xw_forensics203-SR-4[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

xw_forensics203-SR-4.7z
Size

12.8MB
MD5

c990f37872ab7dc483581fcbd4b64a4a
SHA1

09228fbe9e3e9f92f7dc2f545c49f5c73c32c89d
SHA256

df20ac694e08923498caffb29fb0dee27c7bbf3f79b67fa040897c572cea9dd8
SHA512

af8488a747200b9eb609d4737b05ce89cc970deec282f832cf383d6f95e724bdd93abe8faa04763573b67e70032939ad0e2fe7b884ba088e31b2e96ec3184d2a
SSDEEP

393216:RD+MHxShJvBcmirXU58iQp5Rlv0cmw4vPJT6QEe:RDtxSVcmiJ/0cmPJTAe

Score

1^/10

Malware Config

Signatures

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/xw_forensics203-SR-4/Dokan.exe	nsis_installer_1
static1/unpack001/xw_forensics203-SR-4/Dokan.exe	nsis_installer_2

Files

xw_forensics203-SR-4.7z
.7z
xw_forensics203-SR-4/Boot Sector FAT.tpl
xw_forensics203-SR-4/Boot Sector FAT32.tpl
xw_forensics203-SR-4/Boot Sector NTFS.tpl
xw_forensics203-SR-4/Case Report Classic.css
xw_forensics203-SR-4/Case Report.css
xw_forensics203-SR-4/Chinese.txt
xw_forensics203-SR-4/Conditional Coloring.cfg
xw_forensics203-SR-4/DC.dll
.dll windows x86

c1c33f6bd2d4a469501a16def6d6f82c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
_assert
_errno
_iob
abort
calloc
fflush
free
fwrite
malloc
memcpy
memset
printf
realloc
strlen
vfprintf
wcslen

Exports

Exports

wlfsdc
wlxpdc
wlzvdc

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 116B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 98B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/Dokan.exe
.exe windows x86

e160ef8e55bb9d162da4e266afd9eef3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:01
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

16/11/2006, 01:54

Not After

16/11/2026, 01:54

Subject

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8f:56:90:01:d5:0f:c4:57
Certificate

Issuer

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

30/01/2015, 09:32

Not After

30/01/2016, 09:32

Subject

CN=ISLOG,O=ISLOG,L=Strasbourg,ST=Alsace,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:37:b9:08:f8:71:ee:b5:e9:94:00:00:00:00:00:37
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/08/2013, 17:38

Not After

27/08/2023, 17:48

Subject

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

64:26:68:01:77:1b:3c:bd:da:ee:1a:b6:4b:b8:03:b9:e0:73:d3:b8
Signer

Actual PE Digest

64:26:68:01:77:1b:3c:bd:da:ee:1a:b6:4b:b8:03:b9:e0:73:d3:b8

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=ISLOG,O=ISLOG,L=Strasbourg,ST=Alsace,C=FR

21/08/2015, 15:27
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
SearchPathA
GetShortPathNameA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
Sleep
CloseHandle
LoadLibraryA
lstrlenA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
lstrcpyA
lstrcatA
GetSystemDirectoryA
GetVersion
GetProcAddress
GlobalAlloc
CompareFileTime
SetFileTime
ExpandEnvironmentStringsA
lstrcmpiA
lstrcmpA
WaitForSingleObject
GlobalFree
GetExitCodeProcess
GetModuleHandleA
SetErrorMode
GetCommandLineA
LoadLibraryExA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
WriteFile
FindClose
WritePrivateProfileStringA
MultiByteToWideChar
MulDiv
GetPrivateProfileStringA
FreeLibrary

user32

CreateWindowExA
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
GetDC
SystemParametersInfoA
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
DestroyWindow
CreateDialogParamA
SetTimer
GetDlgItem
wsprintfA
SetForegroundWindow
ShowWindow
IsWindow
LoadImageA
SetWindowLongA
SetClipboardData
EmptyClipboard
OpenClipboard
EndPaint
PostQuitMessage
FindWindowExA
SendMessageTimeoutA
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/EDBex.dat
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 266KB - Virtual size: 266KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 18KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 33B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/EDBex2.dat
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 18KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 33B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/Event Log Events.txt
xw_forensics203-SR-4/Ext Directory Entry.tpl
xw_forensics203-SR-4/Ext Group Descriptor.tpl
xw_forensics203-SR-4/Ext Inode.tpl
xw_forensics203-SR-4/Ext Superblock.tpl
xw_forensics203-SR-4/Ext4 Inode.tpl
xw_forensics203-SR-4/FAT Directory Entry.tpl
xw_forensics203-SR-4/FAT LFN Entry.tpl
xw_forensics203-SR-4/File Type Categories.txt
xw_forensics203-SR-4/File Type Signatures Check Only.txt
xw_forensics203-SR-4/File Type Signatures Search.txt
xw_forensics203-SR-4/GUID Partition Table.tpl
xw_forensics203-SR-4/Generator Signatures.txt
xw_forensics203-SR-4/HFS+ Volume Header.tpl
xw_forensics203-SR-4/History.dat
xw_forensics203-SR-4/ILU.dll
.dll windows x86

0f3f9c7e573eeaf91b4cdc7670c9e3c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

resil

ilCloseImage
il2ResizeImage
il2CopyPal
iFlipBuffer
iMirror
iConvertImage
il2GetClear
_il2ConvertPal@8
il2ClearImage
ilGetBppPal
il2GenImage
il2LoadImage
il2DeleteImage
il2TexImage
icalloc
il2SetError
ilGetCurImage
il2ConvertImage
il2NewImage
il2GetImageInteger
ifree
il2SetPalRGBA
il2CopyPixels
il2GetPalRGBA
ilGetPalBaseType
il2CopyImageAttr
ialloc
ilGenImages
ilBindImage
ilGetCurName
ilDeleteImages
ilLoadImage

kernel32

TlsAlloc
DecodePointer
WriteConsoleW
CloseHandle
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
GetStdHandle
GetProcessHeap
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetCommandLineW
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
MultiByteToWideChar

Exports

Exports

_ilu2LoadImage@4
_ilu2Rotate_@8
_iluRotate3D_@20
_iluScale_@16
ilu2Alienify
ilu2BlurAvg
ilu2BlurGaussian
ilu2BuildMipmaps
ilu2ColoursUsed
ilu2CompareImage
ilu2Contrast
ilu2Convolution
ilu2Crop
ilu2EdgeDetectE
ilu2EdgeDetectP
ilu2EdgeDetectS
ilu2Emboss
ilu2EnlargeCanvas
ilu2EnlargeImage
ilu2Equalize
ilu2ErrorString
ilu2FlipImage
ilu2GammaCorrect
ilu2GetInteger
ilu2GetIntegerv
ilu2GetString
ilu2ImageParameter
ilu2Init
ilu2InvertAlpha
ilu2Mirror
ilu2Negative
ilu2Noisify
ilu2Pixelize
ilu2ReplaceColour
ilu2Rotate
ilu2Rotate3D
ilu2Saturate1f
ilu2Saturate4f
ilu2Scale
ilu2ScaleAlpha
ilu2ScaleColours
ilu2SetLanguage
ilu2Sharpen
ilu2SwapColours
ilu2Wave
iluAlienify
iluBlurAvg
iluBlurGaussian
iluBuildMipmaps
iluColoursUsed
iluCompareImage
iluContrast
iluConvolution
iluCrop
iluEdgeDetectE
iluEdgeDetectP
iluEdgeDetectS
iluEmboss
iluEnlargeCanvas
iluEnlargeImage
iluEqualize
iluErrorString
iluFlipImage
iluGammaCorrect
iluGetInteger
iluGetIntegerv
iluGetString
iluImageParameter
iluInit
iluInvertAlpha
iluLoadImage
iluMirror
iluNegative
iluNoisify
iluPixelize
iluReplaceColour
iluRotate
iluRotate3D
iluSaturate1f
iluSaturate4f
iluScale
iluScaleAlpha
iluScaleColours
iluSetLanguage
iluSharpen
iluSwapColours
iluWave

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/ILUT.dll
.dll windows x86

d513705b43ce8fcb4a3c341209440441

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

resil

ialloc
ilTypeFromExt
_il2GetPalette@4
il2TexImage
ifree
_il2ConvertPal@8
il2GetImageInteger
il2LoadL
il2NewImage
iConvertImage
ilCloseImage
ilGetCurImage
il2SetError
iGetFlipped
il2DeleteImage
_il2RegisterPal@16

kernel32

GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
GetStdHandle
SizeofResource
LockResource
LoadResource
FindResourceW
GlobalSize
GlobalLock
GlobalUnlock
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetProcessHeap
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
QueryPerformanceCounter
RtlUnwind
DecodePointer
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo

user32

ReleaseDC
GetForegroundWindow
GetDC
IsClipboardFormatAvailable
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard

wininet

InternetOpenW
InternetCloseHandle
InternetReadFile
InternetOpenUrlW

gdi32

CreateCompatibleDC
GetPaletteEntries
CreateCompatibleBitmap
GetDIBits
CreatePalette
SetDIBits
DeleteObject
SelectObject

Exports

Exports

_ilut2ConvertSliceToHBitmap@12
_ilutConvertSliceToHBitmap@8
_ilutDisable@4
_ilutEnable@4
_ilutFreePaddedData@4
_ilutGetBmpInfo@4
_ilutGetBoolean@4
_ilutGetBooleanv@8
_ilutGetHPal@4
_ilutGetInteger@4
_ilutGetIntegerv@8
_ilutGetPaddedData@0
_ilutGetString@4
_ilutGetWinClipboard@0
_ilutIsDisabled@4
_ilutIsEnabled@4
_ilutLoadResource@16
_ilutPopAttrib@0
_ilutPushAttrib@4
_ilutRenderer@4
_ilutSetHBitmap@8
_ilutSetHPal@4
_ilutSetInteger@8
_ilutSetWinClipboard@0
_ilutWinLoadUrl@8
_ilutWinPrint@20
ilut2ConvertToHBitmap
ilut2Init
ilutConvertToHBitmap
ilutInit
ilutWin32Init

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/Indexer.exe
.exe windows x86

43f01a1797de8f03c29d001ae284c3a1

Code Sign

1b:e7:15
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

01/01/2014, 07:00

Not After

30/05/2031, 07:00

Subject

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ee:9d:54:af:0b:b0:ed:94
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

14/05/2020, 19:28

Not After

14/05/2023, 19:28

Subject

CN=X-Ways Software Technology Aktiengesellschaft,O=X-Ways Software Technology Aktiengesellschaft,L=Bünde,ST=Nordrhein-Westfalen,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

93:63:a3:25:30:68:21:56:43:ea:1b:e4:7b:a4:d8:16:88:2d:79:1e:c3:92:2a:cd:01:ec:4f:7c:e7:78:01:cd
Signer

Actual PE Digest

93:63:a3:25:30:68:21:56:43:ea:1b:e4:7b:a4:d8:16:88:2d:79:1e:c3:92:2a:cd:01:ec:4f:7c:e7:78:01:cd

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=X-Ways Software Technology Aktiengesellschaft,O=X-Ways Software Technology Aktiengesellschaft,L=Bünde,ST=Nordrhein-Westfalen,C=DE

18/05/2020, 17:10
Valid: true

Chain 1

CN=X-Ways Software Technology Aktiengesellschaft,O=X-Ways Software Technology Aktiengesellschaft,L=Bünde,ST=Nordrhein-Westfalen,C=DE

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Chain 2

CN=X-Ways Software Technology Aktiengesellschaft,O=X-Ways Software Technology Aktiengesellschaft,L=Bünde,ST=Nordrhein-Westfalen,C=DE

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
GetFileSizeEx
WriteFile
CreateFileW
GetLastError
CloseHandle
GetTickCount
MultiByteToWideChar
FormatMessageW
WideCharToMultiByte
FindFirstFileW
FindClose
SetFilePointerEx
GetFileSize
FlushFileBuffers
FindNextFileW
DeleteFileW
GlobalMemoryStatusEx
SetErrorMode
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
HeapSize
RtlUnwind
RaiseException
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
GetCommandLineA
GetCommandLineW
HeapFree
HeapAlloc
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
GetConsoleMode
ReadConsoleW
GetConsoleCP
HeapReAlloc
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
WriteConsoleW

Sections

.text
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/Indexer64.exe
.exe windows x64

5a9b0062aec09a568eb7386d38b9356f

Code Sign

1b:e7:15
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

01/01/2014, 07:00

Not After

30/05/2031, 07:00

Subject

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ee:9d:54:af:0b:b0:ed:94
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

14/05/2020, 19:28

Not After

14/05/2023, 19:28

Subject

CN=X-Ways Software Technology Aktiengesellschaft,O=X-Ways Software Technology Aktiengesellschaft,L=Bünde,ST=Nordrhein-Westfalen,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b3:42:ce:de:24:51:f6:fa:24:36:c0:08:1f:69:76:b9:15:d0:73:25:a7:6f:71:88:91:c1:45:c8:67:77:98:a0
Signer

Actual PE Digest

b3:42:ce:de:24:51:f6:fa:24:36:c0:08:1f:69:76:b9:15:d0:73:25:a7:6f:71:88:91:c1:45:c8:67:77:98:a0

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=X-Ways Software Technology Aktiengesellschaft,O=X-Ways Software Technology Aktiengesellschaft,L=Bünde,ST=Nordrhein-Westfalen,C=DE

18/05/2020, 17:10
Valid: true

Chain 1

CN=X-Ways Software Technology Aktiengesellschaft,O=X-Ways Software Technology Aktiengesellschaft,L=Bünde,ST=Nordrhein-Westfalen,C=DE

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Chain 2

CN=X-Ways Software Technology Aktiengesellschaft,O=X-Ways Software Technology Aktiengesellschaft,L=Bünde,ST=Nordrhein-Westfalen,C=DE

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ReadFile
GetFileSizeEx
WriteFile
CreateFileW
GetLastError
CloseHandle
GetTickCount
MultiByteToWideChar
FormatMessageW
WideCharToMultiByte
FindFirstFileW
FindClose
SetFilePointerEx
GetFileSize
FlushFileBuffers
FindNextFileW
DeleteFileW
GlobalMemoryStatusEx
SetErrorMode
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
WriteConsoleW
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
GetCommandLineA
GetCommandLineW
HeapFree
HeapAlloc
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
GetConsoleMode
ReadConsoleW
GetConsoleCP
HeapReAlloc
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
HeapSize
RtlUnwind

Sections

.text
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/Jump List Names.txt
xw_forensics203-SR-4/Master Boot Record.tpl
xw_forensics203-SR-4/NTFS FILE Record.tpl
xw_forensics203-SR-4/Name Filter.txt
xw_forensics203-SR-4/PVicCat.txt
xw_forensics203-SR-4/Phone Alias Table.txt
xw_forensics203-SR-4/Process.dat
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 826B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/Recently Opened.dat
xw_forensics203-SR-4/Reg Report Amcache.txt
xw_forensics203-SR-4/Reg Report Autorun.txt
xw_forensics203-SR-4/Reg Report Devices.txt
xw_forensics203-SR-4/Reg Report Free Space.txt
xw_forensics203-SR-4/Reg Report Histories.txt
xw_forensics203-SR-4/Reg Report Identity.txt
xw_forensics203-SR-4/Reg Report Networks.txt
xw_forensics203-SR-4/Reg Report Printer.txt
xw_forensics203-SR-4/Reg Report Software.txt
xw_forensics203-SR-4/Reg Report System.txt
xw_forensics203-SR-4/ResIL.dll
.dll windows x86

474ee33c0fb607461cf7e78fcc01dcb6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsBadReadPtr
ReadFile
GetFileSizeEx
WriteFile
CreateFileW
CloseHandle
SetFilePointerEx
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
WideCharToMultiByte
WriteConsoleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InitializeCriticalSectionEx
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlUnwind
RaiseException
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetTimeZoneInformation
GetFileType
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
GetStdHandle
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
FlushFileBuffers
DeleteFileW
SetStdHandle
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetEndOfFile
HeapSize

Exports

Exports

_iDetermineTypeFuncs@4
_iMemSwap@12
_iSurfaceToDxtcData@8
_il2ApplyProfile@12
_il2Blit@44
_il2ClearColour@16
_il2CloneImage@4
_il2ConvertPal@8
_il2CopyImage@8
_il2CopyImage_@4
_il2CreateSubImage@12
_il2DetermineTypeF@4
_il2DetermineTypeL@8
_il2Disable@4
_il2Enable@4
_il2GetAlpha@8
_il2GetBoolean@4
_il2GetBooleanv@8
_il2GetDXTCData@16
_il2GetFace@8
_il2GetFrame@8
_il2GetIntegerv@8
_il2GetLayer@8
_il2GetMipmap@8
_il2GetPalette@4
_il2GetString@4
_il2InitImage@32
_il2IsEnabled@4
_il2LoadPal@8
_il2OverlayImage@20
_il2RegisterFormat@8
_il2RegisterMipNum@8
_il2RegisterOrigin@8
_il2RegisterPal@16
_il2SetData@8
_il2SetDuration@8
_il2SetImageInteger@12
_il2TexSubImage_@8
_ilActiveFace@4
_ilActiveImage@4
_ilActiveLayer@4
_ilActiveMipmap@4
_ilApplyProfile@8
_ilBlit@40
_ilClearColour@16
_ilCloneCurImage@0
_ilConvertBuffer@28
_ilCopyImage@4
_ilCreateSubImage@8
_ilDefaultImage@0
_ilDisable@4
_ilEnable@4
_ilGetAlpha@4
_ilGetBoolean@4
_ilGetBooleanv@8
_ilGetBpcType@4
_ilGetBppFormat@4
_ilGetDXTCData@12
_ilGetFormatBpp@4
_ilGetIntegerv@8
_ilGetPalette@0
_ilGetString@4
_ilGetTypeBpc@4
_ilIsDisabled@4
_ilIsEnabled@4
_ilIsValidPal@4
_ilLoadPal@4
_ilNVidiaCompressDXT@24
_ilNewImageFull@28
_ilNextPower2@4
_ilOverlayImage@16
_ilRecalloc@12
_ilRegisterPal@12
_ilReplaceCurImage@4
_ilSetData@4
_ilSetError@4
_ilSetImageInteger@8
_ilSquishCompressDXT@24
_ilSurfaceToDxtcData@4
iBindImageTemp
iConvertImage
iFastConvert
iFlipBuffer
iGetActiveNum
iGetFlipped
iMirror
ialloc
icalloc
ifree
il2ClearImage
il2ConvertImage
il2CopyImageAttr
il2CopyPal
il2CopyPixels
il2DeleteImage
il2DetermineSize
il2DetermineType
il2DetermineTypeFuncs
il2FixImage
il2FlipImage
il2GenImage
il2GetClear
il2GetData
il2GetError
il2GetErrorString
il2GetImageInteger
il2GetInteger
il2GetPalRGBA
il2Init
il2Load
il2LoadF
il2LoadFuncs
il2LoadImage
il2LoadL
il2NewImage
il2RemoveAlpha
il2ResizeImage
il2Save
il2SaveF
il2SaveFuncs
il2SaveImage
il2SaveL
il2SetError
il2SetInteger
il2SetPal
il2SetPalRGBA
il2SetPixels
il2SwapColours
il2TexImage
ilAddAlphaKey
ilAddErrorA
ilAddErrorI
ilAddErrorW
ilAddStackTrace
ilBindImage
ilClearError
ilClearImage
ilCloseImage
ilClosePal
ilConvertImage
ilConvertPal
ilDeleteImage
ilDeleteImages
ilDetermineSize
ilDetermineType
ilDetermineTypeFuncs
ilFixCur
ilFixImage
ilGenImage
ilGenImages
ilGetBppPal
ilGetCurImage
ilGetCurName
ilGetData
ilGetError
ilGetErrorString
ilGetImageInteger
ilGetInteger
ilGetPalBaseType
ilInit
ilIsImage
ilLoad
ilLoadF
ilLoadFuncs
ilLoadImage
ilLoadL
ilRemoveAlpha
ilRunTests
ilSave
ilSaveF
ilSaveFuncs
ilSaveImage
ilSaveL
ilSetCurImage
ilSetErrorA
ilSetErrorW
ilSetInteger
ilSetPal
ilSetPixels
ilSetString
ilShutDown
ilSwapColours
ilTexImage
ilTypeFromExt

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/Russian.txt
xw_forensics203-SR-4/SMTP.dll
.dll windows x86

09815916ce0fd9199745a903e7768ac7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrcpyA
_lwrite
_lopen
_lclose
_lcreat
GetTickCount
_lread
GetTimeZoneInformation
GetLocalTime
lstrlenA
lstrcatA
DeleteFileA
GetComputerNameA
CreateMutexA
GlobalLock
GlobalAlloc
CloseHandle
GlobalFree
GlobalUnlock
ReleaseMutex
WaitForSingleObject
CreateProcessA
GetStartupInfoA
TerminateProcess
SetStdHandle
FlushFileBuffers
LoadLibraryA
HeapFree
HeapAlloc
WriteFile
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetFilePointer
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
GetStdHandle
GetFileType
SetHandleCount
GetCommandLineA
GetProcAddress
GetModuleHandleA
GetVersion
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
HeapCreate
HeapDestroy

wsock32

gethostname
getsockname
send
connect
select
__WSAFDIsSet
setsockopt
closesocket
inet_ntoa
socket
htons
htonl
bind
WSAStartup
gethostbyname
WSAGetLastError
ntohl
WSAIsBlocking
recv

user32

MessageBoxA
wsprintfA

Exports

Exports

seeAbort
seeAttach
seeAttachmentParams
seeByteToShort
seeClose
seeCommand
seeConfigSSL
seeDebug
seeDecodeBuffer
seeDecodeUTF8
seeDecodeUU
seeDeleteEmail
seeDriver
seeEncodeBuffer
seeEncodeUTF8
seeErrorText
seeExtractLine
seeExtractText
seeForwardEmail
seeGetEmailCount
seeGetEmailFile
seeGetEmailLines
seeGetEmailSize
seeGetEmailUID
seeGetHeader
seeGetTicks
seeImapConnect
seeImapConnectSSL
seeImapCopyMBmail
seeImapCreateMB
seeImapDeleteMB
seeImapFlags
seeImapListMB
seeImapMsgNumber
seeImapRenameMB
seeImapSearch
seeImapSelectMB
seeImapSource
seeIntegerParam
seeIsConnected
seeKillProgram
seePop3Connect
seePop3ConnectSSL
seePop3Source
seeQuoteBuffer
seeReadQuoted
seeRelease
seeSendEmail
seeSendHTML
seeSetErrorText
seeSetProxySSL
seeShortToByte
seeSleep
seeSmtpConnect
seeSmtpConnectSSL
seeSmtpTarget
seeStartProgram
seeStatistics
seeStringParam
seeTestFileSet
seeUnQuoteBuffer
seeVerifyFormat
seeVerifyUser

