ARKCmdFS.dll

Description: ARKCmdFS Dynamic Link Library

Version: 6.0.29.0

Architecture: 32-bit

Operating System: Windows

SHA256: 6eb0a4bc3b1ca4bc6c246709e356184e

File Size: 432.4 KB

Uploaded At: Dec. 4, 2025, 6:19 a.m.

Views: 18

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

GetCommandObject (Ordinal: 1, Address: 0x1f680)
SetARKController (Ordinal: 2, Address: 0x1f6b0)
SetLogger (Ordinal: 3, Address: 0x1f710)

Imported DLLs & Functions

ADVAPI32.dll

AdjustTokenPrivileges (Address: 0x1004f018)
AllocateAndInitializeSid (Address: 0x1004f068)
ChangeServiceConfig2W (Address: 0x1004f088)
ChangeServiceConfigW (Address: 0x1004f090)
CloseServiceHandle (Address: 0x1004f070)
ControlService (Address: 0x1004f09c)
CreateProcessAsUserW (Address: 0x1004f010)
CreateRestrictedToken (Address: 0x1004f00c)
CreateServiceW (Address: 0x1004f06c)
CreateWellKnownSid (Address: 0x1004f01c)
DeleteService (Address: 0x1004f074)
FreeSid (Address: 0x1004f004)
GetNamedSecurityInfoW (Address: 0x1004f024)
GetSecurityDescriptorDacl (Address: 0x1004f064)
GetServiceDisplayNameW (Address: 0x1004f098)
GetServiceKeyNameW (Address: 0x1004f07c)
InitializeSecurityDescriptor (Address: 0x1004f034)
LookupPrivilegeValueW (Address: 0x1004f014)
OpenProcessToken (Address: 0x1004f008)
OpenSCManagerW (Address: 0x1004f000)
OpenServiceW (Address: 0x1004f080)
QueryServiceConfig2W (Address: 0x1004f084)
QueryServiceConfigW (Address: 0x1004f078)
QueryServiceStatusEx (Address: 0x1004f094)
RegCloseKey (Address: 0x1004f05c)
RegCreateKeyExW (Address: 0x1004f028)
RegDeleteKeyW (Address: 0x1004f038)
RegDeleteValueW (Address: 0x1004f044)
RegEnumKeyExW (Address: 0x1004f058)
RegEnumValueW (Address: 0x1004f04c)
RegGetKeySecurity (Address: 0x1004f040)
RegOpenKeyExW (Address: 0x1004f054)
RegQueryInfoKeyW (Address: 0x1004f030)
RegQueryValueExW (Address: 0x1004f02c)
RegSetKeySecurity (Address: 0x1004f050)
RegSetValueExW (Address: 0x1004f060)
SetEntriesInAclW (Address: 0x1004f048)
SetNamedSecurityInfoW (Address: 0x1004f020)
SetSecurityDescriptorDacl (Address: 0x1004f03c)
StartServiceW (Address: 0x1004f08c)

ARKEngine.dll

??0ARKCommand@@QAE@AAVLogAppender@@@Z (Address: 0x1004f0b4)
??1ARKCommand@@UAE@XZ (Address: 0x1004f0b0)
?GetInstallSequenceNumber@ARKCommand@@UBEIXZ (Address: 0x1004f0bc)
?GetTargetFileName@ARKCommand@@UBE_NAAVFileSystemPath@@@Z (Address: 0x1004f0b8)
?GetUnistallDBQueryString@ARKCommand@@UAE_NAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z (Address: 0x1004f0ac)
?GetUnistallDBQueryString@ARKCommand@@UAE_NAAV?$list@UUninstallDBQuery@@V?$allocator@UUninstallDBQuery@@@std@@@std@@@Z (Address: 0x1004f0a4)
?Perform@ARKCommand@@QAE_NXZ (Address: 0x1004f0a8)
?SetInstallSequenceNumber@ARKCommand@@UAEXI@Z (Address: 0x1004f0c0)

