects\progs\petrosjan\bjwj\source\core\dllloader.cpp
c:\program files\microsoft sdks\windows\v6.0a\include\guiddef.h
c:\program files\microsoft sdks\windows\v6.0a\include\oaidl.h
e:\projects\progs\petrosjan\bjwj\source\core\dllloader.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpc.h
c:\program files\microsoft sdks\windows\v6.0a\include\winerror.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcdce.h
c:\program files\microsoft sdks\windows\v6.0a\include\wingdi.h
e:\projects\progs\petrosjan\bjwj\source\core\strimplementation.cpp
e:\projects\progs\petrosjan\bjwj\source\core\getapi.h
c:\program files\microsoft sdks\windows\v6.0a\include\winbase.h
c:\program files\microsoft sdks\windows\v6.0a\include\pshpack8.h
c:\program files\microsoft sdks\windows\v6.0a\include\pshpack4.h
d:\program files\microsoft visual studio 9.0\vc\include\string.h
c:\program files\microsoft sdks\windows\v6.0a\include\winsock.h
c:\program files\microsoft sdks\windows\v6.0a\include\winreg.h
c:\program files\microsoft sdks\windows\v6.0a\include\propidl.h
c:\program files\microsoft sdks\windows\v6.0a\include\ole2.h
c:\program files\microsoft sdks\windows\v6.0a\include\objbase.h
d:\program files\microsoft visual studio 9.0\vc\include\stdlib.h
d:\program files\microsoft visual studio 9.0\vc\include\limits.h
c:\program files\microsoft sdks\windows\v6.0a\include\winspool.h
c:\program files\microsoft sdks\windows\v6.0a\include\poppack.h
c:\program files\microsoft sdks\windows\v6.0a\include\prsht.h
c:\program files\microsoft sdks\windows\v6.0a\include\winver.h
c:\program files\microsoft sdks\windows\v6.0a\include\tvout.h
c:\program files\microsoft sdks\windows\v6.0a\include\imm.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcnterr.h
c:\program files\microsoft sdks\windows\v6.0a\include\commdlg.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcasync.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcnsi.h
e:\projects\progs\petrosjan\bjwj\source\core\md5.h
c:\program files\microsoft sdks\windows\v6.0a\include\winperf.h
c:\program files\microsoft sdks\windows\v6.0a\include\shellapi.h
c:\program files\microsoft sdks\windows\v6.0a\include\dlgs.h
c:\program files\microsoft sdks\windows\v6.0a\include\winscard.h
c:\program files\microsoft sdks\windows\v6.0a\include\urlmon.h
c:\program files\microsoft sdks\windows\v6.0a\include\wtypes.h
c:\program files\microsoft sdks\windows\v6.0a\include\winsmcrd.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcndr.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcnsip.h
c:\program files\microsoft sdks\windows\v6.0a\include\winnls.h
c:\program files\microsoft sdks\windows\v6.0a\include\servprov.h
c:\program files\microsoft sdks\windows\v6.0a\include\bcrypt.h
c:\program files\microsoft sdks\windows\v6.0a\include\stralign.h
c:\program files\microsoft sdks\windows\v6.0a\include\lzexpand.h
c:\program files\microsoft sdks\windows\v6.0a\include\ddeml.h
c:\program files\microsoft sdks\windows\v6.0a\include\specstrings.h
c:\program files\microsoft sdks\windows\v6.0a\include\wincrypt.h
