API tools faq
paste
Advertisement
MalwareMustDie

#MalwareMustDie - dune.exe .rdata post-decrypted

MalwareMustDie
Feb 4th, 2013
1,585
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 63.83 KB | None | 0 0
raw download clone embed print report
  1. .rdata:10012230 0000000A C PSAPI.DLL
  2. .rdata:10012240 0000000C C WININET.dll
  3. .rdata:10012250 0000000C C SHLWAPI.dll
  4. .rdata:10012260 0000000C C gdiplus.dll
  5. .rdata:10012270 0000000A C nspr4.dll
  6. .rdata:10012280 0000000B C WS2_32.dll
  7. .rdata:10012290 0000000C C CRYPT32.dll
  8. .rdata:100122A0 0000000B C USER32.dll
  9. .rdata:100122B0 0000000A C GDI32.dll
  10. .rdata:100122C0 0000000D C ADVAPI32.dll
  11. .rdata:100122D0 0000000C C SHELL32.dll
  12. .rdata:100122E0 0000000A C ole32.dll
  13. .rdata:100122EC 00000015 C CreateProcessAsUserA
  14. .rdata:10012304 00000015 C CreateProcessAsUserW
  15. .rdata:1001231C 0000000D C advapi32.dll
  16. .rdata:1001232C 0000000F C CreateProcessA
  17. .rdata:1001233C 0000000F C CreateProcessW
  18. .rdata:1001234C 0000000D C kernel32.dll
  19. .rdata:1001235C 00000017 C NtProtectVirtualMemory
  20. .rdata:10012374 00000017 C LdrGetProcedureAddress
  21. .rdata:1001238C 0000000B C LdrLoadDll
  22. .rdata:10012398 0000000A C NTDLL.DLL
  23. .rdata:100123A4 00000015 C ZwWriteVirtualMemory
  24. .rdata:100123BC 00000017 C ZwProtectVirtualMemory
  25. .rdata:100123D4 00000010 C CryptGetUserKey
  26. .rdata:100123E4 0000000D C ADVAPI32.DLL
  27. .rdata:100123F4 00000005 C .pfx
  28. .rdata:1001240C 0000000C C AddressBook
  29. .rdata:10012418 00000009 C AuthRoot
  30. .rdata:10012424 00000015 C CertificateAuthority
  31. .rdata:1001243C 0000000B C Disallowed
  32. .rdata:10012448 00000005 C Root
  33. .rdata:10012450 0000000E C TrustedPeople
  34. .rdata:10012460 00000011 C TrustedPublisher
  35. .rdata:10012474 0000000B C start rbt\n
  36. .rdata:10012480 0000000F C adjust succes\n
  37. .rdata:10012490 0000000D C exit succes\n
  38. .rdata:100124A0 00000007 C \\\\.\\%s
  39. .rdata:100124A8 00000008 C %lu.exe
  40. .rdata:100124B0 0000002E C Software\\Microsoft\\Windows\\CurrentVersion\\Run
  41. .rdata:100124E4 00000010 C Sart Load DLL\r\n
  42. .rdata:100124F4 0000001D C Loading DLL: \"%s\" size: %d\r\n
  43. .rdata:10012514 00000012 C Start Write DLL\r\n
  44. .rdata:10012528 00000016 C DLL load status: %u\r\n
  45. .rdata:10012658 0000001C C Started Soccks status {%u\n}
  46. .rdata:10012674 00000014 C Get info status %u\n
  47. .rdata:10012688 00000017 C Command received \"%s\"\n
  48. .rdata:100126A0 0000000C C MakeScreen\n
  49. .rdata:100126AC 00000008 C FAILED\n
  50. .rdata:100126B4 0000000D C /t%s.php?%s=
  51. .rdata:100126C4 00000011 C 0123456789ABCDEF
  52. .rdata:100126D8 00000010 C 192.168.222.128
  53. .rdata:100126E8 00000005 C form
  54. .rdata:100126F0 0000004B C /data.php?version=%u&user=%08x%08x%08x%08x&server=%u&id=%u&type=%u&name=%s
  55. .rdata:1001273C 00000007 C Client
  56. .rdata:10012744 00000005 C Main
  57. .rdata:1001274C 00000005 C FILE
  58. .rdata:10012758 0000007B C version=%u&user=%08x%08x%08x%08x&server=%u&id=%u&crc=%08X&wake=%u&prjct=%d&arch=%u&inf=0&os=%u.%u.%u&guid=%u.%u.%u!%s!%08X
