c34028cfe72fe4c9eff766698b8f7c61c17d79374af12ba92fdc395fb4389454

Sharing

Copy URL Twitter E-mail

General

Target

c34028cfe72fe4c9eff766698b8f7c61c17d79374af12ba92fdc395fb4389454
Size

7.8MB
MD5

98eb110bbacc8e723731a867cff9b96c
SHA1

5b6e4079df5f79eae1364c1e71e3be95e7badfb9
SHA256

c34028cfe72fe4c9eff766698b8f7c61c17d79374af12ba92fdc395fb4389454
SHA512

e90626b35c8d1c482480781369993ad7b8785afcd878d0ff2ff58a9c6dc19b722d5479776dca8793df83f3302c9c1120ba427f67dea52c0989355200624a3f36
SSDEEP

196608:hxxJ2HmV2+lZMH/fcBZPdrEeTnlvHS744oHGwvRVtS:hxxwHmVNYfSr7nlvywpRvS

Score

N/A

Malware Config

Signatures

Files

c34028cfe72fe4c9eff766698b8f7c61c17d79374af12ba92fdc395fb4389454
.zip
Es8b.inf
EsCore.cab
.cab
ESICM.dll
.dll windows x86

ee4afd18677eae126751854fff9bc9ac

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
FindNextFileA
SetHandleCount
GetModuleFileNameA
FreeEnvironmentStringsA
CloseHandle
RtlUnwind
SetStdHandle
FlushFileBuffers
GetProcAddress
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
FindClose
GetStdHandle
GetFileType
GetStartupInfoA
LoadLibraryA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
SetFilePointer
HeapAlloc
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualAlloc
HeapReAlloc

gdi32

CreateCompatibleDC
GetICMProfileA
DeleteDC

mscms

GetCountColorProfileElements
OpenColorProfileA
GetColorProfileHeader
GetColorProfileElementTag
GetColorProfileElement
SelectCMM
GetColorDirectoryA
TranslateBitmapBits
CreateColorTransformA
DeleteColorTransform
CloseColorProfile

Exports

Exports

FreeTransform
GetICMProfileLocation
GetMatchICMProfileList
GetMatchICMProfileNum
GetScreenProfileName
InitTransform
IsICMProfileAvailable
TransformBits

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ESMPS.dll
.dll windows x86

0747283f093943a28ccc43d50459467c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

TerminateProcess
CreateThread
ExitThread
SetStdHandle
GetFileType
HeapSize
HeapReAlloc
GetACP
GetTimeZoneInformation
GetSystemTime
GetLocalTime
FatalAppExitA
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
IsBadWritePtr
Sleep
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
UnhandledExceptionFilter
GetDriveTypeA
IsBadReadPtr
ExitProcess
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
SetConsoleCtrlHandler
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetProcAddress
LoadLibraryA
MultiByteToWideChar
CopyFileA
GetFileAttributesA
DeleteFileA
GetModuleFileNameA
GetTempPathA
GetTempFileNameA
CreateDirectoryA
RemoveDirectoryA
InitializeCriticalSection
DeleteCriticalSection
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
ResumeThread
GetDiskFreeSpaceA
GetModuleHandleA
GetCommandLineA
HeapAlloc
HeapFree
RaiseException
RtlUnwind
SetFileAttributesA
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileTime
GetFileSize
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentDirectoryA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetOEMCP
GetCPInfo
GetProcessVersion
SizeofResource
GlobalFlags
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
GetShortPathNameA
GetThreadLocale
GetStringTypeExA
GetFullPathNameA
GetVolumeInformationA
MoveFileA
SetEndOfFile
UnlockFile
FindClose
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetVersionExA
GetCurrentProcess
DuplicateHandle
GetLastError
CreateEventA
SuspendThread
FreeLibrary
SetThreadPriority
SetEvent
CloseHandle
GlobalAlloc
GetCurrentThread
lstrcmpA
FormatMessageA
LocalFree
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
lstrcpynA
MulDiv
SetLastError
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GlobalLock
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
VirtualFree
VirtualAlloc
GetUserDefaultLCID
FindFirstFileA
IsBadCodePtr
FindNextFileA

user32

GetDlgItemInt
GetDlgItemTextA
SetDlgItemInt
SetDlgItemTextA
IsDlgButtonChecked
ScrollWindowEx
SetWindowTextA
MoveWindow
ShowWindow
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
GetDC
ReleaseDC
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
CharToOemA
OemToCharA
LoadStringA
wvsprintfA
WindowFromPoint
PostQuitMessage
ShowOwnedPopups
ValidateRect
GetMessageA
DestroyMenu
CharUpperA
UnregisterClassA
GetClassNameA
GetDialogBaseUnits
InsertMenuA
DeleteMenu
GetMenuStringA
DeferWindowPos
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
IsWindowVisible
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
TrackPopupMenu
SetWindowPlacement
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
CreateWindowExA
CheckRadioButton
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
GetWindowPlacement
GetNextDlgTabItem
GetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetKeyState
SetCursorPos
IntersectRect
ReleaseCapture
PtInRect
GetFocus
KillTimer
SetTimer
GetCapture
OffsetRect
ClipCursor
UnionRect
SetCapture
GetParent
CopyImage
GetDesktopWindow
ScreenToClient
PostMessageA
IsWindow
IsDialogMessageA
IsRectEmpty
UpdateWindow
IsIconic
DrawIcon
GetSystemMenu
AppendMenuA
GetWindowRect
GetSystemMetrics
PeekMessageA
TranslateMessage
DispatchMessageA
GetDlgCtrlID
SetActiveWindow
InvalidateRect
LoadCursorA
SetCursor
SendMessageA
MessageBoxA
ClientToScreen
GetCursorPos
GetClientRect
EnableWindow
LoadIconA
DrawIconEx
DestroyIcon
GetIconInfo
GetSysColorBrush
FillRect
CheckDlgButton
SendDlgItemMessageA
MapWindowPoints
SetFocus
AdjustWindowRectEx
SetWindowsHookExA
EqualRect
GetSysColor
FrameRect
InflateRect
DrawFocusRect
RemovePropA
EndDialog
GetWindow

gdi32

DeleteObject
MoveToEx
SelectObject
CreatePen
SetBkColor
SetTextColor
CreateDIBSection
BitBlt
DeleteDC
CreateCompatibleDC
SetBkMode
SetWorldTransform
SetGraphicsMode
StretchBlt
SetDIBits
GetDIBits
CreateCompatibleBitmap
CreateRectRgnIndirect
Rectangle
GetDCOrgEx
GetClipBox
GetObjectA
CreateBitmap
StartDocA
SaveDC
RestoreDC
GetStockObject
SelectPalette
SetPolyFillMode
SetROP2
SetStretchBltMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetCurrentPositionEx
ArcTo
SetArcDirection
PolyDraw
PolylineTo
SetColorAdjustment
PolyBezierTo
GetClipRgn
CreateRectRgn
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CreatePatternBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetMapMode
PatBlt
SetRectRgn
CombineRgn
CreateFontIndirectA
DPtoLP
GetTextExtentPoint32A
GetTextMetricsA
LineTo

