piratas-del-caribe-en-el-fin-del-mundo[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

piratas-del-caribe-en-el-fin-del-mundo.zip
Size

298.4MB
MD5

f6a7590f4e9f9f38a54b666b22ad5aac
SHA1

c6bb056616f6421b74b927d406630aa0ed2f8742
SHA256

382626dfe5f0fd6fcb2e1f825ee54d34d99d0b719bf536f12a6af8043c1d0540
SHA512

0f9d07808e71d0fb1bc87f1a4eacf32249bb5668dfe930fefab9eadad64fb472950df372ae9c55c1e5e65070cb6dcef8b3e735c6a077f54e6d1aee4ca98f4ef2
SSDEEP

6291456:B9Qfjyt8yNChPSyZrYeoUrarzsqcptRbmvKM8IbCfL7NY2c:B9QfjytQPJMehGrUhmv3HIFY2c

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/setup/ISSetup.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/setup/ISSetup.dll	upx

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
unpack001/autoplay.exe
unpack001/setup/CONNECT.DLL
unpack001/setup/DIALER.DLL
unpack001/setup/Game/At Worlds End.exe
unpack001/setup/Game/PCAudio.dll
unpack001/setup/ISSetup.dll
unpack001/setup/SHFOLDER.DLL
unpack001/setup/Tools/SysCheck.exe
unpack001/setup/Tools/Syscheck/bviestrt.exe
unpack001/setup/Tools/unicows.dll
unpack001/setup/_Isuser.dll
unpack001/setup/bvgutils.dll

Files

piratas-del-caribe-en-el-fin-del-mundo.zip
.zip
QA.ini
autoplay.exe
.exe windows x86

994ee7f950d09d543c6027009599bd19

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

PlaySoundA

kernel32

LocalReAlloc
GetProcessVersion
GetCPInfo
GetOEMCP
WritePrivateProfileStringA
SetErrorMode
HeapFree
HeapAlloc
RtlUnwind
SetEnvironmentVariableA
ExitProcess
TlsGetValue
GlobalFlags
GetCommandLineA
RaiseException
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetACP
HeapSize
HeapReAlloc
HeapDestroy
HeapCreate
TlsSetValue
EnterCriticalSection
GlobalReAlloc
GetStartupInfoA
FindNextFileA
LeaveCriticalSection
GetFileType
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
GetComputerNameA
GetVersionExA
GetExitCodeProcess
TerminateProcess
FreeLibrary
CreateProcessA
Sleep
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
GetFullPathNameA
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
GetCurrentProcess
DuplicateHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
FindClose
lstrcpynA
GetFileTime
GetFileSize
GetFileAttributesA
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedIncrement
GlobalFree
GlobalAlloc
lstrcmpA
GetCurrentThread
GlobalLock
SetLastError
GlobalUnlock
GetPrivateProfileSectionNamesA
MulDiv
VirtualAlloc
LoadResource
InterlockedDecrement
FindFirstFileA
FindResourceA
lstrcatA
LockResource
GetVersion
IsBadWritePtr
lstrcmpiA
OpenFile
GetCurrentThreadId
GlobalGetAtomNameA
GlobalDeleteAtom
GlobalAddAtomA
GlobalFindAtomA
CreateMutexA
lstrcpyA
GetCurrentProcessId
GetModuleHandleA
WaitForSingleObject
ReleaseMutex
GetUserDefaultLCID
GetSystemDirectoryA
ReadFile
GetCommModemStatus
GlobalMemoryStatus
GetLastError
GetProcAddress
LoadLibraryA
OutputDebugStringA
SetHandleCount
GetSystemInfo
GetStdHandle
VirtualFree
GetWindowsDirectoryA
GetPrivateProfileIntA
GetDriveTypeA
DeleteFileA
CloseHandle
CreateFileA
GetModuleFileNameA
GetPrivateProfileStringA
GetTempPathA
GetCurrentDirectoryA
SetCurrentDirectoryA

user32

CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
EnableMenuItem
ClientToScreen
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
PostQuitMessage
IsWindowEnabled
GetNextDlgTabItem
GetActiveWindow
TranslateMessage
GetMessageA
CreateDialogIndirectParamA
EndDialog
CharUpperA
GetClassNameA
GetSysColorBrush
DestroyMenu
ValidateRect
GetCursorPos
LoadStringA
PeekMessageA
DispatchMessageA
GetFocus
SetActiveWindow
IsWindow
SetFocus
AdjustWindowRectEx
IsWindowVisible
GetSysColor
GetTopWindow
SetWindowTextA
GetClassInfoA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
DestroyWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
GetWindowLongA
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
DestroyIcon
GetParent
wsprintfA
PostMessageA
GetKeyboardType
LoadCursorFromFileA
ShowCursor
FrameRect
GetClientRect
LoadCursorA
IntersectRect
PtInRect
SetRectEmpty
UnionRect
RedrawWindow
SetTimer
KillTimer
GetUpdateRect
SendMessageA
GetWindowRect
GetSystemMetrics
CopyRect
SetCursor
RegisterHotKey
UpdateWindow
LoadIconA
MessageBoxA
FindWindowA
EnableWindow
GetDC
ReleaseDC
SetDlgItemTextA
SendDlgItemMessageA
MapWindowPoints
ShowWindow
GetCapture
IsDialogMessageA
WinHelpA
LoadImageA
GetDlgItem
DefWindowProcA
RegisterClassA
UnregisterClassA

gdi32

CreateHalftonePalette
GetDIBColorTable
SelectObject
CreatePalette
BitBlt
RealizePalette
CreateCompatibleDC
DeleteObject
CreateSolidBrush
SelectPalette
GetDeviceCaps
SetTextColor
CreateCompatibleBitmap
SetBkColor
GetTextExtentPoint32A
CreateBitmap
SetBkMode
GetStockObject
TextOutA
GetClipBox
RestoreDC
SaveDC
SetMapMode
SetViewportOrgEx
GetObjectA
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
PtVisible
RectVisible
ExtTextOutA
Escape
CreateFontIndirectA
OffsetViewportOrgEx
DeleteDC

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey
GetUserNameA
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteA
ShellExecuteExA

comctl32

ord17
ImageList_GetIcon
ImageList_LoadImageA
ImageList_Destroy

ole32

CoUninitialize
CoCreateInstance
CoInitialize

wsock32

WSAStartup
socket
connect
WSACleanup
bind
htonl
htons
ioctlsocket
closesocket

Sections

.text
Size: 196KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
autorun.inf
readme.txt
readmeBP.txt
readmeFR.txt
readmeSP.txt
setup.exe
setup/AUTOPLAY.INI
setup/BURST/Bitmaps/BULLETR1.BMP
setup/BURST/Bitmaps/BULLETR2.BMP
setup/BURST/Bitmaps/BULLETRO.BMP
setup/BURST/Bitmaps/BULLETZ.BMP
setup/BURST/Bitmaps/BURST.BMP
setup/BURST/Bitmaps/BURSTBP.BMP
setup/BURST/Bitmaps/BURSTCZ.BMP
setup/BURST/Bitmaps/BURSTDU.BMP
setup/BURST/Bitmaps/BURSTES.BMP
setup/BURST/Bitmaps/BURSTFR.BMP
setup/BURST/Bitmaps/BURSTGE.BMP
setup/BURST/Bitmaps/BURSTIT.BMP
setup/BURST/Bitmaps/CAN_MD.BMP
setup/BURST/Bitmaps/CAN_RO.BMP
setup/BURST/Bitmaps/CAN_ROF.BMP
setup/BURST/Bitmaps/CAN_ZERO.BMP
setup/BURST/Bitmaps/INS_MD.BMP
setup/BURST/Bitmaps/INS_RO.bmp
setup/BURST/Bitmaps/INS_ROF.BMP
setup/BURST/Bitmaps/INS_ZERO.BMP
setup/BURST/Bitmaps/PLAYZERO.BMP
setup/BURST/Bitmaps/PLAY_MD.BMP
setup/BURST/Bitmaps/PLAY_RO.BMP
setup/BURST/Bitmaps/PLAY_ROF.BMP
setup/BURST/Bitmaps/UINS_MD.BMP
setup/BURST/Bitmaps/UINS_RO.bmp
setup/BURST/Bitmaps/UINS_ROF.BMP
setup/BURST/Bitmaps/UINS_ZERO.BMP
setup/BURST/Media/InstallMD.wav
setup/BURST/Media/InstallRO.wav
setup/BURST/Media/error.wav
setup/BURST/Strings/BRZPORT.APS
setup/BURST/Strings/BrzStan.aps
setup/BURST/Strings/BrzStan.inf
setup/BURST/Strings/BrzStan.int
setup/BURST/Strings/BrzStan.man
setup/BURST/Strings/Brzport.inf
setup/BURST/Strings/Brzport.int
setup/BURST/Strings/Brzport.man
setup/BURST/Strings/ChinaSI.aps
setup/BURST/Strings/ChinaSI.int
setup/BURST/Strings/ChinaSI.man
setup/BURST/Strings/ChinaTR.aps
setup/BURST/Strings/ChinaTR.int
setup/BURST/Strings/ChinaTR.man
setup/BURST/Strings/Czech.aps
setup/BURST/Strings/Czech.inf
setup/BURST/Strings/Czech.int
setup/BURST/Strings/Czech.man
setup/BURST/Strings/DANISH.APS
setup/BURST/Strings/DANISH.INF
setup/BURST/Strings/DANISH.INT
setup/BURST/Strings/DANISH.MAN
setup/BURST/Strings/DUTCH.APS
setup/BURST/Strings/DUTCH.INF
setup/BURST/Strings/DUTCH.INT
setup/BURST/Strings/DUTCH.MAN
setup/BURST/Strings/FINNISH.APS
setup/BURST/Strings/FINNISH.INF
setup/BURST/Strings/FINNISH.INT
setup/BURST/Strings/FINNISH.MAN
setup/BURST/Strings/FRENCH.APS
setup/BURST/Strings/FRENCH.INF
setup/BURST/Strings/FRENCH.INT
setup/BURST/Strings/FRENCH.MAN
setup/BURST/Strings/GERMAN.APS
setup/BURST/Strings/GERMAN.INF
setup/BURST/Strings/GERMAN.INT
setup/BURST/Strings/GERMAN.MAN
setup/BURST/Strings/ITALIAN.APS
setup/BURST/Strings/ITALIAN.INF
setup/BURST/Strings/ITALIAN.INT
setup/BURST/Strings/ITALIAN.MAN
setup/BURST/Strings/Latin.aps
setup/BURST/Strings/Latin.inf
setup/BURST/Strings/Latin.int
setup/BURST/Strings/Latin.man
setup/BURST/Strings/NORWAY.APS
setup/BURST/Strings/NORWAY.INF
setup/BURST/Strings/NORWAY.INT
setup/BURST/Strings/NORWAY.MAN
setup/BURST/Strings/Polish.aps
setup/BURST/Strings/Polish.inf
setup/BURST/Strings/Polish.int
setup/BURST/Strings/Polish.man
setup/BURST/Strings/SPANISH.APS
setup/BURST/Strings/SPANISH.INF
setup/BURST/Strings/SPANISH.INT
setup/BURST/Strings/SPANISH.MAN
setup/BURST/Strings/SWEDISH.APS
setup/BURST/Strings/SWEDISH.INF
setup/BURST/Strings/SWEDISH.INT
setup/BURST/Strings/SWEDISH.MAN
setup/BURST/Strings/Taiwan.aps
setup/BURST/Strings/Taiwan.inf
setup/BURST/Strings/Taiwan.int
setup/BURST/Strings/Taiwan.man
setup/BURST/Strings/UK.aps
setup/BURST/Strings/UK.inf
setup/BURST/Strings/UK.int
setup/BURST/Strings/UK.man
setup/BURST/Strings/jpn.aps
setup/BURST/Strings/jpn.inf
setup/BURST/Strings/jpn.int
setup/BURST/Strings/jpn.man
setup/BURST/Strings/korea.aps
setup/BURST/Strings/korea.inf
setup/BURST/Strings/korea.int
setup/BURST/Strings/korea.man
setup/BURST/Strings/usa.aps
setup/BURST/Strings/usa.inf
setup/BURST/Strings/usa.int
setup/BURST/Strings/usa.man
setup/BURST/cursors/GLOBE.ANI
setup/BURST/cursors/HOURGLAS.ANI
setup/BVIUTILS.DLL
setup/CONNECT.DLL
.dll windows x86