  59. .rdata:100127D8 0000000D C /c%s.php?%s=
  60. .rdata:100127E8 0000000B C CHROME.DLL
  61. .rdata:100127F4 0000000C C closesocket
  62. .rdata:10012800 00000008 C WSASend
  63. .rdata:10012808 00000008 C WSARecv
  64. .rdata:10012810 0000000B C WS2_32.DLL
  65. .rdata:1001281C 0000000F C LoadLibraryExW
  66. .rdata:1001282C 0000000D C KERNEL32.DLL
  67. .rdata:1001283C 00000007 C .rdata
  68. .rdata:10012848 00000006 C .text
  69. .rdata:10012854 00000009 C PR_Close
  70. .rdata:10012860 00000009 C PR_Write
  71. .rdata:1001286C 00000008 C PR_Read
  72. .rdata:10012874 0000000A C NSPR4.DLL
  73. .rdata:10012880 0000000A C nspr4.dll
  74. .rdata:1001289C 00000007 C Local\\
  75. .rdata:100128A4 0000001B C .set DiskDirectory1=\"%s\"\r\n
  76. .rdata:100128C0 00000019 C .set CabinetName1=\"%s\"\r\n
  77. .rdata:100128DC 00000007 C \"%s\"\r\n
  78. .rdata:100128EC 0000001B C .set DestinationDir=\"%S\"\r\n
  79. .rdata:1001290C 00000007 C \"%S\"\r\n
  80. .rdata:10012914 00000014 C makecab.exe /F \"%s\"
  81. .rdata:10012928 0000000B C \\setup.inf
  82. .rdata:10012934 0000000B C \\setup.rpt
  83. .rdata:10012940 00000005 C \\*.*
  84. .rdata:10012948 0000001D C cmd /C \"systeminfo.exe > %s\"
  85. .rdata:10012968 0000001B C failed start sysinfo - %u\n
  86. .rdata:10012984 0000001D C cmd /C \"echo -------- >> %s\"
  87. .rdata:100129A4 00000021 C cmd /C \"tasklist.exe /SVC >> %s\"
  88. .rdata:100129C8 0000001C C failed start tasklist - %u\n
  89. .rdata:100129E4 0000001F C cmd /C \"driverquery.exe >> %s\"
  90. .rdata:10012A04 0000001A C failed start driver - %u\n
  91. .rdata:10012A20 0000005B C cmd /C \"reg.exe query \"HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\" /s >> %s\"
  92. .rdata:10012A7C 00000015 C failed get reg - %u\n
  93. .rdata:10012A94 00000006 C Host:
  94. .rdata:10012A9C 0000000C C User-Agent:
  95. .rdata:10012AA8 00000010 C Content-Length:
  96. .rdata:10012AB8 00000013 C Transfer-Encoding:
  97. .rdata:10012ACC 00000017 C HttpAddRequestHeadersW
  98. .rdata:10012AE4 00000017 C HttpAddRequestHeadersA
  99. .rdata:10012AFC 0000000F C HttpQueryInfoW
  100. .rdata:10012B0C 0000000F C HttpQueryInfoA
  101. .rdata:10012B1C 00000011 C InternetConnectW
  102. .rdata:10012B30 00000011 C InternetConnectA
  103. .rdata:10012B44 0000001B C InternetQueryDataAvailable
  104. .rdata:10012B60 00000011 C HttpSendRequestW
  105. .rdata:10012B74 00000011 C HttpSendRequestA
  106. .rdata:10012B88 00000014 C InternetReadFileExW
  107. .rdata:10012B9C 00000014 C InternetReadFileExA
  108. .rdata:10012BB0 00000011 C InternetReadFile
  109. .rdata:10012BC4 0000000C C WININET.DLL
  110. .rdata:10012BD0 0000000C C WININET.dll
  111. .rdata:10012BDC 0000000A C text/html
  112. .rdata:10012BE8 00000006 C image
  113. .rdata:10012BF0 0000000A C Referer:
  114. .rdata:10012BFC 0000001A C URL: %s\r\nuser=%s\r\npass=%s
  115. .rdata:10012C18 0000000A C identity
  116. .rdata:10012C24 00000011 C Accept-Encoding:
  117. .rdata:10012C38 00000005 C \t\r\n
  118. .rdata:10012C44 0000001F C {%08X-%04X-%04X-%04X-%08X%04X}