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA

shell32

DragAcceptFiles
SHGetSpecialFolderLocation
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFileInfoA

comctl32

ImageList_DragEnter
ImageList_DragMove
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragLeave
ord17
ord13
ord14
ImageList_Destroy
ImageList_Create
ImageList_LoadImageA
ImageList_Merge
ImageList_Read
ImageList_Write
ImageList_Draw
ImageList_AddMasked

ole32

CoTaskMemFree

Exports

Exports

CreateMltPgFile

Sections

.text
Size: 240KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EWGRAY18.icm
EWGRAY22.icm
EWRGB18.icm
EpBmp.dll
.dll windows x86

d239d127e5f72b3369b7306678725c57

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextFileA
FindFirstFileA
GetUserDefaultLCID
lstrcpyA
lstrlenA
GlobalLock
GlobalAlloc
GlobalFree
GlobalUnlock
GlobalHandle
GetTempFileNameA
CloseHandle
CreateFileA
WriteFile
SetFilePointer
GetFileSize
DeleteFileA
CopyFileA
GetDiskFreeSpaceA
GetModuleHandleA
lstrcatA
FindClose
FlushFileBuffers
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetProcAddress
LoadLibraryA
FreeLibrary
GetModuleFileNameA
GetFileType
GetStdHandle
SetHandleCount
GetCurrentProcess
TerminateProcess
LCMapStringW
RtlUnwind
HeapFree
HeapAlloc
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
VirtualAlloc
HeapReAlloc
IsBadWritePtr
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA

user32

SetWindowLongA
DialogBoxParamA
CharNextA
LoadStringA
GetSystemMetrics
GetWindowRect
MessageBoxA
SetWindowPos
GetWindowLongA
IsDlgButtonChecked
EndDialog
CheckDlgButton

advapi32

RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

EPScanEntry

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EpPdf.dll
.dll windows x86

25bc6a806c1cb5418884e6b42ba817f5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
GetTempFileNameA
GlobalFree
GlobalUnlock
GlobalHandle
FindNextFileA
GlobalLock
GlobalAlloc
WaitForSingleObject
CloseHandle
CreateProcessA
GetShortPathNameA
ReadFile
SetFilePointer
CreateFileA
IsDBCSLeadByte
GetVersionExA
GetUserDefaultLCID
WriteFile
GetFileSize
DeleteFileA
GetDiskFreeSpaceA
GetModuleHandleA
lstrlenA
SetEndOfFile
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
FlushFileBuffers
SetStdHandle
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCurrentProcess
TerminateProcess
GetOEMCP
GetCurrentDirectoryA
SetCurrentDirectoryA
FindFirstFileA
FindClose
GetProcAddress
GetModuleFileNameA
lstrcpyA
GetACP
GetCPInfo
LoadLibraryA
FreeLibrary
LCMapStringW
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
HeapAlloc
HeapFree
RtlUnwind
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
InitializeCriticalSection
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
ExitProcess
VirtualAlloc
HeapReAlloc
IsBadWritePtr
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue

user32

SendDlgItemMessageA
SetWindowLongA
LoadStringA
CharNextA
EndDialog
DialogBoxParamA
GetSystemMetrics
GetWindowRect
ShowWindow
GetDesktopWindow
SetWindowTextA
MessageBoxA
PeekMessageA
TranslateMessage
DispatchMessageA
SendMessageA
wsprintfA
IsDlgButtonChecked
GetDlgItemTextA
SetDlgItemTextA
SetWindowPos
GetWindowLongA
CheckDlgButton
GetDlgItem
EnableWindow
SetFocus

advapi32

RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc

comctl32

PropertySheetA
CreatePropertySheetPageA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

EPScanEntry

Sections

.text
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Epjpg.dll
.dll windows x86

db1a3d0350f6faf8563dd9f62a7868d7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscms

OpenColorProfileA
GetColorProfileFromHandle
GetColorProfileElement
CloseColorProfile

kernel32

GlobalAlloc
GlobalFree
GlobalUnlock
GlobalHandle
GetTempFileNameA
lstrlenA
GetModuleFileNameA
FreeLibrary
DeleteFileA
LoadLibraryA
GetProcAddress
FindClose
FindNextFileA
FindFirstFileA
GetUserDefaultLCID
lstrcpyA
CloseHandle
CreateFileA
WriteFile
ReadFile
SetFilePointer
GetFileSize
GetDiskFreeSpaceA
GetModuleHandleA
GetTickCount
GlobalLock
GetOEMCP
GetACP
CompareStringW
CompareStringA
SetStdHandle
GetCPInfo
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FlushFileBuffers
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
lstrcatA
SetEnvironmentVariableA
SetEndOfFile
InitializeCriticalSection
VirtualFree
HeapCreate
HeapDestroy
IsBadWritePtr
HeapReAlloc
VirtualAlloc
RtlUnwind
GetLastError
ResumeThread
CreateThread
TlsSetValue
ExitThread
HeapFree
HeapAlloc
InterlockedDecrement
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsAlloc
TlsFree
SetLastError
TlsGetValue
UnhandledExceptionFilter
DeleteCriticalSection

user32

MessageBoxA
DialogBoxParamA
GetDlgCtrlID
CheckDlgButton
SetTimer
KillTimer
CharNextA
GetDlgItem
SendMessageA
SetFocus
GetClassLongA
CallWindowProcA
SetDlgItemTextA
GetSystemMetrics
GetWindowRect
SendDlgItemMessageA
GetDesktopWindow
GetDlgItemTextA
SetDlgItemInt
SetWindowPos
SetWindowLongA
GetWindowLongA
EndDialog
IsDlgButtonChecked
LoadStringA

advapi32

RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

EPScanEntry

Sections

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Epmtf.dll
.dll windows x86

ac5c1a1937916a46f8d7dc5bf406ddbe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
FindClose
FindNextFileA
FindFirstFileA
GetUserDefaultLCID
lstrlenA
CloseHandle
CreateFileA
WriteFile
ReadFile
SetFilePointer
GetFileSize
DeleteFileA
CopyFileA
GlobalLock
GlobalAlloc
GetDiskFreeSpaceA
GetModuleHandleA
GetTempFileNameA
IsDBCSLeadByte
FreeLibrary
FlushFileBuffers
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetModuleFileNameA
lstrcpyA
GlobalHandle
GlobalUnlock
GlobalFree
lstrcatA
GetFileType
GetStdHandle
SetHandleCount
GetCurrentProcess
TerminateProcess
LCMapStringW
RtlUnwind
HeapFree
HeapAlloc
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
VirtualAlloc
HeapReAlloc
IsBadWritePtr
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA

user32

SetWindowLongA
DialogBoxParamA
CharNextA
LoadStringA
GetSystemMetrics
GetWindowRect
MessageBoxA
GetDesktopWindow
SendDlgItemMessageA
SetWindowPos
GetWindowLongA
EndDialog
IsDlgButtonChecked
CheckDlgButton

advapi32

RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

EPScanEntry

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Eppij.dll
.dll windows x86

9390f845c0aa9ace6c4b3546649c0566

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
LoadLibraryA
GetProcAddress
FindClose
FindNextFileA
FindFirstFileA
GetUserDefaultLCID
lstrcpyA
CloseHandle
CreateFileA
WriteFile
SetFilePointer
DeleteFileA
GetDiskFreeSpaceA
GetModuleHandleA
lstrcatA
GetTempFileNameA
GetModuleFileNameA
FlushFileBuffers
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
lstrlenA
GlobalAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
GetFileType
GetStdHandle
SetHandleCount
GetCurrentProcess
TerminateProcess
LCMapStringW
RtlUnwind
HeapFree
HeapAlloc
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
VirtualAlloc
HeapReAlloc
IsBadWritePtr
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA

