roguardian.dll

Description:

Authors:

Version:

Architecture: 32-bit

Operating System:

SHA256: 87b0461ea81a01624eb5ef2b54d1c87c

File Size: 1.7 MB

Uploaded At: May 23, 2026, 9:46 p.m.

Views: 13

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

Init (Ordinal: 1, Address: 0x482d0)
RoGuardianAnchor (Ordinal: 2, Address: 0x133f0)
RoGuardianPreload (Ordinal: 3, Address: 0x47d90)

Imported DLLs & Functions

ADVAPI32.dll

AllocateAndInitializeSid (Address: 0x6d775540)
CheckTokenMembership (Address: 0x6d775544)
CryptAcquireContextA (Address: 0x6d775548)
CryptCreateHash (Address: 0x6d77554c)
CryptDestroyHash (Address: 0x6d775550)
CryptDestroyKey (Address: 0x6d775554)
CryptGetHashParam (Address: 0x6d775558)
CryptHashData (Address: 0x6d77555c)
CryptImportKey (Address: 0x6d775560)
CryptReleaseContext (Address: 0x6d775564)
CryptSetHashParam (Address: 0x6d775568)
FreeSid (Address: 0x6d77556c)
RegCloseKey (Address: 0x6d775570)
RegOpenKeyExA (Address: 0x6d775574)
RegQueryValueExA (Address: 0x6d775578)

CRYPT32.dll

CryptStringToBinaryA (Address: 0x6d775580)

GDI32.dll

CreateCompatibleDC (Address: 0x6d775588)
CreateDIBSection (Address: 0x6d77558c)
DeleteDC (Address: 0x6d775590)
DeleteObject (Address: 0x6d775594)
SelectObject (Address: 0x6d775598)

gdiplus.dll

GdipAlloc (Address: 0x6d7755a0)
GdipCloneBrush (Address: 0x6d7755a4)
GdipCloneImage (Address: 0x6d7755a8)
GdipCreateFont (Address: 0x6d7755ac)
GdipCreateFontFamilyFromName (Address: 0x6d7755b0)
GdipCreateFromHDC (Address: 0x6d7755b4)
GdipCreatePen1 (Address: 0x6d7755b8)
GdipCreateSolidFill (Address: 0x6d7755bc)
GdipDeleteBrush (Address: 0x6d7755c0)
GdipDeleteFont (Address: 0x6d7755c4)
GdipDeleteFontFamily (Address: 0x6d7755c8)
GdipDeleteGraphics (Address: 0x6d7755cc)
GdipDeletePen (Address: 0x6d7755d0)
GdipDisposeImage (Address: 0x6d7755d4)
GdipDrawImageRectI (Address: 0x6d7755d8)
GdipDrawRectangleI (Address: 0x6d7755dc)
GdipDrawString (Address: 0x6d7755e0)
GdipFillRectangleI (Address: 0x6d7755e4)
GdipFree (Address: 0x6d7755e8)
GdipGetImageHeight (Address: 0x6d7755ec)
GdipGetImageWidth (Address: 0x6d7755f0)
GdipLoadImageFromStream (Address: 0x6d7755f4)
GdiplusShutdown (Address: 0x6d77560c)
GdiplusStartup (Address: 0x6d775610)
GdipMeasureString (Address: 0x6d7755f8)
GdipSetCompositingMode (Address: 0x6d7755fc)
GdipSetCompositingQuality (Address: 0x6d775600)
GdipSetInterpolationMode (Address: 0x6d775604)
GdipSetSmoothingMode (Address: 0x6d775608)

IPHLPAPI.DLL

IcmpCloseHandle (Address: 0x6d775618)
IcmpCreateFile (Address: 0x6d77561c)
IcmpSendEcho (Address: 0x6d775620)