  119. .rdata:10012C64 00000008 C http://
  120. .rdata:10012C6C 00000009 C https://
  121. .rdata:10012C90 00000011 C %08x%08x%08x%08x
  122. .rdata:10012CA4 00000005 C @ID@
  123. .rdata:10012CB0 00000008 C @GROUP@
  124. .rdata:10012CB8 00000007 C grabs=
  125. .rdata:10012CC0 00000008 C NEWGRAB
  126. .rdata:10012CC8 0000000B C SCREENSHOT
  127. .rdata:10012CD4 00000008 C PROCESS
  128. .rdata:10012CDC 00000007 C HIDDEN
  129. .rdata:10012CE4 00000005 C @%s@
  130. .rdata:10012CEC 00000005 C http
  131. .rdata:10012CF4 00000005 C POST
  132. .rdata:10012CFC 0000000A C URL: %s\r\n
  133. .rdata:10012D08 0000000C C ExitProcess
  134. .rdata:10012D14 00000010 C %02u:%02u:%02u
  135. .rdata:10012D24 00000008 C /fp %lu
  136. .rdata:10012D2C 00000005 C %x\r\n
  137. .rdata:10012D34 00000017 C Content-Length: %u\r\n\r\n
  138. .rdata:10012D4C 00000005 C \r\n\r\n
  139. .rdata:10012D54 0000000E C Content-Type:
  140. .rdata:10012D64 00000008 C chunked
  141. .rdata:10012D6C 00000005 C ocsp
  142. .rdata:10012D74 00000015 C SOFTWARE\\AppDataLow\\
  143. .rdata:10012D8C 00000006 C \\Vars
  144. .rdata:10012D94 0000000A C \\\\.\\pipe\\
  145. .rdata:10012DA0 0000000C C \\Microsoft\\
  146. .rdata:10012DAC 00000010 C S:(ML;;NW;;;LW)
  147. .rdata:10012DC0 00000043 C D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GA;;;AU)(A;OICI;GA;;;BA)
  148. .rdata:10012E10 00000042 C Content-Disposition: form-data; name=\"upload_file\"; filename=\"%s\"
  149. .rdata:10012E58 00000048 C Content-Disposition: form-data; name=\"upload_file\"; filename=\"%.4u.%lu\"
  150. .rdata:10012EA0 00000027 C --------------------------%04x%04x%04x
  151. .rdata:10012EC8 0000002F C Content-Type: multipart/form-data; boundary=%s
  152. .rdata:10012EF8 0000000B C \r\n--%s--\r\n
  153. .rdata:10012F04 00000027 C Content-Type: application/octet-stream
  154. .rdata:10012F2C 00000011 C --%s\r\n%s\r\n%s\r\n\r\n
  155. .rdata:10012F40 0000000F C IsWow64Process
  156. .rdata:10012F50 00000009 C kernel32
  157. .rdata:10012F5C 00000007 C UNKNOW
  158. .rdata:10012F64 00000021 C ZwWow64QueryInformationProcess64
  159. .rdata:10012F88 0000000A C ntdll.dll
  160. .rdata:10012F94 00000005 C .dll
  161. .rdata:10012F9C 0000000D C LoadLibraryA
  162. .rdata:10012FAC 0000001B C ZwWow64ReadVirtualMemory64
  163. .rdata:10012FC8 00000013 C ZwGetContextThread
  164. .rdata:10012FDC 00000013 C ZwSetContextThread
  165. .rdata:10012FF0 00000005 C open
  166. .rdata:10012FF8 0000001D C %08X-%04X-%04X-%04X-%08X%04X
  167. .rdata:10013018 0000000B C kernelbase
  168. .rdata:10013024 00000006 C ntdll
  169. .rdata:1001302C 00000007 C %s=%s&
  170. .rdata:10013039 00000040 C BCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
  171. .rdata:10013080 00000051 C |$$$}rstuvwxyz{$$$$$$$>?@ABCDEFGHIJKLMNOPQRSTUVW$$$$$$XYZ[\\]^_`abcdefghijklmnopq
  172. .rdata:100130D4 00000012 C SetWindowsHookExW
  173. .rdata:100130E8 00000012 C SetWindowsHookExA
  174. .rdata:100130FC 0000000B C user32.dll
  175. .rdata:1001313C 00000011 C SetThreadDesktop
  176. .rdata:10013150 00000011 C TranslateMessage
  177. .rdata:10013164 0000001A C CreateDialogIndirectParam