user32

DialogBoxParamA
LoadStringA
GetWindowRect
CharNextA
GetDlgItem
SendMessageA
SetFocus
GetClassLongA
CallWindowProcA
GetSystemMetrics
wsprintfA
MessageBoxA
GetDesktopWindow
GetDlgItemTextA
SetWindowPos
SetWindowLongA
GetWindowLongA
EndDialog
SendDlgItemMessageA
GetDlgCtrlID
SetDlgItemInt

advapi32

RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

EPScanEntry

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Eppit.dll
.dll windows x86

45d35bc10682014dac4c18447e1c9dac

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
FindClose
FindNextFileA
FindFirstFileA
GetUserDefaultLCID
lstrcpyA
lstrlenA
CloseHandle
CreateFileA
WriteFile
SetFilePointer
DeleteFileA
GetDiskFreeSpaceA
GetModuleHandleA
lstrcatA
GetTempFileNameA
FreeLibrary
FlushFileBuffers
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
GetModuleFileNameA
GlobalAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCurrentProcess
TerminateProcess
RtlUnwind
HeapFree
HeapAlloc
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
VirtualAlloc
HeapReAlloc
IsBadWritePtr
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW

user32

MessageBoxA
CharNextA
LoadStringA
EndDialog
DialogBoxParamA
GetSystemMetrics
GetWindowRect
SetWindowPos

advapi32

RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Exports

Exports

EPScanEntry

Sections

.text
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Eptif.dll
.dll windows x86

d693c55f26fc72adc133cb6918de980b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscms

OpenColorProfileA
GetColorProfileFromHandle
GetColorProfileElement
CloseColorProfile

kernel32

GetModuleFileNameA
FreeLibrary
LoadLibraryA
GetProcAddress
FindClose
FindNextFileA
FindFirstFileA
GetUserDefaultLCID
lstrlenA
CloseHandle
CreateFileA
WriteFile
SetFilePointer
GetFileSize
DeleteFileA
CopyFileA
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
GetDiskFreeSpaceA
GetModuleHandleA
GetTickCount
GlobalHandle
GetTempFileNameA
lstrcpyA
FlushFileBuffers
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
lstrcatA
IsDBCSLeadByte
HeapReAlloc
VirtualAlloc
ExitProcess
LCMapStringW
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
RtlUnwind
HeapFree
HeapAlloc
InterlockedDecrement
InterlockedIncrement
GetLastError
ResumeThread
CreateThread
TlsSetValue
ExitThread
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsAlloc
TlsFree
SetLastError
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
IsBadWritePtr

user32

GetSystemMetrics
DialogBoxParamA
SetWindowLongA
CheckDlgButton
SetTimer
KillTimer
CharNextA
GetDlgItemTextA
SetDlgItemTextA
IsDlgButtonChecked
GetWindowRect
MessageBoxA
GetDesktopWindow
SendDlgItemMessageA
SetWindowPos
GetWindowLongA
EndDialog
LoadStringA

advapi32

RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

EPScanEntry

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EsDDC.dll
.dll windows x86

2aaf4093fa7a66d239e183382ba233e1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
VirtualFree
GetModuleFileNameA
HeapFree
RtlUnwind
HeapReAlloc
HeapAlloc
GetCommandLineA
GetVersion
GetProcAddress
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
CloseHandle
ReadFile
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
VirtualAlloc
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
InterlockedDecrement
InterlockedIncrement
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
CreateFileA
SetStdHandle
FlushFileBuffers
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetEndOfFile

Exports

Exports

DllMain
DustCorrection
DustCorrectionEnd
DustCorrectionInit

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EsDDC.prm
EsDDE.dll
.dll windows x86

3770812fee2fd503a138242f59f87d67

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetHandleCount
VirtualAlloc
GetModuleFileNameA
RtlUnwind
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
GetProcAddress
GetModuleHandleA
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
CloseHandle
ReadFile
SetFilePointer
TerminateProcess
GetCurrentProcess
VirtualFree
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
InterlockedDecrement
InterlockedIncrement
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
CreateFileA
SetStdHandle
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetEndOfFile

Exports

Exports

DDEBinDelete
DDEBinDo
DDEBinNew

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EsDDE.prm
EsDSCl.dll
.dll windows x86

3ce065a17a03f8af0b33aebc546596ec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
lstrcpyA
GetModuleFileNameA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
RtlUnwind

user32

KillTimer
SetTimer

Exports

Exports

DSCtl_Init
DS_Entry
DllMain

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EsDevCl.dll
.dll windows x86

1e3c991b038743083d690a7173dfae6e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
Sleep
lstrcpynA
lstrcatA
GetVersionExA
FindClose
FindFirstFileA
FreeLibrary
GetSystemDirectoryA
LoadLibraryA
GetCurrentThread
GetLastError
GetCurrentProcess
CloseHandle
GetModuleFileNameA
GlobalLock
GlobalUnlock
GlobalFree
GlobalAlloc
RemoveDirectoryA
GetModuleHandleA
GetProcAddress
SetLastError
GetDiskFreeSpaceA
GetStringTypeW
LockResource
LoadResource
FindResourceA
DeleteFileA
HeapFree
HeapAlloc
RtlUnwind
RaiseException
GetCommandLineA
GetVersion
EnterCriticalSection
LeaveCriticalSection
ReadFile
InitializeCriticalSection
WriteFile
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
ExitProcess
VirtualAlloc
HeapReAlloc
IsBadWritePtr
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetUnhandledExceptionFilter
InterlockedDecrement
InterlockedIncrement
TerminateProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
FlushFileBuffers
SetFilePointer
CreateFileA
IsBadReadPtr
IsBadCodePtr
GetCPInfo
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetACP
GetOEMCP
SetEndOfFile
GetStringTypeA

advapi32

OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
FreeSid
EqualSid
RegOpenKeyExA
RegDeleteValueA
RegQueryValueExA
RegCloseKey

wsock32

gethostbyaddr

Exports

Exports

DllMain
PMQueryHwInfo
PMQueryInterface
PMSUInterface

Sections

.text
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EsDevIF.dll
.dll windows x86

9fd673d85dd5c365045cdde33f6edbae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
CloseHandle
WaitForSingleObject
CreateSemaphoreA
DeviceIoControl
CreateFileA
ReleaseSemaphore
ReadFile
WriteFile
CreateEventA
GetVersion
GetCurrentDirectoryA
OpenFile
GetSystemDirectoryA
lstrcmpA
GetModuleHandleA
GetCurrentProcess
GetCurrentThread
SetEndOfFile
SetCurrentDirectoryA
LoadLibraryExA
GetProcAddress
GetLastError
GetTickCount
Sleep
GetModuleFileNameA
GetVersionExA
GlobalAlloc
GlobalLock
GlobalUnlock
LoadLibraryA
GlobalFree
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
HeapFree
HeapAlloc
RtlUnwind
RaiseException
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineA
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
VirtualAlloc
HeapReAlloc
IsBadWritePtr
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetUnhandledExceptionFilter
TerminateProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
FlushFileBuffers
SetFilePointer
IsBadReadPtr

user32

DispatchMessageA
PeekMessageA
wsprintfA
TranslateMessage

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
FreeSid
EqualSid
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegCloseKey
OpenThreadToken

wsock32

WSAStartup
socket
htonl
bind
WSAGetLastError
gethostbyname
htons
select
connect
closesocket
recv
inet_ntoa
send
ioctlsocket
WSACleanup