Sections

.text
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/Sample script.whs
xw_forensics203-SR-4/Text file conversion UNIX - Windows.whs
xw_forensics203-SR-4/Text file conversion Windows - UNIX.whs
xw_forensics203-SR-4/Video Signatures.txt
xw_forensics203-SR-4/WinHex.cfg
xw_forensics203-SR-4/avcodec-57.dll
.dll windows x86

4f28f641da02234e38514402f7fe3107

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

avutil-55

av_md5_final
av_stereo3d_create_side_data
av_get_pix_fmt_loss
av_find_best_pix_fmt_of_2
av_image_fill_max_pixsteps
av_strerror
av_fast_malloc
avpriv_report_missing_feature
av_fourcc_make_string
av_pix_fmt_get_chroma_sub_sample
av_frame_set_qp_table
av_stereo3d_alloc
av_buffer_make_writable
av_memdup
av_frame_make_writable
av_gcd
av_image_copy_plane
av_opt_set_defaults2
av_opt_set
av_fast_realloc
avpriv_slicethread_create
av_md5_init
avpriv_slicethread_free
av_expr_parse
av_expr_eval
av_expr_free
av_get_sample_fmt_name
av_get_bytes_per_sample
av_get_media_type_string
av_vlog
av_log_get_level
av_strlcat
av_strlcatf
av_match_list
av_get_channel_layout_string
av_get_planar_sample_fmt
av_samples_fill_arrays
av_get_colorspace_name
av_get_bits_per_pixel
av_color_range_name
av_chroma_location_name
av_opt_set_dict
av_get_cpu_flags
av_md5_alloc
av_content_light_metadata_create_side_data
av_mastering_display_metadata_create_side_data
av_display_matrix_flip
av_display_rotation_set
av_memcpy_backptr
av_image_check_size
av_color_space_name
av_color_transfer_name
av_color_primaries_name
av_reduce
av_reallocp
av_reallocp_array
av_opt_copy
av_fifo_alloc_array
av_frame_ref
av_dict_copy
av_cpu_count
av_get_picture_type_char
av_frame_get_side_data
av_frame_get_buffer
av_samples_set_silence
av_usleep
av_get_channel_layout_nb_channels
av_image_check_sar
av_image_check_size2
av_image_fill_pointers
av_image_fill_linesizes
av_pix_fmt_count_planes
av_frame_apply_cropping
av_frame_new_side_data
av_frame_copy_props
av_frame_copy
av_frame_is_writable
av_frame_move_ref
av_frame_unref
av_samples_copy
av_samples_get_buffer_size
av_md5_update
av_sample_fmt_is_planar
av_buffer_pool_get
av_buffer_pool_uninit
av_buffer_pool_init
av_buffer_allocz
av_bprint_clear
av_get_token
av_realloc_array
av_get_pix_fmt_name
av_pix_fmt_desc_get
av_fifo_generic_write
av_fifo_generic_read
av_fifo_size
av_fifo_freep
av_fifo_alloc
av_hwframe_transfer_data
av_hwframe_get_buffer
av_hwframe_ctx_init
av_hwframe_ctx_alloc
av_hwdevice_ctx_create
av_frame_free
av_frame_alloc
av_div_q
av_mul_q
av_bprint_finalize
av_bprintf
av_bprint_init
av_strtok
av_opt_set_dict2
av_opt_free
av_dict_free
av_dict_parse_string
av_dynarray_add_nofree
av_strdup
av_default_item_name
avpriv_set_systematic_pal2
av_opt_next
av_opt_set_from_string
avpriv_request_sample
av_realloc_f
av_image_copy_to_buffer
av_image_get_buffer_size
av_image_fill_arrays
av_image_copy
av_image_alloc
av_buffer_realloc
av_buffer_unref
av_buffer_ref
av_buffer_default_free
av_buffer_create
av_buffer_alloc
av_rescale_q
av_dict_set
av_dict_get
av_log
av_freep
av_realloc
av_opt_set_defaults
av_mallocz
av_free
avpriv_slicethread_execute
av_malloc

ole32

CoTaskMemFree

kernel32

OutputDebugStringW
HeapSize
GetFileSizeEx
GetStringTypeW
GetFileAttributesExW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
DecodePointer
SetFilePointerEx
ReadConsoleW
ReadFile
SetEndOfFile
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleMode
GetConsoleOutputCP
WriteFile
GetStdHandle
HeapFree
HeapAlloc
GetCurrentThread
SetConsoleCtrlHandler
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
GetFileType
CreateFileW
RaiseException
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
GetLastError
RtlUnwind
InterlockedFlushSList
InterlockedPushEntrySList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
CreateSemaphoreA
CreateEventA
WaitForSingleObject
ReleaseSemaphore
ResetEvent
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CloseHandle
WaitForSingleObjectEx
ReleaseMutex
MultiByteToWideChar
LoadLibraryExW
LoadLibraryExA
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
Sleep
FlushFileBuffers
GetTempPathW
WriteConsoleW
HeapReAlloc

Exports

Exports

audio_resample
audio_resample_close
av_audio_convert
av_audio_convert_alloc
av_audio_convert_free
av_audio_resample_init
av_bitstream_filter_close
av_bitstream_filter_filter
av_bitstream_filter_init
av_bitstream_filter_next
av_bsf_alloc
av_bsf_free
av_bsf_get_by_name
av_bsf_get_class
av_bsf_get_null_filter
av_bsf_init
av_bsf_list_alloc
av_bsf_list_append
av_bsf_list_append2
av_bsf_list_finalize
av_bsf_list_free
av_bsf_list_parse_str
av_bsf_next
av_bsf_receive_packet
av_bsf_send_packet
av_codec_ffversion
av_codec_get_chroma_intra_matrix
av_codec_get_codec_descriptor
av_codec_get_codec_properties
av_codec_get_lowres
av_codec_get_max_lowres
av_codec_get_pkt_timebase
av_codec_get_seek_preroll
av_codec_is_decoder
av_codec_is_encoder
av_codec_next
av_codec_set_chroma_intra_matrix
av_codec_set_codec_descriptor
av_codec_set_lowres
av_codec_set_pkt_timebase
av_codec_set_seek_preroll
av_copy_packet
av_copy_packet_side_data
av_cpb_properties_alloc
av_d3d11va_alloc_context
av_dirac_parse_sequence_header
av_dup_packet
av_dv_codec_profile
av_dv_codec_profile2
av_dv_frame_profile
av_fast_padded_malloc
av_fast_padded_mallocz
av_fopen_utf8
av_free_packet
av_get_audio_frame_duration
av_get_audio_frame_duration2
av_get_bits_per_sample
av_get_codec_tag_string
av_get_exact_bits_per_sample
av_get_pcm_codec
av_get_profile_name
av_grow_packet
av_hwaccel_next
av_init_packet
av_jni_get_java_vm
av_jni_set_java_vm
av_lockmgr_register
av_log_ask_for_sample
av_log_missing_feature
av_mediacodec_alloc_context
av_mediacodec_default_free
av_mediacodec_default_init
av_mediacodec_release_buffer
av_new_packet
av_packet_add_side_data
av_packet_alloc
av_packet_clone
av_packet_copy_props
av_packet_free
av_packet_free_side_data
av_packet_from_data
av_packet_get_side_data
av_packet_merge_side_data
av_packet_move_ref
av_packet_new_side_data
av_packet_pack_dictionary
av_packet_ref
av_packet_rescale_ts
av_packet_shrink_side_data
av_packet_side_data_name
av_packet_split_side_data
av_packet_unpack_dictionary
av_packet_unref
av_parser_change
av_parser_close
av_parser_init
av_parser_next
av_parser_parse2
av_picture_copy
av_picture_crop
av_picture_pad
av_qsv_alloc_context
av_register_bitstream_filter
av_register_codec_parser
av_register_hwaccel
av_resample
av_resample_close
av_resample_compensate
av_resample_init
av_shrink_packet
av_vorbis_parse_frame
av_vorbis_parse_frame_flags
av_vorbis_parse_free
av_vorbis_parse_init
av_vorbis_parse_reset
av_xiphlacing
avcodec_align_dimensions
avcodec_align_dimensions2
avcodec_alloc_context3
avcodec_chroma_pos_to_enum
avcodec_close
avcodec_configuration
avcodec_copy_context
avcodec_dct_alloc
avcodec_dct_get_class
avcodec_dct_init
avcodec_decode_audio4
avcodec_decode_subtitle2
avcodec_decode_video2
avcodec_default_execute
avcodec_default_execute2
avcodec_default_get_buffer2
avcodec_default_get_format
avcodec_descriptor_get
avcodec_descriptor_get_by_name
avcodec_descriptor_next
avcodec_encode_audio2
avcodec_encode_subtitle
avcodec_encode_video2
avcodec_enum_to_chroma_pos
avcodec_fill_audio_frame
avcodec_find_best_pix_fmt2
avcodec_find_best_pix_fmt_of_2
avcodec_find_best_pix_fmt_of_list
avcodec_find_decoder
avcodec_find_decoder_by_name
avcodec_find_encoder
avcodec_find_encoder_by_name
avcodec_flush_buffers
avcodec_free_context
avcodec_get_chroma_sub_sample
avcodec_get_class
avcodec_get_context_defaults3
avcodec_get_edge_width
avcodec_get_frame_class
avcodec_get_name
avcodec_get_pix_fmt_loss
avcodec_get_subtitle_rect_class
avcodec_get_type
avcodec_is_open
avcodec_license
avcodec_open2
avcodec_parameters_alloc
avcodec_parameters_copy
avcodec_parameters_free
avcodec_parameters_from_context
avcodec_parameters_to_context
avcodec_pix_fmt_to_codec_tag
avcodec_profile_name
avcodec_receive_frame
avcodec_receive_packet
avcodec_register
avcodec_register_all
avcodec_send_frame
avcodec_send_packet
avcodec_set_dimensions
avcodec_string
avcodec_version
avpicture_alloc
avpicture_fill
avpicture_free
avpicture_get_size
avpicture_layout
avpriv_align_put_bits
avpriv_bprint_to_extradata
avpriv_codec_get_cap_skip_frame_fill_param
avpriv_copy_bits
avpriv_exif_decode_ifd
avpriv_find_pix_fmt
avpriv_find_start_code
avpriv_get_raw_pix_fmt_tags
avpriv_lock_avformat
avpriv_mjpeg_bits_ac_chrominance
avpriv_mjpeg_bits_ac_luminance
avpriv_mjpeg_bits_dc_chrominance
avpriv_mjpeg_bits_dc_luminance
avpriv_mjpeg_val_ac_chrominance
avpriv_mjpeg_val_ac_luminance
avpriv_mjpeg_val_dc
avpriv_pix_fmt_bps_avi
avpriv_pix_fmt_bps_mov
avpriv_put_string
avpriv_split_xiph_headers
avpriv_toupper4
avpriv_unlock_avformat
avsubtitle_free

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 265B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/avdevice-57.dll
.dll windows x86

c5f08f19fece46a1b47528bfb60c04da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

avformat-57

av_iformat_next
av_oformat_next
avformat_free_context
avformat_alloc_output_context2
avformat_alloc_context
av_find_input_format
av_format_get_control_message_cb

avutil-55

av_dict_free
av_free
av_mallocz
av_log
av_dict_copy
av_opt_set_defaults
av_opt_set_dict
av_opt_set_dict2
av_default_item_name
av_strdup
av_freep

kernel32

EncodePointer
OutputDebugStringW
WriteConsoleW
GetFileSizeEx
GetTempPathW
FlushFileBuffers
HeapReAlloc
HeapSize
GetStringTypeW
GetFileAttributesExW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
Sleep
GetModuleHandleA
GetProcAddress
MultiByteToWideChar
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
IsValidCodePage
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
DecodePointer
RaiseException
CreateFileW
GetFileType
CloseHandle
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
SetConsoleCtrlHandler
GetCurrentThread
HeapFree
WriteFile
GetConsoleOutputCP
GetConsoleMode
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
SetEndOfFile
ReadFile
ReadConsoleW
SetFilePointerEx
GetStdHandle
FindClose
FindFirstFileExW
FindNextFileW

Exports

Exports

av_device_capabilities
av_device_ffversion
av_fopen_utf8
av_input_audio_device_next
av_input_video_device_next
av_output_audio_device_next
av_output_video_device_next
avdevice_app_to_dev_control_message
avdevice_capabilities_create
avdevice_capabilities_free
avdevice_configuration
avdevice_dev_to_app_control_message
avdevice_free_list_devices
avdevice_license
avdevice_list_devices
avdevice_list_input_sources
avdevice_list_output_sinks
avdevice_register_all
avdevice_version

Sections

.text
Size: 380KB - Virtual size: 379KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 265B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/avfilter-6.dll
.dll windows x86

260494e9fe6b85ddc2d99b9a9a6daf2d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

swscale-4

sws_isSupportedInput
sws_get_class
sws_getColorspaceDetails
sws_setColorspaceDetails
sws_scale
sws_freeContext
sws_init_context
sws_alloc_context
sws_isSupportedEndiannessConversion
sws_isSupportedOutput
sws_getCoefficients

avutil-55

av_get_pix_fmt
av_parse_ratio
av_buffer_pool_init
av_buffer_pool_uninit
av_buffer_pool_get
avpriv_set_systematic_pal2
av_pix_fmt_desc_next
av_image_fill_linesizes
av_image_check_size
av_bprint_chars
av_bprint_finalize
av_strlcpy
av_asprintf
av_get_token
avpriv_slicethread_create
avpriv_slicethread_execute
avpriv_slicethread_free
av_rescale
av_expr_parse_and_eval
av_reduce
av_mul_q
av_opt_eval_flags
av_parse_video_size
av_hwframe_get_buffer
av_strtod
av_get_extended_channel_layout
av_frame_clone
av_get_bits_per_pixel
av_frame_alloc
av_fifo_realloc2
av_fifo_generic_write
av_fifo_generic_read
av_fifo_space
av_fifo_size
av_fifo_freep
av_fifo_alloc
av_frame_move_ref
av_frame_ref
av_opt_set_bin
av_opt_set_int
av_int_list_length_for_size
av_pix_fmt_desc_get_id
av_find_best_pix_fmt_of_2
av_get_pix_fmt_name
av_pix_fmt_desc_get
av_sample_fmt_is_planar
av_get_bytes_per_sample
av_get_planar_sample_fmt
av_get_packed_sample_fmt
av_get_sample_fmt_name
av_bprintf
av_bprint_init
av_memdup
av_realloc
av_opt_set
av_opt_next
av_opt_find
av_opt_get_key_value
av_opt_set_dict2
av_opt_set_dict
av_opt_free
av_opt_set_defaults
av_image_copy
av_frame_copy_props
av_frame_is_writable
av_frame_free
av_samples_copy
av_expr_free
av_expr_eval
av_expr_parse
av_get_channel_layout_string
av_buffer_unref
av_buffer_ref
av_strlcatf
av_rescale_q
av_dict_free
av_dict_set
av_dict_get
av_strdup
av_freep
av_free
av_realloc_array
av_calloc
av_mallocz
av_malloc
av_strerror
av_get_media_type_string
av_samples_set_silence
av_buffer_allocz
av_get_channel_layout_nb_channels
av_get_sample_fmt
av_log
av_get_channel_layout
av_default_item_name
av_samples_get_buffer_size

kernel32

WriteConsoleW
CreateFileW
OutputDebugStringW
CloseHandle
ReadConsoleW
ReadFile
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
HeapReAlloc
HeapSize
GetFileSizeEx
GetStringTypeW
GetProcessHeap
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
DecodePointer
GetFileType
GetStdHandle
HeapAlloc
HeapFree
SetConsoleCtrlHandler
GetCurrentThread
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
RaiseException
EncodePointer
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
RtlUnwind
InterlockedFlushSList
InterlockedPushEntrySList
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetProcAddress
GetModuleHandleA
Sleep
SetStdHandle
SetFilePointerEx

Exports

Exports

av_abuffersink_params_alloc
av_buffersink_get_channel_layout
av_buffersink_get_channels
av_buffersink_get_format
av_buffersink_get_frame
av_buffersink_get_frame_flags
av_buffersink_get_frame_rate
av_buffersink_get_h
av_buffersink_get_hw_frames_ctx
av_buffersink_get_sample_aspect_ratio
av_buffersink_get_sample_rate
av_buffersink_get_samples
av_buffersink_get_time_base
av_buffersink_get_type
av_buffersink_get_w
av_buffersink_params_alloc
av_buffersink_set_frame_size
av_buffersrc_add_frame
av_buffersrc_add_frame_flags
av_buffersrc_close
av_buffersrc_get_nb_failed_requests
av_buffersrc_parameters_alloc
av_buffersrc_parameters_set
av_buffersrc_write_frame
av_filter_ffversion
av_filter_next
avfilter_add_matrix
avfilter_all_channel_layouts
avfilter_config_links
avfilter_configuration
avfilter_free
avfilter_get_by_name
avfilter_get_class
avfilter_get_matrix
avfilter_graph_add_filter
avfilter_graph_alloc
avfilter_graph_alloc_filter
avfilter_graph_config
avfilter_graph_create_filter
avfilter_graph_dump
avfilter_graph_free
avfilter_graph_get_filter
avfilter_graph_parse
avfilter_graph_parse2
avfilter_graph_parse_ptr
avfilter_graph_queue_command
avfilter_graph_request_oldest
avfilter_graph_send_command
avfilter_graph_set_auto_convert
avfilter_init_dict
avfilter_init_filter
avfilter_init_str
avfilter_inout_alloc
avfilter_inout_free
avfilter_insert_filter
avfilter_license
avfilter_link
avfilter_link_free
avfilter_link_get_channels
avfilter_link_set_closed
avfilter_make_format64_list
avfilter_mul_matrix
avfilter_next
avfilter_open
avfilter_pad_count
avfilter_pad_get_name
avfilter_pad_get_type
avfilter_process_command
avfilter_register
avfilter_register_all
avfilter_sub_matrix
avfilter_transform
avfilter_uninit
avfilter_version

Sections

.text
Size: 452KB - Virtual size: 451KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 265B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/avformat-57.dll
.dll windows x86

fceaeffc365dac62c6659f12c3f4e945

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

avcodec-57

av_packet_new_side_data
av_grow_packet
av_packet_free
av_packet_alloc
avcodec_close
avcodec_open2
avcodec_parameters_free
avcodec_parameters_alloc
av_packet_get_side_data
avcodec_register_all
av_codec_set_lowres
av_codec_get_lowres
av_codec_set_pkt_timebase
av_shrink_packet
avcodec_find_decoder
avpriv_toupper4
avcodec_descriptor_get
av_bsf_receive_packet
av_bsf_send_packet
avcodec_decode_subtitle2
avcodec_send_packet
avcodec_receive_frame
av_parser_init
av_parser_parse2
av_parser_close
avcodec_pix_fmt_to_codec_tag
av_get_audio_frame_duration2
av_bitstream_filter_filter
av_bsf_get_by_name
av_bsf_alloc
av_bsf_init
av_bsf_free
avcodec_get_name
avcodec_is_open
av_codec_is_decoder
avpriv_codec_get_cap_skip_frame_fill_param
avpriv_get_raw_pix_fmt_tags
av_codec_next
av_get_audio_frame_duration
av_get_bits_per_sample
av_packet_split_side_data
av_packet_merge_side_data
avcodec_parameters_from_context
av_packet_ref
avcodec_parameters_copy
av_packet_unref
av_new_packet
av_init_packet
avcodec_string
avcodec_parameters_to_context
avcodec_free_context
avcodec_alloc_context3
avpriv_find_pix_fmt

avutil-55

av_bprint_finalize
av_frame_alloc
av_buffer_default_free
av_buffer_create
av_gettime
av_parse_time
av_opt_ptr
av_opt_get_dict_val
av_opt_next
av_opt_set_from_string
avpriv_dict_set_timestamp
av_add_stable
av_compare_mod
av_rescale_rnd
av_gcd
av_div_q
av_mul_q
av_dynarray_add
av_memdup
av_strndup
av_fast_realloc
av_realloc_array
av_strlcatf
av_strlcat
av_strerror
av_opt_set_dict2
av_frame_free
av_fourcc_make_string
av_compare_ts
av_rescale_q_rnd
av_rescale_q
av_pix_fmt_desc_get
av_get_pix_fmt
av_realloc
av_strcasecmp
av_buffer_unref
av_buffer_alloc
av_dynarray_add_nofree
av_fast_malloc
av_dict_free
av_opt_set_dict_val
av_strncasecmp
av_asprintf
av_dict_set_int
av_opt_get
av_match_name
av_stereo3d_type_name
av_spherical_projection_name
av_spherical_tile_bounds
av_display_rotation_get
av_dict_count
av_rescale
av_reduce
av_get_picture_type_char
av_get_channel_name
av_realloc_f
av_reallocp
av_crc
av_crc_get_table
av_bprint_append_data
av_default_item_name
av_usleep
av_gettime_relative
av_opt_copy
av_opt_set
av_opt_set_dict
av_opt_free
av_opt_set_defaults
av_log
av_strdup
av_freep
av_free
av_mallocz
av_malloc
av_dict_set
av_dict_get
av_match_list
av_strlcpy
av_strstart
av_dict_copy

ws2_32

getaddrinfo
select
htonl
ioctlsocket
__WSAFDIsSet
WSAGetLastError
WSACleanup
WSAStartup
freeaddrinfo
setsockopt
ntohl
listen
getsockopt
connect
closesocket
bind
accept
socket

kernel32

DecodePointer
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
MultiByteToWideChar
MoveFileExW
MoveFileExA
GetProcAddress
GetModuleHandleA
Sleep
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
SetFilePointerEx
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
CloseHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
ReadFile
GetConsoleMode
ReadConsoleW
WriteFile
GetConsoleOutputCP
OutputDebugStringW
GetTempPathW
WriteConsoleW
FlushFileBuffers
HeapReAlloc
HeapSize
GetStringTypeW
GetFileSizeEx
GetFileAttributesExW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
WideCharToMultiByte
GetTimeZoneInformation
SetEndOfFile
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFullPathNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetStdHandle
GetStdHandle
GetCurrentThread
HeapAlloc
HeapFree
SetConsoleCtrlHandler
GetSystemTimeAsFileTime