KERNEL32.dll

CheckRemoteDebuggerPresent (Address: 0x6d775628)
CloseHandle (Address: 0x6d77562c)
CreateDirectoryA (Address: 0x6d775630)
CreateEventA (Address: 0x6d775634)
CreateFileA (Address: 0x6d775638)
CreateThread (Address: 0x6d77563c)
CreateToolhelp32Snapshot (Address: 0x6d775640)
DeleteCriticalSection (Address: 0x6d775644)
DeleteFileA (Address: 0x6d775648)
DisableThreadLibraryCalls (Address: 0x6d77564c)
DuplicateHandle (Address: 0x6d775650)
EnterCriticalSection (Address: 0x6d775654)
ExitProcess (Address: 0x6d775658)
FindClose (Address: 0x6d77565c)
FindFirstFileA (Address: 0x6d775660)
FindNextFileA (Address: 0x6d775664)
FindResourceA (Address: 0x6d775668)
FlushInstructionCache (Address: 0x6d77566c)
FormatMessageA (Address: 0x6d775670)
FreeLibrary (Address: 0x6d775674)
GetCurrentProcess (Address: 0x6d775678)
GetCurrentProcessId (Address: 0x6d77567c)
GetCurrentThread (Address: 0x6d775680)
GetCurrentThreadId (Address: 0x6d775684)
GetFileAttributesA (Address: 0x6d775688)
GetFileAttributesExA (Address: 0x6d77568c)
GetLastError (Address: 0x6d775690)
GetLocalTime (Address: 0x6d775694)
GetModuleFileNameA (Address: 0x6d775698)
GetModuleHandleA (Address: 0x6d77569c)
GetModuleHandleExA (Address: 0x6d7756a0)
GetModuleHandleW (Address: 0x6d7756a4)
GetProcAddress (Address: 0x6d7756a8)
GetProcessId (Address: 0x6d7756ac)
GetProcessTimes (Address: 0x6d7756b0)
GetSystemDirectoryA (Address: 0x6d7756b4)
GetSystemInfo (Address: 0x6d7756b8)
GetSystemTimeAsFileTime (Address: 0x6d7756bc)
GetThreadId (Address: 0x6d7756c0)
GetTickCount (Address: 0x6d7756c4)
GetWindowsDirectoryA (Address: 0x6d7756c8)
GlobalAlloc (Address: 0x6d7756cc)
GlobalFree (Address: 0x6d7756d0)
GlobalLock (Address: 0x6d7756d4)
GlobalUnlock (Address: 0x6d7756d8)
InitializeConditionVariable (Address: 0x6d7756dc)
InitializeCriticalSection (Address: 0x6d7756e0)
IsBadReadPtr (Address: 0x6d7756e4)
IsDBCSLeadByteEx (Address: 0x6d7756e8)
IsDebuggerPresent (Address: 0x6d7756ec)
LeaveCriticalSection (Address: 0x6d7756f0)
LoadLibraryA (Address: 0x6d7756f4)
LoadLibraryW (Address: 0x6d7756f8)
LoadResource (Address: 0x6d7756fc)
LocalFree (Address: 0x6d775700)
LockResource (Address: 0x6d775704)
Module32FirstW (Address: 0x6d775708)
Module32NextW (Address: 0x6d77570c)
MoveFileExA (Address: 0x6d775710)
MultiByteToWideChar (Address: 0x6d775714)
OpenProcess (Address: 0x6d775718)
OpenThread (Address: 0x6d77571c)
Process32FirstW (Address: 0x6d775720)
Process32NextW (Address: 0x6d775724)
QueryFullProcessImageNameA (Address: 0x6d775728)
QueryPerformanceCounter (Address: 0x6d77572c)
QueryPerformanceFrequency (Address: 0x6d775730)
ReadFile (Address: 0x6d775734)
SetEvent (Address: 0x6d775738)
SetLastError (Address: 0x6d77573c)
SetThreadPriority (Address: 0x6d775740)
SetUnhandledExceptionFilter (Address: 0x6d775744)
SizeofResource (Address: 0x6d775748)
Sleep (Address: 0x6d77574c)
SleepConditionVariableCS (Address: 0x6d775750)
SuspendThread (Address: 0x6d775754)
TerminateProcess (Address: 0x6d775758)
Thread32First (Address: 0x6d77575c)
Thread32Next (Address: 0x6d775760)
TlsAlloc (Address: 0x6d775764)
TlsFree (Address: 0x6d775768)
TlsGetValue (Address: 0x6d77576c)
TlsSetValue (Address: 0x6d775770)
TryEnterCriticalSection (Address: 0x6d775774)
VirtualProtect (Address: 0x6d775778)
VirtualQuery (Address: 0x6d77577c)
WaitForSingleObject (Address: 0x6d775780)
WakeAllConditionVariable (Address: 0x6d775784)
WakeConditionVariable (Address: 0x6d775788)
WideCharToMultiByte (Address: 0x6d77578c)