  178. .rdata:10013180 00000013 C CreateDialogParamW
  179. .rdata:10013194 00000013 C CreateDialogParamA
  180. .rdata:100131A8 00000017 C DialogBoxIndirectParam
  181. .rdata:100131C0 00000010 C DialogBoxParamW
  182. .rdata:100131D0 00000010 C DialogBoxParamA
  183. .rdata:100131E0 00000010 C CreateWindowExW
  184. .rdata:100131F0 00000010 C CreateWindowExA
  185. .rdata:10013200 0000000E C CreateWindowW
  186. .rdata:10013210 0000000E C CreateWindowA
  187. .rdata:10013616 00000013 C GetMappedFileNameA
  188. .rdata:1001362C 00000014 C DeleteUrlCacheEntry
  189. .rdata:10013642 00000018 C FindFirstUrlCacheEntryA
  190. .rdata:1001365C 00000017 C FindNextUrlCacheEntryA
  191. .rdata:10013676 00000012 C FindCloseUrlCache
  192. .rdata:1001368A 0000000F C HttpQueryInfoA
  193. .rdata:1001369C 00000011 C InternetConnectA
  194. .rdata:100136B0 0000001B C InternetQueryDataAvailable
  195. .rdata:100136CE 00000014 C InternetReadFileExA
  196. .rdata:100136E4 00000011 C InternetReadFile
  197. .rdata:100136F8 00000011 C InternetConnectW
  198. .rdata:1001370C 00000011 C HttpSendRequestW
  199. .rdata:10013720 00000017 C HttpAddRequestHeadersW
  200. .rdata:1001373A 0000000F C HttpQueryInfoW
  201. .rdata:1001374C 00000014 C InternetReadFileExW
  202. .rdata:10013762 00000017 C HttpAddRequestHeadersA
  203. .rdata:1001377C 0000001A C InternetSetStatusCallback
  204. .rdata:10013798 00000011 C HttpSendRequestA
  205. .rdata:100137AC 00000015 C InternetQueryOptionA
  206. .rdata:100137C4 00000013 C InternetSetOptionA
  207. .rdata:100137DA 00000011 C HttpOpenRequestA
  208. .rdata:100137EE 0000000E C InternetOpenA
  209. .rdata:100137FE 00000014 C InternetCloseHandle
  210. .rdata:10013814 00000009 C StrRChrA
  211. .rdata:10013820 00000008 C StrChrW
  212. .rdata:1001382A 0000000A C StrToIntA
  213. .rdata:10013836 00000008 C StrChrA
  214. .rdata:10013840 00000009 C StrTrimA
  215. .rdata:1001384C 00000009 C StrStrIA
  216. .rdata:10013858 00000009 C StrRChrW
  217. .rdata:10013864 00000008 C StrStrA
  218. .rdata:1001386E 00000009 C StrCmpNA
  219. .rdata:1001387A 0000000C C StrToIntExA
  220. .rdata:10013888 00000008 C StrDupA
  221. .rdata:10013892 00000016 C GdipSaveImageToStream
  222. .rdata:100138AA 00000019 C GdipGetImageEncodersSize
  223. .rdata:100138C6 00000011 C GdipDisposeImage
  224. .rdata:100138DA 0000001C C GdipCreateBitmapFromHBITMAP
  225. .rdata:100138F8 00000015 C GdipGetImageEncoders
  226. .rdata:10013910 0000000F C GdiplusStartup
  227. .rdata:10013922 00000008 C PR_Poll
  228. .rdata:1001392C 0000000C C PR_GetError
  229. .rdata:1001393A 00000008 C PR_Read
  230. .rdata:10013944 00000009 C PR_Write
  231. .rdata:10013950 0000000C C PR_SetError
  232. .rdata:1001395E 00000009 C PR_Close
  233. .rdata:1001396A 0000000F C WSACreateEvent
  234. .rdata:1001397C 0000000F C WSAEventSelect
  235. .rdata:1001398E 00000015 C WSAEnumNetworkEvents
  236. .rdata:100139A6 00000008 C WSASend
  237. .rdata:100139B0 00000008 C WSARecv
  238. .rdata:100139BA 0000000C C WSASetEvent
  239. .rdata:100139C8 0000000E C WSACloseEvent
  240. .rdata:100139D8 00000015 C CertOpenSystemStoreW