a1105a9dcf360d9b8b3082d3207b35d5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCPInfo
GetOEMCP
RtlUnwind
GetCommandLineA
ExitProcess
TerminateProcess
RaiseException
HeapSize
HeapReAlloc
GetACP
SetHandleCount
GetFileType
TlsAlloc
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
FreeLibrary
GetCurrentDirectoryA
GetPrivateProfileIntA
GetCurrentProcessId
GetProcessHeap
FlushFileBuffers
SetFilePointer
WriteFile
GetCurrentProcess
GetProcessVersion
LoadLibraryA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetLastError
GetModuleHandleA
GetProcAddress
WritePrivateProfileStringA
GlobalFlags
GetVersion
lstrcatA
GetStartupInfoA
lstrcpynA
HeapAlloc
GetTickCount
lstrcpyA
LocalReAlloc
SetErrorMode
TlsGetValue
GlobalReAlloc
TlsSetValue
EnterCriticalSection
GlobalHandle
LeaveCriticalSection
TlsFree
DeleteCriticalSection
GlobalUnlock
GlobalFree
FreeEnvironmentStringsA
InitializeCriticalSection
LocalAlloc
HeapFree
LocalFree
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
SetLastError
CloseHandle
GetModuleFileNameA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetStdHandle
Sleep

user32

IsIconic
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
DefWindowProcA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
GetWindowPlacement
SystemParametersInfoA
GetSystemMetrics
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetMenuItemCount
wsprintfA
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
UnregisterClassA
SetTimer
KillTimer
WaitMessage
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
EnableWindow
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
MessageBoxA
UnhookWindowsHookEx
GetDC

gdi32

CreateBitmap
DeleteDC
SaveDC
RestoreDC
SelectObject
GetStockObject
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
DeleteObject

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegCreateKeyExA

comctl32

ord17

wsock32

connect
inet_addr
gethostbyname
recvfrom
sendto
closesocket
setsockopt
socket
WSAStartup
WSAGetLastError
recv
WSACleanup
select
WSASetLastError
accept
inet_ntoa
send
WSAAsyncSelect

Exports

Exports

AreWeConnected
GetIPAddress
Ping
SimplePing

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup/DIALER.DLL
.dll windows x86

517cc3a34335987a60dc4a59a1dc9ae0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCPInfo
GetOEMCP
HeapFree
HeapReAlloc
HeapAlloc
RtlUnwind
GetCommandLineA
ExitProcess
TerminateProcess
RaiseException
HeapSize
GetACP
HeapDestroy
HeapCreate
lstrcpyA
IsBadWritePtr
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
WriteFile
GetCurrentProcess
FreeLibrary
GetProcessVersion
LoadLibraryA
GlobalFindAtomA
GlobalGetAtomNameA
GlobalAddAtomA
GetProcAddress
GetLastError
GetModuleHandleA
WritePrivateProfileStringA
SetLastError
GlobalFlags
lstrcpynA
GetVersion
VirtualFree
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
VirtualAlloc
Sleep
GetModuleFileNameA
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GlobalAlloc
GlobalLock
GetCurrentThreadId
CloseHandle

user32

GetPropA
SetPropA
GetClassLongA
CreateWindowExA
CallWindowProcA
RemovePropA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
DefWindowProcA
GetClassInfoA
WinHelpA
RegisterClassA
GetTopWindow
GetCapture
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
GetDlgItem
GetMessagePos
GrayStringA
DrawTextA
TabbedTextOutA
GetMessageTime
GetDC
GetMenuItemCount
ReleaseDC
GetWindowTextA
SetWindowTextA
ClientToScreen
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
UnregisterClassA
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
EnableWindow
SetCursor
SendMessageA
PostQuitMessage
PostMessageA
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
wsprintfA
GetWindow

gdi32

CreateBitmap
DeleteObject
DeleteDC
SaveDC
RestoreDC
SelectObject
GetStockObject
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
PtVisible
TextOutA
ExtTextOutA
RectVisible
GetObjectA
Escape

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA

comctl32

ord17

rasapi32

RasGetConnectStatusA
RasEnumConnectionsA
RasDialA
RasHangUpA
RasEnumEntriesA

Exports

Exports

Dial
FindDeviceCount
FindNumberOfEntries
GetConnectionStateCode
GetDefaultEntry
HangUp
IsEntryConnected
IsThereAConnection
ReturnEntryName

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup/DirectX/Apr2005_MDX_x86.cab
.cab
setup/DirectX/Apr2005_d3dx9_25_x64.cab
.cab
setup/DirectX/Apr2005_d3dx9_25_x86.cab
.cab
setup/DirectX/BDA.cab
.cab
setup/DirectX/BDANT.cab
.cab
setup/DirectX/BDAXP.cab
.cab
setup/DirectX/DSETUP.dll
.dll windows x86

4d6b36810d3c5793c6c7932c9917b8d5

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

23/05/2002, 08:00

Not After

25/09/2011, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:05:87:58:00:03:00:00:00:5a
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/01/2005, 23:20

Not After

05/04/2006, 23:30

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c3:5d:6f:ed:6a:8e:8d:2d:0f:64:ff:f9:1b:cc:53:16:6b:0b:a5:d2
Signer

Actual PE Digest

c3:5d:6f:ed:6a:8e:8d:2d:0f:64:ff:f9:1b:cc:53:16:6b:0b:a5:d2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
lstrcpyA
IsBadWritePtr
lstrlenA
GetModuleFileNameA
SetLastError
MultiByteToWideChar
LocalFree
LocalAlloc
lstrcmpiA
WideCharToMultiByte
lstrcmpA
GetSystemDefaultLCID
IsBadStringPtrA
IsBadReadPtr
IsBadStringPtrW
lstrlenW
lstrcpynA
GetWindowsDirectoryA
GetCurrentDirectoryA
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ReadFile
SetEndOfFile
GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
CreateFileA
FlushFileBuffers
SetStdHandle
GetSystemDirectoryA
SetCurrentDirectoryA
GetVersionExA
LoadLibraryA
GetProcAddress
OutputDebugStringA
CreateMutexA
GetLastError
CloseHandle
QueryPerformanceCounter
FreeLibrary
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
SetFilePointer
VirtualQuery
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
HeapReAlloc
GetLocalTime
ExitProcess
GetModuleHandleA
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
GetACP
GetOEMCP
GetCPInfo
InitializeCriticalSection
RtlUnwind
InterlockedExchange

user32

wsprintfW
DispatchMessageA
GetMessageA
PeekMessageA
MessageBoxA
SetDlgItemTextA
CreateDialogParamA
SetFocus
DestroyWindow
GetKeyboardType
wsprintfA
TranslateMessage

advapi32

RegSetValueExW
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExW

winmm

mmioOpenA
mmioRead
mmioClose
mmioDescend

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

ole32

StringFromGUID2

Exports

Exports

DirectXDeviceDriverSetupA
DirectXDeviceDriverSetupW
DirectXLoadString
DirectXRegisterApplicationA
DirectXRegisterApplicationW
DirectXSetupA
DirectXSetupCallback
DirectXSetupGetEULAA
DirectXSetupGetEULAW
DirectXSetupGetFileVersion
DirectXSetupGetVersion
DirectXSetupIsEng
DirectXSetupIsJapan
DirectXSetupIsJapanNec
DirectXSetupSetCallback
DirectXSetupShowEULA
DirectXSetupW
DirectXUnRegisterApplication

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup/DirectX/DXSETUP.exe
.exe windows x86

69353810d149522b25b3baf7d7726c51

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

23/05/2002, 08:00

Not After

25/09/2011, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:05:87:58:00:03:00:00:00:5a
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/01/2005, 23:20