Exports

Exports

DDClose
DDExit
DDGetDeviceSubType
DDGetLastError
DDGetPortDescription
DDInit
DDIsReady
DDOpen
DDRead
DDWrite
DllMain

Sections

.text
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EsExf.dll
.dll windows x86

c3b65fc8ebd90b2eadfdcacd49b9873c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
ReadFile
GetFileSize
CreateFileA
GetLocalTime
GetFileAttributesA
GlobalFree
DeleteFileA
GetDiskFreeSpaceA
FreeLibrary
GetProcAddress
LoadLibraryA
RtlUnwind
RaiseException
EnterCriticalSection
LeaveCriticalSection
ExitProcess
TerminateProcess
GetCurrentProcess
HeapAlloc
HeapFree
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetFilePointer
InitializeCriticalSection
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
GetModuleHandleA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FlushFileBuffers
WideCharToMultiByte
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
InterlockedDecrement
InterlockedIncrement
SetStdHandle
SetEndOfFile
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
SetEnvironmentVariableA
LCMapStringA
LCMapStringW

Exports

Exports

EsExf_Create
EsExf_Delete
EsExf_DoMakePimFile
EsExf_SetExifBaseParam
EsExf_SetSceneID
EsExf_SetTmpFilePath

Sections

.text
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EsImFl.dll
.dll windows x86

48ee4c9fac8d1206bb74064becdbc1dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileType
GlobalFree
GetModuleFileNameA
VirtualAlloc
VirtualFree
HeapFree
HeapAlloc
RtlUnwind
GetCommandLineA
GetVersion
GetProcAddress
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetLastError
CloseHandle
ReadFile
SetFilePointer
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GlobalAlloc
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
InterlockedDecrement
InterlockedIncrement
CreateFileA
SetStdHandle
FlushFileBuffers
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetEndOfFile
RaiseException

Exports

Exports

IMGFLT_CloseDDEBin
IMGFLT_CloseDDEColor
IMGFLT_CloseDDEEnhance
IMGFLT_CloseFocus
IMGFLT_CloseMoire
IMGFLT_CloseResize
IMGFLT_GetVersion
IMGFLT_InitDDEBin
IMGFLT_InitDDEColor
IMGFLT_InitDDEEnhance
IMGFLT_InitFocus
IMGFLT_InitMoire
IMGFLT_InitResize

Sections

.text
Size: 540KB - Virtual size: 536KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EsImgDet.dll
.dll windows x86

a3432b773266dde6a100dba767517009

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetUserDefaultLCID
GetProcAddress
FreeLibrary
SetEnvironmentVariableA
CompareStringW
CompareStringA
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
GetOEMCP
GetACP
GetCPInfo
VirtualAlloc
GetVersion
VirtualFree
SizeofResource
LockResource
LoadResource
IsDebuggerPresent
FindResourceA
GetCommandLineA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
RtlUnwind
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
HeapReAlloc
IsBadWritePtr
LoadLibraryA

user32

EndDialog
LoadStringA
SetDlgItemTextA
GetSystemMetrics
SetWindowPos
GetDlgItem
GetDC
LoadIconA
DrawIcon
ReleaseDC
SetFocus
DestroyWindow
DialogBoxParamA
GetWindowRect

shell32

ShellExecuteA

gdi32

DeleteObject

Exports

Exports

EsImgDetBeginDetection
EsImgDetBeginDetectionBanding
EsImgDetBeginSession
EsImgDetEndDetection
EsImgDetEndDetectionBanding
EsImgDetEndSession
EsImgDetSecureDetectImage

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EsPimTif.dll
.dll windows x86

b37569caa47057dae8f9d6c9d4a86c92

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocalTime
FreeLibrary
GetDiskFreeSpaceA
GetProcAddress
LoadLibraryA
DeleteFileA
GetFileAttributesA
RtlUnwind
RaiseException
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
EnterCriticalSection
LeaveCriticalSection
CloseHandle
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
SetUnhandledExceptionFilter
WriteFile
ReadFile
SetFilePointer
GetModuleHandleA
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
InterlockedDecrement
InterlockedIncrement
SetStdHandle
FlushFileBuffers
CreateFileA
GetCPInfo
GetACP
GetOEMCP
SetEndOfFile
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

EsPimTiff_Create
EsPimTiff_Delete
EsPimTiff_DoMakePimFile
EsPimTiff_SetExifBaseParam
EsPimTiff_SetSceneID
EsPimTiff_SetTmpFilePath

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EsScnCl.dll
.dll windows x86

02351cfae96e50afdd6d15c5a8f71fa2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

_lclose
GetPrivateProfileIntA
RemoveDirectoryA
FindNextFileA
lstrcatA
Sleep
GetTickCount
GetDiskFreeSpaceA
GetModuleHandleA
VirtualAlloc
VirtualFree
WriteFile
SetFilePointer
GlobalFlags
GlobalReAlloc
GetVersionExA
GetLastError
GlobalMemoryStatus
GetDiskFreeSpaceExA
GetTempPathA
CreateDirectoryA
lstrlenA
GetUserDefaultLCID
GlobalSize
GetWindowsDirectoryA
ResumeThread
CreateThread
CompareStringW
CompareStringA
GlobalLock
SetEndOfFile
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
_lwrite
GlobalAlloc
_llseek
GetProcAddress
GlobalUnlock
GlobalFree
DeleteFileA
GetFileSize
ReadFile
OpenFile
lstrcpyA
FindFirstFileA
FindClose
CreateFileA
CloseHandle
WinExec
FreeLibrary
GetModuleFileNameA
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
IsBadWritePtr
HeapReAlloc
RtlUnwind
HeapFree
HeapAlloc
InterlockedDecrement
InterlockedIncrement
RaiseException
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
HeapDestroy
HeapCreate
DeleteCriticalSection
ExitProcess
SetEnvironmentVariableA

user32

PostMessageA
FindWindowA
MessageBoxA
GetWindowLongA
SetWindowLongA
GetDlgItemTextA
SendMessageA
SetActiveWindow
SetRectEmpty
wsprintfA
ShowWindow
BringWindowToTop
PeekMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
SetDlgItemTextA
SetFocus
GetParent
EnableWindow
DestroyWindow
CreateDialogParamA
GetSystemMetrics
GetWindowRect
SetWindowPos
GetDlgItem
GetDC
LoadIconA
DrawIcon
ReleaseDC
LoadStringA

gdi32

GetColorSpace
GetLogColorSpaceA
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
CreateColorSpaceA
SetColorSpace
SetICMProfileA
SetICMMode
StretchDIBits
GetDIBits
DeleteColorSpace
DeleteObject
DeleteDC

advapi32

RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

DllMain
SIQueryInterface

Sections

.text
Size: 320KB - Virtual size: 318KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EsTWPMG.dll
.dll windows x86