  241. .rdata:100139F0 0000000F C CertCloseStore
  242. .rdata:10013A02 0000001C C CertEnumCertificatesInStore
  243. .rdata:10013A20 00000015 C PFXExportCertStoreEx
  244. .rdata:10013A38 0000000E C ExitWindowsEx
  245. .rdata:10013A48 0000000A C wsprintfA
  246. .rdata:10013A54 00000011 C GetDesktopWindow
  247. .rdata:10013A68 00000014 C GetForegroundWindow
  248. .rdata:10013A7E 0000000C C GetWindowDC
  249. .rdata:10013A8C 0000000E C GetWindowRect
  250. .rdata:10013A9C 0000000F C GetShellWindow
  251. .rdata:10013AAE 00000019 C GetWindowThreadProcessId
  252. .rdata:10013ACA 00000017 C CreateCompatibleBitmap
  253. .rdata:10013AE4 00000013 C CreateCompatibleDC
  254. .rdata:10013AFA 0000000D C SelectObject
  255. .rdata:10013B0A 0000000D C DeleteObject
  256. .rdata:10013B1A 00000009 C DeleteDC
  257. .rdata:10013B26 00000007 C BitBlt
  258. .rdata:10013B30 00000010 C CryptGetUserKey
  259. .rdata:10013B42 0000000F C RegSetValueExA
  260. .rdata:10013B54 0000000E C RegCreateKeyA
  261. .rdata:10013B64 0000000C C RegCloseKey
  262. .rdata:10013B72 00000011 C RegQueryValueExA
  263. .rdata:10013B86 00000018 C RegNotifyChangeKeyValue
  264. .rdata:10013BA0 0000000C C RegOpenKeyA
  265. .rdata:10013BAE 0000000E C RegEnumValueA
  266. .rdata:10013BBE 00000011 C SHGetFolderPathW
  267. .rdata:10013BD2 00000011 C SHGetFolderPathA
  268. .rdata:10013BE6 0000000D C CoCreateGuid
  269. .rdata:10013BF6 00000016 C CreateStreamOnHGlobal
  270. .rdata:10013C0E 00000015 C GetHGlobalFromStream
  271. .rdata:10013C26 00000013 C EnumProcessModules
  272. .rdata:10013C3C 00000015 C GetModuleFileNameExW
  273. .rdata:10013C54 0000000C C ToUnicodeEx
  274. .rdata:10013C62 00000014 C UnhookWindowsHookEx
  275. .rdata:10013C78 00000012 C SetWindowsHookExA
  276. .rdata:10013C8C 0000000C C GetAncestor
  277. .rdata:10013C9A 00000012 C GetKeyboardLayout
  278. .rdata:10013CAE 00000011 C GetKeyboardState
  279. .rdata:10013CC2 0000000F C CallNextHookEx
  280. .rdata:10013CD4 0000000F C GetWindowTextW
  281. .rdata:10013CE6 0000000A C wsprintfW
  282. .rdata:10013CF2 00000015 C CreateProcessAsUserA
  283. .rdata:10013D0A 00000015 C CreateProcessAsUserW
  284. .rdata:10013D22 00000035 C ConvertStringSecurityDescriptorToSecurityDescriptorA
  285. .rdata:10013D5A 0000000E C ShellExecuteA
  286. .rdata:100141DE 00000007 C memset
  287. .rdata:100141E8 00000013 C RtlAdjustPrivilege
  288. .rdata:100141FE 00000007 C memcpy
  289. .rdata:10014208 00000007 C wcscpy
  290. .rdata:10014212 00000009 C mbstowcs
  291. .rdata:1001421E 00000009 C wcstombs
  292. .rdata:1001422A 00000007 C strcpy
  293. .rdata:10014234 00000008 C _strupr
  294. .rdata:1001423E 00000007 C strstr
  295. .rdata:10014246 0000000A C ntdll.dll
  296. .rdata:10014252 0000000C C CreateFileA
  297. .rdata:10014260 00000009 C lstrlenA
  298. .rdata:1001426C 0000000A C HeapAlloc
  299. .rdata:10014278 00000009 C HeapFree
  300. .rdata:10014284 0000000A C WriteFile
  301. .rdata:10014290 00000009 C lstrcatA
  302. .rdata:1001429C 00000011 C CreateDirectoryA
  303. .rdata:100142B0 0000000D C GetLastError