Not After

05/04/2006, 23:30

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

93:fc:50:54:c7:4f:ba:27:c6:44:75:96:5a:2d:d6:a8:50:96:4d:3b
Signer

Actual PE Digest

93:fc:50:54:c7:4f:ba:27:c6:44:75:96:5a:2d:d6:a8:50:96:4d:3b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryA
GetModuleHandleA
CreateThread
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
lstrcatA
CreateMutexA
SetErrorMode
GetModuleFileNameA
GetCurrentDirectoryA
GetCurrentProcess
CreateFileA
GetFileSize
ReadFile
CloseHandle
lstrcpyA
lstrlenA
lstrcpynA
FindFirstFileA
FindClose
GetLastError
lstrcmpiA
GetVersionExA
LoadLibraryA
SetEndOfFile
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
SetFilePointer
FlushFileBuffers
SetStdHandle
InterlockedExchange
RtlUnwind
HeapReAlloc
InitializeCriticalSection
GetCPInfo
GetOEMCP
GetACP
LCMapStringW
MultiByteToWideChar
LCMapStringA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetProcAddress
FreeLibrary
GetWindowsDirectoryA
OutputDebugStringA
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
GetLocalTime
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
EnterCriticalSection
LeaveCriticalSection
Sleep

advapi32

RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
AdjustTokenPrivileges

gdi32

GetDeviceCaps
CreateFontIndirectA
SelectObject
CreateCompatibleDC
DeleteDC
StretchBlt
GetObjectA
DeleteObject

user32

MessageBoxA
LoadStringA
LoadImageA
SystemParametersInfoA
SendDlgItemMessageA
SetWindowTextA
GetWindowLongA
PostMessageA
GetParent
SetDlgItemTextA
GetDlgItem
SendMessageA
ShowWindow
SetWindowLongA
GetAsyncKeyState
ExitWindowsEx
EnumWindows
GetWindowTextA
GetClassNameA
SetForegroundWindow
SetFocus
CharLowerA
GetDC
ReleaseDC

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

comctl32

CreatePropertySheetPageA
PropertySheetA
ord17

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 407KB - Virtual size: 406KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
setup/DirectX/DirectX.cab
.cab
setup/DirectX/dsetup32.dll
.dll windows x86

89190b092e3308442d57dda0ed2ed1c0

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

23/05/2002, 08:00

Not After

25/09/2011, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:05:87:58:00:03:00:00:00:5a
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/01/2005, 23:20

Not After

05/04/2006, 23:30

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:5c:91:d8:eb:76:e7:95:5d:49:68:57:62:4c:f3:62:77:28:33:13
Signer

Actual PE Digest

61:5c:91:d8:eb:76:e7:95:5d:49:68:57:62:4c:f3:62:77:28:33:13

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
FindClose
FindFirstFileA
GetPrivateProfileSectionA
GetCurrentProcess
CloseHandle
CreateFileA
SetFileAttributesA
FindNextFileA
lstrcmpA
GetSystemDirectoryA
CreateDirectoryA
lstrcatA
lstrcpyA
GetSystemDefaultLCID
GetShortPathNameA
GetModuleFileNameA
GetPrivateProfileSectionNamesA
GetSystemInfo
WideCharToMultiByte
GetDiskFreeSpaceA
GetModuleHandleA
CopyFileA
ReadFile
GetFileSize
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetPrivateProfileStringA
GetLastError
WaitForSingleObject
CreateProcessA
LoadLibraryExA
GetTempFileNameA
GetDriveTypeA
GetCurrentDirectoryA
ExpandEnvironmentStringsA
GetTempPathA
MultiByteToWideChar
MoveFileExA
CompareStringA
SetFileTime
lstrlenA
Sleep
CreateMutexA
LoadResource
FindResourceA
IsBadWritePtr
LockResource
SizeofResource
SetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetExitCodeProcess
lstrcpynA
SetEndOfFile
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
SetFilePointer
InterlockedExchange
RtlUnwind
FlushFileBuffers
SetStdHandle
InitializeCriticalSection
GetCPInfo
GetOEMCP
GetACP
LCMapStringW
LCMapStringA
VirtualQuery
DeleteFileA
lstrcmpiA
GetVersionExA
LoadLibraryA
GetProcAddress
FreeLibrary
GetWindowsDirectoryA
GetFileTime
OutputDebugStringA
VirtualProtect
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetLocalTime
HeapReAlloc
ExitProcess
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType

gdi32

GetDeviceCaps

user32

CharLowerA
GetKeyboardType
LoadStringA
CharNextA
TranslateMessage
GetMessageA
PeekMessageA
SetDlgItemTextA
ShowWindow
DispatchMessageA
GetDC
EndDialog
SendDlgItemMessageA
GetDesktopWindow
GetWindowRect
DestroyWindow
ReleaseDC
SetWindowPos
DialogBoxParamA
SetFocus
CreateDialogParamA
MessageBoxA
wsprintfA
GetDlgItem
SendMessageA

advapi32

RegEnumKeyExA
RegQueryInfoKeyA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey

shlwapi

SHDeleteKeyA

winmm

mmioClose
mmioDescend
mmioRead
mmioOpenA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

shell32

SHFileOperationA

ole32

StringFromGUID2

Exports

Exports

DirectXLoadString
DirectXSetupCallback
DirectXSetupSetCallback
DirectXSetupShowEULA
iDirectXSetup
iDirectXSetupGetEULA

Sections

.text
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup/DirectX/dxnt.cab
.cab
setup/DirectX/dxupdate.cab
.cab
setup/Disk1.TXT
setup/Game/At Worlds End.exe
.exe windows x86

d23ab41abc528679616481ff5ad37ce6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

InvalidateRect
GetWindowLongA
BeginPaint
EndPaint
CheckMenuItem
GetMenuItemCount
EnableWindow
GetDlgItem
EndDialog
SendMessageA
SetFocus
UpdateWindow
ShowWindow
SetWindowPos
SetWindowPlacement
GetWindowPlacement
CheckDlgButton
DialogBoxParamA
InsertMenuA
GetMenuItemID
AppendMenuA
PostQuitMessage
DefWindowProcA
GetClientRect
GetWindowRect
CreateWindowExA
GetSystemMetrics
RegisterClassExA
LoadCursorA
LoadImageA
GetKeyboardLayout
ToAsciiEx
ToUnicodeEx
MapVirtualKeyExA
ReleaseDC
GetDC
SetForegroundWindow
PeekMessageA
TranslateMessage
DispatchMessageA
WaitMessage
SystemParametersInfoA
MessageBoxA
SetWindowLongA
SetCursor
GetSystemMenu
ValidateRect
CreateMenu
DestroyWindow
GetAsyncKeyState

winmm

PlaySoundA

kernel32

GetLocalTime
CreateProcessA
GetCommandLineA
CloseHandle
GetLastError
CreateMutexA
SetThreadAffinityMask
GetCurrentThread
GetProcAddress
LoadLibraryA
OutputDebugStringA
SetCurrentDirectoryA
GetModuleFileNameA
Sleep
GetCurrentDirectoryA
CreateDirectoryA
GetFileAttributesA
FindFirstFileA
FindNextFileA
WriteFile
CreateFileA
ReadFile
GetFileSize
GetTickCount
VirtualFree
VirtualAlloc
RtlUnwind
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceFrequency
DeleteCriticalSection
HeapDestroy
HeapCreate
GetCurrentProcessId
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
GetConsoleCP
GetConsoleMode
RaiseException
InterlockedExchange
InitializeCriticalSection
HeapReAlloc
SetFilePointer
MultiByteToWideChar
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetLocaleInfoW
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
VirtualQuery
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetEndOfFile
GetSystemInfo
IsProcessorFeaturePresent
MapViewOfFile
CreateFileMappingA
CreateFileW
UnmapViewOfFile
InterlockedCompareExchange
GetFullPathNameA
lstrcmpiA
QueryPerformanceCounter
FreeLibrary
WideCharToMultiByte
GetFileType
GetStringTypeW

gdi32

DeleteObject
SetDIBitsToDevice
GetDeviceGammaRamp
SetDeviceGammaRamp

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey

shell32

SHGetSpecialFolderPathA

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysStringLen
VariantInit
VariantClear

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
setup/Game/PCAudio.dll
.dll windows x86

ff4c34456a4644e310de08c5a92a2b1a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
SetEvent
SetThreadPriority
CreateThread
CloseHandle
WaitForSingleObject
Sleep
FreeLibrary
SetThreadAffinityMask
GetProcAddress
LoadLibraryA
CreateEventA
CreateFileA
ReadFile
SetFilePointer
RtlUnwind
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
GetLastError
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSize
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

GetIAudioPC

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup/Game/data/File_2.000
setup/Game/data/File_2.bin
setup/Game/data/File_BR2.000
setup/Game/data/File_BR2.bin
setup/Game/data/File_BRA.000
setup/Game/data/File_BRA.bin
setup/Game/data/File_FR2.000
setup/Game/data/File_FR2.bin
setup/Game/data/File_FRE.000
setup/Game/data/File_FRE.bin
setup/Game/data/File_SP2.000
setup/Game/data/File_SP2.bin
setup/Game/data/File_SPA.000
setup/Game/data/File_SPA.bin
setup/Game/data/File_US2.000
setup/Game/data/File_US2.bin
setup/Game/data/File_USA.000
setup/Game/data/File_USA.bin
setup/Game/data/Filelist.000
setup/Game/data/Filelist.bin
setup/Game/data/Mov/Disney.mjp
setup/Game/data/Mov/Disney.wav
setup/Game/data/Mov/Eurocom.mjp
setup/Game/data/Mov/Eurocom.wav
setup/HELP.ICO
setup/INSTALL.INI
setup/ISSetup.dll
.dll regsvr32 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProductSKU
InstallEngineTypelib
RemoveEngineTypelib