GDI32.dll

AddFontResourceW (Address: 0x1004f0c8)
RemoveFontResourceW (Address: 0x1004f0cc)

KERNEL32.dll

CloseHandle (Address: 0x1004f150)
CopyFileW (Address: 0x1004f160)
CreateDirectoryW (Address: 0x1004f124)
CreateFileW (Address: 0x1004f184)
CreateProcessW (Address: 0x1004f134)
DecodePointer (Address: 0x1004f0f0)
DeleteFileW (Address: 0x1004f1d0)
EncodePointer (Address: 0x1004f0e0)
FindClose (Address: 0x1004f1c0)
FindFirstFileW (Address: 0x1004f1a0)
FindNextFileW (Address: 0x1004f1cc)
FormatMessageW (Address: 0x1004f1a8)
FreeLibrary (Address: 0x1004f10c)
GetCurrentDirectoryW (Address: 0x1004f1b8)
GetCurrentProcess (Address: 0x1004f138)
GetCurrentProcessId (Address: 0x1004f0e8)
GetCurrentThreadId (Address: 0x1004f0e4)
GetExitCodeProcess (Address: 0x1004f144)
GetFileAttributesW (Address: 0x1004f1ac)
GetFileSize (Address: 0x1004f18c)
GetLastError (Address: 0x1004f130)
GetModuleFileNameW (Address: 0x1004f198)
GetModuleHandleW (Address: 0x1004f118)
GetProcAddress (Address: 0x1004f174)
GetProcessHeap (Address: 0x1004f16c)
GetStringTypeExW (Address: 0x1004f104)
GetSystemTime (Address: 0x1004f188)
GetSystemTimeAsFileTime (Address: 0x1004f0ec)
GetTempPathW (Address: 0x1004f1b4)
GetTickCount (Address: 0x1004f178)
GetUserDefaultLCID (Address: 0x1004f108)
HeapAlloc (Address: 0x1004f164)
HeapFree (Address: 0x1004f168)
InterlockedCompareExchange (Address: 0x1004f114)
InterlockedExchange (Address: 0x1004f110)
IsDebuggerPresent (Address: 0x1004f0dc)
LCMapStringW (Address: 0x1004f0fc)
LoadLibraryA (Address: 0x1004f100)
LoadLibraryW (Address: 0x1004f170)
LocalAlloc (Address: 0x1004f14c)
LocalFree (Address: 0x1004f154)
lstrcatW (Address: 0x1004f11c)
lstrcmpiW (Address: 0x1004f128)
lstrcmpW (Address: 0x1004f1b0)
lstrcpyW (Address: 0x1004f1d4)
lstrlenW (Address: 0x1004f12c)
MoveFileExW (Address: 0x1004f1a4)
MoveFileW (Address: 0x1004f120)
MultiByteToWideChar (Address: 0x1004f19c)
OpenProcess (Address: 0x1004f140)
QueryPerformanceCounter (Address: 0x1004f0f4)
RaiseException (Address: 0x1004f0d4)
ReadFile (Address: 0x1004f190)
RemoveDirectoryW (Address: 0x1004f1c8)
SetCurrentDirectoryW (Address: 0x1004f1c4)
SetDllDirectoryW (Address: 0x1004f194)
SetFileAttributesW (Address: 0x1004f1d8)
SetFileTime (Address: 0x1004f180)
SetLastError (Address: 0x1004f1bc)
SetUnhandledExceptionFilter (Address: 0x1004f0d8)
Sleep (Address: 0x1004f158)
SystemTimeToFileTime (Address: 0x1004f17c)
TerminateProcess (Address: 0x1004f148)
UnhandledExceptionFilter (Address: 0x1004f0f8)
WaitForSingleObject (Address: 0x1004f13c)
WideCharToMultiByte (Address: 0x1004f15c)

mscms.dll

InstallColorProfileW (Address: 0x1004f40c)
UninstallColorProfileW (Address: 0x1004f410)