c:\program files\microsoft sdks\windows\v6.0a\include\specstrings_adt.h
c:\program files\microsoft sdks\windows\v6.0a\include\pshpack2.h
c:\program files\microsoft sdks\windows\v6.0a\include\reason.h
c:\program files\microsoft sdks\windows\v6.0a\include\winsvc.h
c:\program files\microsoft sdks\windows\v6.0a\include\ncrypt.h
c:\program files\microsoft sdks\windows\v6.0a\include\specstrings_strict.h
c:\program files\microsoft sdks\windows\v6.0a\include\specstrings_undef.h
c:\program files\microsoft sdks\windows\v6.0a\include\basetsd.h
c:\program files\microsoft sdks\windows\v6.0a\include\winioctl.h
c:\program files\microsoft sdks\windows\v6.0a\include\oleauto.h
c:\program files\microsoft sdks\windows\v6.0a\include\winuser.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcsal.h
c:\program files\microsoft sdks\windows\v6.0a\include\cderr.h
c:\program files\microsoft sdks\windows\v6.0a\include\ktmtypes.h
c:\program files\microsoft sdks\windows\v6.0a\include\dde.h
c:\program files\microsoft sdks\windows\v6.0a\include\windows.h
c:\program files\microsoft sdks\windows\v6.0a\include\sdkddkver.h
d:\program files\microsoft visual studio 9.0\vc\include\excpt.h
d:\program files\microsoft visual studio 9.0\vc\include\crtdefs.h
d:\program files\microsoft visual studio 9.0\vc\include\sal.h
c:\program files\microsoft sdks\windows\v6.0a\include\objidl.h
d:\program files\microsoft visual studio 9.0\vc\include\codeanalysis\sourceannotations.h
e:\projects\progs\petrosjan\bjwj\source\core\strings.h
d:\program files\microsoft visual studio 9.0\vc\include\stdarg.h
e:\projects\progs\petrosjan\bjwj\source\core\crypt.h
c:\program files\microsoft sdks\windows\v6.0a\include\pshpack1.h
c:\program files\microsoft sdks\windows\v6.0a\include\windef.h
c:\program files\microsoft sdks\windows\v6.0a\include\oleidl.h
c:\program files\microsoft sdks\windows\v6.0a\include\unknwn.h
c:\program files\microsoft sdks\windows\v6.0a\include\inaddr.h
c:\program files\microsoft sdks\windows\v6.0a\include\mmsystem.h
$T0 .raSearch = $eip $T0 ^ = $esp $T0 4 + =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 4 - ^ =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 8 - ^ =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 12 - ^ =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 24 - ^ =
$T0 .raSearch = $eip $T0 ^ = $esp $T0 4 + = $ebx $T0 4 - ^ =
TBotObject::~TBotObject
TBotObject::`scalar deleting destructor'
BufferIsExecutableFile
CopySections
codeBase
old_headers
new_headers
ProcessRelocation
CodeBase
Headers
TBotObject::TBotObject
pushargEx<1,2849927002,15,void *,unsigned long,unsigned long,unsigned long *>
newfunc
pushargEx<1,2102676925,73,_IMAGE_IMPORT_DESCRIPTOR *,unsigned int>
newfunc
pushargEx<1,3366748198,2,char const *>
newfunc
pushargEx<1,532736750,7,HINSTANCE__ *,char const *>
newfunc
pushargEx<1,1267948430,6,HINSTANCE__ *>
newfunc
h_p5:j
pushargEx<1,976580703,11,unsigned char *,int,int>
newfunc
pushargEx<1,1769630462,9,void *,unsigned long,int,int>
newfunc
pushargEx<1,1769630462,9,int,unsigned long,int,int>
newfunc
pushargEx<1,1364977495,111,char const *,char const *>
