119fa21ccdf9fa5efbd87aff37b864d05ee1c54a2c3862c6a7548e80746c4cd5

Sharing

Copy URL Twitter E-mail

General

Target

119fa21ccdf9fa5efbd87aff37b864d05ee1c54a2c3862c6a7548e80746c4cd5
Size

5.9MB
MD5

05a2489dce8573359afabef6c8886e1b
SHA1

aa73d4729e25b69149d64ce1119d86f37e7e8a37
SHA256

119fa21ccdf9fa5efbd87aff37b864d05ee1c54a2c3862c6a7548e80746c4cd5
SHA512

7022b9418ae5317dd5cf0c61026917879c92dbf6ca7216d9fa0f6aba1b80e8281b72371a73c2dd592d125ab39459865a362a45214770ba4807934b9fa5353904
SSDEEP

98304:8sYUydc24WFeqh6Ht/Rsqyf8cHeOvsCyvqqtWJqBvo+kPWbvcWqe8arY+TTiD9El:8sOc2tnhoduqyfj0xCWgqBvoZW7357T1

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/SafeDogGuardCenter.exe	vmprotect

Files

119fa21ccdf9fa5efbd87aff37b864d05ee1c54a2c3862c6a7548e80746c4cd5
.zip
(2040 2135 2635 2540 2235)kmtwainlang.dll
.dll regsvr32 windows x86

256786d487a8a059f70ad2383495f286

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord4486
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord5500
ord1199
ord1247
ord1132
ord6467
ord1131
ord6354
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord6375
ord3831
ord4274
ord269
ord826
ord600
ord1578
ord1255
ord1116

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
??2@YAPAXI@Z
__CxxFrameHandler

kernel32

LocalFree
LocalAlloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 446B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
(2040 2135 2635 2540 2235)kmtwainlang.dll12
.dll regsvr32 windows x86

256786d487a8a059f70ad2383495f286

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord4486
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord5500
ord1199
ord1247
ord1132
ord6467
ord1131
ord6354
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord6375
ord3831
ord4274
ord269
ord826
ord600
ord1578
ord1255
ord1116

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
??2@YAPAXI@Z
__CxxFrameHandler

kernel32

LocalFree
LocalAlloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 446B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
(2040 2135 2635 2540 2235)kmtwainlang.dll3
.dll regsvr32 windows x86

256786d487a8a059f70ad2383495f286

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord4486
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord5500
ord1199
ord1247
ord1132
ord6467
ord1131
ord6354
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord6375
ord3831
ord4274
ord269
ord826
ord600
ord1578
ord1255
ord1116

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
??2@YAPAXI@Z
__CxxFrameHandler

kernel32

LocalFree
LocalAlloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 446B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
(2040 2135 2635 2540 2235)kmtwainlang.dll7
.dll regsvr32 windows x86

256786d487a8a059f70ad2383495f286

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord4486
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord5500
ord1199
ord1247
ord1132
ord6467
ord1131
ord6354
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord6375
ord3831
ord4274
ord269
ord826
ord600
ord1578
ord1255
ord1116

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
??2@YAPAXI@Z
__CxxFrameHandler

kernel32

LocalFree
LocalAlloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 446B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EasyBCD.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ba:8a:eb:c9:83:ee:22:11:b0:f9:7d:ca:f0:4d:41:4b
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/10/2014, 00:00

Not After

01/10/2019, 23:59

Subject

CN=NeoSmart Technologies,O=NeoSmart Technologies,POSTALCODE=60634,STREET=4038 N McVicker Ave,L=Wheaton,ST=IL,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

91:d4:42:13:74:1f:30:72:98:fa:09:62:f7:ed:65:89:e5:e8:80:ef
Signer

Actual PE Digest

91:d4:42:13:74:1f:30:72:98:fa:09:62:f7:ed:65:89:e5:e8:80:ef

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=NeoSmart Technologies,O=NeoSmart Technologies,POSTALCODE=60634,STREET=4038 N McVicker Ave,L=Wheaton,ST=IL,C=US

20/10/2015, 18:38
Valid: true

Chain 1

CN=NeoSmart Technologies,O=NeoSmart Technologies,POSTALCODE=60634,STREET=4038 N McVicker Ave,L=Wheaton,ST=IL,C=US

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 795KB - Virtual size: 794KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FileOpenSH.pvp
.dll windows x86

b2eeb02687896c7b3a6f4827e5fb0f6d

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:9c:96:e9:49:dc:a9:03:e9:21:89:e0:b2:99:9d:e5
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/11/2017, 00:00

Not After

04/01/2021, 12:00

Subject

CN=Tracker Software Products (Canada) Ltd.,O=Tracker Software Products (Canada) Ltd.,L=Chemainus,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:9c:96:e9:49:dc:a9:03:e9:21:89:e0:b2:99:9d:e5
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/11/2017, 00:00

Not After

04/01/2021, 12:00

Subject

CN=Tracker Software Products (Canada) Ltd.,O=Tracker Software Products (Canada) Ltd.,L=Chemainus,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

44:4f:e6:63:29:98:45:48:19:06:11:fb:a3:c5:d9:c3:40:e7:4b:70:82:20:87:33:5e:7f:bd:51:03:53:a1:21
Signer

Actual PE Digest

44:4f:e6:63:29:98:45:48:19:06:11:fb:a3:c5:d9:c3:40:e7:4b:70:82:20:87:33:5e:7f:bd:51:03:53:a1:21

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Tracker Software Products (Canada) Ltd.,O=Tracker Software Products (Canada) Ltd.,L=Chemainus,ST=British Columbia,C=CA

02/11/2020, 22:10
Valid: true

Chain 1

CN=Tracker Software Products (Canada) Ltd.,O=Tracker Software Products (Canada) Ltd.,L=Chemainus,ST=British Columbia,C=CA

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

63:cc:e2:c4:0f:89:31:d5:df:18:33:81:6f:37:06:4d:19:c1:95:a0
Signer

Actual PE Digest

63:cc:e2:c4:0f:89:31:d5:df:18:33:81:6f:37:06:4d:19:c1:95:a0

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Tracker Software Products (Canada) Ltd.,O=Tracker Software Products (Canada) Ltd.,L=Chemainus,ST=British Columbia,C=CA

02/11/2020, 22:10
Valid: true

Chain 1

CN=Tracker Software Products (Canada) Ltd.,O=Tracker Software Products (Canada) Ltd.,L=Chemainus,ST=British Columbia,C=CA

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
FreeResource
LoadResource
LockResource
GetModuleHandleW
LoadLibraryW
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
WideCharToMultiByte
GetModuleHandleA
GetModuleFileNameW
DeleteCriticalSection
FindResourceW
GetProcAddress
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
SetLastError
GetLastError
RaiseException
DecodePointer
SizeofResource
WriteConsoleW
CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetCurrentProcessId
VirtualAlloc
VirtualFree
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
GetCurrentProcess
GetSystemInfo
GetVersionExA
VirtualQuery
IsDebuggerPresent
OutputDebugStringW
LocalFree
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetModuleFileNameA
Process32Next
Process32First
CreateToolhelp32Snapshot
FreeLibrary
LoadLibraryA
MultiByteToWideChar
GetVolumeInformationA
GetDriveTypeA
GetCurrentThread
FindClose
FindNextFileA
FindFirstFileA
CopyFileA
Sleep
InitializeCriticalSection
InterlockedCompareExchange
AreFileApisANSI
UnlockFile
LockFile
LockFileEx
UnlockFileEx
GetTickCount
GetSystemTime
FormatMessageA
FormatMessageW
SetFilePointer
ReadFile
WriteFile
SetEndOfFile
FlushFileBuffers
GetFileSize
GetTempPathA
GetTempPathW
GetFileAttributesA
DeleteFileA
GetFileAttributesW
DeleteFileW
GetFileAttributesExW
GetFullPathNameA
GetFullPathNameW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
CreateFileA
CreateFileW
RtlUnwind
InterlockedFlushSList
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetStdHandle
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
GetFileSizeEx
SetFilePointerEx
CreateDirectoryW
SetStdHandle
MoveFileExW
GetStringTypeW

user32

IsDialogMessageA
TranslateMessage
DispatchMessageA
GetMessageA
CreateDialogParamW
IsWindow
DialogBoxParamW
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
SetFocus
SetActiveWindow
PostQuitMessage
MessageBoxW
GetDesktopWindow
EndDialog
DestroyWindow
SetTimer
GetDlgItem
MessageBoxA
ShowWindow
SetWindowTextW
EnableWindow
SetDlgItemTextA
GetDlgCtrlID
CloseClipboard
KillTimer
OpenClipboard
GetClipboardData
EmptyClipboard
SetClipboardData

gdi32

ExtEscape

winspool.drv

GetPrinterDriverA
GetPrinterA

ole32

CoTaskMemFree
CreateStreamOnHGlobal

oleaut32

GetErrorInfo
VariantChangeType
VariantCopy
VariantClear
VariantInit
LoadTypeLi
SysFreeString
SysAllocString
SysStringLen
LoadRegTypeLi

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
GetUserNameA
CopySid
GetLengthSid
DuplicateTokenEx
OpenProcessToken
OpenThreadToken

shell32

SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteA
SHGetPathFromIDListA

ws2_32

ntohs
ntohl

rpcrt4

UuidToStringA
RpcStringFreeA

wininet

InternetErrorDlg
InternetCloseHandle
FindFirstUrlCacheEntryA
DeleteUrlCacheEntry
FindCloseUrlCache
InternetOpenUrlA
InternetReadFile
HttpQueryInfoA
InternetSetOptionA
InternetQueryOptionA
FindNextUrlCacheEntryA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetAttemptConnect
InternetQueryDataAvailable

crypt32

CryptUnprotectData

Exports

Exports

?FotkManageL10nUserAuthDialog@@YA_NPAU_t_sfotkUnpDlgParms@@@Z
PXCE_GetPlugin

Sections

.text
Size: 764KB - Virtual size: 764KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 478KB - Virtual size: 902KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GetPcInfo.exe
.exe windows x86

e5cc2ce449a96b08689f2060dc877940

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/11/2009, 10:00

Not After

18/03/2019, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:58:8b:74:ef:40:0d:cd:3e:37:ff:38
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

11/01/2017, 06:24

Not After

12/01/2020, 06:24

Subject

SERIALNUMBER=91440300738803352C,CN=深圳市德尔软件技术有限公司,O=深圳市德尔软件技术有限公司,STREET=福田区新洲路东深圳国际商会大厦0509房,L=SHENZHEN,ST=GUANGDONG,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13085348454e5a48454e,1.3.6.1.4.1.311.60.2.1.2=#13094755414e47444f4e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/11/2009, 10:00

Not After

18/03/2019, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:67:bb:41:39:3d:2a:0e:b1:47:90:9b
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2016, 07:04

Not After

11/05/2019, 08:50

Subject

CN=深圳市德尔软件技术有限公司,O=深圳市德尔软件技术有限公司,L=深圳,ST=广东,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f0:06:e5:0f:11:95:aa:ed:12:13:d7:b8:c4:60:ff:8f:92:35:13:52
Signer

Actual PE Digest

f0:06:e5:0f:11:95:aa:ed:12:13:d7:b8:c4:60:ff:8f:92:35:13:52

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=深圳市德尔软件技术有限公司,O=深圳市德尔软件技术有限公司,L=深圳,ST=广东,C=CN

01/03/2017, 06:29
Valid: false

a4:a4:63:b8:e6:d1:1d:5a:10:ea:bc:c1:61:de:8f:08:6e:8c:ed:f1:34:1b:11:5d:de:2f:7a:95:a4:23:0f:0f
Signer

Actual PE Digest

a4:a4:63:b8:e6:d1:1d:5a:10:ea:bc:c1:61:de:8f:08:6e:8c:ed:f1:34:1b:11:5d:de:2f:7a:95:a4:23:0f:0f

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=91440300738803352C,CN=深圳市德尔软件技术有限公司,O=深圳市德尔软件技术有限公司,STREET=福田区新洲路东深圳国际商会大厦0509房,L=SHENZHEN,ST=GUANGDONG,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13085348454e5a48454e,1.3.6.1.4.1.311.60.2.1.2=#13094755414e47444f4e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

01/03/2017, 06:28
Valid: true

Chain 1

SERIALNUMBER=91440300738803352C,CN=深圳市德尔软件技术有限公司,O=深圳市德尔软件技术有限公司,STREET=福田区新洲路东深圳国际商会大厦0509房,L=SHENZHEN,ST=GUANGDONG,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13085348454e5a48454e,1.3.6.1.4.1.311.60.2.1.2=#13094755414e47444f4e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=91440300738803352C,CN=深圳市德尔软件技术有限公司,O=深圳市德尔软件技术有限公司,STREET=福田区新洲路东深圳国际商会大厦0509房,L=SHENZHEN,ST=GUANGDONG,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13085348454e5a48454e,1.3.6.1.4.1.311.60.2.1.2=#13094755414e47444f4e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetModuleFileNameA
FreeLibrary
GetProcAddress
WritePrivateProfileStringA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Index_dll.dll
.dll windows x86