Exports

Exports

av_add_index_entry
av_append_packet
av_apply_bitstream_filters
av_codec_get_id
av_codec_get_tag
av_codec_get_tag2
av_demuxer_open
av_dump_format
av_filename_number_test
av_find_best_stream
av_find_default_stream_index
av_find_input_format
av_find_program_from_stream
av_fmt_ctx_get_duration_estimation_method
av_fopen_utf8
av_format_ffversion
av_format_get_audio_codec
av_format_get_control_message_cb
av_format_get_data_codec
av_format_get_metadata_header_padding
av_format_get_opaque
av_format_get_open_cb
av_format_get_probe_score
av_format_get_subtitle_codec
av_format_get_video_codec
av_format_inject_global_side_data
av_format_set_audio_codec
av_format_set_control_message_cb
av_format_set_data_codec
av_format_set_metadata_header_padding
av_format_set_opaque
av_format_set_open_cb
av_format_set_subtitle_codec
av_format_set_video_codec
av_get_frame_filename
av_get_frame_filename2
av_get_output_timestamp
av_get_packet
av_guess_codec
av_guess_format
av_guess_frame_rate
av_guess_sample_aspect_ratio
av_hex_dump
av_hex_dump_log
av_iformat_next
av_index_search_timestamp
av_interleaved_write_frame
av_interleaved_write_uncoded_frame
av_match_ext
av_new_program
av_oformat_next
av_pkt_dump2
av_pkt_dump_log2
av_probe_input_buffer
av_probe_input_buffer2
av_probe_input_format
av_probe_input_format2
av_probe_input_format3
av_program_add_stream_index
av_read_frame
av_read_pause
av_read_play
av_register_all
av_register_input_format
av_register_output_format
av_sdp_create
av_seek_frame
av_stream_add_side_data
av_stream_get_codec_timebase
av_stream_get_end_pts
av_stream_get_parser
av_stream_get_r_frame_rate
av_stream_get_recommended_encoder_configuration
av_stream_get_side_data
av_stream_new_side_data
av_stream_set_r_frame_rate
av_stream_set_recommended_encoder_configuration
av_url_split
av_write_frame
av_write_trailer
av_write_uncoded_frame
av_write_uncoded_frame_query
avformat_alloc_context
avformat_alloc_output_context2
avformat_close_input
avformat_configuration
avformat_find_stream_info
avformat_flush
avformat_free_context
avformat_get_class
avformat_get_riff_audio_tags
avformat_get_riff_video_tags
avformat_init_output
avformat_license
avformat_match_stream_specifier
avformat_network_deinit
avformat_network_init
avformat_new_stream
avformat_open_input
avformat_query_codec
avformat_queue_attached_pictures
avformat_seek_file
avformat_transfer_internal_stream_timing_info
avformat_version
avformat_write_header
avio_accept
avio_alloc_context
avio_check
avio_close
avio_close_dir
avio_close_dyn_buf
avio_closep
avio_context_free
avio_enum_protocols
avio_feof
avio_find_protocol_name
avio_flush
avio_free_directory_entry
avio_get_dyn_buf
avio_get_str
avio_get_str16be
avio_get_str16le
avio_handshake
avio_open
avio_open2
avio_open_dir
avio_open_dyn_buf
avio_pause
avio_printf
avio_put_str
avio_put_str16be
avio_put_str16le
avio_r8
avio_rb16
avio_rb24
avio_rb32
avio_rb64
avio_read
avio_read_dir
avio_read_partial
avio_read_to_bprint
avio_rl16
avio_rl24
avio_rl32
avio_rl64
avio_seek
avio_seek_time
avio_size
avio_skip
avio_w8
avio_wb16
avio_wb24
avio_wb32
avio_wb64
avio_wl16
avio_wl24
avio_wl32
avio_wl64
avio_write
avio_write_marker
avpriv_io_delete
avpriv_io_move
avpriv_new_chapter
avpriv_set_pts_info
ff_inet_aton
ff_socket_nonblock
ffio_open_dyn_packet_buf
ffio_set_buf_size
ffurl_close
ffurl_closep
ffurl_open
ffurl_open_whitelist
ffurl_write
url_feof

Sections

.text
Size: 657KB - Virtual size: 656KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 265B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/avutil-55.dll
.dll windows x86

efeb78ae5ce4314f1579e7a8eeaa522b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetDesktopWindow

advapi32

CryptGenRandom
CryptAcquireContextA
CryptReleaseContext

kernel32

GetTempPathW
CreateFileW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentProcess
GetProcessAffinityMask
CloseHandle
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
MultiByteToWideChar
GetSystemDirectoryW
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExA
LoadLibraryExW
ReleaseMutex
WaitForSingleObjectEx
CreateMutexA
Sleep
GetModuleHandleA
LoadLibraryA
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventA
CreateSemaphoreA
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
FlushFileBuffers
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
WriteConsoleW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetStdHandle
QueryPerformanceFrequency
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
HeapFree
HeapAlloc
GetCurrentThread
SetConsoleCtrlHandler
WideCharToMultiByte
DecodePointer
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetEndOfFile
ReadFile
ReadConsoleW
SetFilePointerEx
HeapReAlloc
HeapSize
HeapQueryInformation
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
GetFileAttributesExW
GetFileSizeEx
GetStringTypeW
OutputDebugStringW

Exports

Exports

av_add_i
av_add_q
av_add_stable
av_adler32_update
av_aes_alloc
av_aes_crypt
av_aes_ctr_alloc
av_aes_ctr_crypt
av_aes_ctr_free
av_aes_ctr_get_iv
av_aes_ctr_increment_iv
av_aes_ctr_init
av_aes_ctr_set_iv
av_aes_ctr_set_random_iv
av_aes_init
av_aes_size
av_append_path_component
av_asprintf
av_assert0_fpu
av_audio_fifo_alloc
av_audio_fifo_drain
av_audio_fifo_free
av_audio_fifo_peek
av_audio_fifo_peek_at
av_audio_fifo_read
av_audio_fifo_realloc
av_audio_fifo_reset
av_audio_fifo_size
av_audio_fifo_space
av_audio_fifo_write
av_base64_decode
av_base64_encode
av_basename
av_blowfish_alloc
av_blowfish_crypt
av_blowfish_crypt_ecb
av_blowfish_init
av_bmg_get
av_bprint_append_data
av_bprint_channel_layout
av_bprint_chars
av_bprint_clear
av_bprint_escape
av_bprint_finalize
av_bprint_get_buffer
av_bprint_init
av_bprint_init_for_buffer
av_bprint_strftime
av_bprintf
av_buffer_alloc
av_buffer_allocz
av_buffer_create
av_buffer_default_free
av_buffer_get_opaque
av_buffer_get_ref_count
av_buffer_is_writable
av_buffer_make_writable
av_buffer_pool_get
av_buffer_pool_init
av_buffer_pool_init2
av_buffer_pool_uninit
av_buffer_realloc
av_buffer_ref
av_buffer_unref
av_calloc
av_camellia_alloc
av_camellia_crypt
av_camellia_init
av_camellia_size
av_cast5_alloc
av_cast5_crypt
av_cast5_crypt2
av_cast5_init
av_cast5_size
av_channel_layout_extract_channel
av_chroma_location_from_name
av_chroma_location_name
av_cmp_i
av_color_primaries_from_name
av_color_primaries_name
av_color_range_from_name
av_color_range_name
av_color_space_from_name
av_color_space_name
av_color_transfer_from_name
av_color_transfer_name
av_compare_mod
av_compare_ts
av_content_light_metadata_alloc
av_content_light_metadata_create_side_data
av_cpu_count
av_cpu_max_align
av_crc
av_crc_get_table
av_crc_init
av_d2q
av_d2str
av_default_get_category
av_default_item_name
av_des_alloc
av_des_crypt
av_des_init
av_des_mac
av_dict_copy
av_dict_count
av_dict_free
av_dict_get
av_dict_get_string
av_dict_parse_string
av_dict_set
av_dict_set_int
av_dirname
av_display_matrix_flip
av_display_rotation_get
av_display_rotation_set
av_div_i
av_div_q
av_downmix_info_update_side_data
av_dynarray2_add
av_dynarray_add
av_dynarray_add_nofree
av_escape
av_expr_eval
av_expr_free
av_expr_parse
av_expr_parse_and_eval
av_fast_malloc
av_fast_mallocz
av_fast_realloc
av_fifo_alloc
av_fifo_alloc_array
av_fifo_drain
av_fifo_free
av_fifo_freep
av_fifo_generic_peek
av_fifo_generic_peek_at
av_fifo_generic_read
av_fifo_generic_write
av_fifo_grow
av_fifo_realloc2
av_fifo_reset
av_fifo_size
av_fifo_space
av_file_map
av_file_unmap
av_find_best_pix_fmt_of_2
av_find_info_tag
av_find_nearest_q_idx
av_fopen_utf8
av_force_cpu_flags
av_fourcc_make_string
av_frame_alloc
av_frame_apply_cropping
av_frame_clone
av_frame_copy
av_frame_copy_props
av_frame_free
av_frame_get_best_effort_timestamp
av_frame_get_buffer
av_frame_get_channel_layout
av_frame_get_channels
av_frame_get_color_range
av_frame_get_colorspace
av_frame_get_decode_error_flags
av_frame_get_metadata
av_frame_get_pkt_duration
av_frame_get_pkt_pos
av_frame_get_pkt_size
av_frame_get_plane_buffer
av_frame_get_qp_table
av_frame_get_sample_rate
av_frame_get_side_data
av_frame_is_writable
av_frame_make_writable
av_frame_move_ref
av_frame_new_side_data
av_frame_ref
av_frame_remove_side_data
av_frame_set_best_effort_timestamp
av_frame_set_channel_layout
av_frame_set_channels
av_frame_set_color_range
av_frame_set_colorspace
av_frame_set_decode_error_flags
av_frame_set_metadata
av_frame_set_pkt_duration
av_frame_set_pkt_pos
av_frame_set_pkt_size
av_frame_set_qp_table
av_frame_set_sample_rate
av_frame_side_data_name
av_frame_unref
av_free
av_freep
av_gcd
av_get_alt_sample_fmt
av_get_bits_per_pixel
av_get_bytes_per_sample
av_get_channel_description
av_get_channel_layout
av_get_channel_layout_channel_index
av_get_channel_layout_nb_channels
av_get_channel_layout_string
av_get_channel_name
av_get_colorspace_name
av_get_cpu_flags
av_get_default_channel_layout
av_get_extended_channel_layout
av_get_known_color_name
av_get_media_type_string
av_get_packed_sample_fmt
av_get_padded_bits_per_pixel
av_get_picture_type_char
av_get_pix_fmt
av_get_pix_fmt_loss
av_get_pix_fmt_name
av_get_pix_fmt_string
av_get_planar_sample_fmt
av_get_random_seed
av_get_sample_fmt
av_get_sample_fmt_name
av_get_sample_fmt_string
av_get_standard_channel_layout
av_get_time_base_q
av_get_token
av_gettime
av_gettime_relative
av_gettime_relative_is_monotonic
av_hash_alloc
av_hash_final
av_hash_final_b64
av_hash_final_bin
av_hash_final_hex
av_hash_freep
av_hash_get_name
av_hash_get_size
av_hash_init
av_hash_names
av_hash_update
av_hmac_alloc
av_hmac_calc
av_hmac_final
av_hmac_free
av_hmac_init
av_hmac_update
av_hwdevice_ctx_alloc
av_hwdevice_ctx_create
av_hwdevice_ctx_create_derived
av_hwdevice_ctx_init
av_hwdevice_find_type_by_name
av_hwdevice_get_hwframe_constraints
av_hwdevice_get_type_name
av_hwdevice_hwconfig_alloc
av_hwdevice_iterate_types
av_hwframe_constraints_free
av_hwframe_ctx_alloc
av_hwframe_ctx_create_derived
av_hwframe_ctx_init
av_hwframe_get_buffer
av_hwframe_map
av_hwframe_transfer_data
av_hwframe_transfer_get_formats
av_i2int
av_image_alloc
av_image_check_sar
av_image_check_size
av_image_check_size2
av_image_copy
av_image_copy_plane
av_image_copy_to_buffer
av_image_copy_uc_from
av_image_fill_arrays
av_image_fill_black
av_image_fill_linesizes
av_image_fill_max_pixsteps
av_image_fill_pointers
av_image_get_buffer_size
av_image_get_linesize
av_int2i
av_int_list_length_for_size
av_lfg_init
av_lfg_init_from_data
av_log
av_log2
av_log2_16bit
av_log2_i
av_log_default_callback
av_log_format_line
av_log_format_line2
av_log_get_flags
av_log_get_level
av_log_set_callback
av_log_set_flags
av_log_set_level
av_malloc
av_mallocz
av_mastering_display_metadata_alloc
av_mastering_display_metadata_create_side_data
av_match_list
av_match_name
av_max_alloc
av_md5_alloc
av_md5_final
av_md5_init
av_md5_size
av_md5_sum
av_md5_update
av_memcpy_backptr
av_memdup
av_mod_i
av_mul_i
av_mul_q
av_murmur3_alloc
av_murmur3_final
av_murmur3_init
av_murmur3_init_seeded
av_murmur3_update
av_nearer_q
av_opt_child_class_next
av_opt_child_next
av_opt_copy
av_opt_eval_double
av_opt_eval_flags
av_opt_eval_float
av_opt_eval_int
av_opt_eval_int64
av_opt_eval_q
av_opt_find
av_opt_find2
av_opt_flag_is_set
av_opt_free
av_opt_freep_ranges
av_opt_get
av_opt_get_channel_layout
av_opt_get_dict_val
av_opt_get_double
av_opt_get_image_size
av_opt_get_int
av_opt_get_key_value
av_opt_get_pixel_fmt
av_opt_get_q
av_opt_get_sample_fmt
av_opt_get_video_rate
av_opt_is_set_to_default
av_opt_is_set_to_default_by_name
av_opt_next
av_opt_ptr
av_opt_query_ranges
av_opt_query_ranges_default
av_opt_serialize
av_opt_set
av_opt_set_bin
av_opt_set_channel_layout
av_opt_set_defaults
av_opt_set_defaults2
av_opt_set_dict
av_opt_set_dict2
av_opt_set_dict_val
av_opt_set_double
av_opt_set_from_string
av_opt_set_image_size
av_opt_set_int
av_opt_set_pixel_fmt
av_opt_set_q
av_opt_set_sample_fmt
av_opt_set_video_rate
av_opt_show2
av_parse_color
av_parse_cpu_caps
av_parse_cpu_flags
av_parse_ratio
av_parse_time
av_parse_video_rate
av_parse_video_size
av_pix_fmt_count_planes
av_pix_fmt_desc_get
av_pix_fmt_desc_get_id
av_pix_fmt_desc_next
av_pix_fmt_get_chroma_sub_sample
av_pix_fmt_swap_endianness
av_pixelutils_get_sad_fn
av_q2intfloat
av_rc4_alloc
av_rc4_crypt
av_rc4_init
av_read_image_line
av_realloc
av_realloc_array
av_realloc_f
av_reallocp
av_reallocp_array
av_reduce
av_rescale
av_rescale_delta
av_rescale_q
av_rescale_q_rnd
av_rescale_rnd
av_ripemd_alloc
av_ripemd_final
av_ripemd_init
av_ripemd_size
av_ripemd_update
av_sample_fmt_is_planar
av_samples_alloc
av_samples_alloc_array_and_samples
av_samples_copy
av_samples_fill_arrays
av_samples_get_buffer_size
av_samples_set_silence
av_set_cpu_flags_mask
av_set_options_string
av_sha512_alloc
av_sha512_final
av_sha512_init
av_sha512_size
av_sha512_update
av_sha_alloc
av_sha_final
av_sha_init
av_sha_size
av_sha_update
av_shr_i
av_small_strptime
av_spherical_alloc
av_spherical_from_name
av_spherical_projection_name
av_spherical_tile_bounds
av_stereo3d_alloc
av_stereo3d_create_side_data
av_stereo3d_from_name
av_stereo3d_type_name
av_strcasecmp
av_strdup
av_strerror
av_strireplace
av_stristart
av_stristr
av_strlcat
av_strlcatf
av_strlcpy
av_strncasecmp
av_strndup
av_strnstr
av_strstart
av_strtod
av_strtok
av_sub_i
av_sub_q
av_tea_alloc
av_tea_crypt
av_tea_init
av_tea_size
av_tempfile
av_thread_message_flush
av_thread_message_queue_alloc
av_thread_message_queue_free
av_thread_message_queue_recv
av_thread_message_queue_send
av_thread_message_queue_set_err_recv
av_thread_message_queue_set_err_send
av_thread_message_queue_set_free_func
av_timecode_adjust_ntsc_framenum2
av_timecode_check_frame_rate
av_timecode_get_smpte_from_framenum
av_timecode_init
av_timecode_init_from_string
av_timecode_make_mpeg_tc_string
av_timecode_make_smpte_tc_string
av_timecode_make_string
av_timegm
av_tree_destroy
av_tree_enumerate
av_tree_find
av_tree_insert
av_tree_node_alloc
av_tree_node_size
av_twofish_alloc
av_twofish_crypt
av_twofish_init
av_twofish_size
av_usleep
av_utf8_decode
av_util_ffversion
av_vbprintf
av_version_info
av_vlog
av_write_image_line
av_xtea_alloc
av_xtea_crypt
av_xtea_init
av_xtea_le_crypt
av_xtea_le_init
avpriv_alloc_fixed_dsp
avpriv_cga_font
avpriv_dict_set_timestamp
avpriv_float_dsp_alloc
avpriv_frame_get_metadatap
avpriv_get_gamma_from_trc
avpriv_get_trc_function_from_trc
avpriv_init_lls

Sections

.text
Size: 843KB - Virtual size: 843KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 512B - Virtual size: 294B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 265B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/decode.dat
.exe windows x86

Code Sign

1b:e7:15
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

01/01/2014, 07:00

Not After

30/05/2031, 07:00

Subject

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:90:43:c9:3e:53:51:5a
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

02/12/2015, 17:56

Not After

02/12/2017, 17:56

Subject

CN=X-Ways Software Technology AG,O=X-Ways Software Technology AG,L=Bünde,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:0f:36:7f:2c:54:72:21:9d:19:a0:fb:c1:80:cc:ce:0a:c8:54:37:b7:69:28:a6:23:20:d0:2b:06:1b:fc:ff
Signer

Actual PE Digest

52:0f:36:7f:2c:54:72:21:9d:19:a0:fb:c1:80:cc:ce:0a:c8:54:37:b7:69:28:a6:23:20:d0:2b:06:1b:fc:ff

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=X-Ways Software Technology AG,O=X-Ways Software Technology AG,L=Bünde,C=DE

03/10/2017, 16:05
Valid: true

Chain 1

CN=X-Ways Software Technology AG,O=X-Ways Software Technology AG,L=Bünde,C=DE

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Chain 2

CN=X-Ways Software Technology AG,O=X-Ways Software Technology AG,L=Bünde,C=DE

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/desktop.ini
xw_forensics203-SR-4/hash.dll
.dll windows x86

f6a1e1a2ad45e67dbfa16afc53a98f71

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
CloseHandle
ReadFile
GetLastError
CreateFileA
GetStringTypeW
GetStringTypeA
GetTickCount
RtlUnwind
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
HeapReAlloc
HeapSize
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
LCMapStringA
LCMapStringW

oleaut32

SysAllocStringLen

Sections

.text
Size: 252KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/hash2.dll
.dll windows x86

4128436cd9d3e26ed4a21dee2bf09332

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetLastError
InterlockedDecrement
GetCurrentThread
GetProcAddress
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryW
GetLocaleInfoW
WriteFile
GetModuleFileNameW
RtlUnwind
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapSize

Sections

.text
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/hid.dll
.dll windows x64

ab06e671f3675fedc50f9292c3b3db0d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateFileA
GetTempPathA
VirtualProtect
RtlMoveMemory
DisableThreadLibraryCalls

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces

Exports

Exports

HidD_FlushQueue
HidD_FreePreparsedData
HidD_GetAttributes
HidD_GetFeature
HidD_GetHidGuid
HidD_GetPreparsedData
HidD_GetProductString
HidD_GetSerialNumberString
HidD_SetFeature
HidP_GetCaps

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/hlib.dll
.dll windows x86

f8bf5340be9231aa7b5dba05b1b0aecc

Code Sign

10:35:e8:c6:a9:d3:e3:c4:6f:c1:1a:5a:d7:d2:86:01
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/10/2018, 00:00

Not After

08/10/2021, 23:59

Subject

CN=Ursa Minor Ltd.,O=Ursa Minor Ltd.,POSTALCODE=11602,STREET=24 Dr Joseph Riviere,L=Port Louis,ST=Port Louis,C=MU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fe:7c:6a:61:74:be:68:66:50:f3:1a:61:1c:f1:ed:cf:12:d0:df:6d:f3:d6:14:dd:9e:6d:01:82:6a:37:71:ff
Signer

Actual PE Digest

fe:7c:6a:61:74:be:68:66:50:f3:1a:61:1c:f1:ed:cf:12:d0:df:6d:f3:d6:14:dd:9e:6d:01:82:6a:37:71:ff

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Ursa Minor Ltd.,O=Ursa Minor Ltd.,POSTALCODE=11602,STREET=24 Dr Joseph Riviere,L=Port Louis,ST=Port Louis,C=MU