7ebd65f356c251adfda3d22eedc50ff5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
FreeLibrary
LoadLibraryA
GetModuleFileNameA
GetProcAddress
GetWindowsDirectoryA
lstrcpyA
FindClose
FindNextFileA
FindFirstFileA
GetUserDefaultLCID
CloseHandle
FlushFileBuffers
RtlUnwind
RaiseException
HeapFree
HeapAlloc
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetModuleHandleA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
IsBadReadPtr
IsBadCodePtr
GetCPInfo
SetFilePointer
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
SetStdHandle

user32

LoadStringA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

DS_Entry
DS_Initialize
DllMain

Sections

.text
Size: 192KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EsciRes.dll
.dll windows x86

b2e50cc60a521158b3ea2d099cbea42b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
RtlUnwind

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Escndv.exe
.exe windows x86

35ee5e7030ce0ad67dab9524a6c42f85

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
GetUserDefaultLCID
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
GetSystemDirectoryA
CreateFileA
GetLastError
OpenMutexA
GetStringTypeW
GetStringTypeA
SetFilePointer
IsBadCodePtr
IsBadReadPtr
WriteFile
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
FlushFileBuffers
GetProcAddress
CloseHandle
CreateMutexA
ReleaseMutex
lstrlenA
lstrcatA
FreeLibrary
lstrcpyA
LoadLibraryA
FindFirstFileA
FindNextFileA
FindClose
GetModuleFileNameA
IsDBCSLeadByte
SetStdHandle
TerminateProcess
SetUnhandledExceptionFilter
ReadFile
LCMapStringW
HeapFree
RtlUnwind
HeapReAlloc
HeapAlloc
RaiseException
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
SetEndOfFile

user32

DialogBoxParamA
LoadStringA
SetWindowLongA
SendMessageA
LoadIconA
MessageBoxA
FindWindowA
GetWindowRect
SendDlgItemMessageA
GetSystemMetrics
GetClientRect
SetWindowPos
GetWindowLongA
EndDialog

advapi32

RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey

comctl32

ord17

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Estwm.exe
.exe windows x86

1e38e3091dc8edd40e7805a73472f5c3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
FindFirstFileA
GetUserDefaultLCID
FindNextFileA
CloseHandle
FlushFileBuffers
GetStringTypeW
GetStringTypeA
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
GetLastError
WriteFile
RtlUnwind
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LCMapStringW
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
GetProcAddress
LoadLibraryA
HeapFree
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
FindClose

user32

DispatchMessageA
TranslateMessage
TranslateAcceleratorA
CallWindowProcA
GetDesktopWindow
GetWindowLongA
PostMessageA
LoadStringA
BeginPaint
GetClientRect
DrawTextA
EndPaint
SetWindowLongA
PostQuitMessage
DefWindowProcA
DestroyWindow
FindWindowA
GetLastActivePopup
BringWindowToTop
CreateWindowExA
LoadCursorA
RegisterClassExA
LoadAcceleratorsA
GetMessageA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Esui.dll
.dll windows x86

61fe781b9fafa7c51aca51f5254d8022

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileType
GetStdHandle
SetHandleCount
SetUnhandledExceptionFilter
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
IsBadWritePtr
VirtualAlloc
DeleteCriticalSection
InitializeCriticalSection
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetVersion
GetCommandLineA
HeapReAlloc
TerminateProcess
ExitProcess
LeaveCriticalSection
EnterCriticalSection
RaiseException
InterlockedIncrement
InterlockedDecrement
MoveFileA
HeapAlloc
HeapFree
RtlUnwind
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
SetEndOfFile
GetSystemDirectoryA
GetUserDefaultLCID
GetLongPathNameA
GetCurrentProcess
GetWindowsDirectoryA
SetFileAttributesA
SetLastError
GetLastError
GetModuleHandleA
GetDiskFreeSpaceA
DeleteFileA
GetFileSize
SetFilePointer
ReadFile
WriteFile
CreateFileA
CreateProcessA
FindFirstFileA
FindNextFileA
FindClose
RemoveDirectoryA
GetLogicalDriveStringsA
lstrcpynA
GetVolumeInformationA
GetTempPathA
GlobalAlloc
GlobalHandle
GlobalLock
GlobalUnlock
GlobalFree
MultiByteToWideChar
GetVersionExA
IsDBCSLeadByte
LoadLibraryA
GetProcAddress
FreeLibrary
WideCharToMultiByte
CreateDirectoryA
GetFileAttributesA
GetDriveTypeA
CloseHandle
lstrcatA
ExitThread
lstrcmpA
lstrlenA
GetModuleFileNameA
lstrcpyA
TlsGetValue
GetTickCount

user32

SetCursorPos
GetMessageA
PtInRect
ReleaseCapture
SetCapture
ClipCursor
GetCursorPos
WindowFromPoint
ClientToScreen
GetWindowPlacement
SetTimer
CharNextA
LoadStringA
DrawFocusRect
GetKeyState
GetParent
GetPropA
RemovePropA
SetPropA
GetClassLongA
CallWindowProcA
GetSystemMetrics
DrawTextA
GetSysColorBrush
FillRect
RegisterClassExA
DefWindowProcA
InflateRect
FrameRect
SetWindowRgn
GetClassNameA
SetClassLongA
MessageBoxA
KillTimer
CreateDialogParamA
DispatchMessageA
TranslateMessage
PeekMessageA
GetSysColor
LoadImageA
DestroyIcon
CreateWindowExA
SetWindowLongA
GetDlgItem
InvalidateRect
GetDesktopWindow
IsDialogMessageA
DestroyWindow
PostMessageA
SetWindowTextA
DrawIconEx
LoadIconA
GetIconInfo
EndDialog
DialogBoxParamA
GetFocus
SetScrollInfo
SetScrollRange
ScrollWindowEx
SetScrollPos
ScreenToClient
GetWindowTextA
GetSystemMenu
DeleteMenu
AppendMenuA
SetForegroundWindow
IsWindowVisible
SetActiveWindow
SystemParametersInfoA
GetDlgItemInt
GetDlgItemTextA
LoadCursorA
SetCursor
wsprintfA
SetFocus
IsDlgButtonChecked
IsWindowEnabled
CheckDlgButton
MoveWindow
SendMessageA
GetActiveWindow
SetDlgItemInt
EnableWindow
ShowWindow
UpdateWindow
SendDlgItemMessageA
GetDlgCtrlID
BeginPaint
GetDC
GetClientRect
ReleaseDC
EndPaint
SetDlgItemTextA
LoadBitmapA
GetWindowLongA
IsIconic
GetWindowRect
SetWindowPos

gdi32

CreateCompatibleDC
SelectObject
SetStretchBltMode
StretchBlt
DeleteDC
GetObjectA
DeleteObject
GetStockObject
SetBrushOrgEx
UnrealizeObject
CreatePatternBrush
CreateBitmapIndirect
CreateCompatibleBitmap
DeleteColorSpace
GetTextMetricsA
SetICMMode
SetICMProfileA
SetColorSpace
CreateColorSpaceA
GetLogColorSpaceA
GetColorSpace
PaintRgn
CreateRectRgn
OffsetRgn
PathToRegion
GdiFlush
SetTextAlign
CombineRgn
CreateRectRgnIndirect
ExtTextOutA
SetBkColor
SetTextColor
LineTo
MoveToEx
CreatePen
BitBlt
GetTextExtentPoint32A
SetBkMode
EndPath
CloseFigure
BeginPath
CreateSolidBrush
CreateDIBSection
ExcludeClipRect
Rectangle
Polyline
SetROP2
SetDIBitsToDevice
GetDIBits
PatBlt
StretchDIBits