MSVCP100.dll

?_BADOFF@std@@3_JB (Address: 0x1004f230)
?_Decref@facet@locale@std@@QAEPAV123@XZ (Address: 0x1004f1e8)
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z (Address: 0x1004f244)
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z (Address: 0x1004f250)
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ (Address: 0x1004f240)
?_Incref@facet@locale@std@@QAEXXZ (Address: 0x1004f1e4)
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ (Address: 0x1004f258)
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ (Address: 0x1004f254)
?_Xlength_error@std@@YAXPBD@Z (Address: 0x1004f228)
?_Xout_of_range@std@@YAXPBD@Z (Address: 0x1004f224)
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@ (Address: 0x1004f22c)
??0_Lockit@std@@QAE@H@Z (Address: 0x1004f238)
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ (Address: 0x1004f220)
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z (Address: 0x1004f26c)
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ (Address: 0x1004f264)
??1_Lockit@std@@QAE@XZ (Address: 0x1004f234)
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ (Address: 0x1004f200)
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ (Address: 0x1004f208)
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ (Address: 0x1004f1f0)
??Bid@locale@std@@QAEIXZ (Address: 0x1004f1e0)
?always_noconv@codecvt_base@std@@QBE_NXZ (Address: 0x1004f1ec)
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z (Address: 0x1004f21c)
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ (Address: 0x1004f20c)
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ (Address: 0x1004f260)
?id@?$codecvt@DDH@std@@2V0locale@2@A (Address: 0x1004f248)
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z (Address: 0x1004f210)
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z (Address: 0x1004f214)
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z (Address: 0x1004f25c)
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z (Address: 0x1004f204)
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ (Address: 0x1004f1f4)
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z (Address: 0x1004f218)
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z (Address: 0x1004f24c)
?uncaught_exception@std@@YA_NXZ (Address: 0x1004f23c)
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z (Address: 0x1004f268)
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z (Address: 0x1004f1f8)
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z (Address: 0x1004f1fc)

MSVCR100.dll

__clean_type_info_names_internal (Address: 0x1004f280)
__CppXcptFilter (Address: 0x1004f290)
__CxxFrameHandler3 (Address: 0x1004f2c0)
__dllonexit (Address: 0x1004f2b8)
_amsg_exit (Address: 0x1004f294)
_crt_debugger_hook (Address: 0x1004f28c)
_CxxThrowException (Address: 0x1004f274)
_encoded_null (Address: 0x1004f2a4)
_except_handler4_common (Address: 0x1004f288)
_fseeki64 (Address: 0x1004f328)
_initterm (Address: 0x1004f29c)
_initterm_e (Address: 0x1004f298)
_lock (Address: 0x1004f2b4)
_lock_file (Address: 0x1004f33c)
_malloc_crt (Address: 0x1004f2a8)
_onexit (Address: 0x1004f2b0)
_purecall (Address: 0x1004f304)
_snwprintf_s (Address: 0x1004f358)
_time64 (Address: 0x1004f364)
_unlock (Address: 0x1004f2bc)
_unlock_file (Address: 0x1004f31c)
_vsnwprintf_s (Address: 0x1004f308)
_wstat64i32 (Address: 0x1004f354)
_wtoi (Address: 0x1004f2d8)
?_type_info_dtor_internal_method@type_info@@QAEXXZ (Address: 0x1004f284)
??_V@YAXPAX@Z (Address: 0x1004f2e4)
??0bad_cast@std@@QAE@ABV01@@Z (Address: 0x1004f318)
??0bad_cast@std@@QAE@PBD@Z (Address: 0x1004f314)
??0exception@std@@QAE@ABQBD@Z (Address: 0x1004f2cc)
??0exception@std@@QAE@ABV01@@Z (Address: 0x1004f2d0)
??1bad_cast@std@@UAE@XZ (Address: 0x1004f310)
??1exception@std@@UAE@XZ (Address: 0x1004f2c8)
??2@YAPAXI@Z (Address: 0x1004f2e0)
??3@YAXPAX@Z (Address: 0x1004f2dc)
??8type_info@@QBE_NABV0@@Z (Address: 0x1004f2a0)
?terminate@@YAXXZ (Address: 0x1004f2ac)
?what@exception@std@@UBEPBDXZ (Address: 0x1004f2c4)
fclose (Address: 0x1004f348)
fflush (Address: 0x1004f32c)
fgetc (Address: 0x1004f330)
fgetpos (Address: 0x1004f324)
fputc (Address: 0x1004f30c)
free (Address: 0x1004f2e8)
fsetpos (Address: 0x1004f334)
fwrite (Address: 0x1004f344)
malloc (Address: 0x1004f2ec)
memchr (Address: 0x1004f34c)
memcpy (Address: 0x1004f278)
memcpy_s (Address: 0x1004f340)
memmove (Address: 0x1004f2d4)
memset (Address: 0x1004f27c)
rand (Address: 0x1004f35c)
setvbuf (Address: 0x1004f338)
sprintf_s (Address: 0x1004f300)
srand (Address: 0x1004f360)
strcat_s (Address: 0x1004f2f0)
swprintf_s (Address: 0x1004f350)
toupper (Address: 0x1004f2f8)
ungetc (Address: 0x1004f320)
vswprintf_s (Address: 0x1004f368)
wcscpy_s (Address: 0x1004f2fc)
wcstoul (Address: 0x1004f2f4)
wprintf (Address: 0x1004f36c)