23/09/2022, 10:49
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoTaskMemFree

kernel32

FreeLibrary
SetDllDirectoryW
LoadLibraryExW
TryEnterCriticalSection
SetUnhandledExceptionFilter
ReadFile
FindFirstFileW
GetFileSizeEx
SetLastError
FindNextFileW
GetModuleHandleExW
GetDiskFreeSpaceW
SetFileTime
SetFilePointer
SetEndOfFile
FindClose
GetFileAttributesW
SetFileAttributesW
GetFileAttributesA
CreateFileA
FileTimeToSystemTime
DeleteFileW
MoveFileExW
GetFullPathNameW
WriteFile
GetDiskFreeSpaceA
FlushFileBuffers
TlsGetValue
GetEnvironmentVariableW
GetTimeZoneInformation
GlobalMemoryStatusEx
SetEnvironmentVariableW
InitializeCriticalSectionEx
GetVersionExW
GetSystemDirectoryW
MultiByteToWideChar
RaiseException
GetSystemInfo
GetProcAddress
GetModuleHandleW
GetLocaleInfoW
GetStartupInfoW
LoadLibraryA
HeapFree
TerminateProcess
HeapAlloc
GetProcessHeap
SetWaitableTimer
TlsSetValue
GetQueuedCompletionStatus
CreateEventA
ReleaseSemaphore
WaitForMultipleObjectsEx
WaitForSingleObjectEx
CreateSemaphoreA
InitializeCriticalSectionAndSpinCount
CreateEventW
VerSetConditionMask
VerifyVersionInfoW
CreateIoCompletionPort
SystemTimeToFileTime
GetDateFormatW
ResumeThread
GetStringTypeExW
LCMapStringW
GetUserDefaultLCID
QueryPerformanceCounter
QueryPerformanceFrequency
ResetEvent
OpenEventA
CreateWaitableTimerA
GetModuleHandleA
SetErrorMode
GetModuleFileNameW
DecodePointer
LoadLibraryW
GetStringTypeW
EncodePointer
LCMapStringEx
GetCPInfo
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetSystemTimeAsFileTime
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
GetFileType
ExitThread
FreeLibraryAndExitThread
ExitProcess
GetStdHandle
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
OpenProcess
GetCurrentThreadId
CreateFileW
CreateThread
OutputDebugStringW
Sleep
InitializeCriticalSection
VirtualAlloc
VirtualFree
FormatMessageA
TlsFree
WideCharToMultiByte
DeleteCriticalSection
LocalFree
QueueUserAPC
CloseHandle
TlsAlloc
TerminateThread
SetEvent
GetLastError
FormatMessageW
PostQueuedCompletionStatus
WaitForSingleObject
LeaveCriticalSection
WaitForMultipleObjects
EnterCriticalSection
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
WriteConsoleW
HeapReAlloc
GetTimeFormatW
CompareStringW
IsValidLocale
EnumSystemLocalesW
SetStdHandle
GetConsoleMode
ReadConsoleW
SetFilePointerEx

user32

CharUpperBuffW
IsWindow
IsWindowVisible
GetWindowThreadProcessId
GetClassNameW
GetSystemMetrics
CharLowerBuffW
EnumChildWindows
SendMessageTimeoutW
PostMessageW
LoadStringW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW

ws2_32

WSAStartup
WSACleanup

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

gdiplus

GdipDrawImageRectRectI
GdiplusStartup
GdipGetImageHeight
GdipCloneImage
GdipBitmapUnlockBits
GdipAlloc
GdipDeleteGraphics
GdipGetImagePixelFormat
GdipFree
GdipBitmapLockBits
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipCreateBitmapFromScan0
GdipSetImageAttributesWrapMode
GdipCreateImageAttributes
GdipSetInterpolationMode
GdipDisposeImageAttributes
GdipCreateBitmapFromStream
GdipDisposeImage

psapi

GetProcessMemoryInfo

shlwapi

PathAppendW

Exports

Exports

CTHFreeBuffer
CTHHeicFileToJpegFile
CTHHeicFileToJpegFileW
CTHHeicToJpeg
CTHInitInt
CTHLGetVersion
CTHSetLogCallback

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/indexcha.txt
xw_forensics203-SR-4/indexlng.txt
xw_forensics203-SR-4/indexwds.txt
xw_forensics203-SR-4/investigator.ini
xw_forensics203-SR-4/language.dat
xw_forensics203-SR-4/main.log
xw_forensics203-SR-4/msglog.txt
xw_forensics203-SR-4/pff.dat
.exe windows x86

b2f810ec4590c8822b823410efc4b91b

Code Sign

1b:e7:15
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

01/01/2014, 07:00

Not After

30/05/2031, 07:00

Subject

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:90:43:c9:3e:53:51:5a
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

02/12/2015, 17:56

Not After

02/12/2017, 17:56

Subject

CN=X-Ways Software Technology AG,O=X-Ways Software Technology AG,L=Bünde,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

15:d2:97:d6:56:08:47:0d:c9:78:8e:53:0b:ef:2f:36:a9:56:bc:68:36:c0:da:43:fb:71:a0:51:b1:4c:ce:cf
Signer

Actual PE Digest

15:d2:97:d6:56:08:47:0d:c9:78:8e:53:0b:ef:2f:36:a9:56:bc:68:36:c0:da:43:fb:71:a0:51:b1:4c:ce:cf

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=X-Ways Software Technology AG,O=X-Ways Software Technology AG,L=Bünde,C=DE

27/09/2017, 08:45
Valid: true

Chain 1

CN=X-Ways Software Technology AG,O=X-Ways Software Technology AG,L=Bünde,C=DE

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Chain 2

CN=X-Ways Software Technology AG,O=X-Ways Software Technology AG,L=Bünde,C=DE

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
HeapFree
GetProcessHeap
HeapSize
HeapReAlloc
GetLastError
GetFileAttributesW
CreateFileA
CreateFileW
CloseHandle
ReadFile
WriteFile
SetFilePointerEx
SetEndOfFile
GetFileType
DeviceIoControl
GetFileSizeEx
SetCurrentDirectoryA
GetCurrentDirectoryA
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
SetErrorMode
SetConsoleCtrlHandler
EnterCriticalSection
LeaveCriticalSection
GetCommandLineW
HeapSetInformation
WideCharToMultiByte
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DecodePointer
EncodePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
DeleteCriticalSection
Sleep
GetProcAddress
GetModuleHandleW
ExitProcess
RtlUnwind
GetConsoleCP
GetConsoleMode
SetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
RaiseException
MultiByteToWideChar
LoadLibraryW
IsProcessorFeaturePresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
FreeLibrary
FlushFileBuffers
WriteConsoleW
VirtualQuery
LCMapStringW
GetStringTypeW
FormatMessageW

zlib1

uncompress

Exports

Exports

libpff_attachment_data_read_buffer
libpff_attachment_data_seek_offset
libpff_attachment_get_data_file_io_handle
libpff_attachment_get_data_size
libpff_attachment_get_item
libpff_attachment_get_type
libpff_file_close
libpff_file_free
libpff_file_get_ascii_codepage
libpff_file_get_content_type
libpff_file_get_encryption_type
libpff_file_get_item_by_identifier
libpff_file_get_message_store
libpff_file_get_name_to_id_map
libpff_file_get_number_of_orphan_items
libpff_file_get_number_of_recovered_items
libpff_file_get_number_of_unallocated_blocks
libpff_file_get_orphan_item
libpff_file_get_recovered_item
libpff_file_get_root_folder
libpff_file_get_root_item
libpff_file_get_size
libpff_file_get_type
libpff_file_get_unallocated_block
libpff_file_initialize
libpff_file_is_corrupted
libpff_file_open
libpff_file_open_file_io_handle
libpff_file_open_wide
libpff_file_recover_items
libpff_file_set_ascii_codepage
libpff_file_signal_abort
libpff_folder_get_number_of_sub_associated_contents
libpff_folder_get_number_of_sub_folders
libpff_folder_get_number_of_sub_messages
libpff_folder_get_sub_associated_content
libpff_folder_get_sub_associated_contents
libpff_folder_get_sub_folder
libpff_folder_get_sub_folder_by_utf16_name
libpff_folder_get_sub_folder_by_utf8_name
libpff_folder_get_sub_folders
libpff_folder_get_sub_message
libpff_folder_get_sub_message_by_utf16_name
libpff_folder_get_sub_message_by_utf8_name
libpff_folder_get_sub_messages
libpff_folder_get_type
libpff_folder_get_unknowns
libpff_item_clone
libpff_item_free
libpff_item_get_entry_multi_value
libpff_item_get_entry_type
libpff_item_get_entry_value
libpff_item_get_entry_value_16bit
libpff_item_get_entry_value_16bit_by_utf16_name
libpff_item_get_entry_value_16bit_by_utf8_name
libpff_item_get_entry_value_32bit
libpff_item_get_entry_value_32bit_by_utf16_name
libpff_item_get_entry_value_32bit_by_utf8_name
libpff_item_get_entry_value_64bit
libpff_item_get_entry_value_64bit_by_utf16_name
libpff_item_get_entry_value_64bit_by_utf8_name
libpff_item_get_entry_value_binary_data
libpff_item_get_entry_value_binary_data_by_utf16_name
libpff_item_get_entry_value_binary_data_by_utf8_name
libpff_item_get_entry_value_binary_data_size
libpff_item_get_entry_value_binary_data_size_by_utf16_name
libpff_item_get_entry_value_binary_data_size_by_utf8_name
libpff_item_get_entry_value_boolean
libpff_item_get_entry_value_boolean_by_utf16_name
libpff_item_get_entry_value_boolean_by_utf8_name
libpff_item_get_entry_value_by_utf16_name
libpff_item_get_entry_value_by_utf8_name
libpff_item_get_entry_value_filetime
libpff_item_get_entry_value_filetime_by_utf16_name
libpff_item_get_entry_value_filetime_by_utf8_name
libpff_item_get_entry_value_floating_point
libpff_item_get_entry_value_floating_point_by_utf16_name
libpff_item_get_entry_value_floating_point_by_utf8_name
libpff_item_get_entry_value_guid
libpff_item_get_entry_value_size
libpff_item_get_entry_value_size_by_utf16_name
libpff_item_get_entry_value_size_by_utf8_name
libpff_item_get_entry_value_utf16_string
libpff_item_get_entry_value_utf16_string_by_utf16_name
libpff_item_get_entry_value_utf16_string_by_utf8_name
libpff_item_get_entry_value_utf16_string_size
libpff_item_get_entry_value_utf16_string_size_by_utf16_name
libpff_item_get_entry_value_utf16_string_size_by_utf8_name
libpff_item_get_entry_value_utf8_string
libpff_item_get_entry_value_utf8_string_by_utf16_name
libpff_item_get_entry_value_utf8_string_by_utf8_name
libpff_item_get_entry_value_utf8_string_size
libpff_item_get_entry_value_utf8_string_size_by_utf16_name
libpff_item_get_entry_value_utf8_string_size_by_utf8_name
libpff_item_get_identifier
libpff_item_get_number_of_entries
libpff_item_get_number_of_sets
libpff_item_get_number_of_sub_items
libpff_item_get_sub_item
libpff_item_get_sub_item_by_identifier
libpff_item_get_type
libpff_item_get_value_type
libpff_message_get_attachment
libpff_message_get_attachments
libpff_message_get_entry_value_utf16_string
libpff_message_get_entry_value_utf16_string_size
libpff_message_get_entry_value_utf8_string
libpff_message_get_entry_value_utf8_string_size
libpff_message_get_html_body
libpff_message_get_html_body_size
libpff_message_get_number_of_attachments
libpff_message_get_plain_text_body
libpff_message_get_plain_text_body_size
libpff_message_get_recipients
libpff_message_get_rtf_body
libpff_message_get_rtf_body_size
libpff_multi_value_free
libpff_multi_value_get_number_of_values
libpff_multi_value_get_value
libpff_multi_value_get_value_32bit
libpff_multi_value_get_value_64bit
libpff_multi_value_get_value_binary_data
libpff_multi_value_get_value_binary_data_size
libpff_multi_value_get_value_filetime
libpff_multi_value_get_value_guid
libpff_multi_value_get_value_utf16_string
libpff_multi_value_get_value_utf16_string_size
libpff_multi_value_get_value_utf8_string
libpff_multi_value_get_value_utf8_string_size
libpff_name_to_id_map_entry_get_guid
libpff_name_to_id_map_entry_get_number
libpff_name_to_id_map_entry_get_type
libpff_name_to_id_map_entry_get_utf16_string
libpff_name_to_id_map_entry_get_utf16_string_size
libpff_name_to_id_map_entry_get_utf8_string
libpff_name_to_id_map_entry_get_utf8_string_size
libpff_notify_set_stream
libpff_notify_set_verbose
libpff_notify_stream_close
libpff_notify_stream_open

Sections

.text
Size: 603KB - Virtual size: 602KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 467KB - Virtual size: 467KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/setup.exe
.exe windows x86

Code Sign

1b:e7:15
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

01/01/2014, 07:00

Not After

30/05/2031, 07:00

Subject

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ee:9d:54:af:0b:b0:ed:94
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

14/05/2020, 19:28

Not After

14/05/2023, 19:28

Subject

CN=X-Ways Software Technology Aktiengesellschaft,O=X-Ways Software Technology Aktiengesellschaft,L=Bünde,ST=Nordrhein-Westfalen,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b5:67:08:1e:55:f9:75:cd:ba:ca:27:11:77:49:d8:ae:e7:b4:fa:10:8c:fd:50:c2:0f:b9:ec:46:3b:72:0f:1a
Signer

Actual PE Digest

b5:67:08:1e:55:f9:75:cd:ba:ca:27:11:77:49:d8:ae:e7:b4:fa:10:8c:fd:50:c2:0f:b9:ec:46:3b:72:0f:1a

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=X-Ways Software Technology Aktiengesellschaft,O=X-Ways Software Technology Aktiengesellschaft,L=Bünde,ST=Nordrhein-Westfalen,C=DE

23/09/2022, 10:49
Valid: true

Chain 1

CN=X-Ways Software Technology Aktiengesellschaft,O=X-Ways Software Technology Aktiengesellschaft,L=Bünde,ST=Nordrhein-Westfalen,C=DE

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Chain 2

CN=X-Ways Software Technology Aktiengesellschaft,O=X-Ways Software Technology Aktiengesellschaft,L=Bünde,ST=Nordrhein-Westfalen,C=DE

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/sqlite3.dll
.dll windows x86

923aa130c21002b50b462e446b3be0d9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AreFileApisANSI
CloseHandle
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateMutexW
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FormatMessageW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetTickCount
GetVersionExA
GetVersionExW
HeapAlloc
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HeapValidate
InitializeCriticalSection
InterlockedCompareExchange
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
LockFile
LockFileEx
MapViewOfFile
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
ReadFile
SetEndOfFile
SetFilePointer
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TerminateProcess
TlsGetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnlockFile
UnlockFileEx
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteFile

msvcrt

__dllonexit
__setusermatherr
_amsg_exit
_beginthreadex
_endthreadex
_errno
_initterm
_iob
_lock
_onexit
localtime
calloc
fprintf
free
fwrite
malloc
memcmp
memmove
qsort
realloc
strcmp
strlen
strncmp
_unlock
abort
vfprintf

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_blob64
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_text64
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_bind_zeroblob64
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_cancel_auto_extension
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_close_v2
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_data_directory
sqlite3_db_cacheflush
sqlite3_db_config
sqlite3_db_filename
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_readonly
sqlite3_db_release_memory
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_errstr
sqlite3_exec
sqlite3_expanded_sql
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_fts5_may_be_corrupt
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_malloc64
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_msize
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_realloc64
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_blob64
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_subtype
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_text64
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_result_zeroblob64
sqlite3_rollback_hook
sqlite3_rtree_geometry_callback
sqlite3_rtree_query_callback
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_status64
sqlite3_step
sqlite3_stmt_busy
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_strglob
sqlite3_stricmp
sqlite3_strlike
sqlite3_strnicmp
sqlite3_system_errno
sqlite3_table_column_metadata
sqlite3_temp_directory
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_trace_v2
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_uri_boolean
sqlite3_uri_int64
sqlite3_uri_parameter
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_dup
sqlite3_value_free
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_subtype
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vtab_config
sqlite3_vtab_on_conflict
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_is_nt
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_mbcs_to_utf8_v2
sqlite3_win32_set_directory
sqlite3_win32_sleep
sqlite3_win32_unicode_to_utf8
sqlite3_win32_utf8_to_mbcs
sqlite3_win32_utf8_to_mbcs_v2
sqlite3_win32_utf8_to_unicode
sqlite3_win32_write_debug

Sections

.text
Size: 549KB - Virtual size: 548KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1024B - Virtual size: 617B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/swresample-2.dll
.dll windows x86

7afbaef335791f8bb8e05d88c70aa9c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

avutil-55

av_freep
av_frame_get_buffer
av_get_default_channel_layout
av_opt_set_int
av_sample_fmt_is_planar
av_get_sample_fmt_name
av_rescale_rnd
av_rescale
av_reduce
av_get_cpu_flags
av_calloc
av_get_channel_name
av_channel_layout_extract_channel
av_get_channel_layout_nb_channels
av_get_channel_layout_string
av_opt_set_defaults
av_free
av_malloc
av_get_bytes_per_sample
av_get_planar_sample_fmt
av_get_packed_sample_fmt
av_log
av_mallocz

kernel32

GetProcAddress
CloseHandle
CreateFileW
OutputDebugStringW
ReadConsoleW
ReadFile
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
GetStdHandle
GetProcessHeap
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
CompareStringW
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
WriteConsoleW
LoadLibraryExW
EncodePointer
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
SetConsoleCtrlHandler
DecodePointer
GetCurrentThread
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetDateFormatW
GetTimeFormatW

Exports

Exports

swr_alloc
swr_alloc_set_opts
swr_build_matrix
swr_close
swr_config_frame
swr_convert
swr_convert_frame
swr_drop_output
swr_ffversion
swr_free
swr_get_class
swr_get_delay
swr_get_out_samples
swr_init
swr_inject_silence
swr_is_initialized
swr_next_pts
swr_set_channel_mapping
swr_set_compensation
swr_set_matrix
swresample_configuration
swresample_license
swresample_version

Sections

.text
Size: 466KB - Virtual size: 465KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 265B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/swscale-4.dll
.dll windows x86

627e6d40b6a6c87af37ccc2e184e6933

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

avutil-55

av_pix_fmt_desc_get
av_opt_get_int
av_opt_set_int
av_opt_set_defaults
av_image_alloc
av_pix_fmt_swap_endianness
av_pix_fmt_get_chroma_sub_sample
av_get_bits_per_pixel
av_get_pix_fmt_name
av_get_cpu_flags
av_free
av_freep
av_mallocz
av_malloc
av_log

kernel32

ExitProcess
CloseHandle
CreateFileW
OutputDebugStringW
ReadConsoleW
ReadFile
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetFileType
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
WriteConsoleW
GetModuleHandleExW
GetModuleFileNameW
SetConsoleCtrlHandler
DecodePointer
GetCurrentThread
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap
GetStdHandle

Exports

Exports

sws_addVec
sws_allocVec
sws_alloc_context
sws_alloc_set_opts
sws_cloneVec
sws_convVec
sws_convertPalette8ToPacked24
sws_convertPalette8ToPacked32
sws_freeContext
sws_freeFilter
sws_freeVec
sws_getCachedContext
sws_getCoefficients
sws_getColorspaceDetails
sws_getConstVec
sws_getContext
sws_getDefaultFilter
sws_getGaussianVec
sws_getIdentityVec
sws_get_class
sws_init_context
sws_isSupportedEndiannessConversion
sws_isSupportedInput
sws_isSupportedOutput
sws_normalizeVec
sws_printVec2
sws_scale
sws_scaleVec
sws_setColorspaceDetails
sws_shiftVec
sws_subVec
swscale_configuration
swscale_license
swscale_version

Sections

.text
Size: 864KB - Virtual size: 863KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 265B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/timezone.dat
xw_forensics203-SR-4/winhex-d.chm
.chm
xw_forensics203-SR-4/winhex.chm
.chm
xw_forensics203-SR-4/x64/DC.dll
.dll windows x64

f5f3822719fcbeaad89e37a3a97789c7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
__iob_func
_amsg_exit
_errno
_exit
_initterm
_lock
_onexit
_snwprintf
_unlock
abort
calloc
free
fwprintf
fwrite
malloc
memcpy
memset
printf
raise
realloc
signal
strlen
strncmp
vfprintf
wcscpy
wcslen

user32

MessageBoxW

Exports

Exports

wlfsdc
wlxpdc
wlzvdc

Sections

.text
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 512B - Virtual size: 303B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/x64/ILU.dll
.dll windows x64

877e706303b0310235b535b3d35e7a56

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

resil

il2ResizeImage
il2CopyPal
iFlipBuffer
iMirror
iConvertImage
il2GetClear
il2ConvertPal
il2ClearImage
ilGetBppPal
il2GenImage
il2LoadImage
il2DeleteImage
il2TexImage
icalloc
il2SetError
ilGetCurImage
il2ConvertImage
il2NewImage
il2GetImageInteger
ifree
il2SetPalRGBA
il2CopyPixels
il2GetPalRGBA
ilGetPalBaseType
il2CopyImageAttr
ialloc
ilGenImages
ilBindImage
ilGetCurName
ilDeleteImages
ilLoadImage
ilCloseImage

kernel32

DeleteCriticalSection
WriteConsoleW
CloseHandle
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
GetStdHandle
GetProcessHeap
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW

Exports

Exports

ilu2Alienify
ilu2BlurAvg
ilu2BlurGaussian
ilu2BuildMipmaps
ilu2ColoursUsed
ilu2CompareImage
ilu2Contrast
ilu2Convolution
ilu2Crop
ilu2EdgeDetectE
ilu2EdgeDetectP
ilu2EdgeDetectS
ilu2Emboss
ilu2EnlargeCanvas
ilu2EnlargeImage
ilu2Equalize
ilu2ErrorString
ilu2FlipImage
ilu2GammaCorrect
ilu2GetInteger
ilu2GetIntegerv
ilu2GetString
ilu2ImageParameter
ilu2Init
ilu2InvertAlpha
ilu2LoadImage
ilu2Mirror
ilu2Negative
ilu2Noisify
ilu2Pixelize
ilu2ReplaceColour
ilu2Rotate
ilu2Rotate3D
ilu2Rotate_
ilu2Saturate1f
ilu2Saturate4f
ilu2Scale
ilu2ScaleAlpha
ilu2ScaleColours
ilu2SetLanguage
ilu2Sharpen
ilu2SwapColours
ilu2Wave
iluAlienify
iluBlurAvg
iluBlurGaussian
iluBuildMipmaps
iluColoursUsed
iluCompareImage
iluContrast
iluConvolution
iluCrop
iluEdgeDetectE
iluEdgeDetectP
iluEdgeDetectS
iluEmboss
iluEnlargeCanvas
iluEnlargeImage
iluEqualize
iluErrorString
iluFlipImage
iluGammaCorrect
iluGetInteger
iluGetIntegerv
iluGetString
iluImageParameter
iluInit
iluInvertAlpha
iluLoadImage
iluMirror
iluNegative
iluNoisify
iluPixelize
iluReplaceColour
iluRotate
iluRotate3D
iluRotate3D_
iluSaturate1f
iluSaturate4f
iluScale
iluScaleAlpha
iluScaleColours
iluScale_
iluSetLanguage
iluSharpen
iluSwapColours
iluWave

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/x64/ILUT.dll
.dll windows x64