12e3ab750ea5086d35954831823160d8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVolumeInformationA
GetSystemTime
GetStringTypeExA
lstrcpynA
GetFullPathNameA
GetShortPathNameA
GetThreadLocale
lstrcmpiA
GetCurrentThread
GetModuleFileNameA
GetCurrentThreadId
GlobalAlloc
lstrcmpA
GlobalDeleteAtom
SetEvent
GlobalLock
WaitForSingleObject
InterlockedIncrement
SuspendThread
CreateEventA
LocalFree
InterlockedDecrement
WideCharToMultiByte
InitializeCriticalSection
FormatMessageA
LocalAlloc
GlobalFree
TlsAlloc
DeleteCriticalSection
GetLocaleInfoW
GlobalUnlock
GetUserDefaultLCID
SetEnvironmentVariableA
GetVersionExA
IsValidCodePage
EnumSystemLocalesA
GetLocaleInfoA
SetStdHandle
IsValidLocale
IsBadCodePtr
GetStringTypeW
Sleep
SetUnhandledExceptionFilter
SetConsoleCtrlHandler
GetStringTypeA
UnhandledExceptionFilter
LCMapStringW
CompareStringW
CompareStringA
GetEnvironmentStrings
LCMapStringA
GetEnvironmentStringsW
VirtualAlloc
FreeEnvironmentStringsW
FreeEnvironmentStringsA
HeapDestroy
VirtualFree
HeapCreate
HeapAlloc
HeapFree
HeapReAlloc
GetFileType
FatalAppExitA
GetStartupInfoA
GetLocalTime
SetHandleCount
GetACP
GetTimeZoneInformation
FindFirstFileA
FindClose
RaiseException
ExitThread
ExitProcess
CreateThread
lstrlenA
MultiByteToWideChar
lstrcpyA
TerminateProcess
DebugBreak
OutputDebugStringA
GetStdHandle
HeapValidate
GetCommandLineA
RtlUnwind
GetOEMCP
GetDiskFreeSpaceA
GetTempFileNameA
GetProcessVersion
GetCPInfo
SizeofResource
GetPrivateProfileStringA
GetCurrentDirectoryA
WritePrivateProfileStringA
SetFileAttributesA
GetPrivateProfileIntA
GlobalFlags
LocalFileTimeToFileTime
SetFileTime
SystemTimeToFileTime
GetFileAttributesA
GetFileTime
GetFileSize
VirtualProtect
GetProfileIntA
MulDiv
SetThreadPriority
ResumeThread
GetThreadPriority
GlobalAddAtomA
FreeLibrary
GlobalGetAtomNameA
LockResource
GlobalFindAtomA
GetModuleHandleA
FreeResource
FindResourceA
LoadResource
IsBadReadPtr
FileTimeToLocalFileTime
FileTimeToSystemTime
IsBadStringPtrW
IsBadWritePtr
IsBadStringPtrA
lstrcatA
SetLastError
GetVersion
LocalReAlloc
SetErrorMode
TlsGetValue
GlobalReAlloc
TlsSetValue
EnterCriticalSection
GlobalHandle
LeaveCriticalSection
TlsFree
LoadLibraryA
SetFilePointer
GetLastError
DuplicateHandle
GetCurrentProcess
CreateFileA
ReadFile
WriteFile
GetProcAddress
FlushFileBuffers
CloseHandle
LockFile
UnlockFile
SetEndOfFile
MoveFileA
DeleteFileA

user32

GetForegroundWindow
SetForegroundWindow
ShowCaret
SendNotifyMessageA
HideCaret
SetCaretPos
GetCaretPos
CreateCaret
GetClipboardViewer
GetClipboardOwner
GetOpenClipboardWindow
OpenClipboard
SetClipboardViewer
ChangeClipboardChain
FlashWindow
WindowFromPoint
SetParent
FindWindowA
ChildWindowFromPointEx
ChildWindowFromPoint
ShowScrollBar
GetNextDlgTabItem
GetNextDlgGroupItem
DlgDirSelectComboBoxExA
DlgDirSelectExA
DlgDirListComboBoxA
DlgDirListA
GetDesktopWindow
SetCapture
KillTimer
SetTimer
EnableScrollBar
RedrawWindow
LockWindowUpdate
GetDCEx
ShowOwnedPopups
InvalidateRect
GetUpdateRgn
GetUpdateRect
UpdateWindow
GetDC
EndPaint
BeginPaint
ClientToScreen
BringWindowToTop
GetWindowRgn
SetWindowRgn
ArrangeIconicWindows
IsZoomed
HiliteMenuItem
GetSystemMenu
DrawMenuBar
SetMenu
GetMenu
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
LoadIconA
SendDlgItemMessageA
GetClientRect
MapWindowPoints
GetSysColor
SetFocus
AdjustWindowRectEx
ScreenToClient
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetWindow
GetCapture
WinHelpA
MapDialogRect
RegisterClassA
TrackPopupMenu
SetWindowPlacement
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
GetWindowContextHelpId
SetWindowContextHelpId
CreateWindowExA
GetClassLongA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
RegisterWindowMessageA
EndDialog
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
UnregisterClassA
CheckMenuRadioItem
GetMenuContextHelpId
SetMenuContextHelpId
LoadMenuIndirectA
LoadMenuA
RemoveMenu
ModifyMenuA
InsertMenuA
GetSubMenu
GetMenuItemInfoA
GetMenuStringA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetMenuDefaultItem
SetMenuDefaultItem
EnableMenuItem
CheckMenuItem
AppendMenuA
DeleteMenu
IsMenu
CreatePopupMenu
CreateMenu
ScrollDC
GrayStringA
GetTabbedTextExtentA
DrawTextA
DrawFocusRect
DrawFrameControl
DrawEdge
DrawStateA
DrawIcon
InvertRect
FrameRect
FillRect
ExcludeUpdateRgn
WindowFromDC
GetSysColorBrush
SubtractRect
UnionRect
IntersectRect
OffsetRect
InflateRect
EqualRect
SetRectEmpty
SetRect
PtInRect
IsRectEmpty
CopyRect
UnhookWindowsHookEx
OemToCharA
CharToOemA
GetMenuCheckMarkDimensions
LoadBitmapA
SetMenuItemBitmaps
GetFocus
GetMessageA
TranslateMessage
DispatchMessageA
GetKeyState
CloseWindow
OpenIcon
GetAsyncKeyState
ReleaseCapture
SetCursorPos
DestroyCursor
LoadAcceleratorsA
DestroyMenu
TranslateAcceleratorA
ReuseDDElParam
UnpackDDElParam
LoadStringA
GetClipboardFormatNameA
GetDialogBaseUnits
DestroyIcon
PostThreadMessageA
LoadCursorA
GetClassNameA
GetDlgCtrlID
GetClassInfoA
SetPropA
CallNextHookEx
ValidateRect
GetCursorPos
SetWindowsHookExA
GetWindowLongA
GetParent
GetLastActivePopup
IsWindowEnabled
MessageBoxA
EnableWindow
SetCursor
PeekMessageA
PostQuitMessage
GetSystemMetrics
CharUpperA
wsprintfA
TabbedTextOutA
PostMessageA
IsWindow
SendMessageA
ValidateRgn
IsWindowVisible
GetWindowDC
ReleaseDC
InvalidateRgn

gdi32

SetTextJustification
SetMapMode
SetStretchBltMode
CreateEnhMetaFileA
CloseEnhMetaFile
CreateMetaFileA
CreateBitmap
GetObjectA
ExtTextOutA
UnrealizeObject
GetObjectType
GetStockObject
CreatePenIndirect
ExtCreatePen
CreatePen
CreateHatchBrush
CreateBrushIndirect
CreateSolidBrush
CreateDIBPatternBrushPt
CreateFontIndirectA
CreatePatternBrush
CreateBitmapIndirect
SetBitmapBits
CreateFontA
SetBitmapDimensionEx
GetBitmapDimensionEx
GetBitmapBits
CreateDiscardableBitmap
CreatePalette
CreateCompatibleBitmap
GetPaletteEntries
SetPaletteEntries
CreateHalftonePalette
GetNearestPaletteIndex
ResizePalette
AnimatePalette
CreateRectRgnIndirect
CreateEllipticRgn
CreateRectRgn
CreatePolygonRgn
CreatePolyPolygonRgn
CreateEllipticRgnIndirect
PathToRegion
ExtCreateRegion
CreateRoundRectRgn
SetRectRgn
CombineRgn
GetRegionData
OffsetRgn
GetRgnBox
EqualRgn
RectInRegion
CreateDCA
PtInRegion
CreateCompatibleDC
GetDeviceCaps
CreateICA
SetBrushOrgEx
EnumObjects
GetBrushOrgEx
SetViewportOrgEx
GetNearestColor
RealizePalette
UpdateColors
OffsetViewportOrgEx
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
GetMapMode
GetViewportOrgEx
GetTextColor
GetWindowOrgEx
GetWindowExtEx
GetViewportExtEx
LPtoDP
FillRgn
DPtoLP
InvertRgn
PaintRgn
FrameRgn
RectVisible
GetCurrentPositionEx
PtVisible
Polyline
Chord
Arc
Pie
Polygon
Ellipse
Rectangle
RoundRect
PolyPolygon
BitBlt
StretchBlt
PatBlt
SetPixel
FloodFill
GetPixel
TextOutA
GetTextExtentPoint32A
ExtFloodFill
GetTextFaceA
GetTextMetricsA
GetTextAlign
GetCharWidthA
GetAspectRatioFilterEx
GetTextCharacterExtra
SetBoundsRect
GetBoundsRect
Escape
GetOutlineTextMetricsA
GetCharABCWidthsA
ResetDCA
GetKerningPairsA
GetGlyphOutlineA
GetFontData
StartPage
EndPage
StartDocA
AbortDoc
EndDoc
SetAbortProc
PlgBlt
SetPixelV
MaskBlt
GetArcDirection
PolyPolyline
AngleArc
GetCurrentObject
PolyBezier
StretchDIBits
PlayMetaFile
EnumMetaFile
PlayMetaFileRecord
ExtSelectClipRgn
SelectClipPath
GetClipRgn
DeleteObject
PolyBezierTo
SetColorAdjustment
PolylineTo
PolyDraw
SetArcDirection
ArcTo
SetMapperFlags
SetTextCharacterExtra
CloseMetaFile
SetTextAlign
LineTo
MoveToEx
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
GdiComment
GetColorAdjustment
WidenPath
SelectObject
SetROP2
SetPolyFillMode
SetBkMode
SelectPalette
RestoreDC
SaveDC
DeleteDC
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
PlayEnhMetaFile
FillPath
EndPath
StrokePath
StrokeAndFillPath
SetMiterLimit
GetPath
GetMiterLimit
FlattenPath
AbortPath
CloseFigure
BeginPath
ExtEscape
GetCharWidthFloatA
GetCharABCWidthsFloatA
DrawEscape

comdlg32

ChooseColorA
GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegEnumKeyA
GetFileSecurityA
SetFileSecurityA
RegQueryValueA
RegSetValueA
RegCreateKeyA
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA

shell32

DragQueryFileA
DragFinish
DragAcceptFiles
SHGetFileInfoA
ExtractIconA

comctl32

ImageList_SetOverlayImage
ImageList_SetBkColor
ImageList_Draw
DestroyPropertySheetPage
ImageList_GetImageInfo
ImageList_GetBkColor
ImageList_DragLeave
ImageList_DragEnter
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_EndDrag
ImageList_BeginDrag
ord8
ord17
PropertySheetA
ImageList_GetIcon
CreatePropertySheetPageA
ord13
ImageList_Destroy
ImageList_Create
ImageList_LoadImageA
ImageList_Merge
ImageList_Read
ImageList_Write
ord14
ImageList_GetImageCount
ImageList_Add
ImageList_AddMasked
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon

Exports

Exports

create_index_file

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
K3ICWorkFlow.dll
.dll regsvr32 windows x86