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 351KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
setup/LEGAL.INI
setup/Language.ini
setup/Legal/EULABL.txt
setup/Legal/EULABP.txt
setup/Legal/EULACHS.txt
setup/Legal/EULACHT.txt
setup/Legal/EULACZ.txt
setup/Legal/EULADE.txt
setup/Legal/EULADK.txt
setup/Legal/EULAES.txt
setup/Legal/EULAFIN.txt
setup/Legal/EULAFR.txt
setup/Legal/EULAIT.txt
setup/Legal/EULAJP.txt
setup/Legal/EULANL.txt
setup/Legal/EULANO.txt
setup/Legal/EULANS.txt
setup/Legal/EULAPL.txt
setup/Legal/EULAPOR.txt
setup/Legal/EULASW.txt
setup/Legal/EULASZ.txt
setup/Legal/EULAUK.txt
setup/Legal/LICENSE.txt
setup/MEDIA/At Worlds End.ico
setup/MEDIA/InstBG.BMP
setup/MEDIA/SPLASH.BMP
setup/MEDIA/SPLASHBP.BMP
setup/MEDIA/SPLASHCZ.BMP
setup/MEDIA/SPLASHDU.BMP
setup/MEDIA/SPLASHES.BMP
setup/MEDIA/SPLASHFR.BMP
setup/MEDIA/SPLASHGE.BMP
setup/MEDIA/SPLASHIT.BMP
setup/MEDIA/help.ico
setup/MEDIA/install.bmp
setup/MEDIA/uninst.ico
setup/SHFOLDER.DLL
.dll windows x86

a8568b57714f17bea2cb443650a1c951

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDefaultLangID
EnumResourceNamesW
lstrcatA
lstrcpyA
CompareStringW
CreateDirectoryA
CreateDirectoryW
GetLastError
ExpandEnvironmentStringsA
EnumResourceLanguagesW
DisableThreadLibraryCalls
GlobalAlloc
GlobalFree
GetFileAttributesA
GetFileAttributesW
GetSystemDirectoryA
GetSystemDirectoryW
IsBadWritePtr
FindResourceExW
LoadResource
LockResource
GetWindowsDirectoryW
GetWindowsDirectoryA
ExpandEnvironmentStringsW
lstrlenA
lstrlenW
MultiByteToWideChar
GetVersionExA
LoadLibraryA
FreeLibrary
GetProcAddress
lstrcpynW
WideCharToMultiByte

advapi32

SetSecurityDescriptorDacl
SetFileSecurityW
InitializeAcl
GetAce
LookupAccountSidW
AddAccessAllowedAce
RegSetValueExA
RegSetValueExW
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExW
RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor

Exports

Exports

SHGetFolderPathA
SHGetFolderPathW

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 474B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup/STRINGS/BRZPORT.LAG
setup/STRINGS/BrzStan.lag
setup/STRINGS/ChinaSI.lag
setup/STRINGS/ChinaTR.lag
setup/STRINGS/Czech.LAG
setup/STRINGS/DANISHK.LAG
setup/STRINGS/DUTCH.LAG
setup/STRINGS/Danish.lag
setup/STRINGS/FRENCH.LAG
setup/STRINGS/Finnish.lag
setup/STRINGS/GERMAN.LAG
setup/STRINGS/ITALIAN.LAG
setup/STRINGS/JPN.LAG
setup/STRINGS/Korea.lag
setup/STRINGS/NORWAY.LAG
setup/STRINGS/Polish.LAG
setup/STRINGS/SPANISH.LAG
setup/STRINGS/Swedish.lag
setup/STRINGS/Taiwan.lag
setup/STRINGS/UK.LAG
setup/STRINGS/USAENG.LAG
setup/STRINGS/latin.lag
setup/Tools/SysCheck.exe
.exe windows x86

75e15e4a4d98ec53e2ca491249927757

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetSystemInfo
GetUserDefaultLCID
CompareStringA
InterlockedExchange
GetWindowsDirectoryA
GetSystemDirectoryA
FlushInstructionCache
VirtualQuery
GetVersion
SetLastError
FormatMessageA
Sleep
GetTempPathA
WinExec
GetModuleHandleA
WritePrivateProfileStringA
GetPrivateProfileIntA
CopyFileA
LCMapStringA
GetACP
GetStringTypeA
CreateFileA
SetFilePointer
FlushFileBuffers
SetStdHandle
HeapReAlloc
VirtualAlloc
WriteFile
RtlUnwind
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
ReadFile
SetEndOfFile
CloseHandle
HeapAlloc
HeapFree
GetCommandLineA
GetStartupInfoA
TerminateProcess
ExitProcess
GetModuleFileNameA
GetCurrentProcess
GetVersionExA
CreateProcessA
WaitForSingleObject
SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileStringA
GetSystemTime
GlobalMemoryStatus
LoadLibraryA
FreeLibrary
GetOEMCP
OutputDebugStringA

advapi32

AdjustTokenPrivileges
OpenProcessToken
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
LookupPrivilegeValueA

user32

MessageBoxA
DefWindowProcA
DestroyWindow
CreateWindowExA
RegisterClassExA
ExitWindowsEx
SetMessageQueue
GetWindowRect
MoveWindow
BeginPaint
ReleaseDC
EndPaint
LoadBitmapA
GetDC
FindWindowA
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
ShowWindow
CreateDialogParamA
EndDialog
PostQuitMessage
GetClientRect
SetWindowTextA
LoadIconA
SetClassLongA
SetDlgItemTextA
GetDlgItem
LoadImageA

gdi32

SetTextColor
DeleteObject
SelectObject
GetStockObject
StretchBlt
SetBkMode
SetBkColor
GetDeviceCaps
DeleteDC
CreateCompatibleDC
BitBlt
CreateSolidBrush
GetObjectA

shell32

ShellExecuteExA

comdlg32

GetOpenFileNameA
GetSaveFileNameA

ole32

CoInitialize
CoBuildVersion
CoUninitialize

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
setup/Tools/Syscheck/bpView1.CHM
.chm
setup/Tools/Syscheck/bpView2.CHM
.chm
setup/Tools/Syscheck/bpView3.CHM
.chm
setup/Tools/Syscheck/bpView4.CHM
.chm
setup/Tools/Syscheck/bpView5.CHM
.chm
setup/Tools/Syscheck/bpsc.lag
setup/Tools/Syscheck/bviestrt.exe
.exe windows x86

826b2d99a999c3b8e0828f2ffd10c302

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetHandleCount
GetDriveTypeA
FindFirstFileA
GetLogicalDriveStringsA
WinExec
HeapDestroy
HeapCreate
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
FindClose
GetStdHandle
GetFileType
VirtualAlloc
HeapAlloc
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW

user32

MessageBoxA

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
setup/Tools/Syscheck/csView1.CHM
.chm
setup/Tools/Syscheck/csView2.CHM
.chm
setup/Tools/Syscheck/csView3.CHM
.chm
setup/Tools/Syscheck/csView4.CHM
.chm
setup/Tools/Syscheck/csView5.CHM
.chm
setup/Tools/Syscheck/cssc.lag
setup/Tools/Syscheck/czsc.lag
setup/Tools/Syscheck/czview1.CHM
.chm
setup/Tools/Syscheck/czview2.CHM
.chm
setup/Tools/Syscheck/czview3.CHM
.chm
setup/Tools/Syscheck/czview4.CHM
.chm
setup/Tools/Syscheck/czview5.CHM
.chm
setup/Tools/Syscheck/daView1.CHM
.chm
setup/Tools/Syscheck/daView2.CHM
.chm
setup/Tools/Syscheck/daView3.CHM
.chm
setup/Tools/Syscheck/daView4.CHM
.chm
setup/Tools/Syscheck/daView5.CHM
.chm
setup/Tools/Syscheck/dasc.lag
setup/Tools/Syscheck/deView1.CHM
.chm
setup/Tools/Syscheck/deView2.CHM
.chm
setup/Tools/Syscheck/deView3.CHM
.chm
setup/Tools/Syscheck/deView4.CHM
.chm
setup/Tools/Syscheck/deView5.CHM
.chm
setup/Tools/Syscheck/desc.lag
setup/Tools/Syscheck/fiView1.CHM
.chm
setup/Tools/Syscheck/fiView2.CHM
.chm
setup/Tools/Syscheck/fiView3.CHM
.chm
setup/Tools/Syscheck/fiView4.CHM
.chm
setup/Tools/Syscheck/fiView5.CHM
.chm
setup/Tools/Syscheck/fisc.lag
setup/Tools/Syscheck/frView1.CHM
.chm
setup/Tools/Syscheck/frView2.CHM
.chm
setup/Tools/Syscheck/frView3.CHM
.chm
setup/Tools/Syscheck/frView4.CHM
.chm
setup/Tools/Syscheck/frView5.CHM
.chm
setup/Tools/Syscheck/frsc.lag
setup/Tools/Syscheck/itView1.CHM
.chm
setup/Tools/Syscheck/itView2.CHM
.chm
setup/Tools/Syscheck/itView3.CHM
.chm
setup/Tools/Syscheck/itView4.CHM
.chm
setup/Tools/Syscheck/itView5.CHM
.chm
setup/Tools/Syscheck/itsc.lag
setup/Tools/Syscheck/jpsc.lag
setup/Tools/Syscheck/nlView1.CHM
.chm
setup/Tools/Syscheck/nlView2.CHM
.chm
setup/Tools/Syscheck/nlView3.CHM
.chm
setup/Tools/Syscheck/nlView4.CHM
.chm
setup/Tools/Syscheck/nlView5.CHM
.chm
setup/Tools/Syscheck/nlsc.lag
setup/Tools/Syscheck/noView1.CHM
.chm
setup/Tools/Syscheck/noView2.CHM
.chm
setup/Tools/Syscheck/noView3.CHM
.chm
setup/Tools/Syscheck/noView4.CHM
.chm
setup/Tools/Syscheck/noView5.CHM
.chm
setup/Tools/Syscheck/nosc.lag
setup/Tools/Syscheck/nsView1.CHM
.chm
setup/Tools/Syscheck/nsView2.CHM
.chm
setup/Tools/Syscheck/nsView3.CHM
.chm
setup/Tools/Syscheck/nsView4.CHM
.chm
setup/Tools/Syscheck/nsView5.CHM
.chm
setup/Tools/Syscheck/nssc.lag
setup/Tools/Syscheck/plView1.CHM
.chm
setup/Tools/Syscheck/plView2.CHM
.chm
setup/Tools/Syscheck/plView3.CHM
.chm
setup/Tools/Syscheck/plView4.CHM
.chm
setup/Tools/Syscheck/plView5.CHM
.chm
setup/Tools/Syscheck/plsc.lag
setup/Tools/Syscheck/sc.lag
setup/Tools/Syscheck/sclang.ini
setup/Tools/Syscheck/swView1.CHM
.chm
setup/Tools/Syscheck/swView2.CHM
.chm
setup/Tools/Syscheck/swView3.CHM
.chm
setup/Tools/Syscheck/swView4.CHM
.chm
setup/Tools/Syscheck/swView5.CHM
.chm
setup/Tools/Syscheck/swsc.lag
setup/Tools/Syscheck/uksc.lag
setup/Tools/Syscheck/ukview1.CHM
.chm
setup/Tools/Syscheck/ukview2.CHM
.chm
setup/Tools/Syscheck/ukview3.CHM
.chm
setup/Tools/Syscheck/ukview4.CHM
.chm
setup/Tools/Syscheck/ukview5.CHM
.chm
setup/Tools/Syscheck/view1.CHM
.chm
setup/Tools/Syscheck/view2.CHM
.chm
setup/Tools/Syscheck/view3.CHM
.chm
setup/Tools/Syscheck/view4.CHM
.chm
setup/Tools/Syscheck/view5.CHM
.chm
setup/Tools/syscheck.ini
setup/Tools/unicows.dll
.dll windows x86