  304. .rdata:100142C0 00000011 C RemoveDirectoryA
  305. .rdata:100142D4 0000000D C LoadLibraryA
  306. .rdata:100142E4 0000000C C CloseHandle
  307. .rdata:100142F2 0000000C C DeleteFileA
  308. .rdata:10014300 00000009 C lstrcpyA
  309. .rdata:1001430C 0000000C C HeapReAlloc
  310. .rdata:1001431A 00000015 C InterlockedIncrement
  311. .rdata:10014332 00000015 C InterlockedDecrement
  312. .rdata:1001434A 00000009 C SetEvent
  313. .rdata:10014356 0000000D C GetTickCount
  314. .rdata:10014366 0000000C C HeapDestroy
  315. .rdata:10014374 0000000B C HeapCreate
  316. .rdata:10014382 00000013 C GetCurrentThreadId
  317. .rdata:10014398 00000011 C CreateDirectoryW
  318. .rdata:100143AC 00000015 C GetWindowsDirectoryA
  319. .rdata:100143C4 00000006 C Sleep
  320. .rdata:100143CC 0000000A C CopyFileW
  321. .rdata:100143D8 00000009 C lstrlenW
  322. .rdata:100143E4 00000011 C GetModuleHandleA
  323. .rdata:100143F8 00000009 C lstrcatW
  324. .rdata:10014404 0000000C C DeleteFileW
  325. .rdata:10014412 0000000D C GetTempPathA
  326. .rdata:10014422 0000000E C MapViewOfFile
  327. .rdata:10014432 00000010 C UnmapViewOfFile
  328. .rdata:10014444 00000011 C SetWaitableTimer
  329. .rdata:10014458 00000012 C GetCurrentProcess
  330. .rdata:1001446C 0000000D C CreateEventA
  331. .rdata:1001447C 00000015 C LeaveCriticalSection
  332. .rdata:10014494 0000000A C lstrcmpiA
  333. .rdata:100144A0 00000015 C EnterCriticalSection
  334. .rdata:100144B8 00000017 C WaitForMultipleObjects
  335. .rdata:100144D2 0000000D C CreateMutexA
  336. .rdata:100144E2 0000000D C ReleaseMutex
  337. .rdata:100144F2 00000015 C CreateWaitableTimerA
  338. .rdata:1001450A 0000000F C UnregisterWait
  339. .rdata:1001451C 0000000F C LoadLibraryExW
  340. .rdata:1001452E 00000014 C WaitForSingleObject
  341. .rdata:10014544 0000000D C SetLastError
  342. .rdata:10014554 0000001C C RegisterWaitForSingleObject
  343. .rdata:10014572 0000000C C GetFileSize
  344. .rdata:10014580 0000000F C FindFirstFileW
  345. .rdata:10014592 0000000E C GetDriveTypeW
  346. .rdata:100145A2 00000018 C GetLogicalDriveStringsW
  347. .rdata:100145BC 0000001A C InitializeCriticalSection
  348. .rdata:100145D8 00000013 C GetFileAttributesA
  349. .rdata:100145EE 00000013 C GetFileAttributesW
  350. .rdata:10014604 0000000F C CreateProcessA
  351. .rdata:10014616 0000000C C CreateFileW
  352. .rdata:10014624 0000000F C FindFirstFileA
  353. .rdata:10014636 00000011 C GetTempFileNameA
  354. .rdata:1001464A 0000000A C FindClose
  355. .rdata:10014656 00000013 C CreateFileMappingA
  356. .rdata:1001466C 0000000E C FindNextFileA
  357. .rdata:1001467C 0000000E C FindNextFileW
  358. .rdata:1001468C 00000016 C DeleteCriticalSection
  359. .rdata:100146A4 00000011 C OpenFileMappingA
  360. .rdata:100146B8 0000000D C CreateThread
  361. .rdata:100146C8 0000000A C lstrcpynA
  362. .rdata:100146D4 00000009 C lstrcmpA
  363. .rdata:100146E0 0000000B C GlobalLock
  364. .rdata:100146EE 0000000D C GlobalUnlock
  365. .rdata:100146FE 0000000E C Thread32First
  366. .rdata:1001470E 0000000D C Thread32Next
  367. .rdata:1001471E 0000000F C GetProcAddress