79e1694ea0f0f04b58c9258a7bc67da2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaFreeVar
__vbaLenBstr
__vbaLineInputStr
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaVarIndexStore
__vbaFreeObjList
_adj_fprem1
ord519
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
__vbaLateMemSt
__vbaVarIndexLoadRefLock
__vbaExitProc
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
__vbaBoolVar
ord520
__vbaBoolVarNull
__vbaRefVarAry
_CIsin
ord631
__vbaErase
ord632
__vbaVarZero
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord528
__vbaStrCmp
__vbaVarTstEq
ord560
__vbaI2I4
__vbaObjVar
ord562
DllFunctionCall
__vbaVarLateMemSt
__vbaCastObjVar
__vbaLbound
_adj_fpatan
__vbaRedim
EVENT_SINK_Release
__vbaNew
_CIsqrt
__vbaVarAnd
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
ord716
__vbaFPException
__vbaUbound
__vbaStrVarVal
__vbaVarCat
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
__vbaNew2
ord648
__vbaVarLateMemCallLdRf
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
ord681
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
__vbaVarTstNe
ord101
__vbaVarSetVar
ord102
__vbaI4Var
ord103
__vbaVarCmpEq
ord104
ord105
__vbaAryLock
__vbaLateMemCall
__vbaVarDup
__vbaAryVarVarg
ord616
__vbaVarCopy
ord617
__vbaLateMemCallLd
_CIatan
__vbaAryCopy
__vbaStrMove
__vbaCastObj
ord619
_allmul
__vbaLateMemCallSt
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KmInst32.exe
.exe windows x86

74266e90045b9b8b676a8a7e8b06097a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFileTimeToFileTime
GetFileAttributesW
SetFileTime
OutputDebugStringA
GetLocalTime
lstrcpyA
OutputDebugStringW
InterlockedDecrement
WritePrivateProfileStringA
GetPrivateProfileStringA
GetWindowsDirectoryA
GetShortPathNameA
MoveFileExW
GetTempFileNameW
GetTimeZoneInformation
GetSystemDirectoryA
SetLastError
GetModuleFileNameA
LoadLibraryA
lstrlenA
SetEndOfFile
InitializeCriticalSectionAndSpinCount
SystemTimeToFileTime
GetStringTypeW
DisconnectNamedPipe
HeapSize
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
CreateThread
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
ExitProcess
LCMapStringA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
HeapReAlloc
VirtualAlloc
DeleteCriticalSection
VirtualFree
HeapCreate
IsValidCodePage
GetOEMCP
GetCPInfo
GetCurrentThreadId
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RaiseException
GetLocaleInfoA
WideCharToMultiByte
MultiByteToWideChar
OpenProcess
FlushFileBuffers
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
LeaveCriticalSection
EnterCriticalSection
GetConsoleMode
GetConsoleCP
RtlUnwind
GetCurrentDirectoryW
GetTempPathW
GetLocaleInfoW
GetModuleHandleA
GetTickCount
FormatMessageW
lstrlenW
HeapAlloc
GetFileInformationByHandle
FileTimeToLocalFileTime
CompareFileTime
MoveFileW
ExitThread
FreeEnvironmentStringsW
CreateNamedPipeW
GetLastError
GetModuleHandleW
GetProcessHeap
HeapFree
GetSystemWindowsDirectoryW
CopyFileW
SetFilePointer
CreateFileA
GetFileSize
RemoveDirectoryW
CreateProcessW
GetExitCodeProcess
GetFullPathNameW
GetWindowsDirectoryW
FreeLibrary
LoadLibraryW
GetProcAddress
FindNextFileW
CreateFileW
CloseHandle
ReadFile
WriteFile
GetModuleFileNameW
GetCurrentProcess
DeleteFileW
CreateDirectoryW
FindClose
FindFirstFileW
GetSystemDirectoryW
GetACP
GetVersionExW
SetFileAttributesW
Sleep
GetStringTypeA

user32

GetAncestor
GetWindowThreadProcessId
DestroyWindow
SendNotifyMessageW
GetDesktopWindow
PostMessageW
GetDC
ReleaseDC
wsprintfA
SendMessageW
GetWindowRect
wsprintfW
GetClientRect
DefWindowProcW
GetWindowLongW
PostQuitMessage
UpdateWindow
ShowWindow
SetWindowLongW
wvsprintfA
CreateWindowExW
RegisterClassW
LoadCursorW
LoadIconW
DispatchMessageW
TranslateMessage
GetMessageW
IsWindow
EnumWindows
EnumChildWindows
GetWindowTextW
GetWindowTextA
GetClassNameA
GetDlgCtrlID

gdi32

GetStockObject
DeleteObject
AddFontResourceW
EnumFontFamiliesExW

winspool.drv

AddMonitorW
DeleteMonitorW
GetPrinterDriverDirectoryW
ClosePrinter
DeletePrinter
OpenPrinterW
EnumPrintersW
SetPrinterDataW
DeletePrinterConnectionW
EnumPrinterDriversW
DeletePrinterDriverW
AddPrinterDriverW
SetPrinterW
AddPrinterW
ord204
DeletePortW
EnumMonitorsW
GetPrinterDataExW
SetPrinterDataExW
GetPrinterW
EnumPortsW
AddPortW
DeletePrinterDriverExW

advapi32

RegCloseKey
QueryServiceStatus
DeleteService
CreateServiceW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
ControlService
OpenServiceW
QueryServiceConfigW
StartServiceW
OpenSCManagerW
CloseServiceHandle
RegConnectRegistryW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHChangeNotify

ole32

PropVariantClear
CoInitializeEx
CLSIDFromString
CoInitialize
CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CoInitializeSecurity

oleaut32

SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
VariantClear
SysFreeString
SysAllocString

setupapi

SetupDiGetINFClassW
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoW
SetupFindNextMatchLineW
SetupIterateCabinetW
SetupCopyOEMInfW
SetupDiCallClassInstaller
SetupGetLineCountW
SetupOpenInfFileW
SetupCloseInfFile
SetupDiOpenDevRegKey
SetupDiDeleteDeviceInfo
SetupDiSetDeviceRegistryPropertyW
SetupDiGetClassDevsExW
SetupGetLineByIndexW
SetupOpenAppendInfFileW
SetupGetIntField
SetupFindFirstLineW
SetupGetStringFieldW
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiRemoveDevice

mscms

GetColorDirectoryW

lz32

LZClose
LZOpenFileW
LZCopy

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
VerQueryValueA

Sections

.text
Size: 392KB - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
KmSetKX32.exe
.exe windows x86

292c37cee0faa14864934dd371943d84

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryA
GetWindowsDirectoryW
GetSystemDirectoryW
GetVersionExW
SetLastError
GetModuleFileNameA
HeapFree
HeapAlloc
GetStartupInfoW
RtlUnwind
HeapReAlloc
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
RaiseException
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
LCMapStringW
LCMapStringA
VirtualAlloc
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
OutputDebugStringW
lstrcpyA
GetLocalTime
GetModuleHandleA
GetCurrentProcess
MulDiv
GetModuleFileNameW
GetSystemDirectoryA
FindResourceA
LoadResource
LockResource
SizeofResource
FreeResource
CreateFileA
GetFileSize
SetFilePointer
ReadFile
GetSystemTime
IsValidLocale
GetLocaleInfoA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CreateFileW
CloseHandle
GetVersionExA
GetACP
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringA
GetProfileStringA
LoadLibraryA
GetProcAddress
GetLastError
LoadLibraryW
FreeLibrary
GetProcessHeap
Sleep

user32

wvsprintfA
GetDesktopWindow
GetDC
ReleaseDC
MessageBoxA
wsprintfW
wsprintfA

winspool.drv

GetPrinterDataA
OpenPrinterW
OpenPrinterA
ClosePrinter
SetPrinterW
GetPrinterDriverW
GetPrinterDriverA
GetPrinterW
EnumPrintersW
DeletePrinterDataW
SetPrinterDataA
GetPrinterDataW
GetPrinterA
SetPrinterDataW

advapi32

RegConnectRegistryW
CloseServiceHandle
OpenSCManagerW
OpenServiceW
StartServiceW
QueryServiceStatus
ControlService
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA

gdi32

EnumFontFamiliesExW
DeleteDC
EnumFontsA
EnumFontFamiliesExA
CreateCompatibleDC
SetGraphicsMode
DeleteObject
GetGlyphOutlineA
GetPath
FlattenPath
EndPath
TextOutW
BeginPath
FloodFill
SetBkMode
GetTextMetricsA
GetTextExtentPoint32W
GetGlyphIndicesW
SelectObject
GetGraphicsMode
CreateFontA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

Exports

Exports

??0?$TARRAY@PAUARGS@@$00@@QAE@XZ
??1?$TARRAY@PAUARGS@@$00@@QAE@XZ
??4?$TARRAY@PAUARGS@@$00@@QAEAAV0@ABV0@@Z
??A?$TARRAY@PAUARGS@@$00@@QBEABQAUARGS@@I@Z
?Add@?$TARRAY@PAUARGS@@$00@@QAEHPAUARGS@@@Z
?Clear@?$TARRAY@PAUARGS@@$00@@QAEXXZ
?Init@?$TARRAY@PAUARGS@@$00@@QAEXXZ
?Length@?$TARRAY@PAUARGS@@$00@@QAEIXZ
?Resize@?$TARRAY@PAUARGS@@$00@@QAE_NI@Z

Sections

.text
Size: 247KB - Virtual size: 246KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Netviewer.resources.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PFXRsaCertDown.dll
.dll windows x86

d51f872a487e6f2666aaacab19d262ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
ExitProcess
QueryPerformanceFrequency
HeapQueryInformation
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
SetStdHandle
GetCommandLineW
GetCommandLineA
VirtualQuery
VirtualAlloc
InterlockedFlushSList
RtlUnwind
OutputDebugStringW
LCMapStringW
GetTimeZoneInformation
GetStringTypeW
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
FindFirstFileExA
IsValidCodePage
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
CreateFileW
WriteConsoleW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
Sleep
SearchPathA
GetProfileIntA
GetTickCount
GetTempFileNameA
GetTempPathA
VerifyVersionInfoA
VerSetConditionMask
FindResourceExW
lstrcpyA
GetACP
GetCPInfo
GetOEMCP
VirtualProtect
GlobalFindAtomA
lstrcmpW
FreeResource
FindNextFileA
GetFileTime
GetFileSizeEx
GetFileAttributesExA
GetFileAttributesA
FileTimeToLocalFileTime
GetVolumeInformationA
LoadLibraryA
lstrcmpiA
GetCurrentProcess
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetFullPathNameA
FlushFileBuffers
FindFirstFileA
FindClose
DeleteFileA
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GetCurrentDirectoryA
FindResourceA
GetSystemDirectoryW
EncodePointer
GlobalGetAtomNameA
SetErrorMode
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
LoadLibraryW
GetModuleFileNameW
OutputDebugStringA
GetCurrentProcessId
GlobalAddAtomA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetModuleHandleW
ResumeThread
SetThreadPriority
WaitForSingleObject
SetEvent
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
CompareStringA
lstrcmpA
GlobalDeleteAtom
LoadLibraryExW
GetModuleFileNameA
FreeLibrary
GetVersionExA
GetCurrentThreadId
GetCurrentThread
SetLastError
CopyFileA
FormatMessageA
MulDiv
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
LocalFree
LocalAlloc
ReadFile
CloseHandle
GetFileSize
CreateFileA
MultiByteToWideChar
GetPrivateProfileStringA
GetWindowsDirectoryA
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetSystemInfo
GetModuleHandleA
GetFileType

user32

DestroyMenu
DestroyIcon
IsDialogMessageA
SendDlgItemMessageA
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconW
LoadIconA
GetTopWindow
GetClassLongA
SetWindowLongA
EqualRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetMenuItemInfoA
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
IsMenu
IsWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
RegisterWindowMessageA
CharUpperA
FillRect
ToAsciiEx
LoadAcceleratorsW
CreateAcceleratorTableA
UnregisterClassA
GetMenuStringA
GetMenuState
GetSubMenu
GetMenuItemID
ScreenToClient
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
EnableScrollBar
UpdateWindow
KillTimer
SetTimer
RealChildWindowFromPoint
GetWindow
GetClassNameA
PtInRect
InflateRect
IntersectRect
SetRectEmpty
OffsetRect
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetAsyncKeyState
MapDialogRect
TrackMouseEvent
LoadImageW
GetNextDlgGroupItem
SetCapture
ReleaseCapture
MessageBeep
WindowFromPoint
DrawFocusRect
IsRectEmpty
LoadImageA
DrawIconEx
GetIconInfo
GetDlgItem
GetMenuItemCount
InsertMenuA
AppendMenuA
RemoveMenu
PostMessageA
PostQuitMessage
GetDesktopWindow
SendMessageA
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoA
GetParent
LoadBitmapW
GetMessageA
TranslateMessage
DispatchMessageA
PeekMessageA
IsWindowVisible
GetActiveWindow
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExA
CallNextHookEx
ShowOwnedPopups
SetCursor
EnableWindow
IsWindowEnabled
MessageBoxA
GetWindowLongA
GetWindowThreadProcessId
GetLastActivePopup
UnhookWindowsHookEx
GetSystemMetrics
GetDC
CopyAcceleratorTableA
ReleaseDC
GetSysColor
GetSysColorBrush
LoadCursorA
HideCaret
InvertRect
LoadCursorW
NotifyWinEvent
DestroyAcceleratorTable
DestroyCursor
GetWindowRgn
CreateMenu
SubtractRect
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
GetUpdateRect
IsClipboardFormatAvailable
CharUpperBuffA
RegisterClipboardFormatA
ModifyMenuA
GetDoubleClickTime
SetMenuDefaultItem
LockWindowUpdate
SetRect
GetWindowTextA
GetWindowTextLengthA
GetClientRect
CopyImage
SystemParametersInfoA
DeleteMenu
GetDlgCtrlID
SetWindowTextA
GetWindowRect
ClientToScreen
CreatePopupMenu
GetMenuDefaultItem
MapVirtualKeyA
GetKeyNameTextA
SetLayeredWindowAttributes
EnumDisplayMonitors
SetClassLongA
SetWindowRgn
SetParent
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateA
DrawEdge
DrawFrameControl
IsZoomed
LoadMenuW
GetSystemMenu
BringWindowToTop
SetCursorPos
CopyIcon
FrameRect
DrawIcon
UnionRect
UpdateLayeredWindow
MonitorFromPoint
LoadAcceleratorsA
TranslateAcceleratorA
LoadMenuA
InsertMenuItemA
UnpackDDElParam
ReuseDDElParam
GetComboBoxInfo
PostThreadMessageA
WaitMessage
GetKeyboardLayout
IsCharLowerA
MapVirtualKeyExA
InvalidateRect
GetKeyboardState