a5d0189d6a5d68196034b92852d38f4f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDiskFreeSpaceW
GetDriveTypeA
GetDriveTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetFileAttributesA
GetFileAttributesW
FindClose
IsDBCSLeadByte
GetFullPathNameA
GetFullPathNameW
GetLocaleInfoW
GetLogicalDriveStringsA
GetLogicalDriveStringsW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetNamedPipeHandleStateA
GetNamedPipeHandleStateW
GetNumberFormatA
GetNumberFormatW
GetPrivateProfileIntA
GetPrivateProfileIntW
GetPrivateProfileSectionA
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionNamesW
GetPrivateProfileStringA
GetPrivateProfileStringW
GetPrivateProfileStructA
GetPrivateProfileStructW
GetProfileIntA
GetProfileIntW
GetProfileSectionA
GetProfileSectionW
GetProfileStringA
GetProfileStringW
GetShortPathNameA
GetShortPathNameW
GetStartupInfoA
GetStartupInfoW
GetStringTypeA
GetStringTypeW
GetStringTypeExA
GetStringTypeExW
GetSystemDirectoryA
GetSystemDirectoryW
GetWindowsDirectoryA
GetWindowsDirectoryW
GetTempFileNameA
GetTempFileNameW
GetTempPathA
GetTempPathW
GetTimeFormatA
GetTimeFormatW
GetVersionExA
GetVersionExW
GetVolumeInformationA
GetVolumeInformationW
GlobalAddAtomW
GlobalFindAtomA
GlobalFindAtomW
GlobalGetAtomNameA
GlobalGetAtomNameW
IsBadStringPtrW
IsValidCodePage
LCMapStringA
LCMapStringW
LoadLibraryW
LoadLibraryExA
LoadLibraryExW
lstrcatW
lstrcmpW
lstrcmpiW
GetDiskFreeSpaceA
lstrcpynW
lstrlenW
MoveFileA
MoveFileW
OpenEventA
OpenEventW
OpenFileMappingA
OpenFileMappingW
OpenMutexA
OpenMutexW
OpenSemaphoreA
OpenSemaphoreW
OutputDebugStringA
OutputDebugStringW
PeekConsoleInputA
PeekConsoleInputW
QueryDosDeviceA
QueryDosDeviceW
ReadConsoleA
ReadConsoleW
ReadConsoleInputA
ReadConsoleInputW
ReadConsoleOutputA
ReadConsoleOutputW
ReadConsoleOutputCharacterA
ReadConsoleOutputCharacterW
RemoveDirectoryA
RemoveDirectoryW
ScrollConsoleScreenBufferA
ScrollConsoleScreenBufferW
SearchPathA
SearchPathW
SetComputerNameA
SetComputerNameW
SetConsoleTitleA
SetConsoleTitleW
SetCurrentDirectoryA
SetCurrentDirectoryW
SetDefaultCommConfigA
SetDefaultCommConfigW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetFileAttributesA
SetFileAttributesW
SetLocaleInfoA
SetLocaleInfoW
SetVolumeLabelA
SetVolumeLabelW
VerLanguageNameA
VerLanguageNameW
WaitNamedPipeA
WaitNamedPipeW
WriteConsoleA
WriteConsoleW
WriteConsoleInputA
WriteConsoleInputW
WriteConsoleOutputA
WriteConsoleOutputW
WriteConsoleOutputCharacterA
WriteConsoleOutputCharacterW
WritePrivateProfileSectionA
WritePrivateProfileSectionW
WritePrivateProfileStringA
WritePrivateProfileStringW
WritePrivateProfileStructA
WritePrivateProfileStructW
WriteProfileSectionA
WriteProfileSectionW
WriteProfileStringA
WriteProfileStringW
IsBadWritePtr
IsBadReadPtr
FindResourceA
lstrcpyA
FindResourceW
SetErrorMode
GetDefaultCommConfigW
GetDefaultCommConfigA
GetDateFormatW
GetDateFormatA
GetCurrentDirectoryW
GetCurrentDirectoryA
GetCurrencyFormatW
GetCurrencyFormatA
GetConsoleTitleW
GetConsoleTitleA
GetComputerNameW
GetComputerNameA
GetAtomNameW
GetAtomNameA
FormatMessageW
FormatMessageA
LocalFree
HeapReAlloc
LocalAlloc
FindResourceExW
FreeEnvironmentStringsW
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
FindFirstChangeNotificationW
FindFirstChangeNotificationA
FindAtomW
FindAtomA
FillConsoleOutputCharacterW
FillConsoleOutputCharacterA
FatalAppExitW
FatalAppExitA
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
EnumTimeFormatsW
EnumTimeFormatsA
EnumSystemLocalesW
EnumSystemLocalesA
EnumSystemCodePagesW
EnumDateFormatsW
EnumDateFormatsA
EnumCalendarInfoW
EnumCalendarInfoA
DeleteFileW
DeleteFileA
CreateSemaphoreW
CreateSemaphoreA
CreateProcessW
CreateProcessA
CreateNamedPipeW
CreateNamedPipeA
CreateMutexW
CreateMutexA
CreateMailslotW
CreateMailslotA
CreateFileMappingW
CreateFileMappingA
CreateFileW
CreateFileA
CreateEventW
CreateEventA
CreateDirectoryExW
CreateDirectoryExA
CreateDirectoryW
CreateDirectoryA
CopyFileW
CopyFileA
CompareStringW
CompareStringA
CommConfigDialogW
CommConfigDialogA
CallNamedPipeW
CallNamedPipeA
BuildCommDCBAndTimeoutsW
BuildCommDCBAndTimeoutsA
BuildCommDCBW
BuildCommDCBA
AddAtomW
AddAtomA
GetVersion
InitializeCriticalSection
GetACP
GetOEMCP
DeleteCriticalSection
EnumResourceTypesW
EnumResourceNamesW
EnumResourceLanguagesW
SizeofResource
LoadResource
LockResource
FreeResource
_lclose
GetTickCount
_lread
_lwrite
_llseek
VirtualQuery
GetSystemInfo
VirtualFree
VirtualAlloc
VirtualProtect
TlsAlloc
TlsFree
TlsGetValue
GetLastError
TlsSetValue
GetCurrentProcessId
EnterCriticalSection
LeaveCriticalSection
IsDBCSLeadByteEx
GlobalAddAtomA
AreFileApisANSI
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
GetCurrentThreadId
lstrcmpA
lstrcmpiA
WideCharToMultiByte
GetLocaleInfoA
LoadLibraryA
InterlockedExchange
FreeLibrary
GetModuleHandleA
GetProcAddress
GetCPInfo
lstrlenA
GetProcessHeap
HeapAlloc
SetLastError
MultiByteToWideChar
lstrcpyW
HeapFree
RtlUnwind

user32

SetMenuItemInfoW
SetPropW
SetWindowLongW
SetWindowsHookA
SetWindowsHookW
SetWindowsHookExW
SetWindowTextA
SetWindowTextW
SystemParametersInfoA
SystemParametersInfoW
TranslateAcceleratorW
TabbedTextOutA
TabbedTextOutW
UnregisterClassA
UnregisterClassW
VkKeyScanExA
VkKeyScanExW
WinHelpA
WinHelpW
wvsprintfW
EnumClipboardFormats
SetClipboardData
GetClipboardData
MapVirtualKeyW
VkKeyScanW
wsprintfW
GrayStringW
GrayStringA
GetWindowTextLengthW
GetWindowTextLengthA
GetWindowTextW
GetWindowTextA
GetWindowLongW
GetTabbedTextExtentW
GetTabbedTextExtentA
GetPropW
GetMessageW
GetMenuStringW
GetMenuStringA
GetMenuItemInfoW
GetMenuItemInfoA
GetKeyNameTextW
GetKeyboardLayout
GetKeyNameTextA
GetKeyboardLayoutNameW
GetKeyboardLayoutNameA
GetDlgItemTextW
GetDlgItemTextA
GetClipboardFormatNameW
GetClipboardFormatNameA
GetClassNameW
GetClassNameA
GetClassLongW
GetClassLongA
GetClassInfoExW
GetClassInfoExA
GetClassInfoW
GetClassInfoA
FindWindowExW
FindWindowExA
FindWindowW
FindWindowA
EnableWindow
EnumPropsExW
EnumPropsExA
EnumPropsW
EnumPropsA
EnumDisplaySettingsW
EnumDisplaySettingsA
DrawTextExW
DrawTextExA
DrawTextW
DrawTextA
DrawStateW
DrawStateA
DlgDirSelectExW
DlgDirSelectExA
DlgDirSelectComboBoxExW
DlgDirSelectComboBoxExA
SetMenuItemInfoA
DlgDirListComboBoxA
DlgDirListW
DlgDirListA
DispatchMessageW
DialogBoxParamW
DialogBoxParamA
DialogBoxIndirectParamW
DialogBoxIndirectParamA
DefMDIChildProcW
DefFrameProcW
DefDlgProcW
DdeQueryStringW
DdeQueryStringA
DdeQueryConvInfo
DdeInitializeW
DdeInitializeA
DdeCreateStringHandleW
DdeCreateStringHandleA
DdeConnectList
DdeConnect
CharUpperBuffW
CharUpperW
CharToOemBuffW
CharToOemW
CharPrevW
CharNextW
CharLowerBuffW
CharLowerW
ChangeMenuW
ChangeMenuA
ChangeDisplaySettingsW
ChangeDisplaySettingsA
CreateWindowExW
SetDlgItemTextW
SetDlgItemTextA
SetClassLongW
SetClassLongA
SendNotifyMessageW
SendMessageTimeoutW
SendMessageCallbackW
SendMessageW
SendDlgItemMessageW
RemovePropW
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClipboardFormatA
RegisterClassExW
RegisterClassExA
RegisterClassW
RegisterClassA
PostThreadMessageW
PostMessageW
PeekMessageW
OemToCharBuffW
OemToCharW
ModifyMenuW
ModifyMenuA
MessageBoxIndirectW
MessageBoxIndirectA
MessageBoxExW
MessageBoxW
MapVirtualKeyExW
MapVirtualKeyExA
LoadStringW
LoadMenuIndirectW
LoadMenuIndirectA
LoadMenuW
LoadMenuA
LoadKeyboardLayoutW
LoadKeyboardLayoutA
LoadImageW
LoadImageA
CreateWindowExA
CreateMDIWindowW
CreateMDIWindowA
CreateDialogParamW
CreateDialogParamA
CreateDialogIndirectParamW
CreateDialogIndirectParamA
CreateAcceleratorTableW
CreateAcceleratorTableA
CopyAcceleratorTableW
CopyAcceleratorTableA
CallWindowProcW
CallMsgFilterW
CallMsgFilterA
AppendMenuW
AppendMenuA
GetWindowThreadProcessId
SetWindowLongA
TranslateAcceleratorA
IsDialogMessageA
DispatchMessageA
PeekMessageA
GetMessageA
GetWindowLongA
PostThreadMessageA
PostMessageA
SendNotifyMessageA
SendMessageTimeoutA
SendMessageCallbackA
SendMessageA
DefWindowProcA
CallWindowProcA
DefMDIChildProcA
DefFrameProcA
DefDlgProcA
GetParent
GetDlgItem
SetPropA
RemovePropA
GetPropA
IsDlgButtonChecked
RegisterWindowMessageA
EnumChildWindows
CallNextHookEx
SetWindowsHookExA
LoadIconW
CharLowerA
LoadIconA
LoadCursorFromFileW
LoadCursorFromFileA
LoadCursorW
CharUpperA
UnhookWindowsHookEx
LoadCursorA
LoadBitmapW
LoadBitmapA
LoadAcceleratorsW
LoadAcceleratorsA
IsWindowUnicode
IsWindow
IsDialogMessageW
IsClipboardFormatAvailable
IsCharUpperW
IsCharUpperA
InsertMenuA
IsCharLowerA
IsCharAlphaNumericW
IsCharAlphaNumericA
IsCharAlphaW
IsCharAlphaA
InsertMenuItemW
InsertMenuItemA
DlgDirListComboBoxW
InsertMenuW
IsCharLowerW