msvcrt.dll

__mb_cur_max (Address: 0x6d775794)
__setusermatherr (Address: 0x6d775798)
_amsg_exit (Address: 0x6d77579c)
_errno (Address: 0x6d7757a0)
_fdopen (Address: 0x6d775894)
_fileno (Address: 0x6d775890)
_fstat64 (Address: 0x6d7757a4)
_initterm (Address: 0x6d7757a8)
_iob (Address: 0x6d7757ac)
_lock (Address: 0x6d7757b0)
_lseeki64 (Address: 0x6d7757b4)
_read (Address: 0x6d77588c)
_stricmp (Address: 0x6d7757b8)
_strtoi64 (Address: 0x6d775884)
_strtoui64 (Address: 0x6d775880)
_unlock (Address: 0x6d7757bc)
_wfopen (Address: 0x6d7757c0)
_write (Address: 0x6d775888)
abort (Address: 0x6d7757c4)
atoi (Address: 0x6d7757c8)
calloc (Address: 0x6d7757cc)
fclose (Address: 0x6d7757d0)
fflush (Address: 0x6d7757d4)
fopen (Address: 0x6d7757d8)
fputc (Address: 0x6d7757dc)
fputs (Address: 0x6d7757e0)
free (Address: 0x6d7757e4)
fwrite (Address: 0x6d7757e8)
getc (Address: 0x6d7757ec)
getenv (Address: 0x6d7757f0)
isalnum (Address: 0x6d7757f4)
isspace (Address: 0x6d7757f8)
iswctype (Address: 0x6d7757fc)
isxdigit (Address: 0x6d775800)
localeconv (Address: 0x6d775804)
malloc (Address: 0x6d775808)
memchr (Address: 0x6d77580c)
memcmp (Address: 0x6d775810)
memcpy (Address: 0x6d775814)
memmove (Address: 0x6d775818)
memset (Address: 0x6d77581c)
realloc (Address: 0x6d775820)
setlocale (Address: 0x6d775824)
setvbuf (Address: 0x6d775828)
strchr (Address: 0x6d77582c)
strcmp (Address: 0x6d775830)
strcoll (Address: 0x6d775834)
strerror (Address: 0x6d775838)
strftime (Address: 0x6d77583c)
strlen (Address: 0x6d775840)
strncmp (Address: 0x6d775844)
strncpy (Address: 0x6d775848)
strtol (Address: 0x6d77584c)
strtoul (Address: 0x6d775850)
strxfrm (Address: 0x6d775854)
tolower (Address: 0x6d775858)
toupper (Address: 0x6d77585c)
towlower (Address: 0x6d775860)
towupper (Address: 0x6d775864)
ungetc (Address: 0x6d775868)
vfprintf (Address: 0x6d77586c)
wcscoll (Address: 0x6d775870)
wcsftime (Address: 0x6d775874)
wcslen (Address: 0x6d775878)
wcsxfrm (Address: 0x6d77587c)

ole32.dll

CreateStreamOnHGlobal (Address: 0x6d77589c)

SHELL32.dll

ShellExecuteExA (Address: 0x6d7758a4)

USER32.dll

BeginPaint (Address: 0x6d7758ac)
CallNextHookEx (Address: 0x6d7758b0)
CallWindowProcA (Address: 0x6d7758b4)
ClientToScreen (Address: 0x6d7758b8)
CreateWindowExA (Address: 0x6d7758bc)
DefWindowProcA (Address: 0x6d7758c0)
DestroyWindow (Address: 0x6d7758c4)
DispatchMessageA (Address: 0x6d7758c8)
EndPaint (Address: 0x6d7758cc)
EnumChildWindows (Address: 0x6d7758d0)
EnumWindows (Address: 0x6d7758d4)
GetClientRect (Address: 0x6d7758d8)
GetDC (Address: 0x6d7758dc)
GetForegroundWindow (Address: 0x6d7758e0)
GetKeyboardState (Address: 0x6d7758e4)
GetMessageA (Address: 0x6d7758e8)
GetPropA (Address: 0x6d7758ec)
GetSystemMetrics (Address: 0x6d7758f0)
GetWindowLongA (Address: 0x6d7758f4)
GetWindowRect (Address: 0x6d7758f8)
GetWindowTextA (Address: 0x6d7758fc)
GetWindowThreadProcessId (Address: 0x6d775900)
IsIconic (Address: 0x6d775904)
IsWindow (Address: 0x6d775908)
IsWindowVisible (Address: 0x6d77590c)
LoadCursorA (Address: 0x6d775910)
MessageBoxA (Address: 0x6d775914)
PeekMessageA (Address: 0x6d775918)
PostMessageA (Address: 0x6d77591c)
PostQuitMessage (Address: 0x6d775920)
PostThreadMessageA (Address: 0x6d775924)
RegisterClassA (Address: 0x6d775928)
ReleaseDC (Address: 0x6d77592c)
RemovePropA (Address: 0x6d775930)
SetPropA (Address: 0x6d775934)
SetTimer (Address: 0x6d775938)
SetWindowLongA (Address: 0x6d77593c)
SetWindowPos (Address: 0x6d775940)
SetWindowsHookExA (Address: 0x6d775944)
ShowWindow (Address: 0x6d775948)
ToUnicode (Address: 0x6d77594c)
TranslateMessage (Address: 0x6d775950)
UpdateLayeredWindow (Address: 0x6d775954)
wsprintfA (Address: 0x6d775958)

WINHTTP.dll

WinHttpCloseHandle (Address: 0x6d775960)
WinHttpConnect (Address: 0x6d775964)
WinHttpCrackUrl (Address: 0x6d775968)
WinHttpOpen (Address: 0x6d77596c)
WinHttpOpenRequest (Address: 0x6d775970)
WinHttpQueryDataAvailable (Address: 0x6d775974)
WinHttpQueryHeaders (Address: 0x6d775978)
WinHttpReadData (Address: 0x6d77597c)
WinHttpReceiveResponse (Address: 0x6d775980)
WinHttpSendRequest (Address: 0x6d775984)
WinHttpSetTimeouts (Address: 0x6d775988)