7efac7cf687e623e26a6b5876f0b21d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

resil

ialloc
ilTypeFromExt
il2GetPalette
il2TexImage
ifree
il2ConvertPal
il2GetImageInteger
il2LoadL
il2NewImage
iConvertImage
ilCloseImage
ilGetCurImage
il2SetError
iGetFlipped
il2DeleteImage
il2RegisterPal

kernel32

GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
GetStdHandle
SizeofResource
LockResource
LoadResource
GlobalSize
GlobalLock
GlobalUnlock
GetProcessHeap
LCMapStringW
FreeEnvironmentStringsW
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
FindResourceW
RtlUnwindEx
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
GetLastError
SetLastError
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo

user32

ReleaseDC
GetForegroundWindow
GetDC
IsClipboardFormatAvailable
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard

gdi32

CreateCompatibleDC
GetPaletteEntries
CreateCompatibleBitmap
GetDIBits
CreatePalette
SetDIBits
DeleteObject
SelectObject

wininet

InternetOpenW
InternetCloseHandle
InternetReadFile
InternetOpenUrlW

Exports

Exports

ilut2ConvertSliceToHBitmap
ilut2ConvertToHBitmap
ilut2Init
ilutConvertSliceToHBitmap
ilutConvertToHBitmap
ilutDisable
ilutEnable
ilutFreePaddedData
ilutGetBmpInfo
ilutGetBoolean
ilutGetBooleanv
ilutGetHPal
ilutGetInteger
ilutGetIntegerv
ilutGetPaddedData
ilutGetString
ilutGetWinClipboard
ilutInit
ilutIsDisabled
ilutIsEnabled
ilutLoadResource
ilutPopAttrib
ilutPushAttrib
ilutRenderer
ilutSetHBitmap
ilutSetHPal
ilutSetInteger
ilutSetWinClipboard
ilutWin32Init
ilutWinLoadUrl
ilutWinPrint

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/x64/ResIL.dll
.dll windows x64

48d3c0de696cd1df23b131f277c5c975

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

IsBadReadPtr
ReadFile
GetFileSizeEx
WriteFile
CreateFileW
CloseHandle
SetFilePointerEx
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
WideCharToMultiByte
WriteConsoleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InitializeCriticalSectionEx
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetTimeZoneInformation
GetFileType
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
GetStdHandle
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
FlushFileBuffers
DeleteFileW
SetStdHandle
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetEndOfFile
HeapSize

Exports

Exports

iBindImageTemp
iConvertImage
iDetermineTypeFuncs
iFastConvert
iFlipBuffer
iGetActiveNum
iGetFlipped
iMemSwap
iMirror
iSurfaceToDxtcData
ialloc
icalloc
ifree
il2ApplyProfile
il2Blit
il2ClearColour
il2ClearImage
il2CloneImage
il2ConvertImage
il2ConvertPal
il2CopyImage
il2CopyImageAttr
il2CopyImage_
il2CopyPal
il2CopyPixels
il2CreateSubImage
il2DeleteImage
il2DetermineSize
il2DetermineType
il2DetermineTypeF
il2DetermineTypeFuncs
il2DetermineTypeL
il2Disable
il2Enable
il2FixImage
il2FlipImage
il2GenImage
il2GetAlpha
il2GetBoolean
il2GetBooleanv
il2GetClear
il2GetDXTCData
il2GetData
il2GetError
il2GetErrorString
il2GetFace
il2GetFrame
il2GetImageInteger
il2GetInteger
il2GetIntegerv
il2GetLayer
il2GetMipmap
il2GetPalRGBA
il2GetPalette
il2GetString
il2Init
il2InitImage
il2IsEnabled
il2Load
il2LoadF
il2LoadFuncs
il2LoadImage
il2LoadL
il2LoadPal
il2NewImage
il2OverlayImage
il2RegisterFormat
il2RegisterMipNum
il2RegisterOrigin
il2RegisterPal
il2RemoveAlpha
il2ResizeImage
il2Save
il2SaveF
il2SaveFuncs
il2SaveImage
il2SaveL
il2SetData
il2SetDuration
il2SetError
il2SetImageInteger
il2SetInteger
il2SetPal
il2SetPalRGBA
il2SetPixels
il2SwapColours
il2TexImage
il2TexSubImage_
ilActiveFace
ilActiveImage
ilActiveLayer
ilActiveMipmap
ilAddAlphaKey
ilAddErrorA
ilAddErrorI
ilAddErrorW
ilAddStackTrace
ilApplyProfile
ilBindImage
ilBlit
ilClearColour
ilClearError
ilClearImage
ilCloneCurImage
ilCloseImage
ilClosePal
ilConvertBuffer
ilConvertImage
ilConvertPal
ilCopyImage
ilCreateSubImage
ilDefaultImage
ilDeleteImage
ilDeleteImages
ilDetermineSize
ilDetermineType
ilDetermineTypeFuncs
ilDisable
ilEnable
ilFixCur
ilFixImage
ilGenImage
ilGenImages
ilGetAlpha
ilGetBoolean
ilGetBooleanv
ilGetBpcType
ilGetBppFormat
ilGetBppPal
ilGetCurImage
ilGetCurName
ilGetDXTCData
ilGetData
ilGetError
ilGetErrorString
ilGetFormatBpp
ilGetImageInteger
ilGetInteger
ilGetIntegerv
ilGetPalBaseType
ilGetPalette
ilGetString
ilGetTypeBpc
ilInit
ilIsDisabled
ilIsEnabled
ilIsImage
ilIsValidPal
ilLoad
ilLoadF
ilLoadFuncs
ilLoadImage
ilLoadL
ilLoadPal
ilNVidiaCompressDXT
ilNewImageFull
ilNextPower2
ilOverlayImage
ilRecalloc
ilRegisterPal
ilRemoveAlpha
ilReplaceCurImage
ilRunTests
ilSave
ilSaveF
ilSaveFuncs
ilSaveImage
ilSaveL
ilSetCurImage
ilSetData
ilSetError
ilSetErrorA
ilSetErrorW
ilSetImageInteger
ilSetInteger
ilSetPal
ilSetPixels
ilSetString
ilShutDown
ilSquishCompressDXT
ilSurfaceToDxtcData
ilSwapColours
ilTexImage
ilTypeFromExt

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/x64/SMTP.dll
.dll windows x64

f8f589c8fb77efd5a4a0d99002b2cf82

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

Sleep
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrcpyA
_lwrite
_lopen
_lclose
_lcreat
GetTickCount
_lread
GetTimeZoneInformation
GetLocalTime
lstrlenA
lstrcatA
DeleteFileA
GetComputerNameA
CreateMutexA
GlobalLock
GlobalAlloc
CloseHandle
GlobalFree
GlobalUnlock
ReleaseMutex
WaitForSingleObject
CreateProcessA
GetStartupInfoA
TerminateProcess
HeapSize
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
WriteFile
HeapReAlloc
HeapAlloc
IsValidCodePage
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
GetLastError
FlsAlloc
HeapFree
GetModuleHandleW
GetProcAddress
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
RtlUnwindEx
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP

wsock32

gethostname
getsockname
send
recv
connect
select
__WSAFDIsSet
setsockopt
inet_ntoa
socket
htons
htonl
bind
WSAStartup
gethostbyname
WSAGetLastError
ntohl
WSAIsBlocking
closesocket

user32

MessageBoxA
wsprintfA

Exports

Exports

seeAbort
seeAttach
seeAttachmentParams
seeByteToShort
seeClose
seeCommand
seeConfigSSL
seeDebug
seeDecodeBuffer
seeDecodeUTF8
seeDecodeUU
seeDeleteEmail
seeDriver
seeEncodeBuffer
seeEncodeUTF8
seeErrorText
seeExtractLine
seeExtractText
seeForwardEmail
seeGetEmailCount
seeGetEmailFile
seeGetEmailLines
seeGetEmailSize
seeGetEmailUID
seeGetHeader
seeGetTicks
seeImapConnect
seeImapConnectSSL
seeImapCopyMBmail
seeImapCreateMB
seeImapDeleteMB
seeImapFlags
seeImapListMB
seeImapMsgNumber
seeImapRenameMB
seeImapSearch
seeImapSelectMB
seeImapSource
seeIntegerParam
seeIsConnected
seeKillProgram
seePop3Connect
seePop3ConnectSSL
seePop3Source
seeQuoteBuffer
seeReadQuoted
seeRelease
seeSendEmail
seeSendHTML
seeSetErrorText
seeSetProxySSL
seeShortToByte
seeSleep
seeSmtpConnect
seeSmtpConnectSSL
seeSmtpTarget
seeStartProgram
seeStatistics
seeStringParam
seeTestFileSet
seeUnQuoteBuffer
seeVerifyFormat
seeVerifyUser

Sections

.text
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/x64/avcodec-57.dll
.dll windows x64

77313a18f8c2abf234a24ca8e1f48418

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

avutil-55

av_find_best_pix_fmt_of_2
av_image_fill_max_pixsteps
av_strerror
av_fast_malloc
avpriv_report_missing_feature
av_fourcc_make_string
av_pix_fmt_get_chroma_sub_sample
av_frame_set_qp_table
av_stereo3d_alloc
av_buffer_make_writable
av_memdup
av_frame_make_writable
av_gcd
av_image_copy_plane
av_opt_set_defaults2
av_opt_set
av_fast_realloc
avpriv_slicethread_create
avpriv_slicethread_execute
av_stereo3d_create_side_data
av_expr_parse
av_expr_eval
av_expr_free
av_get_sample_fmt_name
av_get_bytes_per_sample
av_get_media_type_string
av_vlog
av_log_get_level
av_strlcat
av_strlcatf
av_match_list
av_get_channel_layout_string
av_get_planar_sample_fmt
av_samples_fill_arrays
av_get_colorspace_name
av_get_bits_per_pixel
av_color_range_name
av_chroma_location_name
av_opt_set_dict
av_get_cpu_flags
av_md5_final
av_md5_update
av_md5_init
av_md5_alloc
av_content_light_metadata_create_side_data
av_mastering_display_metadata_create_side_data
av_display_matrix_flip
av_display_rotation_set
av_memcpy_backptr
av_image_check_size
av_color_space_name
av_color_transfer_name
av_color_primaries_name
av_reduce
av_reallocp
av_reallocp_array
av_opt_copy
av_fifo_alloc_array
av_frame_ref
av_dict_copy
av_cpu_count
av_get_picture_type_char
av_frame_get_side_data
av_frame_get_buffer
av_samples_set_silence
av_usleep
av_get_channel_layout_nb_channels
av_image_check_sar
av_image_check_size2
av_image_fill_pointers
av_image_fill_linesizes
av_pix_fmt_count_planes
av_frame_apply_cropping
av_frame_new_side_data
av_frame_copy_props
av_frame_copy
av_frame_is_writable
av_frame_move_ref
av_frame_unref
av_samples_copy
av_samples_get_buffer_size
av_get_pix_fmt_loss
av_sample_fmt_is_planar
av_buffer_pool_get
av_buffer_pool_uninit
av_buffer_pool_init
av_buffer_allocz
av_bprint_clear
av_get_token
avpriv_emms_asm
av_realloc_array
av_get_pix_fmt_name
av_pix_fmt_desc_get
av_fifo_generic_write
av_fifo_generic_read
av_fifo_size
av_fifo_freep
av_fifo_alloc
av_hwframe_transfer_data
av_hwframe_get_buffer
av_hwframe_ctx_init
av_hwframe_ctx_alloc
av_hwdevice_ctx_create
av_frame_free
av_frame_alloc
av_div_q
av_mul_q
av_bprint_finalize
av_bprintf
av_bprint_init
av_strtok
av_opt_set_dict2
av_opt_free
av_dict_free
av_dict_parse_string
av_dynarray_add_nofree
av_strdup
av_default_item_name
avpriv_set_systematic_pal2
av_opt_next
av_opt_set_from_string
avpriv_request_sample
av_realloc_f
av_image_copy_to_buffer
av_image_get_buffer_size
av_image_fill_arrays
av_image_copy
av_image_alloc
av_buffer_realloc
av_buffer_unref
av_buffer_ref
av_buffer_default_free
av_buffer_create
av_buffer_alloc
av_rescale_q
av_dict_set
av_dict_get
av_log
av_freep
av_realloc
av_opt_set_defaults
av_mallocz
av_free
avpriv_slicethread_free
av_malloc

ole32

CoTaskMemFree

kernel32

RtlUnwind
HeapReAlloc
HeapSize
GetFileSizeEx
GetStringTypeW
GetFileAttributesExW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
SetFilePointerEx
ReadConsoleW
ReadFile
SetEndOfFile
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleMode
GetConsoleOutputCP
WriteFile
GetStdHandle
HeapFree
HeapAlloc
GetCurrentThread
SetConsoleCtrlHandler
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
GetFileType
CreateFileW
RtlPcToFileHeader
RaiseException
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
GetLastError
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateSemaphoreA
CreateEventA
WaitForSingleObject
ReleaseSemaphore
ResetEvent
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CloseHandle
WaitForSingleObjectEx
ReleaseMutex
MultiByteToWideChar
LoadLibraryExW
LoadLibraryExA
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
Sleep
GetTempPathW
WriteConsoleW
OutputDebugStringW
FlushFileBuffers

Exports

Exports

audio_resample
audio_resample_close
av_audio_convert
av_audio_convert_alloc
av_audio_convert_free
av_audio_resample_init
av_bitstream_filter_close
av_bitstream_filter_filter
av_bitstream_filter_init
av_bitstream_filter_next
av_bsf_alloc
av_bsf_free
av_bsf_get_by_name
av_bsf_get_class
av_bsf_get_null_filter
av_bsf_init
av_bsf_list_alloc
av_bsf_list_append
av_bsf_list_append2
av_bsf_list_finalize
av_bsf_list_free
av_bsf_list_parse_str
av_bsf_next
av_bsf_receive_packet
av_bsf_send_packet
av_codec_ffversion
av_codec_get_chroma_intra_matrix
av_codec_get_codec_descriptor
av_codec_get_codec_properties
av_codec_get_lowres
av_codec_get_max_lowres
av_codec_get_pkt_timebase
av_codec_get_seek_preroll
av_codec_is_decoder
av_codec_is_encoder
av_codec_next
av_codec_set_chroma_intra_matrix
av_codec_set_codec_descriptor
av_codec_set_lowres
av_codec_set_pkt_timebase
av_codec_set_seek_preroll
av_copy_packet
av_copy_packet_side_data
av_cpb_properties_alloc
av_d3d11va_alloc_context
av_dirac_parse_sequence_header
av_dup_packet
av_dv_codec_profile
av_dv_codec_profile2
av_dv_frame_profile
av_fast_padded_malloc
av_fast_padded_mallocz
av_fopen_utf8
av_free_packet
av_get_audio_frame_duration
av_get_audio_frame_duration2
av_get_bits_per_sample
av_get_codec_tag_string
av_get_exact_bits_per_sample
av_get_pcm_codec
av_get_profile_name
av_grow_packet
av_hwaccel_next
av_init_packet
av_jni_get_java_vm
av_jni_set_java_vm
av_lockmgr_register
av_log_ask_for_sample
av_log_missing_feature
av_mediacodec_alloc_context
av_mediacodec_default_free
av_mediacodec_default_init
av_mediacodec_release_buffer
av_new_packet
av_packet_add_side_data
av_packet_alloc
av_packet_clone
av_packet_copy_props
av_packet_free
av_packet_free_side_data
av_packet_from_data
av_packet_get_side_data
av_packet_merge_side_data
av_packet_move_ref
av_packet_new_side_data
av_packet_pack_dictionary
av_packet_ref
av_packet_rescale_ts
av_packet_shrink_side_data
av_packet_side_data_name
av_packet_split_side_data
av_packet_unpack_dictionary
av_packet_unref
av_parser_change
av_parser_close
av_parser_init
av_parser_next
av_parser_parse2
av_picture_copy
av_picture_crop
av_picture_pad
av_qsv_alloc_context
av_register_bitstream_filter
av_register_codec_parser
av_register_hwaccel
av_resample
av_resample_close
av_resample_compensate
av_resample_init
av_shrink_packet
av_vorbis_parse_frame
av_vorbis_parse_frame_flags
av_vorbis_parse_free
av_vorbis_parse_init
av_vorbis_parse_reset
av_xiphlacing
avcodec_align_dimensions
avcodec_align_dimensions2
avcodec_alloc_context3
avcodec_chroma_pos_to_enum
avcodec_close
avcodec_configuration
avcodec_copy_context
avcodec_dct_alloc
avcodec_dct_get_class
avcodec_dct_init
avcodec_decode_audio4
avcodec_decode_subtitle2
avcodec_decode_video2
avcodec_default_execute
avcodec_default_execute2
avcodec_default_get_buffer2
avcodec_default_get_format
avcodec_descriptor_get
avcodec_descriptor_get_by_name
avcodec_descriptor_next
avcodec_encode_audio2
avcodec_encode_subtitle
avcodec_encode_video2
avcodec_enum_to_chroma_pos
avcodec_fill_audio_frame
avcodec_find_best_pix_fmt2
avcodec_find_best_pix_fmt_of_2
avcodec_find_best_pix_fmt_of_list
avcodec_find_decoder
avcodec_find_decoder_by_name
avcodec_find_encoder
avcodec_find_encoder_by_name
avcodec_flush_buffers
avcodec_free_context
avcodec_get_chroma_sub_sample
avcodec_get_class
avcodec_get_context_defaults3
avcodec_get_edge_width
avcodec_get_frame_class
avcodec_get_name
avcodec_get_pix_fmt_loss
avcodec_get_subtitle_rect_class
avcodec_get_type
avcodec_is_open
avcodec_license
avcodec_open2
avcodec_parameters_alloc
avcodec_parameters_copy
avcodec_parameters_free
avcodec_parameters_from_context
avcodec_parameters_to_context
avcodec_pix_fmt_to_codec_tag
avcodec_profile_name
avcodec_receive_frame
avcodec_receive_packet
avcodec_register
avcodec_register_all
avcodec_send_frame
avcodec_send_packet
avcodec_set_dimensions
avcodec_string
avcodec_version
avpicture_alloc
avpicture_fill
avpicture_free
avpicture_get_size
avpicture_layout
avpriv_align_put_bits
avpriv_bprint_to_extradata
avpriv_codec_get_cap_skip_frame_fill_param
avpriv_copy_bits
avpriv_exif_decode_ifd
avpriv_find_pix_fmt
avpriv_find_start_code
avpriv_get_raw_pix_fmt_tags
avpriv_lock_avformat
avpriv_mjpeg_bits_ac_chrominance
avpriv_mjpeg_bits_ac_luminance
avpriv_mjpeg_bits_dc_chrominance
avpriv_mjpeg_bits_dc_luminance
avpriv_mjpeg_val_ac_chrominance
avpriv_mjpeg_val_ac_luminance
avpriv_mjpeg_val_dc
avpriv_pix_fmt_bps_avi
avpriv_pix_fmt_bps_mov
avpriv_put_string
avpriv_split_xiph_headers
avpriv_toupper4
avpriv_unlock_avformat
avsubtitle_free

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 443KB - Virtual size: 442KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 337B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/x64/avdevice-57.dll
.dll windows x64

3d1d5d6dd0dd77be47371feddee8585c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

avformat-57

av_iformat_next
av_oformat_next
avformat_free_context
avformat_alloc_output_context2
avformat_alloc_context
av_find_input_format
av_format_get_control_message_cb

avutil-55

av_dict_free
av_free
av_mallocz
av_log
av_dict_copy
av_opt_set_defaults
av_opt_set_dict
av_opt_set_dict2
av_default_item_name
av_strdup
av_freep

kernel32

RaiseException
OutputDebugStringW
WriteConsoleW
GetFileSizeEx
GetTempPathW
FlushFileBuffers
HeapReAlloc
HeapSize
GetStringTypeW
GetFileAttributesExW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
Sleep
GetModuleHandleA
GetProcAddress
MultiByteToWideChar
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
IsValidCodePage
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RtlUnwind
RtlPcToFileHeader
CreateFileW
GetFileType
CloseHandle
GetCurrentProcess
ExitProcess
TerminateProcess
GetModuleHandleExW
GetModuleFileNameW
SetConsoleCtrlHandler
GetCurrentThread
HeapFree
WriteFile
GetConsoleOutputCP
GetConsoleMode
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
SetEndOfFile
ReadFile
ReadConsoleW
SetFilePointerEx
GetStdHandle
FindClose
FindFirstFileExW
FindNextFileW

Exports

Exports

av_device_capabilities
av_device_ffversion
av_fopen_utf8
av_input_audio_device_next
av_input_video_device_next
av_output_audio_device_next
av_output_video_device_next
avdevice_app_to_dev_control_message
avdevice_capabilities_create
avdevice_capabilities_free
avdevice_configuration
avdevice_dev_to_app_control_message
avdevice_free_list_devices
avdevice_license
avdevice_list_devices
avdevice_list_input_sources
avdevice_list_output_sinks
avdevice_register_all
avdevice_version

Sections

.text
Size: 461KB - Virtual size: 460KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 337B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 562B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/x64/avfilter-6.dll
.dll windows x64

38b3ebc78943b27dad5b7096659453e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

swscale-4

sws_isSupportedInput
sws_get_class
sws_getColorspaceDetails
sws_setColorspaceDetails
sws_scale
sws_freeContext
sws_init_context
sws_alloc_context
sws_isSupportedEndiannessConversion
sws_isSupportedOutput
sws_getCoefficients

avutil-55

av_buffer_pool_get
avpriv_set_systematic_pal2
av_samples_get_buffer_size
av_image_fill_linesizes
av_buffer_pool_init
av_bprint_chars
av_bprint_finalize
av_strlcpy
av_asprintf
av_get_token
avpriv_slicethread_create
avpriv_slicethread_execute
avpriv_slicethread_free
av_rescale
av_expr_parse_and_eval
av_reduce
av_mul_q
av_opt_eval_flags
av_parse_video_size
av_hwframe_get_buffer
av_parse_ratio
av_get_pix_fmt
av_pix_fmt_desc_get_id
av_pix_fmt_desc_next
av_strtod
av_get_extended_channel_layout
av_frame_clone
av_get_bits_per_pixel
av_frame_alloc
av_fifo_realloc2
av_fifo_generic_write
av_fifo_generic_read
av_fifo_space
av_fifo_size
av_fifo_freep
av_fifo_alloc
av_frame_move_ref
av_frame_ref
av_opt_set_bin
av_opt_set_int
av_buffer_pool_uninit
av_int_list_length_for_size
av_find_best_pix_fmt_of_2
av_get_pix_fmt_name
av_pix_fmt_desc_get
av_sample_fmt_is_planar
av_get_bytes_per_sample
av_get_planar_sample_fmt
av_get_packed_sample_fmt
av_get_sample_fmt_name
av_bprintf
av_bprint_init
av_memdup
av_realloc
av_opt_set
av_opt_next
av_opt_find
av_opt_get_key_value
av_opt_set_dict2
av_opt_set_dict
av_opt_free
av_opt_set_defaults
av_image_copy
av_frame_copy_props
av_frame_is_writable
av_frame_free
av_samples_copy
av_expr_free
av_expr_eval
av_expr_parse
av_get_channel_layout_string
av_buffer_unref
av_buffer_ref
av_strlcatf
av_rescale_q
av_dict_free
av_dict_set
av_dict_get
av_strdup
av_freep
av_free
av_realloc_array
av_calloc
av_mallocz
av_malloc
av_strerror
av_get_media_type_string
av_samples_set_silence
av_buffer_allocz
av_get_channel_layout_nb_channels
av_get_sample_fmt
av_log
av_get_channel_layout
av_default_item_name
av_image_check_size

kernel32

RtlUnwind
WriteConsoleW
CreateFileW
OutputDebugStringW
CloseHandle
ReadConsoleW
ReadFile
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
HeapReAlloc
SetFilePointerEx
GetFileSizeEx
GetStringTypeW
GetProcessHeap
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileType
GetStdHandle
HeapAlloc
HeapFree
SetConsoleCtrlHandler
GetCurrentThread
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
RtlPcToFileHeader
RaiseException
EncodePointer
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleA
Sleep
HeapSize
SetStdHandle