advapi32

RegQueryInfoKeyA
RegCloseKey
RegQueryValueExA
GetUserNameA
RegEnumValueA
RegDeleteKeyA
RegEnumKeyExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA

shell32

ShellExecuteA
SHGetFileInfoA
SHGetSpecialFolderLocation
SHGetMalloc
SHGetDesktopFolder
SHChangeNotify
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetSpecialFolderPathA

ole32

CoUninitialize
CoTaskMemFree
CoInitialize

comctl32

CreatePropertySheetPageA
PropertySheetA
ord6

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Exports

Exports

DllMain
UIConnectUI
UIEntryFromExe

Sections

.text
Size: 652KB - Virtual size: 650KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 304KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Esutwb.dll
.dll windows x86

a4ae96ed7f38bbf0d8a94004f84bc046

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
lstrcpyA
GetProcAddress
LoadLibraryA
lstrcatA
GetWindowsDirectoryA
FreeLibrary
RtlUnwind
GetCommandLineA
GetVersion
HeapFree
GetModuleHandleA
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InterlockedDecrement
InterlockedIncrement
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

DllMain
IFConnectIF

Sections

.text
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EwsRGB.icm
PDFFile.dll
.dll windows x86

db2a8ce1bdea4e17a98da80658f9d621

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
HeapReAlloc
HeapFree
GetCommandLineA
GetVersion
RtlUnwind
RaiseException
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetLastError
CloseHandle
SetFilePointer
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
WriteFile
FlushFileBuffers
TerminateProcess
GetCurrentProcess
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetProcAddress
CreateFileA
SetStdHandle
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
IsBadReadPtr
IsBadCodePtr
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
SetEndOfFile
LCMapStringA
LCMapStringW

Exports

Exports

CreateEncryption
PDFFileCloseDocument
PDFFileCountPage
PDFFileDispose
PDFFileInitialize
PDFFileOpenDocument

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PDFLib.dll
.dll windows x86

a837431163ed884a5cb34db7c0ceb0ed

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
GetLocaleInfoA
GetThreadLocale
EnterCriticalSection
Sleep
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
HeapAlloc
HeapReAlloc
HeapFree
RtlUnwind
GetCommandLineA
GetVersion
RaiseException
ExitProcess
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetLastError
WriteFile
CloseHandle
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
MultiByteToWideChar
GetFileType
GetStartupInfoA
SetFilePointer
ReadFile
FlushFileBuffers
TerminateProcess
GetCurrentProcess
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
HeapSize
GetCPInfo
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
SetStdHandle
CreateFileA
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
SetEndOfFile
LCMapStringA
LCMapStringW
GetLocaleInfoW
GlobalAlloc
GlobalLock
GlobalSize
GlobalUnlock
GlobalFree
LoadLibraryA
GetProcAddress
GetStdHandle
FreeLibrary

user32

GetDC
ReleaseDC
OffsetRect

gdi32

SetMapMode
GetTextExtentPoint32A
DeleteObject
GetStockObject
GetObjectA
GetDeviceCaps
CreateFontA
SelectObject

Exports

Exports

CloseDocument
ConvertPDF
Dispose
Initialize
OpenDocument
SetDefaultCompParams
SetDefaultCryptParams
SetDefaultOcrParams
SetDefaultStyleParams
SetPrivateData

Sections

.text
Size: 352KB - Virtual size: 351KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Version.dat
esfit.dll
.dll windows x86

ff38d947c074e904450d9dc9452c18ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetHandleCount
lstrcatA
GetWindowsDirectoryA
RtlUnwind
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
GetProcAddress
GetModuleHandleA
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
RaiseException
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
TerminateProcess
GetCurrentProcess
GetPrivateProfileStringA
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
InterlockedDecrement
InterlockedIncrement
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
LCMapStringA
LCMapStringW

Exports

Exports

AdjustSpecifiedColor
ColorMatrixConv
FIT3
GetFIT3Version
GetGamma
GetGrayBalance
MakeFIT3LUT
MakeFIT3LUTEx
ValueOfScreenGammaConv

Sections

.text
Size: 140KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
esimgctl.dll
.dll windows x86

febf37cd5ad851e6339177cb4c595ab0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
WideCharToMultiByte
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetEnvironmentStringsW
GetACP
GetCPInfo
RaiseException
HeapSize
HeapReAlloc
GetCurrentProcess
TerminateProcess
ExitProcess
GetModuleHandleA
GetLastError
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetVersion
GetCommandLineA
InterlockedIncrement
InterlockedDecrement
WriteFile
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetFilePointer
GetStringTypeA
GetStringTypeW
FreeLibrary
SetStdHandle
FlushFileBuffers
GetUserDefaultLCID
FindFirstFileA
FindNextFileA
FindClose
GlobalAlloc
GlobalLock
GlobalFree
GlobalUnlock
GetModuleFileNameA
lstrlenA
CloseHandle
MultiByteToWideChar
LoadLibraryA
GetProcAddress
GetOEMCP
HeapAlloc
HeapFree
RtlUnwind

user32

FillRect
GetSysColorBrush
PtInRect
IsWindowEnabled
SetFocus
UpdateWindow
ShowWindow
EnableWindow
EndPaint
BeginPaint
SetActiveWindow
IsWindow
InvalidateRect
DefWindowProcA
GetClientRect
GetCapture
ReleaseCapture
SetCapture
GetWindowTextA
SetWindowTextA
DestroyWindow
CreateWindowExA
LoadCursorA
SetCursor
GetActiveWindow
TrackPopupMenu
GetMenuItemInfoA
DrawTextA
DestroyMenu
LoadMenuA
GetSubMenu
SetMenuItemInfoA
GetDlgItemTextA
SetDlgItemTextA
SendMessageA
MessageBoxA
LoadStringA
IsDialogMessageA
LoadBitmapA
DrawIconEx
LoadImageA
GetIconInfo
DrawEdge
DestroyIcon
GetDC
ReleaseDC
MessageBeep
GetSystemMetrics
IsIconic
SetWindowPos
InflateRect
DrawFocusRect
MapWindowPoints
CallWindowProcA
GetDlgCtrlID
SetWindowLongA
GetFocus
GetDlgItem
GetWindowRect
GetWindowLongA
CreateDialogParamA
FrameRect
GetSysColor

gdi32

CreateDIBSection
GetTextExtentPoint32A
SetBkColor
GetTextMetricsA
SetTextColor
GetStockObject
SetBkMode
Rectangle
Polyline
StretchBlt
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
CreatePen
SelectObject
MoveToEx
LineTo
PtInRegion
CreateSolidBrush
FillRgn
CreatePolygonRgn
DeleteObject
GetObjectA

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegCloseKey
RegSetValueExA
RegQueryValueExA

comctl32

ord17

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

FinalizePlugIn
GetPlugInVersion
InitializePlugIn

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LIB/0804/Es008b.sif
LIB/0804/Es8b.inf
LIB/0804/Es8bn.inf
LIB/0804/License.txt
LIB/0804/ResLang.cab
.cab
LIB/0804/sures.dll
.dll windows x86

