GearNtKe.dll

Description:

Authors:

Version:

Architecture: 32-bit

Operating System:

SHA256: 8aa6307435fa29ec221a445c131c73ce

File Size: 76.0 KB

Uploaded At: March 18, 2026, 8:37 a.m.

Views: 4

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: CreateRemoteThread, WriteProcessMemory, VirtualAllocEx

Exported Functions

  • ??0CGearNtKe@@QAE@XZ (Ordinal: 1, Address: 0x16a0)
  • ??4CGearNtKe@@QAEAAV0@ABV0@@Z (Ordinal: 2, Address: 0x1000)
  • AddProcess (Ordinal: 3, Address: 0x16b0)
  • GetSpeed (Ordinal: 4, Address: 0x16f0)
  • OldSetTimer (Ordinal: 5, Address: 0x11e0)
  • SetSpeed (Ordinal: 6, Address: 0x1700)
  • UnIntercept (Ordinal: 7, Address: 0x15b0)
  • fnGearNtKe (Ordinal: 8, Address: 0x1690)
  • nGearNtKe (Ordinal: 9, Address: 0x10388)

Imported DLLs & Functions

KERNEL32.dll
  • CloseHandle (Address: 0x1000c020)
  • CreateMutexA (Address: 0x1000c024)
  • CreateProcessA (Address: 0x1000c018)
  • CreateProcessW (Address: 0x1000c010)
  • CreateRemoteThread (Address: 0x1000c034)
  • DeleteCriticalSection (Address: 0x1000c0b0)
  • EnterCriticalSection (Address: 0x1000c0d8)
  • ExitProcess (Address: 0x1000c080)
  • FlushFileBuffers (Address: 0x1000c118)
  • FlushInstructionCache (Address: 0x1000c054)
  • FreeEnvironmentStringsA (Address: 0x1000c0b4)
  • FreeEnvironmentStringsW (Address: 0x1000c030)
  • GetACP (Address: 0x1000c0f4)
  • GetCommandLineA (Address: 0x1000c074)
  • GetCPInfo (Address: 0x1000c0f0)
  • GetCurrentProcess (Address: 0x1000c06c)
  • GetCurrentThreadId (Address: 0x1000c088)
  • GetEnvironmentStrings (Address: 0x1000c02c)
  • GetEnvironmentStringsW (Address: 0x1000c0c0)
  • GetFileType (Address: 0x1000c000)
  • GetLastError (Address: 0x1000c09c)
  • GetModuleFileNameA (Address: 0x1000c01c)
  • GetModuleFileNameW (Address: 0x1000c014)
  • GetModuleHandleA (Address: 0x1000c048)
  • GetModuleHandleW (Address: 0x1000c060)
  • GetOEMCP (Address: 0x1000c0f8)
  • GetProcAddress (Address: 0x1000c044)
  • GetStartupInfoA (Address: 0x1000c0ac)
  • GetStdHandle (Address: 0x1000c0a4)
  • GetStringTypeA (Address: 0x1000c104)
  • GetStringTypeW (Address: 0x1000c108)
  • GetThreadContext (Address: 0x1000c058)
  • GetTickCount (Address: 0x1000c004)
  • GetVersion (Address: 0x1000c078)
  • HeapAlloc (Address: 0x1000c0e0)
  • HeapCreate (Address: 0x1000c0c8)
  • HeapDestroy (Address: 0x1000c0c4)
  • HeapFree (Address: 0x1000c0d0)
  • HeapReAlloc (Address: 0x1000c0b8)
  • InitializeCriticalSection (Address: 0x1000c0ec)
  • InterlockedDecrement (Address: 0x1000c0e4)
  • InterlockedIncrement (Address: 0x1000c0e8)
  • LCMapStringA (Address: 0x1000c10c)
  • LCMapStringW (Address: 0x1000c110)
  • LeaveCriticalSection (Address: 0x1000c0dc)
  • LoadLibraryA (Address: 0x1000c070)
  • MultiByteToWideChar (Address: 0x1000c100)
  • QueryPerformanceCounter (Address: 0x1000c0a8)
  • RaiseException (Address: 0x1000c114)
  • ReleaseMutex (Address: 0x1000c008)
  • ResumeThread (Address: 0x1000c04c)
  • RtlUnwind (Address: 0x1000c07c)
  • SetFilePointer (Address: 0x1000c11c)
  • SetHandleCount (Address: 0x1000c0a0)
  • SetLastError (Address: 0x1000c064)
  • SetStdHandle (Address: 0x1000c0fc)
  • SetThreadContext (Address: 0x1000c050)
  • SuspendThread (Address: 0x1000c05c)
  • TerminateProcess (Address: 0x1000c084)
  • TlsAlloc (Address: 0x1000c090)
  • TlsFree (Address: 0x1000c094)
  • TlsGetValue (Address: 0x1000c098)
  • TlsSetValue (Address: 0x1000c08c)
  • VirtualAlloc (Address: 0x1000c0bc)
  • VirtualAllocEx (Address: 0x1000c040)
  • VirtualFree (Address: 0x1000c0cc)
  • VirtualProtect (Address: 0x1000c068)
  • VirtualProtectEx (Address: 0x1000c03c)
  • WaitForSingleObject (Address: 0x1000c00c)
  • WideCharToMultiByte (Address: 0x1000c028)
  • WriteFile (Address: 0x1000c0d4)
  • WriteProcessMemory (Address: 0x1000c038)
USER32.dll
  • GetMessageTime (Address: 0x1000c124)
  • SetTimer (Address: 0x1000c128)
WINMM.dll
  • timeGetTime (Address: 0x1000c134)
  • timeSetEvent (Address: 0x1000c130)