newfunc
STRUTILS<char>::IsEmpty
STRUTILS<char>::Hash
LowerCase
FinalizeSections
module
protect
oldProtect
BuildImportTable
module
codeBase
result
handle
thunkRef
MemoryFreeLibrary
MemoryLoadLibrary
old_header
locationDelta
result
DllEntry
successfull
dos_header
headers
MemoryGetProcAddress
module
codeBase
ordinal
directory
nameRef
exports
BuildImport
ImageBase
old_header
result
dos_header
GetEncryptedDLLInfo
StartBuf
Password
TMemoryDLL::~TMemoryDLL
TMemoryDLL::GetProcAddress
TMemoryDLL::GetProcAddress
TMemoryDLL::DecodeDll
DllBuf
DllSize
NewBuf
NewBufAllocated
Password
Result
old_header
dos_header
STRUTILS<char>::Hash
MemoryGetProcAddress
module
NameHash
codeBase
ordinal
directory
nameRef
exports
TMemoryDLL::`scalar deleting destructor'
TMemoryDLL::Load
DllBuf
NewBuf
Allocated
TMemoryDLL::GetProcAddress
NameHash
TMemoryDLL::GetProcAddress
NameHash
TMemoryDLL::TMemoryDLL
DllBuf
e:\projects\progs\petrosjan\bjwj\builds\fakedllinstaller\obj\release debugconfig\vc90.pdb
@comp.id	x
@feat.00
.drectve
.debug$S
.debug$S
.rdata
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.rdata
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$T
?ProtectionFlags@@3PAY111HA
??1TBotObject@@UAE@XZ
??_7TBotObject@@6B@
??_GTBotObject@@UAEPAXI@Z
??_ETBotObject@@UAEPAXI@Z
??_GTBotObject@@UAEPAXI@Z
??3TBotObject@@SAXPAX@Z
?BufferIsExecutableFile@@YA_NPAX@Z
?CopySections@@YAXPAE0PAU_IMAGE_NT_HEADERS@@1@Z
?m_memcpy@@YAPAXPAXPBXH@Z
?m_memset@@YAPAXPAXKK@Z
?ProcessRelocation@@YAXPAEPAU_IMAGE_NT_HEADERS@@K@Z
??0TBotObject@@QAE@XZ
??$pushargEx@$00$0KJNOGPFK@$0P@PAXKKPAK@@YAPAXPAXKKPAK@Z
?GetProcAddressEx2@@YAPAXPADKKH@Z
??$pushargEx@$00$0HNFEENLN@$0EJ@PAU_IMAGE_IMPORT_DESCRIPTOR@@I@@YAPAXPAU_IMAGE_IMPORT_DESCRIPTOR@@I@Z
??$pushargEx@$00$0MIKMIACG@$01PBD@@YAPAXPBD@Z
??$pushargEx@$00$0BPMAOKOO@$06PAUHINSTANCE__@@PBD@@YAPAXPAUHINSTANCE__@@PBD@Z
??$pushargEx@$00$0ELJDFLIO@$05PAUHINSTANCE__@@@@YAPAXPAUHINSTANCE__@@@Z
??$pushargEx@$00$0DKDFHAFP@$0L@PAEHH@@YAPAXPAEHH@Z
??$pushargEx@$00$0GJHKGKPO@$08PAXKHH@@YAPAXPAXKHH@Z
??$pushargEx@$00$0GJHKGKPO@$08HKHH@@YAPAXHKHH@Z
??$pushargEx@$00$0FBFLOHFH@$0GP@PBDPBD@@YAPAXPBD0@Z
?IsEmpty@?$STRUTILS@D@@SA_NPBD@Z
?Hash@?$STRUTILS@D@@SAKPBDK_N@Z
?FinalizeSections@@YAXPAUMEMORYMODULE@@@Z
?BuildImportTable@@YAHPAUMEMORYMODULE@@@Z
?MemRealloc@@YAPAXPAXK@Z
?MemoryFreeLibrary@@YAXPAX@Z
?Free@HEAP@@YAXPAX@Z
?MemFree@@YAXPAX@Z
?MemoryLoadLibrary@@YAPAXPBXPAX@Z
$error$64441
?Alloc@HEAP@@YAPAXK@Z
?MemoryGetProcAddress@@YAP6GHXZPAXPBD@Z
?BuildImport@@YA_NPAX@Z
?GetEncryptedDLLInfo@@YA_NPAXAAPAXAAKAAPAD@Z
??1TMemoryDLL@@UAE@XZ
??_7TMemoryDLL@@6B@
??_GTMemoryDLL@@UAEPAXI@Z
??_ETMemoryDLL@@UAEPAXI@Z
?GetProcAddress@TMemoryDLL@@QAEPAXPBD@Z
?GetProcAddress@TMemoryDLL@@QAE_NPBDAAPAX@Z
?DecodeDll@TMemoryDLL@@SA_NPBXAAKAAPAXAA_N@Z
?Crypt@XORCrypt@@YAKPADPAEKE@Z
?MemAlloc@@YAPAXK@Z
?Hash@?$STRUTILS@D@@SAKPBD@Z
?MemoryGetProcAddress@@YAP6GHXZPAXK@Z
??_GTMemoryDLL@@UAEPAXI@Z
?Load@TMemoryDLL@@QAE_NPBX@Z
?GetProcAddress@TMemoryDLL@@QAEPAXK@Z
?GetProcAddress@TMemoryDLL@@QAE_NKAAPAX@Z
??0TMemoryDLL@@QAE@PBX@Z