  368. .rdata:10014730 0000000D C QueueUserAPC
  369. .rdata:10014740 0000000B C OpenThread
  370. .rdata:1001474E 00000019 C CreateToolhelp32Snapshot
  371. .rdata:1001476A 0000000F C CallNamedPipeA
  372. .rdata:1001477C 0000000F C WaitNamedPipeA
  373. .rdata:1001478E 00000011 C ConnectNamedPipe
  374. .rdata:100147A2 00000009 C ReadFile
  375. .rdata:100147AE 00000014 C GetOverlappedResult
  376. .rdata:100147C4 00000014 C DisconnectNamedPipe
  377. .rdata:100147DA 00000011 C FlushFileBuffers
  378. .rdata:100147EE 00000011 C CreateNamedPipeA
  379. .rdata:10014802 00000009 C CancelIo
  380. .rdata:1001480E 00000014 C GetCurrentProcessId
  381. .rdata:10014824 0000000E C GetSystemTime
  382. .rdata:10014834 00000009 C lstrcmpW
  383. .rdata:10014840 00000008 C SleepEx
  384. .rdata:1001484A 0000000B C ResetEvent
  385. .rdata:10014858 0000000B C LocalAlloc
  386. .rdata:10014866 0000000A C LocalFree
  387. .rdata:10014872 0000000C C FreeLibrary
  388. .rdata:10014880 00000014 C InterlockedExchange
  389. .rdata:10014896 0000000F C RaiseException
  390. .rdata:100148A6 0000000D C KERNEL32.dll
  391. .rdata:100148B6 00000016 C RtlNtStatusToDosError
  392. .rdata:100148CE 00000013 C NtMapViewOfSection
  393. .rdata:100148E4 00000015 C NtUnmapViewOfSection
  394. .rdata:100148FC 00000008 C ZwClose
  395. .rdata:10014906 00000010 C NtCreateSection
  396. .rdata:10014918 00000013 C NtSetContextThread
  397. .rdata:1001492E 0000001A C ZwQueryInformationProcess
  398. .rdata:1001494A 00000013 C NtGetContextThread
  399. .rdata:10014960 00000013 C ZwOpenProcessToken
  400. .rdata:10014976 0000000E C ZwOpenProcess
  401. .rdata:10014986 00000018 C ZwQueryInformationToken
  402. .rdata:100149A0 00000008 C sprintf
  403. .rdata:100149AA 00000013 C WriteProcessMemory
  404. .rdata:100149C0 00000011 C VirtualProtectEx
  405. .rdata:100149D4 00000012 C ReadProcessMemory
  406. .rdata:100149E8 0000000E C SuspendThread
  407. .rdata:100149F8 0000000D C ResumeThread
  408. .rdata:10014A08 0000000F C SwitchToThread
  409. .rdata:10014A1A 00000011 C GetThreadContext
  410. .rdata:10014A2E 0000000F C CreateProcessW
  411. .rdata:10014A40 00000011 C GetComputerNameA
  412. .rdata:10014A54 0000000B C GetVersion
  413. .rdata:10014A62 0000000F C SetFilePointer
  414. .rdata:10014A74 0000000C C VirtualFree
  415. .rdata:10014A82 00000013 C CreateRemoteThread
  416. .rdata:10014A98 0000000C C OpenProcess
  417. .rdata:10014AA6 0000000D C VirtualAlloc
  418. .rdata:10014AB6 0000000F C VirtualAllocEx
  419. .rdata:10014AC8 00000013 C GetModuleFileNameA
  420. .rdata:10014ADE 0000000F C VirtualProtect
  421. .rdata:10014AF0 00000012 C QueueUserWorkItem
  422. .rdata:10014B04 00000009 C _aulldiv
  423. .rdata:10014B10 00000008 C _allmul
  424. .rdata:10014B1A 0000000A C RtlUnwind
  425. .rdata:10014B26 00000015 C NtQueryVirtualMemory
  426. .rdata:10014B72 0000000B C client.dll
  427. .rdata:10014B7D 00000014 C CreateProcessNotify
  428. .data:1001518B 0000000D C SUVWATAUAVAWH
  429. .data:100151AF 00000005 C Hcz<H
  430. .data:1001545E 0000000D C HA_A^A]A\\_^][
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!