gdi32

PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextColor
SetTextAlign
GetObjectA
MoveToEx
TextOutA
ExtTextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectA
GetTextExtentPoint32A
CombineRgn
CreateRectRgnIndirect
PatBlt
SetRectRgn
DPtoLP
GetTextMetricsA
LineTo
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
GetRgnBox
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceA
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
BitBlt
DeleteObject
CreateBitmap
GetDeviceCaps
CreateDCA
EnumFontFamiliesExA
CopyMetaFileA

msimg32

TransparentBlt
AlphaBlend

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegEnumKeyA
RegCloseKey
RegEnumValueA
RegQueryValueA

shell32

SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileA
SHAppBarMessage
DragFinish

shlwapi

PathFindFileNameA
PathIsUNCA
PathStripToRootA
PathRemoveFileSpecW
StrFormatKBSizeA
UrlUnescapeA
PathFindExtensionA

uxtheme

GetCurrentThemeName
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetWindowTheme
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor
GetThemePartSize

ole32

OleLockRunning
IsAccelerator
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateStreamOnHGlobal
CoInitializeEx
CoDisconnectObject
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
DoDragDrop

oleaut32

VariantClear
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
LoadTypeLi
SysAllocStringLen
SysAllocStringByteLen
SysFreeString
VarBstrFromDate
VariantInit
SysAllocString
VariantCopy
VariantChangeType

crypt32

CertVerifyTimeValidity
CryptDecodeObjectEx
CertOpenStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertCloseStore
PFXImportCertStore
CertOpenSystemStoreA
CertAddCertificateContextToStore

libeay32

ord602
ord607
ord584
ord2071
ord571
ord606
ord283
ord485
ord279
ord605
ord333
ord608
ord600
ord870
ord851
ord577
ord565
ord484
ord3212
ord754
ord748
ord641
ord1305
ord281
ord1288
ord1291

wininet

InternetCanonicalizeUrlA
InternetGetConnectedState
InternetOpenA
InternetConnectA
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
InternetCrackUrlA

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundA
timeGetTime

Exports

Exports

DllPfxCertDownLoad
DllPfxCertInstallIE
DllPfxTimeValidity

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Pdfcore.exe
.exe windows x86

098a960507e7735e4fb871e83ac5bd5f

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:b9:55:a7:b4:a0:0f:cd:5c:c7:f5:f3:db:73:45:6f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/04/2021, 00:00

Not After

10/05/2023, 23:59

Subject

CN=Beijing Hitencent Technology Co. Ltd.,OU=Technical Department,O=Beijing Hitencent Technology Co. Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f3:79:32:c9:88:03:f1:4d:65:dd:05:78:28:35:94:1a:ad:8f:08:bb:32:5a:83:e1:99:0e:05:2c:37:28:fa:36
Signer

Actual PE Digest

f3:79:32:c9:88:03:f1:4d:65:dd:05:78:28:35:94:1a:ad:8f:08:bb:32:5a:83:e1:99:0e:05:2c:37:28:fa:36

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Beijing Hitencent Technology Co. Ltd.,OU=Technical Department,O=Beijing Hitencent Technology Co. Ltd.,ST=Beijing,C=CN

22/08/2022, 01:57
Valid: true

Chain 1

CN=Beijing Hitencent Technology Co. Ltd.,OU=Technical Department,O=Beijing Hitencent Technology Co. Ltd.,ST=Beijing,C=CN

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
MultiByteToWideChar
CloseHandle
ReadFile
CreateFileW
DeleteFileW
CopyFileW
GetProcAddress
LoadLibraryW
GetModuleFileNameW
FlushFileBuffers
CreateFileA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
RtlUnwind
GetStartupInfoW
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteW

shlwapi

SHGetValueW

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SafeDogGuardCenter.exe
.exe windows x86

d46718b35646f87d47df6a2ed6a8c986

Code Sign

19:9d:f8:8e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7d:81:56:50:64:d7
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

17/07/2011, 20:27

Not After

19/07/2014, 01:43

Subject

CN=Hangzhou Chuangju Technology Co.\,LTD,O=Hangzhou Chuangju Technology Co.\,LTD,L=Hangzhou,ST=Zhejiang,C=CN,1.2.840.113549.1.9.1=#0c0e7765624073616665646f672e636e

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3a:4e:c7:fc:b0:48:6a:34:91:f4:a6:3b:7d:af:be:04:82:73:72:1a
Signer

Actual PE Digest

3a:4e:c7:fc:b0:48:6a:34:91:f4:a6:3b:7d:af:be:04:82:73:72:1a

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Hangzhou Chuangju Technology Co.\,LTD,O=Hangzhou Chuangju Technology Co.\,LTD,L=Hangzhou,ST=Zhejiang,C=CN,1.2.840.113549.1.9.1=#0c0e7765624073616665646f672e636e

26/08/2022, 16:50
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

safedogserverdll

AccountSafeStop

log4cplusu

?getRoot@Logger@log4cplus@@SA?AV12@XZ

ws2_32

WSACleanup

crashreport

InstallCrashReportW

kernel32

FormatMessageA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

ExitWindowsEx

advapi32

InitializeSecurityDescriptor

shell32

CommandLineToArgvW

communicate

_UnInitial@4

log7

?WriteLogA@log7@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0_N1@Z

config7

??BCConfigElem@config7@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

updatehelp

?UpdateHelp@@YAXXZ

notify

ord4

msvcp90

?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z

msvcr90

??0exception@std@@QAE@XZ

psapi

EnumProcessModules

iphlpapi

GetAdaptersInfo

ole32

CoInitializeEx

Sections

.text
Size: - Virtual size: 410KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 868KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1014KB - Virtual size: 1013KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SafeDogNetDrv08.sys
.exe windows x86

c3cf230c2dec88fdf2f353911df309a1

Code Sign

19:9d:f8:8e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7d:81:56:50:64:d7
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

17/07/2011, 20:27

Not After

19/07/2014, 01:43

Subject

CN=Hangzhou Chuangju Technology Co.\,LTD,O=Hangzhou Chuangju Technology Co.\,LTD,L=Hangzhou,ST=Zhejiang,C=CN,1.2.840.113549.1.9.1=#0c0e7765624073616665646f672e636e

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

61:39:bb:9c:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 20:13

Not After

15/04/2021, 20:23

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e5:41:67:e9:c6:8e:e4:d4:42:11:bb:46:8c:ec:f5:c1:51:55:36:de
Signer

Actual PE Digest

e5:41:67:e9:c6:8e:e4:d4:42:11:bb:46:8c:ec:f5:c1:51:55:36:de

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Hangzhou Chuangju Technology Co.\,LTD,O=Hangzhou Chuangju Technology Co.\,LTD,L=Hangzhou,ST=Zhejiang,C=CN,1.2.840.113549.1.9.1=#0c0e7765624073616665646f672e636e

26/08/2022, 16:50
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObfDereferenceObject
ZwClose
ZwUnmapViewOfSection
ExAllocatePool
RtlTestBit
KeQuerySystemTime
RtlSetBit
RtlClearAllBits
ExfInterlockedInsertTailList
PsTerminateSystemThread
ExfInterlockedRemoveHeadList
PsProcessType
ObfReferenceObject
ObReferenceObjectByHandle
KeUnstackDetachProcess
KeStackAttachProcess
ZwMapViewOfSection
PsThreadType
PsCreateSystemThread
KeReadStateEvent
KeTickCount
KeBugCheckEx
RtlUnwind
PsInitialSystemProcess
ObOpenObjectByPointer
KeBugCheck
KeClearEvent
swprintf
RtlInitUnicodeString
KeDelayExecutionThread
memcpy
KeInitializeEvent
KeWaitForSingleObject
KeSetEvent
ExFreePoolWithTag
ExAllocatePoolWithTag
ExDeleteNPagedLookasideList
ExDeletePagedLookasideList
ExInitializeNPagedLookasideList
ExInitializePagedLookasideList
InterlockedPushEntrySList
InterlockedPopEntrySList
RtlNumberOfSetBits
RtlClearBit
RtlClearBits
RtlAreBitsClear
RtlAreBitsSet
_aulldvrm
_allmul
memset
RtlLookupElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlInitializeBitMap
RtlSetBits
RtlEnumerateGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlInitializeGenericTableAvl
PsGetCurrentProcessId
MmMapLockedPagesSpecifyCache
ProbeForRead
ProbeForWrite
KeWaitForMultipleObjects
IofCompleteRequest

hal

KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock

ndis.sys

NdisAllocateNetBufferList
NdisWaitEvent
NdisFreeNetBufferList
NdisFreeNetBuffer
NdisFreeMdl
NdisFreeMemory
NdisFRegisterFilterDriver
NdisFDeregisterFilterDriver
NdisDeregisterDeviceEx
NdisRegisterDeviceEx
NdisFNetPnPEvent
NdisFDevicePnPEventNotify
NdisAllocateCloneOidRequest
NdisFOidRequest
NdisFreeCloneOidRequest
NdisAllocateNetBuffer
NdisFCancelOidRequest
NdisFIndicateStatus
NdisFCancelSendNetBufferLists
NdisSetEvent
NdisFSendNetBufferLists
NdisFIndicateReceiveNetBufferLists
NdisFSendNetBufferListsComplete
NdisFReturnNetBufferLists
NdisAllocateNetBufferListPool
NdisAllocateNetBufferPool
NdisFSetAttributes
NdisFreeNetBufferListPool
NdisFreeNetBufferPool
NdisAcquireReadWriteLock
NdisReleaseReadWriteLock
NdisInitializeReadWriteLock
NdisAllocateMdl
NdisInitializeEvent
NdisFOidRequestComplete
NdisAllocateMemoryWithTagPriority

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fil1fd0bfc98f726b14fd1a9c7b50402542
.dll windows x86

817d31b2e06ec2b30ac6871ddd9c7206

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-string-l1-1-0

memset
wcsncmp

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vswprintf
_o___stdio_common_vswprintf_s
_o__callnewh
_o__cexit
_o__CIlog
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itow_s
_o__purecall
_o__register_onexit_function
wcschr
_o__seh_filter_dll
_o__ui64tow_s
_o__ultow_s
_o_free
_o_iswdigit
_o_iswspace
_o_malloc
_o_qsort
_o_realloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_except_handler4_common
_CxxThrowException
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__CxxFrameHandler3
__processing_throw
__AdjustPointer
__current_exception
wcsstr
memcpy
memmove

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
AcquireSRWLockExclusive
CreateEventW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-1-0

DisableThreadLibraryCalls
LoadStringW
GetModuleHandleW
GetProcAddress
GetModuleHandleExW
FreeLibrary

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-file-l1-1-0

CreateDirectoryW
FindFirstFileW
FindNextFileW
RemoveDirectoryW
FindClose
ReadFile
GetFileSizeEx
WriteFile
GetTempFileNameW
GetFinalPathNameByHandleW
GetFileAttributesW
SetFilePointerEx
DeleteFileW
CreateFileW

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-downlevel-kernel32-l1-1-0

GetTempPathW
InitOnceExecuteOnce

dbgeng

DebugCreate

oleaut32

VariantInit
SysAllocString
VariantClear
SysFreeString

Exports

Exports

DebugExtensionCanUnload
DebugExtensionInitialize
DebugExtensionUninitialize
DebugExtensionUnload

Sections

.text
Size: 971KB - Virtual size: 970KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hhsjpt-air.exe
.exe windows x86

