Import table
advapi32.dll
OpenServiceW, AllocateAndInitializeSid, EqualSid, FreeSid, CryptEncrypt, CryptAcquireContextW, CryptGenKey, RegCloseKey, GetTokenInformation, OpenProcessToken, CloseServiceHandle, OpenSCManagerW, RegQueryValueExA, RegOpenKeyExA, CryptDestroyKey, CryptExportKey, CryptImportKey, CryptReleaseContext, RegQueryValueExW, RegOpenKeyExW
crypt32.dll
CertFreeCertificateChain, CertGetNameStringA, CertGetCertificateChain
dbghelp.dll
SymGetModuleInfo, StackWalk64, SymFunctionTableAccess64, SymSetOptions, SymGetModuleBase64, SymInitialize
kernel32.dll
TlsAlloc, TlsFree, GetModuleFileNameW, VirtualQuery, RtlCaptureContext, GetCurrentThread, GetSystemInfo, TerminateProcess, GetCurrentThreadId, GetModuleFileNameA, GetUserDefaultLangID, lstrcpynA, LockResource, LoadResource, FindResourceW, GetModuleHandleW, LocalFree, LoadLibraryExW, MultiByteToWideChar, SetLastError, OutputDebugStringA, WideCharToMultiByte, DeleteFileW, MoveFileW, CreateDirectoryW, FindClose, FindNextFileW, FindFirstFileW, CompareFileTime, InterlockedExchangeAdd, GetVersionExA, GetSystemTime, GetSystemDirectoryA, Sleep, HeapFree, GetProcessHeap, ReleaseMutex, CreateEventW, CreateMutexW, CreateThread, lstrlenA, GetACP, LocalAlloc, TlsGetValue, InterlockedExchange, FreeLibrary, Thread32First, Thread32Next, CreateToolhelp32Snapshot, ProcessIdToSessionId, LoadLibraryA, GetTickCount, FlushInstructionCache, QueryPerformanceFrequency, GetModuleHandleA, GetCurrentProcess, QueryPerformanceCounter, GetCurrentProcessId, InterlockedDecrement, InterlockedIncrement, OpenProcess, CreateRemoteThread, GetLastError, InterlockedCompareExchange, UnhandledExceptionFilter, WaitForSingleObject, GetThreadLocale, LoadLibraryW, FreeLibraryAndExitThread, GetProcAddress, LeaveCriticalSection, EnterCriticalSection, CloseHandle, DeleteCriticalSection, InitializeCriticalSection, RaiseException, GetLocaleInfoA, SetUnhandledExceptionFilter, IsDebuggerPresent, GetSystemTimeAsFileTime, SleepEx, SetEvent, ResetEvent, GetProcessId
msvcp80.dll
DllMain
msvcr80.dll
DllMain
ole32.dll
CoCreateInstance, StringFromIID, CoWaitForMultipleHandles, CoGetCallerTID, CoCreateFreeThreadedMarshaler, CoInitializeEx, CoUninitialize, GetRunningObjectTable, CoTaskMemFree, OleRun
oleacc.dll
ObjectFromLresult, LresultFromObject
psapi.dll
GetModuleInformation, EnumProcessModules, GetModuleFileNameExA, GetModuleBaseNameA
rooksdol.dll
end_fnhook_chelper_hooking, rooksdol_fnhook_chelper_hook, begin_fnhook_chelper_hooking, rooksdol_fnhook_chelper_unhook
rpcrt4.dll
RpcIfIdVectorFree, RpcMgmtInqIfIds, RpcBindingFree, RpcBindingFromStringBindingA, RpcMgmtIsServerListening, RpcServerUseProtseqW, RpcServerUnregisterIf, NdrClientCall2, NdrAsyncClientCall, NdrAsyncServerCall, NdrServerCall2, RpcServerListen, RpcServerRegisterIf, RpcAsyncCompleteCall, RpcServerUseProtseqEpA, RpcAsyncInitializeHandle
shell32.dll
SHGetFolderPathW, SHGetFolderPathA, ShellExecuteA
shlwapi.dll
PathAppendA, AssocQueryStringA
trf.dll
01f8, 01fd, 024a, 0291, 020d, 01c1, 026b, 026f, 026c, 0270, 01f9, 026d, 026e, 012f, 0224, 0225, 02b4, 0248, 027c, 01e2, 002e, 0017, 025a, 025b, 025d, 0204, 01c6, 01d9, 020a, 0203, 0212, 01a0, 029a, 020f, 01c7, 029c, 01b0, 027d, 018a, 018f, 01e5, 011b, 0292, 01fa, 01f7, 01fc, 01da, 0221, 0249, 022d, 016f, 012e, 0294, 0296, 00f8, 0280, 0118, 01a4, 0184, 01b2, 02b3, 0257, 025c, 0181, 0191, 01b3, 01ca, 01ba, 027a, 0112, 0186, 0190, 0193, 01df, 01a2, 01c8, 0293
urlmon.dll
URLOpenBlockingStreamA
user32.dll
EnumWindows, GetForegroundWindow, GetClassNameA, GetFocus, GetClassNameW, FindWindowExW, GetAncestor, IsWindowVisible, GetParent, RegisterWindowMessageA, SendMessageTimeoutW, DispatchMessageW, TranslateMessage, MsgWaitForMultipleObjects, PeekMessageW, PostMessageW, PostThreadMessageW, DdeFreeDataHandle, DdeGetData, DdeQueryStringA, GetMessageW, CallNextHookEx, GetDesktopWindow, GetWindowThreadProcessId, GetWindowTextA, MessageBoxA, UnregisterClassA, SendNotifyMessageW, EnumChildWindows, RegisterWindowMessageW
version.dll
GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA
wininet.dll
InternetSetCookieA, InternetQueryOptionW, InternetSetStatusCallbackA, InternetCloseHandle, HttpAddRequestHeadersA, HttpQueryInfoA, InternetQueryOptionA, InternetCrackUrlA
wintrust.dll
WinVerifyTrust
Export table
get_running_sigfiles
koan_ensure_unhook
koan_init_in_backend
koan_set_test_mode
koan_shutdown_in_backend
koan_shutdown_threadproc
on_construct_sink
on_resolve_sink
trap_explorer_hook