gdi32

GetGlyphOutlineW
GetICMProfileA
GetICMProfileW
GetKerningPairsA
GetKerningPairsW
GetLogColorSpaceA
GetLogColorSpaceW
GetMetaFileA
GetMetaFileW
GetObjectA
GetObjectType
GetObjectW
GetOutlineTextMetricsA
GetOutlineTextMetricsW
GetTextExtentExPointA
GetTextExtentExPointW
GetTextExtentPointA
GetTextExtentPointW
GetGlyphOutlineA
GetTextExtentPoint32W
GetTextFaceA
GetTextFaceW
GetTextMetricsA
GetTextMetricsW
PolyTextOutA
PolyTextOutW
RemoveFontResourceA
RemoveFontResourceW
ResetDCA
ResetDCW
SetICMProfileA
SetICMProfileW
StartDocA
StartDocW
TextOutW
UpdateICMRegKeyA
UpdateICMRegKeyW
GetEnhMetaFileDescriptionW
GetEnhMetaFileDescriptionA
GetEnhMetaFileW
GetEnhMetaFileA
GetCharacterPlacementW
GetCharacterPlacementA
GetCharWidthFloatW
GetCharWidthFloatA
GetCharWidthW
GetCharWidthA
GetCharABCWidthsFloatW
GetCharABCWidthsFloatA
GetCharABCWidthsW
GetCharABCWidthsA
ExtTextOutW
ExtTextOutA
EnumICMProfilesW
EnumICMProfilesA
EnumFontsW
EnumFontsA
EnumFontFamiliesExW
EnumFontFamiliesExA
EnumFontFamiliesW
EnumFontFamiliesA
CreateScalableFontResourceW
CreateScalableFontResourceA
CreateMetaFileW
CreateMetaFileA
CreateICW
CreateICA
CreateFontIndirectW
CreateFontIndirectA
CreateFontW
CreateFontA
CreateEnhMetaFileW
CreateEnhMetaFileA
CreateDCW
CreateDCA
CreateColorSpaceW
CreateColorSpaceA
CopyMetaFileW
CopyMetaFileA
CopyEnhMetaFileW
CopyEnhMetaFileA
AddFontResourceW
AddFontResourceA
GetTextExtentPoint32A
TranslateCharsetInfo
GetTextCharset

mpr

WNetGetUniversalNameW
MultinetGetConnectionPerformanceW
WNetAddConnectionA
WNetAddConnectionW
WNetAddConnection2A
WNetAddConnection2W
WNetAddConnection3A
WNetAddConnection3W
WNetCancelConnectionA
WNetCancelConnectionW
WNetCancelConnection2A
WNetCancelConnection2W
WNetConnectionDialog1A
WNetConnectionDialog1W
WNetDisconnectDialog1A
WNetDisconnectDialog1W
WNetEnumResourceA
WNetEnumResourceW
WNetGetConnectionA
WNetGetConnectionW
WNetGetLastErrorA
WNetGetLastErrorW
WNetGetNetworkInformationA
WNetGetNetworkInformationW
WNetGetProviderNameA
WNetUseConnectionW
WNetUseConnectionA
WNetOpenEnumW
WNetOpenEnumA
WNetGetUserW
WNetGetUserA
MultinetGetConnectionPerformanceA
WNetGetUniversalNameA
WNetGetResourceParentW
WNetGetResourceParentA
WNetGetResourceInformationW
WNetGetResourceInformationA
WNetGetProviderNameW

advapi32

RegOpenKeyA
RegEnumValueA
RegUnLoadKeyW
RegUnLoadKeyA
RegSetValueExW
RegSetValueExA
RegSetValueW
RegSetValueA
RegSaveKeyW
RegSaveKeyA
RegReplaceKeyW
RegReplaceKeyA
RegQueryValueExW
RegQueryValueExA
RegQueryValueW
RegQueryValueA
RegQueryMultipleValuesW
RegQueryMultipleValuesA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExW
RegOpenKeyW
RegCloseKey
RegLoadKeyW
RegLoadKeyA
RegEnumValueW
RegEnumKeyExW
RegEnumKeyExA
RegEnumKeyW
RegEnumKeyA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
RegCreateKeyExA
RegCreateKeyW
RegCreateKeyA
RegConnectRegistryW
RegConnectRegistryA
IsTextUnicode
GetUserNameW
GetUserNameA
RegOpenKeyExA

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA
ReplaceTextA
FindTextA
ChooseColorA
ChooseColorW
ChooseFontA
ChooseFontW
PrintDlgW
PrintDlgA
PageSetupDlgW
PageSetupDlgA
GetSaveFileNameW
GetOpenFileNameW
FindTextW
ReplaceTextW
GetFileTitleW

version

VerQueryValueW
VerQueryValueA
VerInstallFileW
VerInstallFileA
VerFindFileW
VerFindFileA
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
GetFileVersionInfoW
GetFileVersionInfoA

shell32

SHGetPathFromIDListA
ord180
ord179
SHGetFileInfoA
SHFileOperationA
SHChangeNotify
SHBrowseForFolderA
Shell_NotifyIconA
ShellExecuteExA
ShellExecuteW
ShellExecuteA
ShellAboutW
ShellAboutA
FindExecutableW
FindExecutableA
ExtractIconExA
ExtractIconW
ExtractIconA
DragQueryFileA
DragQueryFileW

winspool.drv

EnumPrinterDriversW
EnumPrintersW
EnumPrintProcessorDatatypesW
EnumPrintProcessorsA
EnumPrintProcessorsW
GetJobW
GetPrinterW
EnumPortsW
GetPrinterDriverW
GetPrinterDriverDirectoryA
GetPrinterDriverDirectoryW
GetPrintProcessorDirectoryA
GetPrintProcessorDirectoryW
OpenPrinterA
OpenPrinterW
ResetPrinterA
ResetPrinterW
SetJobA
SetJobW
EnumMonitorsW
SetPrinterW
SetPrinterDataA
SetPrinterDataW
StartDocPrinterA
StartDocPrinterW
SetPrinterA
DocumentPropertiesW
DocumentPropertiesA
DeviceCapabilitiesW
DeviceCapabilitiesA
DeletePrintProvidorW
DeletePrintProvidorA
DeletePrintProcessorW
DeletePrintProcessorA
DeletePrinterDriverW
DeletePrinterDriverA
DeletePortW
DeletePortA
DeleteMonitorW
DeleteMonitorA
ConfigurePortW
ConfigurePortA
AdvancedDocumentPropertiesW
AdvancedDocumentPropertiesA
AddPrintProvidorW
AddPrintProvidorA
AddPrintProcessorW
AddPrintProcessorA
AddPrinterDriverW
AddPrinterDriverA
AddPrinterW
AddPrinterA
AddPortW
AddPortA
AddMonitorW
AddMonitorA
AddJobW
AddJobA
GetPrinterDataW

oledlg

ord1
OleUIAddVerbMenuW
ord8
OleUIBusyW
ord6
OleUIChangeIconW
OleUIChangeSourceW
OleUIConvertW
OleUIEditLinksW
OleUIInsertObjectW
OleUIObjectPropertiesW
OleUIPasteSpecialW
OleUIPromptUserW
OleUIUpdateLinksW

winmm

midiOutGetDevCapsW
waveOutGetErrorTextW
waveOutGetErrorTextA
waveOutGetDevCapsW
waveOutGetDevCapsA
waveInGetErrorTextW
waveInGetErrorTextA
waveInGetDevCapsW
waveInGetDevCapsA
midiInGetErrorTextW
midiInGetDevCapsW
midiInGetDevCapsA
mciSendStringW
mciSendStringA
mciSendCommandW
mciGetErrorStringW
mciGetErrorStringA
midiInGetErrorTextA
mciGetDeviceIDW
mciGetDeviceIDA
joyGetDevCapsW
joyGetDevCapsA
auxGetDevCapsW
auxGetDevCapsA
PlaySoundW
PlaySoundA
midiOutGetErrorTextA
midiOutGetErrorTextW
mixerGetControlDetailsW
mixerGetDevCapsA
mixerGetDevCapsW
mixerGetLineControlsW
mixerGetLineInfoW
mmioInstallIOProcW
mmioOpenA
mmioOpenW
mmioRenameA
mmioRenameW
mmioStringToFOURCCA
mmioStringToFOURCCW
sndPlaySoundA
sndPlaySoundW
midiOutGetDevCapsA