5f0b75a7b3dd72c9663605c0f5165d27

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetStdHandle
WriteConsoleW
GetProcAddress
ExitProcess
HeapAlloc
GetProcessHeap
GetModuleHandleW
LoadLibraryW
CreateFileW
GetUserDefaultUILanguage
GetStdHandle
GetCommandLineW
RaiseException
DecodePointer
SetFilePointerEx
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
WriteFile
CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
RtlUnwind
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetFileType
GetModuleFileNameA
GetModuleHandleExW
GetACP
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
HeapFree

shell32

CommandLineToArgvW

user32

MessageBoxExW

shlwapi

StrCmpW
PathAppendW
PathRemoveFileSpecW

msi

ord90

Exports

Exports

AmdPowerXpressRequestBetterBatteryLife
NvOptimusDisablement

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hpmcro32.dll
.dll windows x86

0d851b83727a62c4e5b3965bb8d9372a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

isupper

kernel32

FlushFileBuffers
GlobalLock
GlobalAlloc
GlobalFree
GlobalUnlock
GlobalHandle
ReadFile
WriteFile
GetLastError

Exports

Exports

BuildCommand
BuildInquire
ButtonPoll
CheckIO
ClearButton
Color
ColorDither
ColorThreshold
CommandInquire
Dither
DllMain
Download
DualScan
GetButtonPress
GetScanInfo
GetScanState
GrayScale
InquireBufferSize
InquireModel
InquireNumber
InquireOldestError
InquireString
RecFromScanner
ReceiveResponse
ResetScanner
SCLRead
SCL_Scan
ScannerLock
ScannerLockButton
SendCommand
SendToScanner
SetDecipointWindow
SetDiagnosticSCL
SetIOHandle
SetPixelWindow
SetResolution
SetScale
SetScanState
SetScanWindow
Threshold
Upload
VerifyResponse

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 314B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iprtrmgr.ste
.dll windows x86

cb359075bca7aeca8a274443bcde8dc8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

wcslen
sprintf
wcsncpy
strncpy
wcstombs
strchr
qsort
_ftol
rand
wcscpy
_except_handler3

ntdll

RtlDeleteResource
RtlAcquireResourceExclusive
NtDeviceIoControlFile
RtlUpcaseUnicodeString
RtlConvertSharedToExclusive
RtlInitializeResource
RtlAcquireResourceShared
NtCreateFile
NtWaitForSingleObject
NtQuerySystemTime
RtlInitUnicodeString
RtlReleaseResource
RtlConvertExclusiveToShared
RtlExtendedLargeIntegerDivide
RtlExtendedIntegerMultiply

advapi32

RegOpenKeyA
QueryServiceStatus
StartServiceA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ControlService
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenSCManagerA
OpenServiceA
CloseServiceHandle

kernel32

CreateWaitableTimerA
HeapReAlloc
InterlockedDecrement
LoadLibraryExA
WaitForMultipleObjectsEx
FreeLibraryAndExitThread
SetWaitableTimer
LoadLibraryW
GetProcAddress
WaitForSingleObject
DisableThreadLibraryCalls
CreateFileA
InitializeCriticalSection
HeapCreate
CreateEventA
CreateThread
SetEvent
EnterCriticalSection
LeaveCriticalSection
GetProcessHeap
MultiByteToWideChar
DeviceIoControl
WideCharToMultiByte
InterlockedIncrement
Sleep
HeapFree
DeleteCriticalSection
HeapDestroy
HeapAlloc
FreeLibrary
GetLastError
CloseHandle
GetTickCount

ws2_32

WSAIoctl
WSAEventSelect
WSAEnumNetworkEvents
inet_ntoa
setsockopt
closesocket
htonl
inet_addr
WSAStartup
WSASocketA
htons
bind
WSASendTo
WSARecvFrom
WSAGetLastError
WSACleanup
ntohs

rtm

RtmDeleteRouteTable
RtmRegisterClient
RtmCreateRouteTable
RtmBlockDeleteRoutes
RtmCloseEnumerationHandle
RtmEnumerateGetNextRoute
RtmGetRouteAge
RtmCreateEnumerationHandle
RtmBlockConvertRoutesToStatic
RtmDeregisterClient
RtmIsRoute
RtmDeleteRoute
RtmAddRoute

iprtprio

SetPriorityInfo
ComputeRouteMetric
GetPriorityInfo

rtutils

MprSetupProtocolEnum
QueueWorkItem
TraceDeregisterA
RouterLogEventDataA
MprSetupProtocolFree
TracePrintfExA
RouterLogRegisterA
TraceRegisterExA
RouterLogEventA

Exports

Exports

StartRouter

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kmtwainlang.dll
.dll regsvr32 windows x86

256786d487a8a059f70ad2383495f286

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord4486
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord5500
ord1199
ord1247
ord1132
ord6467
ord1131
ord6354
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord6375
ord3831
ord4274
ord269
ord826
ord600
ord1578
ord1255
ord1116

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
??2@YAPAXI@Z
__CxxFrameHandler

kernel32

LocalFree
LocalAlloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 446B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kmtwainlang.dll15
.dll regsvr32 windows x86

256786d487a8a059f70ad2383495f286

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord4486
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord5500
ord1199
ord1247
ord1132
ord6467
ord1131
ord6354
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord6375
ord3831
ord4274
ord269
ord826
ord600
ord1578
ord1255
ord1116

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
??2@YAPAXI@Z
__CxxFrameHandler

kernel32

LocalFree
LocalAlloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 446B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kmtwainlang.dll18
.dll regsvr32 windows x86

256786d487a8a059f70ad2383495f286

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord4486
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord5500
ord1199
ord1247
ord1132
ord6467
ord1131
ord6354
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord6375
ord3831
ord4274
ord269
ord826
ord600
ord1578
ord1255
ord1116

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
??2@YAPAXI@Z
__CxxFrameHandler

kernel32

LocalFree
LocalAlloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 446B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kmtwainlang.dll3
.dll regsvr32 windows x86

256786d487a8a059f70ad2383495f286

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord4486
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord5500
ord1199
ord1247
ord1132
ord6467
ord1131
ord6354
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord6375
ord3831
ord4274
ord269
ord826
ord600
ord1578
ord1255
ord1116

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
??2@YAPAXI@Z
__CxxFrameHandler

kernel32

LocalFree
LocalAlloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 446B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kmtwainlang.dll7
.dll regsvr32 windows x86

256786d487a8a059f70ad2383495f286

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord4486
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord5500
ord1199
ord1247
ord1132
ord6467
ord1131
ord6354
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord6375
ord3831
ord4274
ord269
ord826
ord600
ord1578
ord1255
ord1116

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
??2@YAPAXI@Z
__CxxFrameHandler

kernel32

LocalFree
LocalAlloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 446B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kmtwainlang.dll9
.dll regsvr32 windows x86

256786d487a8a059f70ad2383495f286

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord4486
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord5500
ord1199
ord1247
ord1132
ord6467
ord1131
ord6354
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord6375
ord3831
ord4274
ord269
ord826
ord600
ord1578
ord1255
ord1116

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
??2@YAPAXI@Z
__CxxFrameHandler

kernel32

LocalFree
LocalAlloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 446B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nlwnsck.dll
.dll windows x86

ba783d3c376ec4bdda1d11b8fefd2a49

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

libjutils

SybHeap_alloc

libjtml

tml_mutex_alloc

wsock32

__WSAFDIsSet
setsockopt
recv
bind
gethostbyname
ioctlsocket
listen
WSAStartup
connect
closesocket
getpeername
inet_addr
gethostbyaddr
accept
WSAGetLastError
send
select
socket
htons

msvcrt

_adjust_fdiv
_initterm
free
__mb_cur_max
_isctype
_pctype
memmove
atoi
memset
strlen
strcpy
malloc

kernel32

DisableThreadLibraryCalls

Exports

Exports

__sybase_DLL_info2@0
__sybase_DLL_info3@0
__sybase_DLL_info@0
ipd_accept
ipd_close
ipd_connect
ipd_exit
ipd_init
ipd_initsize
ipd_listen
ipd_prop_ext
ipd_property
ipd_read
ipd_write

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 318B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pdftool.exe
.exe windows x86

