sub_outside(): USER32.wsprintfA KERNEL32.GetCurrentProcess KERNEL32.TerminateProcess |
sub_40122C(0ee2): KERNEL32.GetModuleFileNameA KERNEL32.SetFileAttributesA KERNEL32.GetFileAttributesA KERNEL32.GetTempPathA KERNEL32.lstrcpyA KERNEL32.lstrcatA KERNEL32.CreateFileA KERNEL32.WriteFile KERNEL32.CloseHandle KERNEL32.CreateProcessA "removalfile.bat" "@echo off\r\n:df\r\ndel %1\r\nif exist %1 got"... " \"" "\"" |
start(3221): KERNEL32.CreateFileA KERNEL32.WriteFile KERNEL32.CloseHandle |
sub_40138E(3cd5): KERNEL32.VirtualAlloc |
sub_4013BB(4b68): KERNEL32.GetVersionExA KERNEL32.LoadLibraryA KERNEL32.GetProcAddress KERNEL32.GetCurrentProcess KERNEL32.lstrcpyA NTDLL.RtlSetLastWin32Error NTDLL.RtlGetLastWin32Error KERNEL32.CloseHandle KERNEL32.FreeLibrary "advapi32.dll" "AllocateAndInitializeSid" "OpenProcessToken" "GetTokenInformation" "EqualSid" "FreeSid" |
sub_401652(78d9): KERNEL32.LoadLibraryA KERNEL32.GetProcAddress KERNEL32.FreeLibrary "dll" |
sub_4013A2(904f): KERNEL32.VirtualFree |
sub_401059(e000): KERNEL32.lstrlenA KERNEL32.GetModuleFileNameA KERNEL32.CreateFileA KERNEL32.CloseHandle KERNEL32.SetFilePointer KERNEL32.ReadFile KERNEL32.WriteFile "azxcdsweq" |
sub_401598(e9ba): KERNEL32.GetSystemDirectoryA KERNEL32.lstrcatA KERNEL32.GetTempPathA KERNEL32.SetFileAttributesA KERNEL32.GetModuleHandleA KERNEL32.FindResourceA KERNEL32.LoadResource KERNEL32.SetHandleCount KERNEL32.SizeofResource "\\" "BIN" |
sub_401192(ea41): USER32.GetCursorPos KERNEL32.GetSystemTimeAsFileTime KERNEL32.GetTickCount KERNEL32.lstrcpyA |