Exports

Exports

av_abuffersink_params_alloc
av_buffersink_get_channel_layout
av_buffersink_get_channels
av_buffersink_get_format
av_buffersink_get_frame
av_buffersink_get_frame_flags
av_buffersink_get_frame_rate
av_buffersink_get_h
av_buffersink_get_hw_frames_ctx
av_buffersink_get_sample_aspect_ratio
av_buffersink_get_sample_rate
av_buffersink_get_samples
av_buffersink_get_time_base
av_buffersink_get_type
av_buffersink_get_w
av_buffersink_params_alloc
av_buffersink_set_frame_size
av_buffersrc_add_frame
av_buffersrc_add_frame_flags
av_buffersrc_close
av_buffersrc_get_nb_failed_requests
av_buffersrc_parameters_alloc
av_buffersrc_parameters_set
av_buffersrc_write_frame
av_filter_ffversion
av_filter_next
avfilter_add_matrix
avfilter_all_channel_layouts
avfilter_config_links
avfilter_configuration
avfilter_free
avfilter_get_by_name
avfilter_get_class
avfilter_get_matrix
avfilter_graph_add_filter
avfilter_graph_alloc
avfilter_graph_alloc_filter
avfilter_graph_config
avfilter_graph_create_filter
avfilter_graph_dump
avfilter_graph_free
avfilter_graph_get_filter
avfilter_graph_parse
avfilter_graph_parse2
avfilter_graph_parse_ptr
avfilter_graph_queue_command
avfilter_graph_request_oldest
avfilter_graph_send_command
avfilter_graph_set_auto_convert
avfilter_init_dict
avfilter_init_filter
avfilter_init_str
avfilter_inout_alloc
avfilter_inout_free
avfilter_insert_filter
avfilter_license
avfilter_link
avfilter_link_free
avfilter_link_get_channels
avfilter_link_set_closed
avfilter_make_format64_list
avfilter_mul_matrix
avfilter_next
avfilter_open
avfilter_pad_count
avfilter_pad_get_name
avfilter_pad_get_type
avfilter_process_command
avfilter_register
avfilter_register_all
avfilter_sub_matrix
avfilter_transform
avfilter_uninit
avfilter_version

Sections

.text
Size: 545KB - Virtual size: 545KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 337B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/x64/avformat-57.dll
.dll windows x64

cf5bf2ea504d4fbe434ec38748bc80a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

avcodec-57

av_packet_new_side_data
av_grow_packet
av_packet_free
av_packet_alloc
avcodec_close
avcodec_open2
avcodec_parameters_free
avcodec_register_all
avcodec_parameters_alloc
av_codec_next
av_codec_set_lowres
avcodec_find_decoder
av_codec_get_lowres
av_codec_set_pkt_timebase
av_shrink_packet
avcodec_decode_subtitle2
avcodec_send_packet
avcodec_receive_frame
av_parser_init
av_parser_parse2
av_parser_close
avcodec_pix_fmt_to_codec_tag
av_get_audio_frame_duration2
av_bitstream_filter_filter
av_bsf_get_by_name
av_bsf_alloc
av_bsf_init
av_bsf_free
avcodec_get_name
avcodec_is_open
av_codec_is_decoder
avpriv_codec_get_cap_skip_frame_fill_param
avpriv_get_raw_pix_fmt_tags
av_packet_get_side_data
avpriv_toupper4
avcodec_descriptor_get
av_bsf_receive_packet
av_bsf_send_packet
av_get_audio_frame_duration
av_get_bits_per_sample
av_packet_split_side_data
av_packet_merge_side_data
avcodec_parameters_from_context
av_packet_ref
avcodec_parameters_copy
av_packet_unref
av_new_packet
av_init_packet
avcodec_string
avcodec_parameters_to_context
avcodec_free_context
avcodec_alloc_context3
avpriv_find_pix_fmt

avutil-55

av_bprint_finalize
av_frame_alloc
av_buffer_default_free
av_buffer_create
av_gettime
av_parse_time
av_opt_get_dict_val
av_opt_set_dict_val
av_opt_next
av_opt_set_from_string
avpriv_dict_set_timestamp
av_add_stable
av_compare_mod
av_rescale_rnd
av_gcd
av_div_q
av_mul_q
av_dynarray_add
av_memdup
av_strndup
av_fast_realloc
av_realloc_array
av_strlcatf
av_strlcat
av_strerror
av_opt_set_dict2
av_frame_free
av_fourcc_make_string
av_compare_ts
av_rescale_q_rnd
av_rescale_q
av_pix_fmt_desc_get
av_get_pix_fmt
av_realloc
av_strcasecmp
av_buffer_unref
av_buffer_alloc
av_dynarray_add_nofree
av_fast_malloc
av_dict_free
av_opt_ptr
av_strncasecmp
av_asprintf
av_dict_set_int
av_opt_get
av_match_name
av_stereo3d_type_name
av_spherical_projection_name
av_spherical_tile_bounds
av_display_rotation_get
av_dict_count
av_rescale
av_reduce
av_get_picture_type_char
av_get_channel_name
av_realloc_f
av_reallocp
av_crc
av_crc_get_table
av_bprint_append_data
av_default_item_name
av_usleep
av_gettime_relative
av_opt_copy
av_opt_set
av_opt_set_dict
av_opt_free
av_opt_set_defaults
av_log
av_strdup
av_freep
av_free
av_mallocz
av_malloc
av_dict_set
av_dict_get
av_match_list
av_strlcpy
av_strstart
av_dict_copy

ws2_32

getaddrinfo
select
htonl
ioctlsocket
__WSAFDIsSet
WSAGetLastError
WSACleanup
WSAStartup
freeaddrinfo
setsockopt
ntohl
listen
getsockopt
connect
closesocket
bind
accept
socket

kernel32

RtlUnwind
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
MultiByteToWideChar
MoveFileExW
MoveFileExA
GetProcAddress
GetModuleHandleA
Sleep
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
SetFilePointerEx
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
CloseHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
ReadFile
OutputDebugStringW
GetTempPathW
WriteConsoleW
FlushFileBuffers
HeapReAlloc
HeapSize
GetStringTypeW
GetFileSizeEx
GetFileAttributesExW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
WideCharToMultiByte
GetTimeZoneInformation
SetEndOfFile
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFullPathNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetStdHandle
GetStdHandle
GetCurrentThread
HeapAlloc
HeapFree
SetConsoleCtrlHandler
GetConsoleOutputCP
WriteFile
ReadConsoleW
GetConsoleMode
InitializeSListHead

Exports

Exports

av_add_index_entry
av_append_packet
av_apply_bitstream_filters
av_codec_get_id
av_codec_get_tag
av_codec_get_tag2
av_demuxer_open
av_dump_format
av_filename_number_test
av_find_best_stream
av_find_default_stream_index
av_find_input_format
av_find_program_from_stream
av_fmt_ctx_get_duration_estimation_method
av_fopen_utf8
av_format_ffversion
av_format_get_audio_codec
av_format_get_control_message_cb
av_format_get_data_codec
av_format_get_metadata_header_padding
av_format_get_opaque
av_format_get_open_cb
av_format_get_probe_score
av_format_get_subtitle_codec
av_format_get_video_codec
av_format_inject_global_side_data
av_format_set_audio_codec
av_format_set_control_message_cb
av_format_set_data_codec
av_format_set_metadata_header_padding
av_format_set_opaque
av_format_set_open_cb
av_format_set_subtitle_codec
av_format_set_video_codec
av_get_frame_filename
av_get_frame_filename2
av_get_output_timestamp
av_get_packet
av_guess_codec
av_guess_format
av_guess_frame_rate
av_guess_sample_aspect_ratio
av_hex_dump
av_hex_dump_log
av_iformat_next
av_index_search_timestamp
av_interleaved_write_frame
av_interleaved_write_uncoded_frame
av_match_ext
av_new_program
av_oformat_next
av_pkt_dump2
av_pkt_dump_log2
av_probe_input_buffer
av_probe_input_buffer2
av_probe_input_format
av_probe_input_format2
av_probe_input_format3
av_program_add_stream_index
av_read_frame
av_read_pause
av_read_play
av_register_all
av_register_input_format
av_register_output_format
av_sdp_create
av_seek_frame
av_stream_add_side_data
av_stream_get_codec_timebase
av_stream_get_end_pts
av_stream_get_parser
av_stream_get_r_frame_rate
av_stream_get_recommended_encoder_configuration
av_stream_get_side_data
av_stream_new_side_data
av_stream_set_r_frame_rate
av_stream_set_recommended_encoder_configuration
av_url_split
av_write_frame
av_write_trailer
av_write_uncoded_frame
av_write_uncoded_frame_query
avformat_alloc_context
avformat_alloc_output_context2
avformat_close_input
avformat_configuration
avformat_find_stream_info
avformat_flush
avformat_free_context
avformat_get_class
avformat_get_riff_audio_tags
avformat_get_riff_video_tags
avformat_init_output
avformat_license
avformat_match_stream_specifier
avformat_network_deinit
avformat_network_init
avformat_new_stream
avformat_open_input
avformat_query_codec
avformat_queue_attached_pictures
avformat_seek_file
avformat_transfer_internal_stream_timing_info
avformat_version
avformat_write_header
avio_accept
avio_alloc_context
avio_check
avio_close
avio_close_dir
avio_close_dyn_buf
avio_closep
avio_context_free
avio_enum_protocols
avio_feof
avio_find_protocol_name
avio_flush
avio_free_directory_entry
avio_get_dyn_buf
avio_get_str
avio_get_str16be
avio_get_str16le
avio_handshake
avio_open
avio_open2
avio_open_dir
avio_open_dyn_buf
avio_pause
avio_printf
avio_put_str
avio_put_str16be
avio_put_str16le
avio_r8
avio_rb16
avio_rb24
avio_rb32
avio_rb64
avio_read
avio_read_dir
avio_read_partial
avio_read_to_bprint
avio_rl16
avio_rl24
avio_rl32
avio_rl64
avio_seek
avio_seek_time
avio_size
avio_skip
avio_w8
avio_wb16
avio_wb24
avio_wb32
avio_wb64
avio_wl16
avio_wl24
avio_wl32
avio_wl64
avio_write
avio_write_marker
avpriv_io_delete
avpriv_io_move
avpriv_new_chapter
avpriv_set_pts_info
ff_inet_aton
ff_socket_nonblock
ffio_open_dyn_packet_buf
ffio_set_buf_size
ffurl_close
ffurl_closep
ffurl_open
ffurl_open_whitelist
ffurl_write
url_feof

Sections

.text
Size: 788KB - Virtual size: 787KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 337B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/x64/avutil-55.dll
.dll windows x64

b966b9953f1e5e0c4a874fc478e1ea8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

GetDesktopWindow

advapi32

CryptGenRandom
CryptAcquireContextA
CryptReleaseContext

kernel32

WriteConsoleW
RaiseException
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentProcess
GetProcessAffinityMask
CloseHandle
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
MultiByteToWideChar
GetSystemDirectoryW
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExA
LoadLibraryExW
ReleaseMutex
WaitForSingleObjectEx
CreateMutexA
Sleep
GetModuleHandleA
LoadLibraryA
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventA
CreateSemaphoreA
GetSystemTimeAsFileTime
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetTempPathW
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RtlUnwind
RtlPcToFileHeader
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetStdHandle
QueryPerformanceFrequency
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
HeapFree
HeapAlloc
GetCurrentThread
SetConsoleCtrlHandler
WideCharToMultiByte
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetEndOfFile
ReadFile
ReadConsoleW
SetFilePointerEx
HeapReAlloc
HeapSize
HeapQueryInformation
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
GetFileAttributesExW
GetFileSizeEx
GetStringTypeW
OutputDebugStringW
FlushFileBuffers

Exports

Exports

av_add_i
av_add_q
av_add_stable
av_adler32_update
av_aes_alloc
av_aes_crypt
av_aes_ctr_alloc
av_aes_ctr_crypt
av_aes_ctr_free
av_aes_ctr_get_iv
av_aes_ctr_increment_iv
av_aes_ctr_init
av_aes_ctr_set_iv
av_aes_ctr_set_random_iv
av_aes_init
av_aes_size
av_append_path_component
av_asprintf
av_assert0_fpu
av_audio_fifo_alloc
av_audio_fifo_drain
av_audio_fifo_free
av_audio_fifo_peek
av_audio_fifo_peek_at
av_audio_fifo_read
av_audio_fifo_realloc
av_audio_fifo_reset
av_audio_fifo_size
av_audio_fifo_space
av_audio_fifo_write
av_base64_decode
av_base64_encode
av_basename
av_blowfish_alloc
av_blowfish_crypt
av_blowfish_crypt_ecb
av_blowfish_init
av_bmg_get
av_bprint_append_data
av_bprint_channel_layout
av_bprint_chars
av_bprint_clear
av_bprint_escape
av_bprint_finalize
av_bprint_get_buffer
av_bprint_init
av_bprint_init_for_buffer
av_bprint_strftime
av_bprintf
av_buffer_alloc
av_buffer_allocz
av_buffer_create
av_buffer_default_free
av_buffer_get_opaque
av_buffer_get_ref_count
av_buffer_is_writable
av_buffer_make_writable
av_buffer_pool_get
av_buffer_pool_init
av_buffer_pool_init2
av_buffer_pool_uninit
av_buffer_realloc
av_buffer_ref
av_buffer_unref
av_calloc
av_camellia_alloc
av_camellia_crypt
av_camellia_init
av_camellia_size
av_cast5_alloc
av_cast5_crypt
av_cast5_crypt2
av_cast5_init
av_cast5_size
av_channel_layout_extract_channel
av_chroma_location_from_name
av_chroma_location_name
av_cmp_i
av_color_primaries_from_name
av_color_primaries_name
av_color_range_from_name
av_color_range_name
av_color_space_from_name
av_color_space_name
av_color_transfer_from_name
av_color_transfer_name
av_compare_mod
av_compare_ts
av_content_light_metadata_alloc
av_content_light_metadata_create_side_data
av_cpu_count
av_cpu_max_align
av_crc
av_crc_get_table
av_crc_init
av_d2q
av_d2str
av_default_get_category
av_default_item_name
av_des_alloc
av_des_crypt
av_des_init
av_des_mac
av_dict_copy
av_dict_count
av_dict_free
av_dict_get
av_dict_get_string
av_dict_parse_string
av_dict_set
av_dict_set_int
av_dirname
av_display_matrix_flip
av_display_rotation_get
av_display_rotation_set
av_div_i
av_div_q
av_downmix_info_update_side_data
av_dynarray2_add
av_dynarray_add
av_dynarray_add_nofree
av_escape
av_expr_eval
av_expr_free
av_expr_parse
av_expr_parse_and_eval
av_fast_malloc
av_fast_mallocz
av_fast_realloc
av_fifo_alloc
av_fifo_alloc_array
av_fifo_drain
av_fifo_free
av_fifo_freep
av_fifo_generic_peek
av_fifo_generic_peek_at
av_fifo_generic_read
av_fifo_generic_write
av_fifo_grow
av_fifo_realloc2
av_fifo_reset
av_fifo_size
av_fifo_space
av_file_map
av_file_unmap
av_find_best_pix_fmt_of_2
av_find_info_tag
av_find_nearest_q_idx
av_fopen_utf8
av_force_cpu_flags
av_fourcc_make_string
av_frame_alloc
av_frame_apply_cropping
av_frame_clone
av_frame_copy
av_frame_copy_props
av_frame_free
av_frame_get_best_effort_timestamp
av_frame_get_buffer
av_frame_get_channel_layout
av_frame_get_channels
av_frame_get_color_range
av_frame_get_colorspace
av_frame_get_decode_error_flags
av_frame_get_metadata
av_frame_get_pkt_duration
av_frame_get_pkt_pos
av_frame_get_pkt_size
av_frame_get_plane_buffer
av_frame_get_qp_table
av_frame_get_sample_rate
av_frame_get_side_data
av_frame_is_writable
av_frame_make_writable
av_frame_move_ref
av_frame_new_side_data
av_frame_ref
av_frame_remove_side_data
av_frame_set_best_effort_timestamp
av_frame_set_channel_layout
av_frame_set_channels
av_frame_set_color_range
av_frame_set_colorspace
av_frame_set_decode_error_flags
av_frame_set_metadata
av_frame_set_pkt_duration
av_frame_set_pkt_pos
av_frame_set_pkt_size
av_frame_set_qp_table
av_frame_set_sample_rate
av_frame_side_data_name
av_frame_unref
av_free
av_freep
av_gcd
av_get_alt_sample_fmt
av_get_bits_per_pixel
av_get_bytes_per_sample
av_get_channel_description
av_get_channel_layout
av_get_channel_layout_channel_index
av_get_channel_layout_nb_channels
av_get_channel_layout_string
av_get_channel_name
av_get_colorspace_name
av_get_cpu_flags
av_get_default_channel_layout
av_get_extended_channel_layout
av_get_known_color_name
av_get_media_type_string
av_get_packed_sample_fmt
av_get_padded_bits_per_pixel
av_get_picture_type_char
av_get_pix_fmt
av_get_pix_fmt_loss
av_get_pix_fmt_name
av_get_pix_fmt_string
av_get_planar_sample_fmt
av_get_random_seed
av_get_sample_fmt
av_get_sample_fmt_name
av_get_sample_fmt_string
av_get_standard_channel_layout
av_get_time_base_q
av_get_token
av_gettime
av_gettime_relative
av_gettime_relative_is_monotonic
av_hash_alloc
av_hash_final
av_hash_final_b64
av_hash_final_bin
av_hash_final_hex
av_hash_freep
av_hash_get_name
av_hash_get_size
av_hash_init
av_hash_names
av_hash_update
av_hmac_alloc
av_hmac_calc
av_hmac_final
av_hmac_free
av_hmac_init
av_hmac_update
av_hwdevice_ctx_alloc
av_hwdevice_ctx_create
av_hwdevice_ctx_create_derived
av_hwdevice_ctx_init
av_hwdevice_find_type_by_name
av_hwdevice_get_hwframe_constraints
av_hwdevice_get_type_name
av_hwdevice_hwconfig_alloc
av_hwdevice_iterate_types
av_hwframe_constraints_free
av_hwframe_ctx_alloc
av_hwframe_ctx_create_derived
av_hwframe_ctx_init
av_hwframe_get_buffer
av_hwframe_map
av_hwframe_transfer_data
av_hwframe_transfer_get_formats
av_i2int
av_image_alloc
av_image_check_sar
av_image_check_size
av_image_check_size2
av_image_copy
av_image_copy_plane
av_image_copy_to_buffer
av_image_copy_uc_from
av_image_fill_arrays
av_image_fill_black
av_image_fill_linesizes
av_image_fill_max_pixsteps
av_image_fill_pointers
av_image_get_buffer_size
av_image_get_linesize
av_int2i
av_int_list_length_for_size
av_lfg_init
av_lfg_init_from_data
av_log
av_log2
av_log2_16bit
av_log2_i
av_log_default_callback
av_log_format_line
av_log_format_line2
av_log_get_flags
av_log_get_level
av_log_set_callback
av_log_set_flags
av_log_set_level
av_malloc
av_mallocz
av_mastering_display_metadata_alloc
av_mastering_display_metadata_create_side_data
av_match_list
av_match_name
av_max_alloc
av_md5_alloc
av_md5_final
av_md5_init
av_md5_size
av_md5_sum
av_md5_update
av_memcpy_backptr
av_memdup
av_mod_i
av_mul_i
av_mul_q
av_murmur3_alloc
av_murmur3_final
av_murmur3_init
av_murmur3_init_seeded
av_murmur3_update
av_nearer_q
av_opt_child_class_next
av_opt_child_next
av_opt_copy
av_opt_eval_double
av_opt_eval_flags
av_opt_eval_float
av_opt_eval_int
av_opt_eval_int64
av_opt_eval_q
av_opt_find
av_opt_find2
av_opt_flag_is_set
av_opt_free
av_opt_freep_ranges
av_opt_get
av_opt_get_channel_layout
av_opt_get_dict_val
av_opt_get_double
av_opt_get_image_size
av_opt_get_int
av_opt_get_key_value
av_opt_get_pixel_fmt
av_opt_get_q
av_opt_get_sample_fmt
av_opt_get_video_rate
av_opt_is_set_to_default
av_opt_is_set_to_default_by_name
av_opt_next
av_opt_ptr
av_opt_query_ranges
av_opt_query_ranges_default
av_opt_serialize
av_opt_set
av_opt_set_bin
av_opt_set_channel_layout
av_opt_set_defaults
av_opt_set_defaults2
av_opt_set_dict
av_opt_set_dict2
av_opt_set_dict_val
av_opt_set_double
av_opt_set_from_string
av_opt_set_image_size
av_opt_set_int
av_opt_set_pixel_fmt
av_opt_set_q
av_opt_set_sample_fmt
av_opt_set_video_rate
av_opt_show2
av_parse_color
av_parse_cpu_caps
av_parse_cpu_flags
av_parse_ratio
av_parse_time
av_parse_video_rate
av_parse_video_size
av_pix_fmt_count_planes
av_pix_fmt_desc_get
av_pix_fmt_desc_get_id
av_pix_fmt_desc_next
av_pix_fmt_get_chroma_sub_sample
av_pix_fmt_swap_endianness
av_pixelutils_get_sad_fn
av_q2intfloat
av_rc4_alloc
av_rc4_crypt
av_rc4_init
av_read_image_line
av_realloc
av_realloc_array
av_realloc_f
av_reallocp
av_reallocp_array
av_reduce
av_rescale
av_rescale_delta
av_rescale_q
av_rescale_q_rnd
av_rescale_rnd
av_ripemd_alloc
av_ripemd_final
av_ripemd_init
av_ripemd_size
av_ripemd_update
av_sample_fmt_is_planar
av_samples_alloc
av_samples_alloc_array_and_samples
av_samples_copy
av_samples_fill_arrays
av_samples_get_buffer_size
av_samples_set_silence
av_set_cpu_flags_mask
av_set_options_string
av_sha512_alloc
av_sha512_final
av_sha512_init
av_sha512_size
av_sha512_update
av_sha_alloc
av_sha_final
av_sha_init
av_sha_size
av_sha_update
av_shr_i
av_small_strptime
av_spherical_alloc
av_spherical_from_name
av_spherical_projection_name
av_spherical_tile_bounds
av_stereo3d_alloc
av_stereo3d_create_side_data
av_stereo3d_from_name
av_stereo3d_type_name
av_strcasecmp
av_strdup
av_strerror
av_strireplace
av_stristart
av_stristr
av_strlcat
av_strlcatf
av_strlcpy
av_strncasecmp
av_strndup
av_strnstr
av_strstart
av_strtod
av_strtok
av_sub_i
av_sub_q
av_tea_alloc
av_tea_crypt
av_tea_init
av_tea_size
av_tempfile
av_thread_message_flush
av_thread_message_queue_alloc
av_thread_message_queue_free
av_thread_message_queue_recv
av_thread_message_queue_send
av_thread_message_queue_set_err_recv
av_thread_message_queue_set_err_send
av_thread_message_queue_set_free_func
av_timecode_adjust_ntsc_framenum2
av_timecode_check_frame_rate
av_timecode_get_smpte_from_framenum
av_timecode_init
av_timecode_init_from_string
av_timecode_make_mpeg_tc_string
av_timecode_make_smpte_tc_string
av_timecode_make_string
av_timegm
av_tree_destroy
av_tree_enumerate
av_tree_find
av_tree_insert
av_tree_node_alloc
av_tree_node_size
av_twofish_alloc
av_twofish_crypt
av_twofish_init
av_twofish_size
av_usleep
av_utf8_decode
av_util_ffversion
av_vbprintf
av_version_info
av_vlog
av_write_image_line
av_xtea_alloc
av_xtea_crypt
av_xtea_init
av_xtea_le_crypt
av_xtea_le_init
avpriv_alloc_fixed_dsp
avpriv_cga_font
avpriv_dict_set_timestamp
avpriv_emms_asm
avpriv_float_dsp_alloc
avpriv_frame_get_metadatap
avpriv_get_gamma_from_trc
avpriv_get_trc_function_from_trc