df1a624619533fecdbea702eaafc4964

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

qpdf28

??1QPDF@@QAE@XZ
?processFile@QPDF@@QAEXPBD0@Z
?processInputSource@QPDF@@QAEXV?$PointerHolder@VInputSource@@@@PBD@Z
?closeInputSource@QPDF@@QAEXXZ
?setPasswordIsHexKey@QPDF@@QAEX_N@Z
?emptyPDF@QPDF@@QAEXXZ
?setIgnoreXRefStreams@QPDF@@QAEX_N@Z
?setSuppressWarnings@QPDF@@QAEX_N@Z
?setAttemptRecovery@QPDF@@QAEX_N@Z
?getWarnings@QPDF@@QAE?AV?$vector@VQPDFExc@@V?$allocator@VQPDFExc@@@std@@@std@@XZ
?anyWarnings@QPDF@@QBE_NXZ
?getUniqueId@QPDF@@QBE_KXZ
?getFilename@QPDF@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getPDFVersion@QPDF@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getExtensionLevel@QPDF@@QAEHXZ
?getTrailer@QPDF@@QAE?AVQPDFObjectHandle@@XZ
?getRoot@QPDF@@QAE?AVQPDFObjectHandle@@XZ
?getObjectByID@QPDF@@QAE?AVQPDFObjectHandle@@HH@Z
?replaceObject@QPDF@@QAEXABVQPDFObjGen@@VQPDFObjectHandle@@@Z
?copyForeignObject@QPDF@@QAE?AVQPDFObjectHandle@@V2@@Z
?isEncrypted@QPDF@@QBE_NXZ
?isEncrypted@QPDF@@QAE_NAAH00AAW4encryption_method_e@1@11@Z
?ownerPasswordMatched@QPDF@@QBE_NXZ
?userPasswordMatched@QPDF@@QBE_NXZ
?allowAccessibility@QPDF@@QAE_NXZ
?allowExtractAll@QPDF@@QAE_NXZ
?allowPrintLowRes@QPDF@@QAE_NXZ
?allowPrintHighRes@QPDF@@QAE_NXZ
?allowModifyAssembly@QPDF@@QAE_NXZ
?allowModifyForm@QPDF@@QAE_NXZ
?allowModifyAnnotation@QPDF@@QAE_NXZ
?allowModifyOther@QPDF@@QAE_NXZ
?allowModifyAll@QPDF@@QAE_NXZ
?getTrimmedUserPassword@QPDF@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getEncryptionKey@QPDF@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?isLinearized@QPDF@@QAE_NXZ
?checkLinearization@QPDF@@QAE_NXZ
?showLinearizationData@QPDF@@QAEXXZ
?showXRefTable@QPDF@@QAEXXZ
?getAllObjects@QPDF@@QAE?AV?$vector@VQPDFObjectHandle@@V?$allocator@VQPDFObjectHandle@@@std@@@std@@XZ
?getAllPages@QPDF@@QAEABV?$vector@VQPDFObjectHandle@@V?$allocator@VQPDFObjectHandle@@@std@@@std@@XZ
?addPage@QPDF@@QAEXVQPDFObjectHandle@@_N@Z
?getAppearanceState@QPDFAnnotationObjectHelper@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getFlags@QPDFAnnotationObjectHelper@@QAEHXZ
??1Members@QPDFAnnotationObjectHelper@@QAE@XZ
??0QPDFPageObjectHelper@@QAE@VQPDFObjectHandle@@@Z
?getAttribute@QPDFPageObjectHelper@@QAE?AVQPDFObjectHandle@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z
?getTrimBox@QPDFPageObjectHelper@@QAE?AVQPDFObjectHandle@@_N@Z
?getPageImages@QPDFPageObjectHelper@@QAE?AV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VQPDFObjectHandle@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VQPDFObjectHandle@@@std@@@2@@std@@XZ
?externalizeInlineImages@QPDFPageObjectHelper@@QAEXI@Z
?getPageContents@QPDFPageObjectHelper@@QAE?AV?$vector@VQPDFObjectHandle@@V?$allocator@VQPDFObjectHandle@@@std@@@std@@XZ
?addPageContents@QPDFPageObjectHelper@@QAEXVQPDFObjectHandle@@_N@Z
?rotatePage@QPDFPageObjectHelper@@QAEXH_N@Z
?coalesceContentStreams@QPDFPageObjectHelper@@QAEXXZ
?parsePageContents@QPDFPageObjectHelper@@QAEXPAVParserCallbacks@QPDFObjectHandle@@@Z
?shallowCopyPage@QPDFPageObjectHelper@@QAE?AV1@XZ
?getFormXObjectForPage@QPDFPageObjectHelper@@QAE?AVQPDFObjectHandle@@_N@Z
?placeFormXObject@QPDFPageObjectHelper@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VQPDFObjectHandle@@ABV23@VRectangle@4@_N33@Z
??1Members@QPDFPageObjectHelper@@QAE@XZ
??0QPDFPageDocumentHelper@@QAE@AAVQPDF@@@Z
?getAllPages@QPDFPageDocumentHelper@@QAE?AV?$vector@VQPDFPageObjectHelper@@V?$allocator@VQPDFPageObjectHelper@@@std@@@std@@XZ
?pushInheritedAttributesToPage@QPDFPageDocumentHelper@@QAEXXZ
?removeUnreferencedResources@QPDFPageDocumentHelper@@QAEXXZ
?addPage@QPDFPageDocumentHelper@@QAEXVQPDFPageObjectHelper@@_N@Z
?removePage@QPDFPageDocumentHelper@@QAEXVQPDFPageObjectHelper@@@Z
?flattenAnnotations@QPDFPageDocumentHelper@@QAEXHH@Z
??1Members@QPDFPageDocumentHelper@@QAE@XZ
?newName@QPDFObjectHandle@@SA?AV1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?hasPageLabels@QPDFPageLabelDocumentHelper@@QAE_NXZ
?getLabelForPage@QPDFPageLabelDocumentHelper@@QAE?AVQPDFObjectHandle@@_J@Z
?getLabelsForPageRange@QPDFPageLabelDocumentHelper@@QAEX_J00AAV?$vector@VQPDFObjectHandle@@V?$allocator@VQPDFObjectHandle@@@std@@@std@@@Z
??1Members@QPDFPageLabelDocumentHelper@@QAE@XZ
?getKids@QPDFOutlineObjectHelper@@QAE?AV?$vector@VQPDFOutlineObjectHelper@@V?$allocator@VQPDFOutlineObjectHelper@@@std@@@std@@XZ
?getDest@QPDFOutlineObjectHelper@@QAE?AVQPDFObjectHandle@@XZ
?getDestPage@QPDFOutlineObjectHelper@@QAE?AVQPDFObjectHandle@@XZ
?getCount@QPDFOutlineObjectHelper@@QAEHXZ
?getTitle@QPDFOutlineObjectHelper@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??0QPDFOutlineDocumentHelper@@QAE@AAVQPDF@@@Z
??1QPDFOutlineDocumentHelper@@UAE@XZ
?getTopLevelOutlines@QPDFOutlineDocumentHelper@@QAE?AV?$vector@VQPDFOutlineObjectHelper@@V?$allocator@VQPDFOutlineObjectHelper@@@std@@@std@@XZ
?getOutlinesForPage@QPDFOutlineDocumentHelper@@QAE?AV?$vector@VQPDFOutlineObjectHelper@@V?$allocator@VQPDFOutlineObjectHelper@@@std@@@std@@ABVQPDFObjGen@@@Z
?getFieldType@QPDFFormFieldObjectHelper@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getFullyQualifiedName@QPDFFormFieldObjectHelper@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getPartialName@QPDFFormFieldObjectHelper@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getAlternativeName@QPDFFormFieldObjectHelper@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getMappingName@QPDFFormFieldObjectHelper@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getValue@QPDFFormFieldObjectHelper@@QAE?AVQPDFObjectHandle@@XZ
?getDefaultValue@QPDFFormFieldObjectHelper@@QAE?AVQPDFObjectHandle@@XZ
?getQuadding@QPDFFormFieldObjectHelper@@QAEHXZ
?getFlags@QPDFFormFieldObjectHelper@@QAEHXZ
?isText@QPDFFormFieldObjectHelper@@QAE_NXZ
?isCheckbox@QPDFFormFieldObjectHelper@@QAE_NXZ
?isRadioButton@QPDFFormFieldObjectHelper@@QAE_NXZ
?isChoice@QPDFFormFieldObjectHelper@@QAE_NXZ
?getChoices@QPDFFormFieldObjectHelper@@QAE?AV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@XZ
??1Members@QPDFFormFieldObjectHelper@@QAE@XZ
??0QPDFAcroFormDocumentHelper@@QAE@AAVQPDF@@@Z
?hasAcroForm@QPDFAcroFormDocumentHelper@@QAE_NXZ
?getWidgetAnnotationsForPage@QPDFAcroFormDocumentHelper@@QAE?AV?$vector@VQPDFAnnotationObjectHelper@@V?$allocator@VQPDFAnnotationObjectHelper@@@std@@@std@@VQPDFPageObjectHelper@@@Z
?getFieldForAnnotation@QPDFAcroFormDocumentHelper@@QAE?AVQPDFFormFieldObjectHelper@@VQPDFAnnotationObjectHelper@@@Z
?getNeedAppearances@QPDFAcroFormDocumentHelper@@QAE_NXZ
?generateAppearancesIfNeeded@QPDFAcroFormDocumentHelper@@QAEXXZ
??0QPDF@@QAE@XZ
?getRegisteredImpls@QPDFCryptoProvider@@SA?AV?$set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@XZ
?getDefaultProvider@QPDFCryptoProvider@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??0QPDFWriter@@QAE@AAVQPDF@@@Z
??0QPDFWriter@@QAE@AAVQPDF@@PBD@Z
??1QPDFWriter@@QAE@XZ
?setOutputPipeline@QPDFWriter@@QAEXPAVPipeline@@@Z
?setObjectStreamMode@QPDFWriter@@QAEXW4qpdf_object_stream_e@@@Z
?setStreamDataMode@QPDFWriter@@QAEXW4qpdf_stream_data_e@@@Z
?setCompressStreams@QPDFWriter@@QAEX_N@Z
?setDecodeLevel@QPDFWriter@@QAEXW4qpdf_stream_decode_level_e@@@Z
?setRecompressFlate@QPDFWriter@@QAEX_N@Z
?setContentNormalization@QPDFWriter@@QAEX_N@Z
?setQDFMode@QPDFWriter@@QAEX_N@Z
?setPreserveUnreferencedObjects@QPDFWriter@@QAEX_N@Z
?setNewlineBeforeEndstream@QPDFWriter@@QAEX_N@Z
?setMinimumPDFVersion@QPDFWriter@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?forcePDFVersion@QPDFWriter@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?setDeterministicID@QPDFWriter@@QAEX_N@Z
?setStaticID@QPDFWriter@@QAEX_N@Z
?setStaticAesIV@QPDFWriter@@QAEX_N@Z
?setSuppressOriginalObjectIDs@QPDFWriter@@QAEX_N@Z
?setPreserveEncryption@QPDFWriter@@QAEX_N@Z
?copyEncryptionParameters@QPDFWriter@@QAEXAAVQPDF@@@Z
?setR3EncryptionParameters@QPDFWriter@@QAEXPBD0_N11111W4qpdf_r3_print_e@@@Z
?setR4EncryptionParameters@QPDFWriter@@QAEXPBD0_N11111W4qpdf_r3_print_e@@11@Z
?setR5EncryptionParameters@QPDFWriter@@QAEXPBD0_N11111W4qpdf_r3_print_e@@1@Z
?setR6EncryptionParameters@QPDFWriter@@QAEXPBD0_N11111W4qpdf_r3_print_e@@1@Z
?setR2EncryptionParameters@QPDFWriter@@QAEXPBD0_N111@Z
?setLinearization@QPDFWriter@@QAEX_N@Z
?setLinearizationPass1Filename@QPDFWriter@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?registerProgressReporter@QPDFWriter@@QAEXV?$PointerHolder@VProgressReporter@QPDFWriter@@@@@Z
?write@QPDFWriter@@QAEXXZ
?QPDFVersion@QPDF@@SAABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?newNull@QPDFObjectHandle@@SA?AV1@XZ
?parse@QPDFObjectHandle@@SA?AV1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?wrapInArray@QPDFObjectHandle@@QAE?AV1@XZ
?isIndirect@QPDFObjectHandle@@QAE_NXZ
?isStream@QPDFObjectHandle@@QAE_NXZ
?isDictionary@QPDFObjectHandle@@QAE_NXZ
?isArray@QPDFObjectHandle@@QAE_NXZ
?isName@QPDFObjectHandle@@QAE_NXZ
?isInteger@QPDFObjectHandle@@QAE_NXZ
??0QPDFObjectHandle@@QAE@XZ
?contentSize@ParserCallbacks@QPDFObjectHandle@@UAEXI@Z
?handleObject@ParserCallbacks@QPDFObjectHandle@@UAEXV2@II@Z
?handleObject@ParserCallbacks@QPDFObjectHandle@@UAEXV2@@Z
?provideStreamData@StreamDataProvider@QPDFObjectHandle@@UAE_NHHPAVPipeline@@_N1@Z
?provideStreamData@StreamDataProvider@QPDFObjectHandle@@UAEXHHPAVPipeline@@@Z
??0StreamDataProvider@QPDFObjectHandle@@QAE@_N@Z
??1Members@JSON@@QAE@XZ
?checkSchema@JSON@@QAE_NV1@AAV?$list@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z
?makeNull@JSON@@SA?AV1@XZ
?makeBool@JSON@@SA?AV1@_N@Z
?makeInt@JSON@@SA?AV1@_J@Z
?makeString@JSON@@SA?AV1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?addArrayElement@JSON@@QAE?AV1@ABV1@@Z
?makeArray@JSON@@SA?AV1@XZ
?addDictionaryMember@JSON@@QAE?AV1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV1@@Z
?makeDictionary@JSON@@SA?AV1@XZ
?unparse@JSON@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getGen@QPDFObjGen@@QBEHXZ
?getObj@QPDFObjGen@@QBEHXZ
??MQPDFObjGen@@QBE_NABV0@@Z
??0QPDFObjGen@@QAE@HH@Z
?getErrorCode@QPDFExc@@QBE?AW4qpdf_error_code_e@@XZ
?setCompressionLevel@Pl_Flate@@SAXH@Z
?getCount@Pl_Count@@QBE_JXZ
??1Pl_Count@@UAE@XZ
??0Pl_Count@@QAE@PBDPAVPipeline@@@Z
??0Pl_DCT@@QAE@PBDPAVPipeline@@IIHW4J_COLOR_SPACE@@PAVCompressConfig@0@@Z
??1Pl_Discard@@UAE@XZ
??0Pl_Discard@@QAE@XZ
??1Pl_StdioFile@@UAE@XZ
??0Pl_StdioFile@@QAE@PBDPAU_iobuf@@@Z
?setFilename@FileInputSource@@QAEXPBD@Z
??0FileInputSource@@QAE@XZ
?stayOpen@ClosedFileInputSource@@QAEX_N@Z
??0ClosedFileInputSource@@QAE@PBD@Z
?TC@QTC@@YAXQBD0H@Z
?call_main_from_wmain@QUtil@@YAHHQAPA_WV?$function@$$A6AHHPAPAD@Z@std@@@Z
?parse_numrange@QUtil@@YA?AV?$vector@HV?$allocator@H@std@@@std@@PBDH@Z
?is_digit@QUtil@@YA_ND@Z
?is_space@QUtil@@YA_ND@Z
?str_compare_nocase@QUtil@@YAHPBD0@Z
?read_lines_from_file@QUtil@@YA?AV?$list@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@AAV?$basic_istream@DU?$char_traits@D@std@@@3@_N@Z
?read_lines_from_file@QUtil@@YA?AV?$list@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@PBD_N@Z
?possible_repaired_encodings@QUtil@@YA?AV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z
?analyze_encoding@QUtil@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AA_N11@Z
?utf8_to_pdf_doc@QUtil@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV23@D@Z
?get_env@QUtil@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAV23@@Z
?getWhoami@QUtil@@YAPADPAD@Z
?setLineBuf@QUtil@@YAXPAU_iobuf@@@Z
?binary_stdout@QUtil@@YAXXZ
?hex_decode@QUtil@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@@Z
?hex_encode@QUtil@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@@Z
?copy_string@QUtil@@YAPADABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?rename_file@QUtil@@YAXPBD0@Z
?remove_file@QUtil@@YAXPBD@Z
?warnIfPossible@QPDFObjectHandle@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z
?getJSON@QPDFObjectHandle@@QAE?AVJSON@@_N@Z
?unparseResolved@QPDFObjectHandle@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?unparse@QPDFObjectHandle@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getGeneration@QPDFObjectHandle@@QBEHXZ
?getObjectID@QPDFObjectHandle@@QBEHXZ
?same_file@QUtil@@YA_NPBD0@Z
?safe_fopen@QUtil@@YAPAU_iobuf@@PBD0@Z
?getObjGen@QPDFObjectHandle@@QBE?AVQPDFObjGen@@XZ
?replaceStreamData@QPDFObjectHandle@@QAEXV?$PointerHolder@VStreamDataProvider@QPDFObjectHandle@@@@ABV1@1@Z
?replaceDict@QPDFObjectHandle@@QAEXV1@@Z
?pipeStreamData@QPDFObjectHandle@@QAE_NPAVPipeline@@HW4qpdf_stream_decode_level_e@@_N2@Z
?getDict@QPDFObjectHandle@@QAE?AV1@XZ
?removeKey@QPDFObjectHandle@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?replaceKey@QPDFObjectHandle@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V1@@Z
?appendItem@QPDFObjectHandle@@QAEXABV1@@Z
?shallowCopy@QPDFObjectHandle@@QAE?AV1@XZ
?getUniqueResourceName@QPDFObjectHandle@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@AAH@Z
?mergeResources@QPDFObjectHandle@@QAEXV1@@Z
?getKeys@QPDFObjectHandle@@QAE?AV?$set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@XZ
?getKey@QPDFObjectHandle@@QAE?AV1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?hasKey@QPDFObjectHandle@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?getArrayAsRectangle@QPDFObjectHandle@@QAE?AVRectangle@1@XZ
?getArrayItem@QPDFObjectHandle@@QAE?AV1@H@Z
?getArrayNItems@QPDFObjectHandle@@QAEHXZ
?getName@QPDFObjectHandle@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getNumericValue@QPDFObjectHandle@@QAENXZ
?isNumber@QPDFObjectHandle@@QAE_NXZ
?getUIntValueAsUInt@QPDFObjectHandle@@QAEIXZ
?getIntValueAsInt@QPDFObjectHandle@@QAEHXZ
?getIntValue@QPDFObjectHandle@@QAE_JXZ
?newStream@QPDFObjectHandle@@SA?AV1@PAVQPDF@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?string_to_uint@QUtil@@YAIPBD@Z
?string_to_int@QUtil@@YAHPBD@Z
?newStream@QPDFObjectHandle@@SA?AV1@PAVQPDF@@@Z
?uint_to_string@QUtil@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_KH@Z
?newDictionary@QPDFObjectHandle@@SA?AV1@XZ
?newArray@QPDFObjectHandle@@SA?AV1@ABV?$vector@VQPDFObjectHandle@@V?$allocator@VQPDFObjectHandle@@@std@@@std@@@Z
??1Members@QPDFAcroFormDocumentHelper@@QAE@XZ
?newArray@QPDFObjectHandle@@SA?AV1@XZ
??0QPDFPageLabelDocumentHelper@@QAE@AAVQPDF@@@Z
?int_to_string@QUtil@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_JH@Z