8ff73f83d3a0faf6b5915bc4a56144c0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetOEMCP
GetCPInfo
GetCommandLineA
RtlUnwind
HeapAlloc
RaiseException
HeapSize
HeapReAlloc
GetACP
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
ExitProcess
TerminateProcess
HeapFree
SetLastError
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
CloseHandle
GetModuleFileNameA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
WriteFile
GetCurrentProcess
GetProcessVersion
LoadLibraryA
FreeLibrary
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetLastError
GetModuleHandleA
GetProcAddress
GetEnvironmentStrings
GetEnvironmentStringsW
lstrcmpA
lstrcmpiA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThreadId
WritePrivateProfileStringA
GlobalFlags
GetVersion
lstrlenA
lstrcpynA
lstrcpyA
lstrcatA
SetErrorMode
InterlockedDecrement
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
HeapDestroy
HeapCreate
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetCurrentThread

user32

SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
RemovePropA
RegisterWindowMessageA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
DefWindowProcA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
IsIconic
GetWindowPlacement
GetSystemMetrics
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
SystemParametersInfoA
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
wsprintfA
SetWindowTextA
ClientToScreen
GetWindowRect
PtInRect
GetClassNameA
UnregisterClassA
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
EnableWindow
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
GetWindow
GetDlgCtrlID
GetWindowTextA

gdi32

DeleteObject
SaveDC
RestoreDC
SelectObject
GetStockObject
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
CreateBitmap
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
DeleteDC

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegCreateKeyExA

comctl32

ord17

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LIB/0809/Es008b.sif
LIB/0809/Es8b.inf
LIB/0809/Es8bn.inf
LIB/0809/License.txt
LIB/0809/ResLang.cab
.cab
LIB/0809/sures.dll
.dll windows x86

041fdfa2c6283113deab08e109b81796

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetOEMCP
GetCPInfo
GetCommandLineA
RtlUnwind
ExitProcess
HeapAlloc
RaiseException
HeapSize
HeapReAlloc
GetACP
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
TerminateProcess
HeapFree
GetModuleHandleA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
CloseHandle
GetModuleFileNameA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
WriteFile
GetCurrentProcess
GetProcessVersion
LoadLibraryA
FreeLibrary
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetLastError
SetLastError
GetProcAddress
GetCurrentThread
lstrcmpA
GetEnvironmentStringsW
InterlockedIncrement
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
WritePrivateProfileStringA
GlobalFlags
lstrcpynA
GetVersion
lstrlenA
SetErrorMode
lstrcpyA
lstrcatA
LocalReAlloc
InterlockedDecrement
TlsGetValue
GlobalReAlloc
TlsSetValue
EnterCriticalSection
GlobalHandle
LeaveCriticalSection
TlsFree
DeleteCriticalSection
GlobalUnlock
GlobalFree
LocalFree
TlsAlloc
InitializeCriticalSection
LocalAlloc
GetEnvironmentVariableA
GetVersionExA
FreeEnvironmentStringsW
GetEnvironmentStrings
lstrcmpiA

user32

SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
RemovePropA
RegisterWindowMessageA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
DefWindowProcA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
IsIconic
GetWindowPlacement
GetSystemMetrics
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
SystemParametersInfoA
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
wsprintfA
GetWindowTextA
ClientToScreen
GetWindow
PtInRect
GetClassNameA
UnregisterClassA
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
EnableWindow
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
GetWindowRect
GetDlgCtrlID
SetWindowTextA

gdi32

DeleteObject
SaveDC
RestoreDC
GetStockObject
SelectObject
SetBkColor
SetTextColor
SetViewportOrgEx
OffsetViewportOrgEx
SetMapMode
ScaleViewportExtEx
SetViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
CreateBitmap
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
DeleteDC

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA

comctl32

ord17

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LIB/hhupd.exe
.exe windows x86

b83464d8132ecd9f810820e192566e15

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09/04/1996, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

16/11/1999, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service CA SW1,OU=VeriSign Trust Network+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

04/04/2000, 00:00

Not After

17/04/2001, 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
FreeSid
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

lstrcatA
GetFileAttributesA
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetCurrentProcess
lstrlenA
lstrcmpiA
lstrcpyA
GetModuleFileNameA
FreeLibrary
LocalAlloc
GetLastError
GetSystemDirectoryA
LoadLibraryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
_lclose
_llseek
_lopen
GetWindowsDirectoryA
GetProcAddress
RemoveDirectoryA
GlobalUnlock
GlobalLock
GlobalAlloc
ExitProcess
GetModuleHandleA
GetStartupInfoA
CloseHandle
LoadResource
FindResourceA
CreateMutexA
SetEvent
CreateEventA
SetCurrentDirectoryA
CreateThread
ResetEvent
TerminateThread
GetVersionExA
LocalFree
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
FreeResource
LockResource
SizeofResource
CreateFileA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetTempFileNameA
GetSystemInfo
GetDiskFreeSpaceA
GetDriveTypeA
lstrcpynA
GetVolumeInformationA
GetCurrentDirectoryA
LoadLibraryExA
GetCommandLineA
CreateDirectoryA
GlobalFree
FormatMessageA
IsDBCSLeadByte

gdi32

GetDeviceCaps

user32

EndDialog
wsprintfA
ExitWindowsEx
CharNextA
CharUpperA
GetDesktopWindow
SetWindowLongA
GetWindowLongA
CallWindowProcA
GetDlgItem
SetForegroundWindow
SetWindowTextA
SendDlgItemMessageA
EnableWindow
GetDlgItemTextA
SendMessageA
DispatchMessageA
LoadStringA
PeekMessageA
MessageBoxA
CharPrevA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
ShowWindow
DialogBoxIndirectParamA
SetDlgItemTextA
MessageBeep
MsgWaitForMultipleObjects

comctl32

ord17

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 667KB - Virtual size: 668KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ModExt.cab
.cab
ModUsd.cab
.cab
PC6下载站.htm
.js
PerV300.cab
.cab
ResLang.cab
.cab
Setup.exe
.exe windows x86

600a9d9537fbf487ddeacdd73bba741c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:67:f9:72:89:92:b6:72:a4:3f:dd:0d:2e:e7:79:09
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/08/2007, 00:00

Not After

15/08/2008, 23:59

Subject

CN=SEIKO EPSON Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information Service & Support Department,O=SEIKO EPSON Corporation,L=Suwa-shi,ST=Nagano,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b2:8a:80:93:e3:9c:96:ca:61:b6:c4:ce:31:ed:6d:80:41:d3:20:b4
Signer

Actual PE Digest

b2:8a:80:93:e3:9c:96:ca:61:b6:c4:ce:31:ed:6d:80:41:d3:20:b4

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=SEIKO EPSON Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information Service & Support Department,O=SEIKO EPSON Corporation,L=Suwa-shi,ST=Nagano,C=JP