Sections

.text
Size: 990KB - Virtual size: 990KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 512B - Virtual size: 294B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 337B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/x64/decode.dat
.exe windows x64

8abca33b94b5c1c582d11da1d5f12ce0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oleaut32

SysFreeString

user32

MessageBoxA
CharNextW

kernel32

Sleep
VirtualFree
VirtualAlloc
HeapFree
HeapAlloc
GetProcessHeap
VirtualQuery
GetSystemInfo
GetVersion
CompareStringW
SetThreadLocale
WideCharToMultiByte
MultiByteToWideChar
GetACP
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetCommandLineW
FreeLibrary
UnhandledExceptionFilter
RtlUnwindEx
RtlUnwind
RaiseException
ExitProcess
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSection
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
lstrcpyW
WideCharToMultiByte
WaitForSingleObject
VirtualFree
VirtualAlloc
SetEvent
SetCurrentDirectoryW
ResetEvent
MultiByteToWideChar
LoadLibraryA
LoadLibraryW
GetVersionExW
GetStartupInfoW
GetProcAddress
GetLastError
GetCommandLineW
GetACP
FreeLibrary
GetCPInfoExW

Exports

Exports

GetMaxCharSize
GetTerminatorSize
MultiByteToWideCharEx
Terminate
WideCharToMultiByteEx

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 20KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 404B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/x64/hash2.dll
.dll windows x64

65a07e83ad2d464605bbfa043427c1b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
EncodePointer
FlsGetValue
FlsFree
SetLastError
GetLastError
FlsAlloc
HeapFree
Sleep
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
LoadLibraryW
WriteFile
GetModuleFileNameW
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapSize

Sections

.text
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/x64/hlib.dll
.dll windows x64

39c61cd746b1e4a4e3e6d16989e535e0

Code Sign

10:35:e8:c6:a9:d3:e3:c4:6f:c1:1a:5a:d7:d2:86:01
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/10/2018, 00:00

Not After

08/10/2021, 23:59

Subject

CN=Ursa Minor Ltd.,O=Ursa Minor Ltd.,POSTALCODE=11602,STREET=24 Dr Joseph Riviere,L=Port Louis,ST=Port Louis,C=MU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a7:60:82:4f:c1:8c:2a:d8:cf:dc:d6:8c:c8:33:ce:2b:77:7e:52:f5:c4:93:ef:d3:45:23:e9:aa:07:f1:82:73
Signer

Actual PE Digest

a7:60:82:4f:c1:8c:2a:d8:cf:dc:d6:8c:c8:33:ce:2b:77:7e:52:f5:c4:93:ef:d3:45:23:e9:aa:07:f1:82:73

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Ursa Minor Ltd.,O=Ursa Minor Ltd.,POSTALCODE=11602,STREET=24 Dr Joseph Riviere,L=Port Louis,ST=Port Louis,C=MU

23/09/2022, 10:49
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ole32

CoTaskMemFree

kernel32

GetProcAddress
FreeLibrary
SetDllDirectoryW
LoadLibraryExW
TryEnterCriticalSection
SetUnhandledExceptionFilter
ReadFile
FindFirstFileW
GetFileSizeEx
SetLastError
FindNextFileW
GetModuleHandleExW
GetDiskFreeSpaceW
SetFileTime
SetFilePointer
SetEndOfFile
FindClose
GetFileAttributesW
SetFileAttributesW
GetFileAttributesA
CreateFileA
FileTimeToSystemTime
DeleteFileW
MoveFileExW
GetFullPathNameW
WriteFile
GetDiskFreeSpaceA
FlushFileBuffers
TlsGetValue
GetEnvironmentVariableW
GetTimeZoneInformation
GlobalMemoryStatusEx
SetEnvironmentVariableW
InitializeCriticalSectionEx
GetVersionExW
GetSystemDirectoryW
MultiByteToWideChar
RaiseException
GetSystemInfo
LoadLibraryW
GetModuleHandleW
GetLocaleInfoW
GetStartupInfoW
GetModuleHandleA
HeapFree
TerminateProcess
HeapAlloc
GetProcessHeap
SetWaitableTimer
TlsSetValue
GetQueuedCompletionStatus
CreateEventA
ReleaseSemaphore
WaitForMultipleObjectsEx
WaitForSingleObjectEx
CreateSemaphoreA
InitializeCriticalSectionAndSpinCount
CreateEventW
VerSetConditionMask
VerifyVersionInfoW
CreateIoCompletionPort
SystemTimeToFileTime
GetDateFormatW
ResumeThread
GetStringTypeExW
LCMapStringW
GetUserDefaultLCID
QueryPerformanceCounter
QueryPerformanceFrequency
ResetEvent
OpenEventA
CreateWaitableTimerA
SetErrorMode
GetModuleFileNameW
DecodePointer
LoadLibraryA
GetStringTypeW
EncodePointer
LCMapStringEx
GetCPInfo
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetSystemTimeAsFileTime
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
RtlPcToFileHeader
GetFileType
ExitThread
FindFirstFileExW
GetCurrentProcessId
GetCurrentProcess
OpenProcess
GetCurrentThreadId
CreateFileW
RtlCaptureContext
CreateThread
OutputDebugStringW
Sleep
InitializeCriticalSection
VirtualAlloc
VirtualFree
FormatMessageA
TlsFree
WideCharToMultiByte
DeleteCriticalSection
LocalFree
QueueUserAPC
CloseHandle
TlsAlloc
TerminateThread
SetEvent
GetLastError
FormatMessageW
PostQueuedCompletionStatus
WaitForSingleObject
LeaveCriticalSection
WaitForMultipleObjects
EnterCriticalSection
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
FreeLibraryAndExitThread
ExitProcess
GetStdHandle
WriteConsoleW
HeapReAlloc
GetTimeFormatW
CompareStringW
IsValidLocale
EnumSystemLocalesW
SetStdHandle
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP

user32

CharUpperBuffW
CharLowerBuffW
IsWindow
IsWindowVisible
GetWindowThreadProcessId
GetSystemMetrics
GetClassNameW
EnumChildWindows
SendMessageTimeoutW
PostMessageW
LoadStringW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW

ws2_32

WSAStartup
WSACleanup

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

gdiplus

GdipDrawImageRectRectI
GdiplusStartup
GdipGetImageHeight
GdipCloneImage
GdipBitmapUnlockBits
GdipAlloc
GdipDeleteGraphics
GdipGetImagePixelFormat
GdipFree
GdipBitmapLockBits
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipCreateBitmapFromScan0
GdipSetImageAttributesWrapMode
GdipCreateImageAttributes
GdipSetInterpolationMode
GdipDisposeImageAttributes
GdipCreateBitmapFromStream
GdipDisposeImage

psapi

GetProcessMemoryInfo

shlwapi

PathAppendW

Exports

Exports

CTHFreeBuffer
CTHHeicFileToJpegFile
CTHHeicFileToJpegFileW
CTHHeicToJpeg
CTHInitInt
CTHLGetVersion
CTHSetLogCallback

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/x64/sqlite3.dll
.dll windows x64

86407fa80eeaaabce41f53dc0aee34db

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FlushViewOfFile
GetProcessHeap
OutputDebugStringW
OutputDebugStringA
WaitForSingleObjectEx
WaitForSingleObject
WriteFile
WideCharToMultiByte
UnmapViewOfFile
UnlockFileEx
UnlockFile
SystemTimeToFileTime
Sleep
SetFilePointer
SetEndOfFile
ReadFile
QueryPerformanceCounter
MultiByteToWideChar
MapViewOfFile
LockFileEx
LockFile
LocalFree
LoadLibraryW
LoadLibraryA
HeapCompact
HeapValidate
HeapSize
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GetVersionExW
GetVersionExA
GetTickCount
GetTempPathW
GetTempPathA
GetSystemTimeAsFileTime
GetSystemTime
GetSystemInfo
GetProcAddress
GetLastError
GetFullPathNameW
GetFullPathNameA
GetFileSize
GetFileAttributesExW
GetFileAttributesW
GetFileAttributesA
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetCurrentProcessId
FreeLibrary
FormatMessageW
FormatMessageA
FlushFileBuffers
DeleteFileW
DeleteFileA
CreateMutexW
CreateFileMappingW
CreateFileMappingA
CreateFileW
CreateFileA
CloseHandle
AreFileApisANSI
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
ExitThread
CreateThread
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTimeZoneInformation
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameA
HeapSetInformation
EncodePointer
DecodePointer
TlsAlloc
FlsGetValue
FlsFree
SetLastError
GetCurrentThread
FlsAlloc
RtlUnwindEx
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
FatalAppExitA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetDateFormatA
GetTimeFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
RaiseException
CompareStringA
CompareStringW
SetEnvironmentVariableA

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_blob64
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_text64
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_bind_zeroblob64
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_cancel_auto_extension
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_close_v2
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_data_directory
sqlite3_db_cacheflush
sqlite3_db_config
sqlite3_db_filename
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_readonly
sqlite3_db_release_memory
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_errstr
sqlite3_exec
sqlite3_expanded_sql
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_fts5_may_be_corrupt
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_malloc64
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_msize
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_realloc64
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_blob64
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_subtype
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_text64
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_result_zeroblob64
sqlite3_rollback_hook
sqlite3_rtree_geometry_callback
sqlite3_rtree_query_callback
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_status64
sqlite3_step
sqlite3_stmt_busy
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_strglob
sqlite3_stricmp
sqlite3_strlike
sqlite3_strnicmp
sqlite3_system_errno
sqlite3_table_column_metadata
sqlite3_temp_directory
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_trace_v2
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_uri_boolean
sqlite3_uri_int64
sqlite3_uri_parameter
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_dup
sqlite3_value_free
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_subtype
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vtab_config
sqlite3_vtab_on_conflict
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_is_nt
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_mbcs_to_utf8_v2
sqlite3_win32_set_directory
sqlite3_win32_sleep
sqlite3_win32_unicode_to_utf8
sqlite3_win32_utf8_to_mbcs
sqlite3_win32_utf8_to_mbcs_v2
sqlite3_win32_utf8_to_unicode
sqlite3_win32_write_debug

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/x64/swresample-2.dll
.dll windows x64

340aa5f05eb5bb76291b36f57812ca3c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

avutil-55

av_freep
av_frame_get_buffer
av_get_default_channel_layout
av_opt_set_int
av_sample_fmt_is_planar
av_get_sample_fmt_name
av_rescale_rnd
av_rescale
av_reduce
av_get_cpu_flags
av_calloc
av_get_channel_name
av_channel_layout_extract_channel
av_get_channel_layout_nb_channels
av_get_channel_layout_string
av_opt_set_defaults
av_free
av_malloc
av_get_bytes_per_sample
av_get_planar_sample_fmt
av_get_packed_sample_fmt
av_log
av_mallocz

kernel32

FreeLibrary
WriteConsoleW
CloseHandle
CreateFileW
OutputDebugStringW
ReadConsoleW
ReadFile
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
GetStdHandle
GetProcessHeap
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
LCMapStringW
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlUnwind
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
SetConsoleCtrlHandler
GetCurrentThread
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetDateFormatW
GetTimeFormatW
CompareStringW

Exports

Exports

swr_alloc
swr_alloc_set_opts
swr_build_matrix
swr_close
swr_config_frame
swr_convert
swr_convert_frame
swr_drop_output
swr_ffversion
swr_free
swr_get_class
swr_get_delay
swr_get_out_samples
swr_init
swr_inject_silence
swr_is_initialized
swr_next_pts
swr_set_channel_mapping
swr_set_compensation
swr_set_matrix
swresample_configuration
swresample_license
swresample_version

Sections

.text
Size: 550KB - Virtual size: 550KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 337B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/x64/swscale-4.dll
.dll windows x64

ee4bfa6f5274c4a1c0cf6e5212b91967

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

avutil-55

av_pix_fmt_desc_get
av_opt_get_int
av_opt_set_int
av_opt_set_defaults
av_image_alloc
av_pix_fmt_swap_endianness
av_pix_fmt_get_chroma_sub_sample
av_get_bits_per_pixel
av_get_pix_fmt_name
avpriv_emms_asm
av_get_cpu_flags
av_free
av_freep
av_mallocz
av_malloc
av_log

kernel32

RaiseException
WriteConsoleW
CloseHandle
CreateFileW
OutputDebugStringW
ReadConsoleW
ReadFile
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetFileType
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RtlUnwind
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
SetConsoleCtrlHandler
GetCurrentThread
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap
GetStdHandle

Exports

Exports

sws_addVec
sws_allocVec
sws_alloc_context
sws_alloc_set_opts
sws_cloneVec
sws_convVec
sws_convertPalette8ToPacked24
sws_convertPalette8ToPacked32
sws_freeContext
sws_freeFilter
sws_freeVec
sws_getCachedContext
sws_getCoefficients
sws_getColorspaceDetails
sws_getConstVec
sws_getContext
sws_getDefaultFilter
sws_getGaussianVec
sws_getIdentityVec
sws_get_class
sws_init_context
sws_isSupportedEndiannessConversion
sws_isSupportedInput
sws_isSupportedOutput
sws_normalizeVec
sws_printVec2
sws_scale
sws_scaleVec
sws_setColorspaceDetails
sws_shiftVec
sws_subVec
swscale_configuration
swscale_license
swscale_version

Sections

.text
Size: 984KB - Virtual size: 983KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 337B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 562B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/x64/zip.dll
.dll windows x64

59979c170b0c96cc7d2281c2f7b47f52

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetTickCount
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameW
FreeLibrary
LoadLibraryExW
CreateDirectoryW
SetLastError
GetTempPathW
CreateFileW
SetFileAttributesW
DeleteFileW
CloseHandle
GetProcAddress
GetModuleHandleW
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
GetModuleHandleA
ReadFile
QueryPerformanceCounter
GetFileSize
GetCurrentProcess
GetProcessAffinityMask
GetSystemInfo
GlobalMemoryStatusEx
GetSystemTimeAsFileTime
DosDateTimeToFileTime
FileTimeToDosDateTime
CreateFileA
VirtualFree
VirtualAlloc
ReleaseSemaphore
InitializeCriticalSection
WaitForSingleObject
CreateEventW
SetEvent
ResetEvent
CreateSemaphoreW
GetFileTime
GetFileSizeEx
SetFilePointerEx
FormatMessageW
WriteConsoleW
HeapSize
ReadConsoleW
GetCurrentProcessId
GetCurrentThreadId
GetLastError
FileTimeToLocalFileTime
DeleteCriticalSection
LocalFileTimeToFileTime
LeaveCriticalSection
EnterCriticalSection
WaitForMultipleObjects
WriteFile
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetStringTypeW
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LCMapStringW
GetLocaleInfoW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
HeapReAlloc
HeapFree
HeapAlloc
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode
FindFirstFileExW
IsValidCodePage
GetACP
RtlUnwind

user32

CharPrevExA
CharUpperW

advapi32

SystemFunction036

oleaut32

VariantClear
VariantCopy
SysAllocString
SysFreeString
SysAllocStringLen

Exports

Exports

aaAddError
aaAddFile
aaAddStackTrace
aaClearError
aaCloseArchive
aaCreateArchiveFile
aaDetermineArchiveType
aaExtract
aaExtractAll
aaExtractMultiple
aaGetError
aaGetFileCount
aaGetFileInfo
aaGetOwner
aaGetProperty
aaOpenArchive
aaOpenArchiveFile
aaSetOwner

Sections

.text
Size: 652KB - Virtual size: 652KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/x64/zlib1.dll
.dll windows x64

d049ce821cc525c2e44f2c025b76a32c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetLastError
SetFilePointer
CloseHandle
GetFileType
CreateFileW
HeapFree
HeapAlloc
WideCharToMultiByte
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
DeleteCriticalSection
SetStdHandle
EnterCriticalSection
LeaveCriticalSection
RtlUnwindEx
EncodePointer
DecodePointer
WriteFile
GetConsoleCP
GetConsoleMode
SetEndOfFile
GetProcessHeap
MultiByteToWideChar
ReadFile
GetProcAddress
GetModuleHandleW
ExitProcess
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
GetModuleFileNameW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
SetLastError
FlsAlloc
Sleep
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteConsoleW
LoadLibraryW
LCMapStringW
GetStringTypeW
HeapReAlloc
HeapSize
FlushFileBuffers
CreateFileA

Exports

Exports

adler32
adler32_combine
adler32_combine64
adler32_z
compress
compress2
compressBound
crc32
crc32_combine
crc32_combine64
crc32_z
deflate
deflateBound
deflateCopy
deflateEnd
deflateGetDictionary
deflateInit2_
deflateInit_
deflateParams
deflatePending
deflatePrime
deflateReset
deflateResetKeep
deflateSetDictionary
deflateSetHeader
deflateTune
get_crc_table
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzfread
gzfwrite
gzgetc
gzgetc_
gzgets
gzoffset
gzoffset64
gzopen
gzopen64
gzopen_w
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzseek64
gzsetparams
gztell
gztell64
gzungetc
gzvprintf
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCodesUsed
inflateCopy
inflateEnd
inflateGetDictionary
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
inflateValidate
uncompress
uncompress2
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/xwforensics.exe
.exe windows x86

Code Sign

1b:e7:15
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

01/01/2014, 07:00

Not After

30/05/2031, 07:00

Subject

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ee:9d:54:af:0b:b0:ed:94
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

14/05/2020, 19:28

Not After

14/05/2023, 19:28

Subject

CN=X-Ways Software Technology Aktiengesellschaft,O=X-Ways Software Technology Aktiengesellschaft,L=Bünde,ST=Nordrhein-Westfalen,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

fc:68:5c:6e:37:09:06:32:2e:11:3f:6d:f7:94:12:40:ad:99:06:2e:f6:83:97:17:b5:e8:75:59:cf:4f:38:bc
Signer

Actual PE Digest

fc:68:5c:6e:37:09:06:32:2e:11:3f:6d:f7:94:12:40:ad:99:06:2e:f6:83:97:17:b5:e8:75:59:cf:4f:38:bc

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=X-Ways Software Technology Aktiengesellschaft,O=X-Ways Software Technology Aktiengesellschaft,L=Bünde,ST=Nordrhein-Westfalen,C=DE

23/09/2022, 10:49
Valid: true

Chain 1

CN=X-Ways Software Technology Aktiengesellschaft,O=X-Ways Software Technology Aktiengesellschaft,L=Bünde,ST=Nordrhein-Westfalen,C=DE

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Chain 2

CN=X-Ways Software Technology Aktiengesellschaft,O=X-Ways Software Technology Aktiengesellschaft,L=Bünde,ST=Nordrhein-Westfalen,C=DE

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetMaxCharSize
GetTerminatorSize
MultiByteToWideCharEx
Terminate
WideCharToMultiByteEx
XWF_AddComment
XWF_AddEvent
XWF_AddExtractedMetadata
XWF_AddSearchTerm
XWF_AddToReportTable
XWF_Close
XWF_CloseContainer
XWF_CloseEvObj
XWF_CopyToContainer
XWF_CreateContainer
XWF_CreateEvObj
XWF_CreateFile
XWF_CreateItem
XWF_FindItem1
XWF_GetBlock
XWF_GetCaseProp
XWF_GetCellText
XWF_GetColumnTitle
XWF_GetComment
XWF_GetEvObj
XWF_GetEvObjProp
XWF_GetEvObjReportTableAssocs
XWF_GetEvent
XWF_GetExtractedMetadata
XWF_GetFileCount
XWF_GetFirstEvObj
XWF_GetHashSetAssocs
XWF_GetHashValue
XWF_GetItemCount
XWF_GetItemInformation
XWF_GetItemName
XWF_GetItemOfs
XWF_GetItemParent
XWF_GetItemSize
XWF_GetItemType
XWF_GetMetadata
XWF_GetMetadataEx
XWF_GetNextEvObj
XWF_GetProp
XWF_GetRasterImage
XWF_GetReportTableAssocs
XWF_GetReportTableInfo
XWF_GetSearchTerm
XWF_GetSectorContents
XWF_GetSize
XWF_GetText
XWF_GetUserInput
XWF_GetVSProp
XWF_GetVolumeInformation
XWF_GetVolumeName
XWF_GetWindow
XWF_HideProgress
XWF_ManageSearchTerm
XWF_OpenEvObj
XWF_OpenItem
XWF_OutputMessage
XWF_PrepareTextAccess
XWF_Read
XWF_ReleaseMem
XWF_Search
XWF_SectorIO
XWF_SelectVolumeSnapshot
XWF_SetBlock
XWF_SetHashValue
XWF_SetItemInformation
XWF_SetItemOfs
XWF_SetItemParent
XWF_SetItemSize
XWF_SetItemType
XWF_SetProgressDescription
XWF_SetProgressPercentage
XWF_ShouldStop
XWF_ShowProgress