msvcp140

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z

kernel32

IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsProcessorFeaturePresent

vcruntime140

_purecall
__std_terminate
__std_exception_copy
__std_exception_destroy
strchr
strstr
_CxxThrowException
__CxxFrameHandler3
memchr
memcpy
memmove
memset
__current_exception
__current_exception_context
_except_handler4_common
__std_type_info_destroy_list

api-ms-win-crt-runtime-l1-1-0

exit
_register_thread_local_exe_atexit_callback
_c_exit
__p___wargv
__p___argc
terminate
_controlfp_s
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_invalid_parameter_noinfo_noreturn
_set_app_type
_seh_filter_exe
_exit
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll

api-ms-win-crt-stdio-l1-1-0

fclose
__acrt_iob_func
__p__commode
_set_fmode

api-ms-win-crt-string-l1-1-0

strncmp

api-ms-win-crt-heap-l1-1-0

malloc
free
_set_new_mode
_callnewh

api-ms-win-crt-math-l1-1-0

__setusermatherr
_except1

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 275KB - Virtual size: 274KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
qnwtool.exe
.exe windows x86

90b6d18c6e1f4162e253f1c95c087a49

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

qcommonui

?Instance@QUser@@SAABV?$unique_ptr@VQUser@@U?$default_delete@VQUser@@@std@@@std@@XZ
?isVipUser@QUser@@QBE_NXZ
?setProduct@QUser@@QAEXABVQDtaProduct@@@Z
?release@CGlobal@@SAXXZ
??1QDtaProduct@@UAE@XZ
?load@CGlobal@@SAXABVQString@@@Z
?close@QHttpClient@@QAEXXZ
?start@QHttpClient@@QAEXH@Z
?Instance@QHttpClient@@SAABV?$unique_ptr@VQHttpClient@@U?$default_delete@VQHttpClient@@@std@@@std@@XZ
?showPersonal@QUserHelp@@QAEXPAVQWidget@@@Z
?preLogin@QUserHelp@@QAE_NXZ
??1QUserHelp@@UAE@XZ
??0QUserHelp@@QAE@PAVQWidget@@PAVQObject@@@Z
??0QDtaProduct@@QAE@W4QAppType@@ABVQString@@11@Z
??1Value@Json@@QAE@XZ
??0Value@Json@@QAE@ABV01@@Z
?setAboutImage@QCustomUI@@SAXABVQString@@@Z
??0Value@Json@@QAE@W4ValueType@1@@Z
?getProduct@QUser@@QBEABVQDtaProduct@@XZ
?getId@QDtaProduct@@QBEABVQString@@XZ
??0QDtaProduct@@QAE@ABV0@@Z
?setVipUser@QUser@@QAEX_N@Z

qt5widgets

?leaveEvent@QWidget@@MAEXPAVQEvent@@@Z
?staticMetaObject@QWidget@@2UQMetaObject@@B
?qt_metacall@QWidget@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@QWidget@@UAEPAXPBD@Z
?wheelEvent@QWidget@@MAEXPAVQWheelEvent@@@Z
?tabletEvent@QWidget@@MAEXPAVQTabletEvent@@@Z
?sizeHint@QWidget@@UBE?AVQSize@@XZ
?showEvent@QWidget@@MAEXPAVQShowEvent@@@Z
?sharedPainter@QWidget@@MBEPAVQPainter@@XZ
?setVisible@QWidget@@UAEX_N@Z
?resizeEvent@QWidget@@MAEXPAVQResizeEvent@@@Z
?redirected@QWidget@@MBEPAVQPaintDevice@@PAVQPoint@@@Z
?paintEvent@QWidget@@MAEXPAVQPaintEvent@@@Z
?paintEngine@QWidget@@UBEPAVQPaintEngine@@XZ
?nativeEvent@QWidget@@MAE_NABVQByteArray@@PAXPAJ@Z
?moveEvent@QWidget@@MAEXPAVQMoveEvent@@@Z
?mouseReleaseEvent@QWidget@@MAEXPAVQMouseEvent@@@Z
?mousePressEvent@QWidget@@MAEXPAVQMouseEvent@@@Z
?mouseMoveEvent@QWidget@@MAEXPAVQMouseEvent@@@Z
?mouseDoubleClickEvent@QWidget@@MAEXPAVQMouseEvent@@@Z
?minimumSizeHint@QWidget@@UBE?AVQSize@@XZ
?metric@QWidget@@MBEHW4PaintDeviceMetric@QPaintDevice@@@Z
?keyPressEvent@QWidget@@MAEXPAVQKeyEvent@@@Z
?inputMethodQuery@QWidget@@UBE?AVQVariant@@W4InputMethodQuery@Qt@@@Z
?inputMethodEvent@QWidget@@MAEXPAVQInputMethodEvent@@@Z
?initPainter@QWidget@@MBEXPAVQPainter@@@Z
?hideEvent@QWidget@@MAEXPAVQHideEvent@@@Z
?heightForWidth@QWidget@@UBEHH@Z
?hasHeightForWidth@QWidget@@UBE_NXZ
?focusOutEvent@QWidget@@MAEXPAVQFocusEvent@@@Z
?focusNextPrevChild@QWidget@@MAE_N_N@Z
?focusInEvent@QWidget@@MAEXPAVQFocusEvent@@@Z
?event@QWidget@@MAE_NPAVQEvent@@@Z
?enterEvent@QWidget@@MAEXPAVQEvent@@@Z
?dropEvent@QWidget@@MAEXPAVQDropEvent@@@Z
?dragMoveEvent@QWidget@@MAEXPAVQDragMoveEvent@@@Z
?dragLeaveEvent@QWidget@@MAEXPAVQDragLeaveEvent@@@Z
?dragEnterEvent@QWidget@@MAEXPAVQDragEnterEvent@@@Z
??0QApplication@@QAE@AAHPAPADH@Z
??1QApplication@@UAE@XZ
?exec@QApplication@@SAHXZ
??0QWidget@@QAE@PAV0@V?$QFlags@W4WindowType@Qt@@@@@Z
??1QWidget@@UAE@XZ
?setWindowTitle@QWidget@@QAEXABVQString@@@Z
?resize@QWidget@@QAEXHH@Z
?actionEvent@QWidget@@MAEXPAVQActionEvent@@@Z
?changeEvent@QWidget@@MAEXPAVQEvent@@@Z
?closeEvent@QWidget@@MAEXPAVQCloseEvent@@@Z
?contextMenuEvent@QWidget@@MAEXPAVQContextMenuEvent@@@Z
?devType@QWidget@@UBEHXZ
?keyReleaseEvent@QWidget@@MAEXPAVQKeyEvent@@@Z
?question@QMessageBox@@SA?AW4StandardButton@1@PAVQWidget@@ABVQString@@1V?$QFlags@W4StandardButton@QMessageBox@@@@W421@@Z

qt5core

?data@QArrayData@@QAEPAXXZ
?staticMetaObject@QObject@@2UQMetaObject@@B
?qt_metacall@QObject@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@QObject@@UAEPAXPBD@Z
?dynamicMetaObject@QObjectData@@QBEPAUQMetaObject@@XZ
?qUnregisterResourceData@@YA_NHPBE00@Z
?qRegisterResourceData@@YA_NHPBE00@Z
?shared_null@QListData@@2UData@1@B
??0QSettings@@QAE@PAVQObject@@@Z
??0QVariant@@QAE@$$QAV0@@Z
??0QVariant@@QAE@ABVQByteArray@@@Z
?append@QListData@@QAEPAPAXXZ
?detach_grow@QListData@@QAEPAUData@1@PAHH@Z
?toStdWString@QString@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?fromStdWString@QString@@SA?AV1@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?compare@QString@@QBEHABV1@W4CaseSensitivity@Qt@@@Z
?mid@QString@@QBE?AV1@HH@Z
?indexOf@QString@@QBEHABV1@HW4CaseSensitivity@Qt@@@Z
?append@QByteArray@@QAEAAV1@PBDH@Z
??0QByteArray@@QAE@XZ
?sharedNull@QArrayData@@SAPAU1@XZ
?deallocate@QArrayData@@SAXPAU1@II@Z
?allocate@QArrayData@@SAPAU1@IIIV?$QFlags@W4AllocationOption@QArrayData@@@@@Z
??0QChar@@QAE@UQLatin1Char@@@Z
??0QString@@QAE@ABV0@@Z
??1QString@@QAE@XZ
??0QString@@QAE@$$QAV0@@Z
??4QString@@QAEAAV0@$$QAV0@@Z
?isEmpty@QString@@QBE_NXZ
?arg@QString@@QBE?AV1@ABV1@HVQChar@@@Z
??M@YA_NABVQString@@0@Z
??0QString@@QAE@PBD@Z
?detach@QListData@@QAEPAUData@1@H@Z
?dispose@QListData@@QAEXXZ
?dispose@QListData@@SAXPAUData@1@@Z
?begin@QListData@@QBEPAPAXXZ
?end@QListData@@QBEPAPAXXZ
?tr@QObject@@SA?AVQString@@PBD0H@Z
??0QObject@@QAE@PAV0@@Z
??1QObject@@UAE@XZ
?color@QMapNodeBase@@QBE?AW4Color@1@XZ
?setColor@QMapNodeBase@@QAEXW4Color@1@@Z
?setParent@QMapNodeBase@@QAEXPAU1@@Z
?freeNodeAndRebalance@QMapDataBase@@QAEXPAUQMapNodeBase@@@Z
?recalcMostLeftNode@QMapDataBase@@QAEXXZ
?createNode@QMapDataBase@@QAEPAUQMapNodeBase@@HHPAU2@_N@Z
?freeTree@QMapDataBase@@QAEXPAUQMapNodeBase@@H@Z
?createData@QMapDataBase@@SAPAU1@XZ
?freeData@QMapDataBase@@SAXPAU1@@Z
??0QVariant@@QAE@XZ
??1QVariant@@QAE@XZ
??0QVariant@@QAE@ABV0@@Z
??0QVariant@@QAE@H@Z
??0QVariant@@QAE@I@Z
??0QVariant@@QAE@_J@Z
??0QVariant@@QAE@_N@Z
??0QVariant@@QAE@M@Z
??0QVariant@@QAE@ABVQString@@@Z
??4QVariant@@QAEAAV0@ABV0@@Z
??4QVariant@@QAEAAV0@$$QAV0@@Z
?toInt@QVariant@@QBEHPA_N@Z
?toUInt@QVariant@@QBEIPA_N@Z
?toLongLong@QVariant@@QBE_JPA_N@Z
?toBool@QVariant@@QBE_NXZ
?toFloat@QVariant@@QBEMPA_N@Z
?toString@QVariant@@QBE?AVQString@@XZ
?exists@QFile@@SA_NABVQString@@@Z
??0QSettings@@QAE@ABVQString@@W4Format@0@PAVQObject@@@Z
??1QSettings@@UAE@XZ
?beginGroup@QSettings@@QAEXABVQString@@@Z
?endGroup@QSettings@@QAEXXZ
?childKeys@QSettings@@QBE?AVQStringList@@XZ
?childGroups@QSettings@@QBE?AVQStringList@@XZ
?value@QSettings@@QBE?AVQVariant@@ABVQString@@ABV2@@Z
?setIniCodec@QSettings@@QAEXPBD@Z
?childEvent@QObject@@MAEXPAVQChildEvent@@@Z
?connectNotify@QObject@@MAEXABVQMetaMethod@@@Z
?customEvent@QObject@@MAEXPAVQEvent@@@Z
?disconnectNotify@QObject@@MAEXABVQMetaMethod@@@Z
?event@QObject@@UAE_NPAVQEvent@@@Z
?eventFilter@QObject@@UAE_NPAV1@PAVQEvent@@@Z
?data@QArrayData@@QBEPBXXZ
?shared_null@QMapDataBase@@2U1@B
?qt_assert_x@@YAXPBD00H@Z
?normalizedType@QMetaObject@@SA?AVQByteArray@@PBD@Z
??1QByteArray@@QAE@XZ
?size@QByteArray@@QBEHXZ
?constData@QByteArray@@QBEPBDXZ
?size@QListData@@QBEHXZ
?at@QListData@@QBEPAPAXH@Z
?QStringList_contains@QtPrivate@@YA_NPBVQStringList@@ABVQString@@W4CaseSensitivity@Qt@@@Z
?registerNormalizedType@QMetaType@@SAHABVQByteArray@@P6AXPAX@ZP6APAX1PBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PBUQMetaObject@@@Z
?registerNormalizedTypedef@QMetaType@@SAHABVQByteArray@@H@Z
?arguments@QCoreApplication@@SA?AVQStringList@@XZ
?instance@QCoreApplication@@SAPAV1@XZ
?exit@QCoreApplication@@SAXH@Z
?defaultTypeFor@QTimer@@CA?AW4TimerType@Qt@@H@Z
?singleShotImpl@QTimer@@CAXHW4TimerType@Qt@@PBVQObject@@PAVQSlotObjectBase@QtPrivate@@@Z
?connectSlotsByName@QMetaObject@@SAXPAVQObject@@@Z
?fromUtf8@QString@@SA?AV1@PBDH@Z
?objectName@QObject@@QBE?AVQString@@XZ
?setObjectName@QObject@@QAEXABVQString@@@Z
?translate@QCoreApplication@@SA?AVQString@@PBD00H@Z
?qt_assert@@YAXPBD0H@Z
?qBadAlloc@@YAXXZ
?timerEvent@QObject@@MAEXPAVQTimerEvent@@@Z
?setValue@QSettings@@QAEXABVQString@@ABVQVariant@@@Z
??0QVariant@@QAE@PBD@Z
?number@QString@@SA?AV1@HH@Z
?arg@QString@@QBE?AV1@HHHVQChar@@@Z