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

msvfw32

MCIWndCreateW
MCIWndCreateA
GetSaveFileNamePreviewW
GetOpenFileNamePreviewW

Exports

Exports

AcquireCredentialsHandleW
AddAtomW
AddFontResourceW
AddJobW
AddMonitorW
AddPortW
AddPrintProcessorW
AddPrintProvidorW
AddPrinterDriverW
AddPrinterW
AdvancedDocumentPropertiesW
AppendMenuW
BeginUpdateResourceW
BroadcastSystemMessageW
BuildCommDCBAndTimeoutsW
BuildCommDCBW
CallMsgFilterW
CallNamedPipeW
CallWindowProcA
CallWindowProcW
ChangeDisplaySettingsExW
ChangeDisplaySettingsW
ChangeMenuW
CharLowerBuffW
CharLowerW
CharNextW
CharPrevW
CharToOemBuffW
CharToOemW
CharUpperBuffW
CharUpperW
ChooseColorW
ChooseFontW
CommConfigDialogW
CompareStringW
ConfigurePortW
CopyAcceleratorTableW
CopyEnhMetaFileW
CopyFileExW
CopyFileW
CopyMetaFileW
CreateAcceleratorTableW
CreateColorSpaceW
CreateDCW
CreateDialogIndirectParamW
CreateDialogParamW
CreateDirectoryExW
CreateDirectoryW
CreateEnhMetaFileW
CreateEventW
CreateFileMappingW
CreateFileW
CreateFontIndirectW
CreateFontW
CreateICW
CreateMDIWindowW
CreateMailslotW
CreateMetaFileW
CreateMutexW
CreateNamedPipeW
CreateProcessW
CreateScalableFontResourceW
CreateSemaphoreW
CreateStdAccessibleProxyW
CreateWaitableTimerW
CreateWindowExW
DdeConnect
DdeConnectList
DdeCreateStringHandleW
DdeInitializeW
DdeQueryConvInfo
DdeQueryStringW
DefDlgProcW
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeleteFileW
DeleteMonitorW
DeletePortW
DeletePrintProcessorW
DeletePrintProvidorW
DeletePrinterDriverW
DeviceCapabilitiesW
DialogBoxIndirectParamW
DialogBoxParamW
DispatchMessageW
DlgDirListComboBoxW
DlgDirListW
DlgDirSelectComboBoxExW
DlgDirSelectExW
DocumentPropertiesW
DragQueryFileW
DrawStateW
DrawTextExW
DrawTextW
EnableWindow
EndUpdateResourceW
EnumCalendarInfoExW
EnumCalendarInfoW
EnumClipboardFormats
EnumDateFormatsExW
EnumDateFormatsW
EnumDisplayDevicesW
EnumDisplaySettingsExW
EnumDisplaySettingsW
EnumFontFamiliesExW
EnumFontFamiliesW
EnumFontsW
EnumICMProfilesW
EnumMonitorsW
EnumPortsW
EnumPrintProcessorDatatypesW
EnumPrintProcessorsW
EnumPrinterDriversW
EnumPrintersW
EnumPropsA
EnumPropsExA
EnumPropsExW
EnumPropsW
EnumSystemCodePagesW
EnumSystemLocalesW
EnumTimeFormatsW
EnumerateSecurityPackagesW
ExpandEnvironmentStringsW
ExtTextOutW
ExtractIconExW
ExtractIconW
FatalAppExitW
FillConsoleOutputCharacterW
FindAtomW
FindExecutableW
FindFirstChangeNotificationW
FindFirstFileW
FindNextFileW
FindResourceExW
FindResourceW
FindTextW
FindWindowExW
FindWindowW
FormatMessageW
FreeContextBuffer
FreeEnvironmentStringsW
GetAltTabInfoW
GetAtomNameW
GetCPInfo
GetCPInfoExW
GetCalendarInfoW
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetCharWidthFloatW
GetCharWidthW
GetCharacterPlacementW
GetClassInfoExW
GetClassInfoW
GetClassLongW
GetClassNameW
GetClipboardData
GetClipboardFormatNameW
GetComputerNameW
GetConsoleTitleW
GetCurrencyFormatW
GetCurrentDirectoryW
GetCurrentHwProfileW
GetDateFormatW
GetDefaultCommConfigW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDlgItemTextW
GetDriveTypeW
GetEnhMetaFileDescriptionW
GetEnhMetaFileW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetFileAttributesExW
GetFileAttributesW
GetFileTitleW
GetFileVersionInfoSizeW
GetFileVersionInfoW
GetFullPathNameW
GetGlyphOutlineW
GetICMProfileW
GetJobW
GetKerningPairsW
GetKeyNameTextW
GetKeyboardLayoutNameW
GetLocaleInfoW
GetLogColorSpaceW
GetLogicalDriveStringsW
GetLongPathNameW
GetMenuItemInfoW
GetMenuStringW
GetMessageW
GetMetaFileW
GetModuleFileNameW
GetModuleHandleW
GetMonitorInfoW
GetNamedPipeHandleStateW
GetNumberFormatW
GetObjectW
GetOpenFileNamePreviewW
GetOpenFileNameW
GetOutlineTextMetricsW
GetPrintProcessorDirectoryW
GetPrinterDataW
GetPrinterDriverDirectoryW
GetPrinterDriverW
GetPrinterW
GetPrivateProfileIntW
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
GetPrivateProfileStringW
GetPrivateProfileStructW
GetProcAddress
GetProfileIntW
GetProfileSectionW
GetProfileStringW
GetPropA
GetPropW
GetRoleTextW
GetSaveFileNamePreviewW
GetSaveFileNameW
GetShortPathNameW
GetStartupInfoW
GetStateTextW
GetStringTypeExW
GetStringTypeW
GetSystemDirectoryW
GetSystemWindowsDirectoryW
GetTabbedTextExtentW
GetTempFileNameW
GetTempPathW
GetTextExtentExPointW
GetTextExtentPoint32W
GetTextExtentPointW
GetTextFaceW
GetTextMetricsW
GetTimeFormatW
GetUserNameW
GetVersionExW
GetVolumeInformationW
GetWindowLongA
GetWindowLongW
GetWindowModuleFileNameW
GetWindowTextLengthW
GetWindowTextW
GetWindowsDirectoryW
GlobalAddAtomW
GlobalFindAtomW
GlobalGetAtomNameW
GrayStringW
InitSecurityInterfaceW
InitializeSecurityContextW
InsertMenuItemW
InsertMenuW
IsBadStringPtrW
IsCharAlphaNumericW
IsCharAlphaW
IsCharLowerW
IsCharUpperW
IsClipboardFormatAvailable
IsDestinationReachableW
IsDialogMessageW
IsTextUnicode
IsValidCodePage
IsWindowUnicode
LCMapStringW
LoadAcceleratorsW
LoadBitmapW
LoadCursorFromFileW
LoadCursorW
LoadIconW
LoadImageW
LoadKeyboardLayoutW
LoadLibraryExW
LoadLibraryW
LoadMenuIndirectW
LoadMenuW
LoadStringW
MCIWndCreateW
MapVirtualKeyExW
MapVirtualKeyW
MessageBoxExW
MessageBoxIndirectW
MessageBoxW
ModifyMenuW
MoveFileW
MultiByteToWideChar
MultinetGetConnectionPerformanceW
OemToCharBuffW
OemToCharW
OleUIAddVerbMenuW
OleUIBusyW
OleUIChangeIconW
OleUIChangeSourceW
OleUIConvertW
OleUIEditLinksW
OleUIInsertObjectW
OleUIObjectPropertiesW
OleUIPasteSpecialW
OleUIPromptUserW
OleUIUpdateLinksW
OpenEventW
OpenFileMappingW
OpenMutexW
OpenPrinterW
OpenSemaphoreW
OpenWaitableTimerW
OutputDebugStringW
PageSetupDlgW
PeekConsoleInputW
PeekMessageW
PlaySoundW
PolyTextOutW
PostMessageW
PostThreadMessageW
PrintDlgW
QueryContextAttributesW
QueryCredentialsAttributesW
QueryDosDeviceW
QuerySecurityPackageInfoW
RasConnectionNotificationW
RasCreatePhonebookEntryW
RasDeleteEntryW
RasDeleteSubEntryW
RasDialW
RasEditPhonebookEntryW
RasEnumConnectionsW
RasEnumDevicesW
RasEnumEntriesW
RasGetConnectStatusW
RasGetEntryDialParamsW
RasGetEntryPropertiesW
RasGetErrorStringW
RasHangUpW
RasRenameEntryW
RasSetEntryDialParamsW
RasSetEntryPropertiesW
RasSetSubEntryPropertiesW
RasValidateEntryNameW
ReadConsoleInputW
ReadConsoleOutputCharacterW
ReadConsoleOutputW
ReadConsoleW
RegConnectRegistryW
RegCreateKeyExW
RegCreateKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumKeyW
RegEnumValueW
RegLoadKeyW
RegOpenKeyExW
RegOpenKeyW
RegQueryInfoKeyW
RegQueryMultipleValuesW
RegQueryValueExW
RegQueryValueW
RegReplaceKeyW
RegSaveKeyW
RegSetValueExW
RegSetValueW
RegUnLoadKeyW
RegisterClassExW
RegisterClassW
RegisterClipboardFormatW
RegisterDeviceNotificationW
RegisterWindowMessageW
RemoveDirectoryW
RemoveFontResourceW
RemovePropA
RemovePropW
ReplaceTextW
ResetDCW
ResetPrinterW
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetFileInfoW
SHGetNewLinkInfoW
SHGetPathFromIDListW
ScrollConsoleScreenBufferW
SearchPathW
SendDlgItemMessageW
SendMessageCallbackW
SendMessageTimeoutW
SendMessageW
SendNotifyMessageW
SetCalendarInfoW
SetClassLongW
SetComputerNameW
SetConsoleTitleW
SetCurrentDirectoryW
SetDefaultCommConfigW
SetDlgItemTextW
SetEnvironmentVariableW
SetFileAttributesW
SetICMProfileW
SetJobW
SetLocaleInfoW
SetMenuItemInfoW
SetPrinterDataW
SetPrinterW
SetPropA
SetPropW
SetVolumeLabelW
SetWindowLongA
SetWindowLongW
SetWindowTextW
SetWindowsHookExW
SetWindowsHookW
ShellAboutW
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW
StartDocPrinterW
StartDocW
SystemParametersInfoW
TabbedTextOutW
TextOutW
TranslateAcceleratorW
UnregisterClassW
UpdateICMRegKeyW
UpdateResourceW
VerFindFileW
VerInstallFileW
VerLanguageNameW
VerQueryValueW
VkKeyScanExW
VkKeyScanW
WNetAddConnection2W
WNetAddConnection3W
WNetAddConnectionW
WNetCancelConnection2W
WNetCancelConnectionW
WNetConnectionDialog1W
WNetDisconnectDialog1W
WNetEnumResourceW
WNetGetConnectionW
WNetGetLastErrorW
WNetGetNetworkInformationW
WNetGetProviderNameW
WNetGetResourceInformationW
WNetGetResourceParentW
WNetGetUniversalNameW
WNetGetUserW
WNetOpenEnumW
WNetUseConnectionW
WaitNamedPipeW
WideCharToMultiByte
WinHelpW
WriteConsoleInputW
WriteConsoleOutputCharacterW
WriteConsoleOutputW
WriteConsoleW
WritePrivateProfileSectionW
WritePrivateProfileStringW
WritePrivateProfileStructW
WriteProfileSectionW
WriteProfileStringW
auxGetDevCapsW
capCreateCaptureWindowW
capGetDriverDescriptionW
joyGetDevCapsW
lstrcatW
lstrcmpW
lstrcmpiW
lstrcpyW
lstrcpynW
lstrlenW
mciGetDeviceIDW
mciGetErrorStringW
mciSendCommandW
mciSendStringW
midiInGetDevCapsW
midiInGetErrorTextW
midiOutGetDevCapsW
midiOutGetErrorTextW
mixerGetControlDetailsW
mixerGetDevCapsW
mixerGetLineControlsW
mixerGetLineInfoW
mmioInstallIOProcW
mmioOpenW
mmioRenameW
mmioStringToFOURCCW
sndPlaySoundW
waveInGetDevCapsW
waveInGetErrorTextW
waveOutGetDevCapsW
waveOutGetErrorTextW
wsprintfW
wvsprintfW