Sections

CODE
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 149KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 388B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 515KB - Virtual size: 515KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/xwforensics64.exe
.exe windows x64

a06a6d75a4571f54cdf56992e4301b0b

Code Sign

1b:e7:15
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

01/01/2014, 07:00

Not After

30/05/2031, 07:00

Subject

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ee:9d:54:af:0b:b0:ed:94
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

14/05/2020, 19:28

Not After

14/05/2023, 19:28

Subject

CN=X-Ways Software Technology Aktiengesellschaft,O=X-Ways Software Technology Aktiengesellschaft,L=Bünde,ST=Nordrhein-Westfalen,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a9:06:57:36:dc:82:79:3a:42:60:f7:31:7c:69:92:42:ba:f3:05:4f:a1:2b:5c:08:23:b5:a9:aa:30:4f:9e:48
Signer

Actual PE Digest

a9:06:57:36:dc:82:79:3a:42:60:f7:31:7c:69:92:42:ba:f3:05:4f:a1:2b:5c:08:23:b5:a9:aa:30:4f:9e:48

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=X-Ways Software Technology Aktiengesellschaft,O=X-Ways Software Technology Aktiengesellschaft,L=Bünde,ST=Nordrhein-Westfalen,C=DE

23/09/2022, 10:49
Valid: true

Chain 1

CN=X-Ways Software Technology Aktiengesellschaft,O=X-Ways Software Technology Aktiengesellschaft,L=Bünde,ST=Nordrhein-Westfalen,C=DE

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Chain 2

CN=X-Ways Software Technology Aktiengesellschaft,O=X-Ways Software Technology Aktiengesellschaft,L=Bünde,ST=Nordrhein-Westfalen,C=DE

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorDacl
SetFileSecurityW
RegSetValueExA
RegSetValueExW
RegSetValueA
RegSetValueW
RegQueryValueExA
RegQueryValueExW
RegQueryValueW
RegOpenKeyA
RegDeleteValueW
RegDeleteKeyA
RegDeleteKeyW
RegCreateKeyA
RegCreateKeyW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
LookupAccountNameW
IsTextUnicode
InitializeSecurityDescriptor
GetUserNameW
GetCurrentHwProfileA
AdjustTokenPrivileges

user32

MessageBoxA
CharNextW
LoadStringW
SetWindowLongPtrA
SetWindowLongPtrW
GetWindowLongPtrW
CreateWindowExA
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateWindow
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TranslateAcceleratorA
TrackPopupMenu
SystemParametersInfoA
SystemParametersInfoW
SwitchDesktop
AnimateWindow
ShowWindow
ShowScrollBar
ShowCaret
SetWindowsHookExA
SetWindowTextA
SetWindowTextW
SetWindowPos
SetTimer
SetScrollInfo
SetParent
SetMenuItemInfoW
SetMenuItemBitmaps
SetMenuDefaultItem
SetMenu
SetKeyboardState
SetForegroundWindow
SetFocus
SetDlgItemTextA
SetDlgItemTextW
SetCursorPos
SetCursor
SetClipboardData
SetCaretPos
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
SendInput
SendDlgItemMessageA
SendDlgItemMessageW
ScrollWindow
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RegisterClassW
RedrawWindow
PtInRect
PostQuitMessage
PostMessageW
PeekMessageW
OpenDesktopW
OpenClipboard
OffsetRect
OemToCharBuffA
OemToCharA
MoveWindow
ModifyMenuA
ModifyMenuW
MessageBoxA
MessageBoxW
MessageBeep
MapWindowPoints
LoadMenuA
LoadImageA
LoadIconA
LoadCursorA
LoadCursorW
LoadBitmapA
LoadAcceleratorsA
KillTimer
IsZoomed
IsWindowVisible
IsWindowEnabled
IsWindow
IsIconic
IsDlgButtonChecked
IsDialogMessageW
IsClipboardFormatAvailable
InvertRect
InvalidateRect
IntersectRect
InsertMenuA
InsertMenuW
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextLengthW
GetWindowTextA
GetWindowTextW
GetWindowRect
GetWindowInfo
GetWindowDC
GetSystemMetrics
GetSystemMenu
GetSysColor
GetSubMenu
GetScrollPos
GetScrollInfo
GetParent
GetWindow
GetNextDlgTabItem
GetMessageW
GetMenuStringA
GetMenuStringW
GetMenuState
GetMenuItemID
GetMenuItemCount
GetKeyboardState
GetKeyState
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgItemTextA
GetDlgItemTextW
GetDlgItemInt
GetDlgItem
GetDlgCtrlID
GetDC
GetCursorPos
GetCursor
GetClipboardOwner
GetClipboardFormatNameW
GetClipboardData
GetClientRect
GetClassNameA
GetClassNameW
GetClassInfoW
GetCapture
GetAsyncKeyState
GetActiveWindow
FindWindowExA
FindWindowA
FindWindowW
FillRect
ExitWindowsEx
EnumClipboardFormats
EnumChildWindows
EndPaint
EndDialog
EnableWindow
EnableMenuItem
EmptyClipboard
DrawTextA
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DispatchMessageW
DialogBoxParamW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCaret
DeleteMenu
DefWindowProcA
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateMDIWindowW
CreateCaret
CountClipboardFormats
CopyImage
CloseClipboard
CheckRadioButton
CheckMenuRadioItem
CheckMenuItem
CheckDlgButton
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcA
CallWindowProcW
CallNextHookEx
BringWindowToTop
BeginPaint
AppendMenuA
AppendMenuW
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharUpperA
CharToOemBuffA
CharToOemA
PrintWindow
GetMonitorInfoA
MonitorFromWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
HeapFree
HeapAlloc
GetProcessHeap
lstrlenW
lstrcpynW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsDBCSLeadByteEx
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetConsoleOutputCP
GetConsoleCP
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwindEx
RtlUnwind
RaiseException
ExitProcess
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
CreateDirectoryW
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
GetFileType
GetFileSize
DeleteFileW
CreateFileW
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
lstrlenW
lstrcpynA
lstrcpynW
lstrcpyA
lstrcpyW
lstrcmpiA
lstrcmpW
lstrcatW
WriteProcessMemory
WriteFile
WinExec
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjects
VirtualQueryEx
VirtualQuery
VirtualProtectEx
VirtualProtect
VirtualFreeEx
VirtualFree
VirtualAllocEx
VirtualAlloc
UnlockFile
TryEnterCriticalSection
TerminateThread
TerminateProcess
SystemTimeToFileTime
SuspendThread
Sleep
SetUnhandledExceptionFilter
SetThreadPriority
SetThreadContext
SetPriorityClass
SetLastError
SetHandleInformation
SetFileTime
SetFilePointer
SetFileAttributesA
SetFileAttributesW
SetEvent
SetEndOfFile
SetCurrentDirectoryW
ResumeThread
ResetEvent
RemoveDirectoryW
ReleaseMutex
ReadProcessMemory
ReadFile
QueryPerformanceFrequency
QueryPerformanceCounter
QueryDosDeviceW
PeekNamedPipe
OpenProcess
MultiByteToWideChar
MulDiv
MoveFileA
MoveFileW
LockResource
LockFile
LocalUnlock
LocalLock
LocalFree
LocalFileTimeToFileTime
LocalAlloc
LoadResource
LoadLibraryExA
LoadLibraryExW
LoadLibraryA
LoadLibraryW
LeaveCriticalSection
IsBadWritePtr
IsBadReadPtr
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalMemoryStatus
GlobalLock
GlobalFree
GlobalAlloc
GetWindowsDirectoryA
GetWindowsDirectoryW
GetVolumeInformationA
GetVolumeInformationW
GetVersionExW
GetTimeZoneInformation
GetTickCount
GetThreadTimes
GetThreadLocale
GetThreadContext
GetTempPathW
GetTempFileNameW
GetSystemTimeAsFileTime
GetSystemTime
GetSystemPowerStatus
GetSystemInfo
GetStdHandle
GetShortPathNameA
GetProcessVersion
GetProcessTimes
GetProcAddress
GetModuleHandleA
GetModuleHandleW
GetModuleFileNameA
GetModuleFileNameW
GetLocaleInfoA
GetLocalTime
GetLastError
GetHandleInformation
GetFileTime
GetFileSize
GetFileInformationByHandle
GetFileAttributesA
GetFileAttributesW
GetExitCodeProcess
GetEnvironmentVariableW
GetDriveTypeA
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCommandLineW
GetACP
FreeLibrary
FormatMessageA
FormatMessageW
FoldStringW
FlushInstructionCache
FlushFileBuffers
FindResourceA
FindNextFileA
FindNextFileW
FindFirstFileA
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumSystemCodePagesA
EnterCriticalSection
DuplicateHandle
DosDateTimeToFileTime
DeviceIoControl
DeleteFileA
DeleteFileW
DeleteCriticalSection
CreateThread
CreateProcessA
CreateProcessW
CreatePipe
CreateMutexA
CreateHardLinkW
CreateFileA
CreateFileW
CreateEventA
CreateEventW
CreateDirectoryW
CopyFileW
CompareStringW
CloseHandle
Beep
GetLongPathNameA
GetLongPathNameW
GlobalMemoryStatusEx
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
GetCPInfoExW
GetCPInfoExA
RtlCaptureStackBackTrace
GetDiskFreeSpaceExW
GetProcAddress
GetComputerNameExW
SetFilePointerEx
GetVolumePathNamesForVolumeNameW
OpenThread
GetFileSizeEx
FreeUserPhysicalPages
AllocateUserPhysicalPages

gdi32

TextOutA
TextOutW
StretchDIBits
StretchBlt
StartPage
StartDocA
StartDocW
SetWorldTransform
SetTextColor
SetTextAlign
SetStretchBltMode
SetPixelV
SetPixel
SetMapMode
SetGraphicsMode
SetDIBits
SetBkMode
SetBkColor
SelectObject
SelectClipRgn
ResetDCA
Rectangle
PtInRegion
Polygon
MoveToEx
ModifyWorldTransform
LineTo
GetTextMetricsA
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextColor
GetStockObject
GetPixel
GetObjectA
GetObjectW
GetDeviceCaps
GetDIBits
GetCharABCWidthsFloatW
GetBkColor
GetBitmapBits
ExtTextOutA
ExtTextOutW
ExtFloodFill
EndPage
EndDoc
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePen
CreateFontIndirectA
CreateFontIndirectW
CreateFontA
CreateFontW
CreateDIBitmap
CreateDIBSection
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
AbortDoc

version

VerQueryValueA

shell32

SHGetFileInfoA
SHGetFileInfoW
ShellExecuteA
ShellExecuteW
ExtractIconW
ExtractAssociatedIconW
DragQueryPoint
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW

winspool.drv

GetDefaultPrinterA
OpenPrinterA
EnumPrintersA
DocumentPropertiesA
ClosePrinter

powrprof

SetSuspendState

comctl32

ImageList_GetIconSize
ImageList_Draw
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_Destroy
ImageList_Create

setupapi

SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsW

winmm

PlaySoundA

comdlg32

CommDlgExtendedError
ChooseFontA
ChooseColorA
GetSaveFileNameW
GetOpenFileNameW

winhttp

WinHttpSetOption
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpReadData
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpOpenRequest
WinHttpOpen
WinHttpConnect
WinHttpCloseHandle

Exports

Exports

GetMaxCharSize
GetTerminatorSize
MultiByteToWideCharEx
Terminate
WideCharToMultiByteEx
XWF_AddComment
XWF_AddEvent
XWF_AddExtractedMetadata
XWF_AddSearchTerm
XWF_AddToReportTable
XWF_Close
XWF_CloseContainer
XWF_CloseEvObj
XWF_CopyToContainer
XWF_CreateContainer
XWF_CreateEvObj
XWF_CreateFile
XWF_CreateItem
XWF_FindItem1
XWF_GetBlock
XWF_GetCaseProp
XWF_GetCellText
XWF_GetColumnTitle
XWF_GetComment
XWF_GetEvObj
XWF_GetEvObjProp
XWF_GetEvObjReportTableAssocs
XWF_GetEvent
XWF_GetExtractedMetadata
XWF_GetFileCount
XWF_GetFirstEvObj
XWF_GetHashSetAssocs
XWF_GetHashValue
XWF_GetItemCount
XWF_GetItemInformation
XWF_GetItemName
XWF_GetItemOfs
XWF_GetItemParent
XWF_GetItemSize
XWF_GetItemType
XWF_GetMetadata
XWF_GetMetadataEx
XWF_GetNextEvObj
XWF_GetProp
XWF_GetRasterImage
XWF_GetReportTableAssocs
XWF_GetReportTableInfo
XWF_GetSearchTerm
XWF_GetSectorContents
XWF_GetSize
XWF_GetText
XWF_GetUserInput
XWF_GetVSProp
XWF_GetVolumeInformation
XWF_GetVolumeName
XWF_GetWindow
XWF_HideProgress
XWF_ManageSearchTerm
XWF_OpenEvObj
XWF_OpenItem
XWF_OutputMessage
XWF_PrepareTextAccess
XWF_Read
XWF_ReleaseMem
XWF_Search
XWF_SectorIO
XWF_SelectVolumeSnapshot
XWF_SetBlock
XWF_SetHashValue
XWF_SetItemInformation
XWF_SetItemOfs
XWF_SetItemParent
XWF_SetItemSize
XWF_SetItemType
XWF_SetProgressDescription
XWF_SetProgressPercentage
XWF_ShouldStop
XWF_ShowProgress

Sections

.text
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 230KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 168KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 298B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 662KB - Virtual size: 662KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/zip.dll
.dll windows x86

fc10d47308c1744cb7f5c9be878d7ee9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryW
GetProcAddress
GetCurrentProcessId
FreeLibrary
QueryPerformanceCounter
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameW
LoadLibraryExW
CreateDirectoryW
SetLastError
GetTempPathW
CreateFileW
SetFileAttributesW
DeleteFileW
CloseHandle
GetModuleHandleW
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
GetModuleHandleA
GetCurrentThreadId
WriteFile
GetFileSize
GetCurrentProcess
GetProcessAffinityMask
GetSystemInfo
GlobalMemoryStatus
GetSystemTimeAsFileTime
DosDateTimeToFileTime
FileTimeToDosDateTime
CreateFileA
VirtualFree
VirtualAlloc
ReleaseSemaphore
InitializeCriticalSection
WaitForSingleObject
CreateEventW
SetEvent
ResetEvent
CreateSemaphoreW
GetFileTime
GetFileSizeEx
SetFilePointerEx
FormatMessageW
WriteConsoleW
HeapSize
ReadConsoleW
SetStdHandle
GetLastError
FileTimeToLocalFileTime
LocalFileTimeToFileTime
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
WaitForMultipleObjects
GetVersionExW
ReadFile
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
GetStringTypeW
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LCMapStringW
GetLocaleInfoW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
HeapReAlloc
HeapFree
HeapAlloc
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode
FindFirstFileExW
IsValidCodePage

user32

CharPrevExA
CharUpperW

oleaut32

VariantClear
VariantCopy
SysAllocString
SysFreeString
SysAllocStringLen

Exports

Exports

_aaAddError@4
_aaClearError@0
aaAddFile
aaAddStackTrace
aaCloseArchive
aaCreateArchiveFile
aaDetermineArchiveType
aaExtract
aaExtractAll
aaExtractMultiple
aaGetError
aaGetFileCount
aaGetFileInfo
aaGetOwner
aaGetProperty
aaOpenArchive
aaOpenArchiveFile
aaSetOwner

Sections

.text
Size: 581KB - Virtual size: 580KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/zip.exe
.exe windows x86

34129011e47532aa6cf5e6d914bdeabc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

OemToCharA
CharToOemA

advapi32

AdjustTokenPrivileges
GetSecurityDescriptorLength
OpenProcessToken
GetKernelObjectSecurity
LookupPrivilegeValueA

kernel32

RemoveDirectoryA
PeekNamedPipe
DeleteFileA
GetVolumeInformationA
GetVolumeInformationW
GetFileAttributesA
GetFileAttributesW
SetFileAttributesW
SetFileAttributesA
GetFullPathNameA
GetFullPathNameW
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
GetVersion
GetFileType
CloseHandle
GetFileTime
CreateFileA
CreateFileW
ReadFile
SetConsoleMode
GetConsoleMode
WideCharToMultiByte
MultiByteToWideChar
FindFirstFileW
FindNextFileW
FindNextFileA
GetLastError
HeapFree
HeapAlloc
GetProcessHeap
GetCurrentProcess
InitializeCriticalSection
ReleaseMutex
WaitForSingleObject
InterlockedExchange
CreateMutexA
lstrcpynA
GetDriveTypeA
lstrcmpiA
LeaveCriticalSection
EnterCriticalSection
lstrlenA
GetSystemTimeAsFileTime
GetProcAddress
GetModuleHandleA
ExitProcess
CreateProcessA
DuplicateHandle
SetConsoleCtrlHandler
InterlockedIncrement
InterlockedDecrement
GetCPInfo
HeapReAlloc
GetDriveTypeW
MoveFileA
SetStdHandle
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetFileInformationByHandle
SetEnvironmentVariableW
SetFilePointer
GetCommandLineA
GetVersionExA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTimeZoneInformation
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
WriteFile
GetConsoleCP
FlushFileBuffers
Sleep
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
LoadLibraryA
CreatePipe
GetExitCodeProcess
RtlUnwind
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
SetEndOfFile
GetCurrentDirectoryA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA

Sections

.text
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xw_forensics203-SR-4/zip.info
xw_forensics203-SR-4/zlib1.dll
.dll windows x86

66a201125fb55b79ced6d0ecd1985e10

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
Sleep
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

_close
_lseek
_open
_read
_write
__dllonexit
__lc_codepage
__mb_cur_max
_errno
_iob
abort
fflush
fputc
free
fwrite
getenv
localeconv
malloc
memchr
memcpy
sprintf
strcat
strcpy
strerror
strlen
vfprintf
wcslen

Exports

Exports

adler32
adler32_combine
compress
compress2
compressBound
crc32
crc32_combine
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePrime
deflateReset
deflateSetDictionary
deflateSetHeader
deflateTune
get_crc_table
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgets
gzoffset
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzungetc
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
uncompress
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1c33f6bd2d4a469501a16def6d6f82c

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 39KB

.data Size: 1KB - Virtual size: 1KB

.rdata Size: 5KB - Virtual size: 4KB

.eh_fram Size: 3KB - Virtual size: 3KB

.bss Size: - Virtual size: 116B

.edata Size: 512B - Virtual size: 98B

.idata Size: 1024B - Virtual size: 856B

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

.reloc Size: 1KB - Virtual size: 1KB

e160ef8e55bb9d162da4e266afd9eef3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

03:01Certificate

Key Usages

8f:56:90:01:d5:0f:c4:57Certificate

Extended Key Usages

Key Usages

33:00:00:00:37:b9:08:f8:71:ee:b5:e9:94:00:00:00:00:00:37Certificate

Extended Key Usages

Key Usages

64:26:68:01:77:1b:3c:bd:da:ee:1a:b6:4b:b8:03:b9:e0:73:d3:b8Signer

Signature Validations

Verification

21/08/2015, 15:27 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 149KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 4KB - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 266KB - Virtual size: 266KB

DATA Size: 4KB - Virtual size: 3KB

BSS Size: - Virtual size: 18KB

.idata Size: 3KB - Virtual size: 3KB

.tls Size: - Virtual size: 33B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 14KB - Virtual size: 14KB

.rsrc Size: 6KB - Virtual size: 6KB

Headers

File Characteristics

Sections

CODE Size: 236KB - Virtual size: 235KB

DATA Size: 3KB - Virtual size: 3KB

BSS Size: - Virtual size: 18KB

.idata Size: 3KB - Virtual size: 3KB

.text
Size: 40KB - Virtual size: 39KB

.data
Size: 1KB - Virtual size: 1KB

.rdata
Size: 5KB - Virtual size: 4KB

.eh_fram
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 116B

.edata
Size: 512B - Virtual size: 98B

.idata
Size: 1024B - Virtual size: 856B

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.reloc
Size: 1KB - Virtual size: 1KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

03:01
Certificate

8f:56:90:01:d5:0f:c4:57
Certificate

33:00:00:00:37:b9:08:f8:71:ee:b5:e9:94:00:00:00:00:00:37
Certificate

64:26:68:01:77:1b:3c:bd:da:ee:1a:b6:4b:b8:03:b9:e0:73:d3:b8
Signer

21/08/2015, 15:27
Valid: false

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 149KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 4KB - Virtual size: 4KB

CODE
Size: 266KB - Virtual size: 266KB

DATA
Size: 4KB - Virtual size: 3KB

BSS
Size: - Virtual size: 18KB

.idata
Size: 3KB - Virtual size: 3KB

.tls
Size: - Virtual size: 33B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 6KB - Virtual size: 6KB

CODE
Size: 236KB - Virtual size: 235KB

DATA
Size: 3KB - Virtual size: 3KB

BSS
Size: - Virtual size: 18KB

.idata
Size: 3KB - Virtual size: 3KB

.tls
Size: - Virtual size: 33B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 5KB - Virtual size: 5KB

.text
Size: 88KB - Virtual size: 87KB

.rdata
Size: 52KB - Virtual size: 52KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 6KB - Virtual size: 5KB

.text
Size: 47KB - Virtual size: 46KB

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 3KB

1b:e7:15
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

07
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

ee:9d:54:af:0b:b0:ed:94
Certificate

93:63:a3:25:30:68:21:56:43:ea:1b:e4:7b:a4:d8:16:88:2d:79:1e:c3:92:2a:cd:01:ec:4f:7c:e7:78:01:cd
Signer

18/05/2020, 17:10
Valid: true

.text
Size: 224KB - Virtual size: 224KB

.rdata
Size: 72KB - Virtual size: 71KB