kernel32

GetCurrentProcess
WideCharToMultiByte
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
LocalFree
GetCommandLineW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
Sleep

advapi32

RegEnumKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegEnumValueW
RegOpenKeyExW

msvcp140

?_Xlength_error@std@@YAXPBD@Z

vcruntime140

memcpy
__std_type_info_destroy_list
_CxxThrowException
__CxxFrameHandler3
memcmp
memmove
memset
__std_exception_copy
__std_exception_destroy
__current_exception
__current_exception_context
_except_handler4_common

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm_e
_configure_narrow_argv
_initterm
_seh_filter_dll
_controlfp_s
_initialize_narrow_environment
_initialize_onexit_table
_exit
_register_thread_local_exe_atexit_callback
_register_onexit_function
exit
_get_narrow_winmain_command_line
terminate
_set_app_type
_seh_filter_exe
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-string-l1-1-0

wcslen
strcmp

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

shell32

CommandLineToArgvW

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 265B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
serviceInstallerforeas.exe
.exe windows x86

d4dcc00f844eb946698d0d9e50cb1147

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
CreateProcessA
GetStdHandle
Sleep
GetModuleFileNameA
GetCommandLineA
GetFileAttributesA
SetEnvironmentVariableA
CompareStringW
CreateFileA
GetFileSize
DeleteFileA
GetEnvironmentVariableA
CloseHandle
CompareStringA
LCMapStringW
LCMapStringA
ReadFile
SetEndOfFile
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
GetOEMCP
GetACP
GetTimeZoneInformation
GetSystemTime
GetLocalTime
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetVersion
ExitProcess
IsBadWritePtr
IsBadReadPtr
HeapValidate
GetLastError
DebugBreak
WriteFile
InterlockedDecrement
OutputDebugStringA
GetProcAddress
LoadLibraryA
InterlockedIncrement
WideCharToMultiByte
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetVersionExA
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapReAlloc
VirtualAlloc
SetStdHandle
FlushFileBuffers
SetConsoleCtrlHandler
SetFilePointer
SetUnhandledExceptionFilter
IsBadCodePtr
GetCPInfo
RaiseException

user32

MessageBoxA
CharNextA

advapi32

RegEnumValueA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA

ws2_32

WSACleanup
socket
WSAStartup
closesocket
shutdown
bind
htons

Sections

.text
Size: 184KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sqlite3.dll
.dll windows x86

12baaaec299bc9ff52d20c16e4d0e96a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AreFileApisANSI
CloseHandle
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateMutexW
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeLibrary
GetCurrentProcessId
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetTickCount
GetVersionExA
GetVersionExW
HeapAlloc
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HeapValidate
InitializeCriticalSection
InterlockedCompareExchange
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
LockFile
LockFileEx
MapViewOfFile
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
ReadFile
SetEndOfFile
SetFilePointer
Sleep
SystemTimeToFileTime
TlsGetValue
UnlockFile
UnlockFileEx
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

__dllonexit
_errno
_iob
_winmajor
abort
calloc
fflush
free
fwrite
localtime
malloc
memcmp
memmove
memset
qsort
realloc
strcmp
strncmp
vfprintf

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_cancel_auto_extension
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_close_v2
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_config
sqlite3_db_filename
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_readonly
sqlite3_db_release_memory
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_errstr
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_rtree_geometry_callback
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_step
sqlite3_stmt_busy
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_strglob
sqlite3_stricmp
sqlite3_strnicmp
sqlite3_table_column_metadata
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_uri_boolean
sqlite3_uri_int64
sqlite3_uri_parameter
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vtab_config
sqlite3_vtab_on_conflict
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_set_directory
sqlite3_win32_sleep
sqlite3_win32_utf8_to_mbcs
sqlite3_win32_write_debug

Sections

.text
Size: 436KB - Virtual size: 435KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/35
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/51
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/63
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/77
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/89
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/102
Size: 512B - Virtual size: 269B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/113
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/124
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
stapi32.dll
.dll regsvr32 windows x86

54aa0f6646a6370e0b66feb3c6b55943

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_wcsicmp
free
__dllonexit
_unlock
_errno
realloc
_except_handler4_common
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_adjust_fdiv
_ftol2
_initterm
_XcptFilter
_callnewh
wcslen
atoi
wcstoul
_snwprintf
??0exception@@QAE@ABV0@@Z
wcsncpy
memcpy
memset
_onexit
swprintf
__CxxFrameHandler3
_CxxThrowException
_lock
_amsg_exit
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memmove_s
sscanf
_wcsnicmp
_ftol2_sse
_purecall
_resetstkoflw
wcscat_s
_wtoi
wcscat
wcscpy
wcsstr
wcsrchr
wcschr
wcsncmp
wcscmp
_CIlog10
_CIpow
_wcsupr
_wcsupr_s
toupper
wcsncpy_s
wcscpy_s
memcpy_s
malloc
?what@exception@@UBEPBDXZ
sprintf

kernel32

GetVersionExW
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
ExpandEnvironmentStringsW
QueryPerformanceCounter
InterlockedCompareExchange
WideCharToMultiByte
InterlockedExchange
GetVersionExA
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
OpenMutexW
WaitForMultipleObjects
OutputDebugStringW
GetExitCodeThread
GetCurrentThreadId
OutputDebugStringA
DeleteCriticalSection
CreateFileW
GetLastError
SetLastError
DeviceIoControl
CloseHandle
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
GetModuleFileNameW
DisableThreadLibraryCalls
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
CallNamedPipeW
DisconnectNamedPipe
FlushFileBuffers
WriteFile
ReadFile
ConnectNamedPipe
CreateNamedPipeW
LocalFree
FormatMessageW
SetEvent
WaitForSingleObject
CreateThread
GetTickCount
CreateEventW
ExitThread
ReleaseMutex
Sleep
SetThreadPriority
GetCurrentThread
CreateMutexW
ResetEvent
UnhandledExceptionFilter

user32

GetMessageW
SetWindowLongW
CreateWindowExW
RegisterClassW
DestroyWindow
UnregisterClassA
TranslateMessage
DispatchMessageW
GetWindowLongW
DefWindowProcW
UnregisterDeviceNotification
RegisterDeviceNotificationW
PostMessageW
wsprintfW
CharNextW
SendMessageW

advapi32

RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
OpenProcessToken
GetTokenInformation
LookupAccountSidW
RegQueryValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumKeyExW

ole32

CoInitializeEx
CoUninitialize
PropVariantClear
IIDFromString
CoInitialize
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler

oleaut32

SysAllocString
VariantInit
SafeArrayPutElement
SafeArrayCreate
SafeArrayUnaccessData
SafeArrayAccessData
SysStringLen
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
SysAllocStringByteLen
SysStringByteLen
VarBstrCmp
VarBstrCat
SysAllocStringLen
VariantClear
SysFreeString

winmm

mixerSetControlDetails
mixerGetDevCapsW
mixerOpen
mixerGetLineInfoW
mixerGetLineControlsW
mixerClose
mixerGetControlDetailsW
mixerGetNumDevs
mixerMessage

setupapi

SetupDiGetClassDevsExW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstanceIdW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiOpenDevRegKey
SetupDiOpenDeviceInterfaceRegKey

Exports

Exports

??0CSkpiRegCtrlClass@@QAE@ABV0@@Z
??4CSkpiRegCtrlClass@@QAEAAV0@ABV0@@Z
??_7CSkpiRegCtrlClass@@6B@
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 334KB - Virtual size: 334KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
txtonly.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

CBFilterGraphics
bInitProc
bSetFuncAddr

Sections

.text
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 178B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 122B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

256786d487a8a059f70ad2383495f286

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 1KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 12KB - Virtual size: 10KB

.reloc Size: 4KB - Virtual size: 446B

256786d487a8a059f70ad2383495f286

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 1KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 12KB - Virtual size: 8KB

.reloc Size: 4KB - Virtual size: 446B

256786d487a8a059f70ad2383495f286

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 1KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 12KB - Virtual size: 10KB

.reloc Size: 4KB - Virtual size: 446B

256786d487a8a059f70ad2383495f286

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 1KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 12KB - Virtual size: 10KB

.reloc Size: 4KB - Virtual size: 446B

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

ba:8a:eb:c9:83:ee:22:11:b0:f9:7d:ca:f0:4d:41:4bCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

91:d4:42:13:74:1f:30:72:98:fa:09:62:f7:ed:65:89:e5:e8:80:efSigner

.text
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 12KB - Virtual size: 10KB

.reloc
Size: 4KB - Virtual size: 446B

.text
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 12KB - Virtual size: 8KB

.reloc
Size: 4KB - Virtual size: 446B

.text
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 12KB - Virtual size: 10KB

.reloc
Size: 4KB - Virtual size: 446B

.text
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 12KB - Virtual size: 10KB

.reloc
Size: 4KB - Virtual size: 446B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

ba:8a:eb:c9:83:ee:22:11:b0:f9:7d:ca:f0:4d:41:4b
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

91:d4:42:13:74:1f:30:72:98:fa:09:62:f7:ed:65:89:e5:e8:80:ef
Signer

20/10/2015, 18:38
Valid: true

.text
Size: 795KB - Virtual size: 794KB

.rsrc
Size: 73KB - Virtual size: 72KB

.reloc
Size: 512B - Virtual size: 12B

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0a:9c:96:e9:49:dc:a9:03:e9:21:89:e0:b2:99:9d:e5
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0a:9c:96:e9:49:dc:a9:03:e9:21:89:e0:b2:99:9d:e5
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

44:4f:e6:63:29:98:45:48:19:06:11:fb:a3:c5:d9:c3:40:e7:4b:70:82:20:87:33:5e:7f:bd:51:03:53:a1:21
Signer

02/11/2020, 22:10
Valid: true

63:cc:e2:c4:0f:89:31:d5:df:18:33:81:6f:37:06:4d:19:c1:95:a0
Signer

02/11/2020, 22:10
Valid: true

.text
Size: 764KB - Virtual size: 764KB

.rdata
Size: 94KB - Virtual size: 94KB