24/11/2022, 14:54
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupIterateCabinetA

comctl32

ord17

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

GetModuleFileNameW
InterlockedDecrement
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
InterlockedIncrement
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GetCurrentDirectoryA
GlobalFlags
SetErrorMode
GetCPInfo
GetOEMCP
RtlUnwind
HeapReAlloc
VirtualAlloc
GetCommandLineA
GetStartupInfoA
RaiseException
ExitProcess
ExitThread
FreeResource
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetDriveTypeA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateFileA
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
GetCurrentProcessId
GlobalAddAtomA
CreateEventA
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
GetModuleHandleA
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MulDiv
CreateDirectoryA
FindFirstFileA
FindNextFileA
FindClose
CompareStringW
CompareStringA
GetVersion
MultiByteToWideChar
InterlockedExchange
GetFileAttributesA
SetFileAttributesA
GetTempPathA
lstrcatA
GetUserDefaultLCID
Sleep
GetExitCodeProcess
GetModuleFileNameA
GetProcessHeap
HeapAlloc
HeapFree
WritePrivateProfileStringA
CreateProcessA
WaitForSingleObject
GetPrivateProfileIntA
GetPrivateProfileStringA
GetVersionExA
CopyFileA
GetTempFileNameA
RemoveDirectoryA
GetLastError
MoveFileExA
GetShortPathNameA
DeleteFileA
MoveFileA
lstrcpynA
GetWindowsDirectoryA
GetSystemDirectoryA
lstrlenA
lstrcmpA
GetDiskFreeSpaceExA
lstrcmpiA
OpenMutexA
CloseHandle
CreateMutexA
GetCurrentProcess
ReleaseMutex
LoadLibraryA
GetProcAddress
FreeLibrary
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
lstrcpyA
CreateThread

user32

GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
LoadCursorA
GetSysColorBrush
InvalidateRect
DrawFocusRect
FillRect
ReleaseDC
GetDC
DestroyMenu
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
GetSysColor
AdjustWindowRectEx
CopyRect
PtInRect
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowTextA
SetWindowPos
SetFocus
ShowWindow
MoveWindow
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
GetWindow
UnhookWindowsHookEx
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
MessageBoxA
wsprintfA
ExitWindowsEx
PostMessageA
GetWindowRect
UpdateWindow
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetSystemMetrics
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
UnregisterClassA
EndPaint
BeginPaint
RegisterClassA
ClientToScreen
PostThreadMessageA
CharUpperA
EnableMenuItem
GetSystemMenu
EnableWindow
SendMessageA
DispatchMessageA
TranslateMessage
PeekMessageA
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
ModifyMenuA
CheckMenuItem
PostQuitMessage

gdi32

SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
OffsetViewportOrgEx
CreateSolidBrush
ScaleViewportExtEx
SetViewportOrgEx
Escape
TextOutA
RectVisible
PtVisible
GetClipBox
CreateBitmap
SetViewportExtEx
GetDeviceCaps
SetMapMode
RestoreDC
SaveDC
SelectObject
DeleteObject
GetTextMetricsA
ExtTextOutA
BitBlt
CreateCompatibleDC
GetObjectA
SetBkColor
SetTextColor

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegEnumKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shlwapi

PathFindFileNameA
PathStripToRootA
StrStrA
PathFindExtensionA
PathIsUNCA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

VariantClear
VariantChangeType
VariantInit
SysAllocStringLen

Sections

.text
Size: 208KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Setup.ini
es8b.cat
escanex.dll
.dll windows x86

bea64400843728e783231b8f275a3462

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileAttributesA
FindFirstFileA
GetLastError
lstrcpyA
ReadFile
MultiByteToWideChar
GetModuleHandleA
lstrlenA
GetWindowsDirectoryA
FindNextFileA
FindClose
LoadLibraryA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
SetFilePointer
VirtualAlloc
lstrcpynA
GetVersionExA
GetProcAddress
GetEnvironmentStrings
FreeLibrary
LocalFree
CreateFileA
CloseHandle
SetHandleCount
WriteFile
GetEnvironmentStringsW
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
LCMapStringA
LCMapStringW
ExitProcess
TerminateProcess
GetCurrentProcess
VirtualFree
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
FreeEnvironmentStringsW

user32

FindWindowA
SendMessageA
CharNextA
wsprintfA

advapi32

RegEnumKeyExA
RegDeleteKeyA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

SHFileOperationA

shlwapi

PathFindFileNameA

Exports

Exports

AddEveryoneAccessToFile
RegisterApp
RegisterDriver
RemoveDevice9x
RemoveDeviceNT
RemoveINF
RemoveINFEx
RemoveINFIndex9x
RemoveImage9x
UnregisterApp
UpdateDriver

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
escdev.dll
.dll windows x86

971f23434bc8fa50b00da9e160339f77

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupOpenInfFileA
SetupDiGetSelectedDriverA
SetupGetFieldCount
SetupGetIntField
SetupGetStringFieldA
SetupCloseInfFile
SetupFindFirstLineA
SetupDiGetDriverInfoDetailA

kernel32

GetCurrentThreadId
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
OutputDebugStringA
lstrcmpA
WideCharToMultiByte
MultiByteToWideChar
lstrcmpiA
lstrcpyA
GetLastError
DisableThreadLibraryCalls
QueryPerformanceCounter

user32

wsprintfA

ole32

CoCreateInstance
CoInitialize
CoUninitialize
FreePropVariantArray

oleaut32

SysFreeString
SysAllocString

shell32

SHGetFolderPathA

Exports

Exports

RegDeviceEvent

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 366B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
esxcdev.dll
.dll windows x64

a34a9c8177bc351a82f136465aec6949

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

setupapi

SetupOpenInfFileA
SetupDiGetSelectedDriverA
SetupGetFieldCount
SetupGetIntField
SetupGetStringFieldA
SetupCloseInfFile
SetupFindFirstLineA
SetupDiGetDriverInfoDetailA

kernel32

QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
DisableThreadLibraryCalls
GetLastError
lstrcpyA
OutputDebugStringA
lstrcmpA
WideCharToMultiByte
MultiByteToWideChar
lstrcmpiA

user32

wsprintfA

ole32

CoUninitialize
FreePropVariantArray
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
SysAllocString

shell32

SHGetFolderPathA

Exports

Exports

RegDeviceEvent

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
使用更新说明.txt

Sharing

General

Malware Config

Signatures

Files

ee4afd18677eae126751854fff9bc9ac

Headers

File Characteristics

Imports

kernel32

gdi32

mscms

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 968B

.reloc Size: 4KB - Virtual size: 3KB

0747283f093943a28ccc43d50459467c

Headers

File Characteristics

Imports

version

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

Exports

Exports

Sections

.text Size: 240KB - Virtual size: 238KB

.rdata Size: 56KB - Virtual size: 52KB

.data Size: 12KB - Virtual size: 24KB

.rsrc Size: 12KB - Virtual size: 10KB

.reloc Size: 24KB - Virtual size: 21KB

d239d127e5f72b3369b7306678725c57

Headers

File Characteristics

Imports

kernel32

user32

advapi32

version

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 808B

.reloc Size: 8KB - Virtual size: 4KB

25bc6a806c1cb5418884e6b42ba817f5

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

comctl32

version

Exports

Exports

Sections

.text Size: 92KB - Virtual size: 88KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 792B

.reloc Size: 8KB - Virtual size: 6KB

db1a3d0350f6faf8563dd9f62a7868d7

Headers

File Characteristics

Imports

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 968B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 240KB - Virtual size: 238KB

.rdata
Size: 56KB - Virtual size: 52KB

.data
Size: 12KB - Virtual size: 24KB

.rsrc
Size: 12KB - Virtual size: 10KB

.reloc
Size: 24KB - Virtual size: 21KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 808B

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 92KB - Virtual size: 88KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 792B

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 104KB - Virtual size: 101KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 800B

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 60KB - Virtual size: 56KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 824B

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 904B

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 56KB - Virtual size: 54KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 904B

.reloc
Size: 8KB - Virtual size: 4KB