ole32.dll

CoCreateInstance (Address: 0x1004f424)
CoInitialize (Address: 0x1004f41c)
CoTaskMemFree (Address: 0x1004f418)
CoUninitialize (Address: 0x1004f420)

OLEAUT32.dll

SysAllocString (Address: 0x1004f378)
SysFreeString (Address: 0x1004f37c)
VariantClear (Address: 0x1004f374)

PSAPI.DLL

EnumProcesses (Address: 0x1004f388)
EnumProcessModules (Address: 0x1004f384)
GetModuleFileNameExW (Address: 0x1004f38c)

SHELL32.dll

(Address: 0x1004f39c)
(Address: 0x1004f3a4)
SHChangeNotify (Address: 0x1004f398)
SHCreateDirectoryExW (Address: 0x1004f3a0)
SHGetFolderLocation (Address: 0x1004f3b0)
SHGetFolderPathW (Address: 0x1004f3a8)
SHGetPathFromIDListW (Address: 0x1004f3ac)
SHSetLocalizedName (Address: 0x1004f394)

SHLWAPI.dll

PathAddBackslashW (Address: 0x1004f3f0)
PathAppendW (Address: 0x1004f3cc)
PathCombineW (Address: 0x1004f3d4)
PathFileExistsW (Address: 0x1004f3ec)
PathFindExtensionW (Address: 0x1004f3f8)
PathFindFileNameW (Address: 0x1004f3f4)
PathIsDirectoryW (Address: 0x1004f3d8)
PathIsRelativeW (Address: 0x1004f3c8)
PathIsRootW (Address: 0x1004f3e8)
PathIsUNCW (Address: 0x1004f3b8)
PathMakePrettyW (Address: 0x1004f3d0)
PathMakeSystemFolderW (Address: 0x1004f3c4)
PathRemoveBackslashW (Address: 0x1004f3e0)
PathRemoveFileSpecW (Address: 0x1004f3bc)
PathRenameExtensionW (Address: 0x1004f3e4)
PathStripPathW (Address: 0x1004f3dc)
PathStripToRootW (Address: 0x1004f3fc)
PathUnmakeSystemFolderW (Address: 0x1004f3c0)

USER32.dll

LoadStringW (Address: 0x1004f404)