Sections

.text
Size: 198KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup/UnInst.ini
setup/WARN.TXT
setup/_Isuser.dll
.dll windows x86

46039de89f8560750f5a6dacd1c7a453

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
GetCommandLineA
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup/_Setup.dll
.dll windows x86

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:69:39:c4:75:d5:3c:1d:70:99:2d:b8:a8:7e:b7:d3
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

10/02/2006, 00:00

Not After

20/02/2008, 23:59

Subject

CN=Macrovision Corporation,OU=ENGINEERING,O=Macrovision Corporation,L=Schaumburg,ST=Illinois,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

63:83:74:e8:97:34:e0:90:48:df:f3:6f:7b:e1:f5:af:d2:f2:06:98
Signer

Actual PE Digest

63:83:74:e8:97:34:e0:90:48:df:f3:6f:7b:e1:f5:af:d2:f2:06:98

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 4KB - Virtual size: 6B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 360KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup/bvgutils.dll
.dll windows x86

6257d47876bb798e9cabee825ca8b363

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
CreateMutexA
GetLastError
CloseHandle
Sleep
GetModuleFileNameA
HeapCreate
HeapDestroy
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCPInfo
GetACP
GetOEMCP
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
LocalFree
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
VirtualFree
HeapFree
WriteFile
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
HeapAlloc
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetFilePointer
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
ReadFile
RtlUnwind
SetStdHandle
FlushFileBuffers

user32

MessageBoxA

advapi32

SetEntriesInAclA
SetNamedSecurityInfoA
GetNamedSecurityInfoA
AllocateAndInitializeSid
FreeSid

Exports

Exports

ApplyACLsToDirectory
CPUSpeed
CheckMutex
EndOfInstall
StartOfInstall

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup/data1.cab
setup/data1.hdr
setup/data2.cab
setup/layout.bin
setup/setup.exe
.exe windows x86

a5fd4def1510f7b3943f9807bf555a4d

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:69:39:c4:75:d5:3c:1d:70:99:2d:b8:a8:7e:b7:d3
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

10/02/2006, 00:00

Not After

20/02/2008, 23:59

Subject

CN=Macrovision Corporation,OU=ENGINEERING,O=Macrovision Corporation,L=Schaumburg,ST=Illinois,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e0:21:01:78:b3:d4:61:95:de:96:92:a8:76:12:64:bb:74:39:de:75
Signer

Actual PE Digest

e0:21:01:78:b3:d4:61:95:de:96:92:a8:76:12:64:bb:74:39:de:75

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

GetShortPathNameA
SetEvent
HeapDestroy
GetDriveTypeA
GetExitCodeProcess
CopyFileA
lstrcpynA
GetFileAttributesA
FindClose
FindFirstFileA
CreateDirectoryA
GetCurrentThreadId
LoadLibraryA
SetFilePointer
LoadLibraryExA
GetTickCount
GetVersion
GetWindowsDirectoryA
FormatMessageA
LocalFree
SetFileAttributesA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
SizeofResource
GetTempPathA
GlobalSize
FreeResource
GetLocalTime
GetCurrentProcessId
SearchPathA
FindNextFileA
GetTempFileNameA
TerminateProcess
IsBadReadPtr
VirtualQuery
VirtualProtect
ResetEvent
QueryPerformanceCounter
SystemTimeToFileTime
lstrcmpA
GetCurrentThread
MoveFileExA
GetDiskFreeSpaceA
GetSystemDirectoryA
GetSystemInfo
GetPrivateProfileStringA
GetPrivateProfileIntA
MultiByteToWideChar
lstrcpyA
lstrcmpiA
lstrlenA
GetSystemDefaultLangID
lstrcatA
SetLastError
GetLastError
WideCharToMultiByte
CompareStringA
CompareStringW
GetVersionExA
GetProcAddress
MulDiv
GetPrivateProfileSectionNamesA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapSize
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetEnvironmentVariableA
TlsGetValue
TlsAlloc
TlsSetValue
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
GetCommandLineA
GetStartupInfoA
RaiseException
HeapReAlloc
HeapAlloc
HeapFree
RtlUnwind
DeleteCriticalSection
InterlockedExchange
GetModuleHandleA
GetModuleFileNameA
Sleep
CloseHandle
InitializeCriticalSection
ReleaseMutex
CreateMutexA
ReadFile
WriteFile
CreateEventA
QueryPerformanceFrequency
InterlockedDecrement
InterlockedIncrement
CreateFileA
CreateThread
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
SetErrorMode
FindResourceExA
FindResourceA
LoadResource
LockResource
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
WaitForSingleObject
ExitProcess
GetCurrentProcess
DuplicateHandle
GetThreadContext
VirtualProtectEx
WriteProcessMemory
FlushInstructionCache
SetThreadContext
ResumeThread
DeleteFileA
RemoveDirectoryA
AddAtomA
WritePrivateProfileStringA
GetAtomNameA
lstrlenW
CreateProcessA

user32

MoveWindow
EndDialog
LoadIconA
GetDlgItem
SendMessageA
SetDlgItemTextA
SetWindowLongA
DialogBoxIndirectParamA
CharUpperA
WaitForInputIdle
wsprintfA
GetWindowRect
GetWindowLongA
ShowWindow
IntersectRect
SetWindowTextA
RegisterClassExA
CreateWindowExA
GetClassNameA
GetDialogBaseUnits
EnumChildWindows
CallWindowProcA
CharLowerBuffA
GetDlgItemTextA
SetFocus
IsDlgButtonChecked
CheckDlgButton
BeginPaint
EndPaint
FillRect
ScreenToClient
GetParent
GetWindow
SystemParametersInfoA
MapWindowPoints
SetWindowPos
GetWindowTextLengthA
GetWindowTextA
GetWindowPlacement
SendDlgItemMessageA
DefWindowProcA
GetPropA
EnableMenuItem
SetPropA
RemovePropA
IsWindow
GetSysColor
IsDialogMessageA
TranslateMessage
LoadImageA
CreateDialogParamA
GetDC
ReleaseDC
MessageBoxA
GetMessageA
DispatchMessageA
MsgWaitForMultipleObjects
PeekMessageA
CharNextA
PostThreadMessageA
LoadStringA
SetActiveWindow
DestroyWindow
CreateDialogIndirectParamA
SetForegroundWindow
GetClientRect
EnableWindow
IsWindowEnabled
GetDesktopWindow
SetWindowRgn
GetWindowDC
UpdateWindow
InvalidateRect
DrawIcon
MapDialogRect
DrawFocusRect
InflateRect
DrawTextA
CopyRect
PostMessageA

gdi32

CreateCompatibleBitmap
CreateDCA
GetStockObject
GetTextExtentPoint32A
CreatePatternBrush
DeleteMetaFile
SetMetaFileBitsEx
SetStretchBltMode
SelectClipRgn
SetPixel
PatBlt
PlayMetaFile
StretchBlt
CreateBitmap
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
CreateDIBitmap
SaveDC
SetBkMode
SetTextColor
TextOutA
RestoreDC
GetTextExtentPointA
CreateFontIndirectA
SetBkColor
CreateRectRgn
DeleteObject
CreateSolidBrush
GetDIBColorTable
GetSystemPaletteEntries
CreatePalette
CreateHalftonePalette
GetDeviceCaps
GetObjectA
CreateCompatibleDC
UnrealizeObject
SelectPalette
RealizePalette
SelectObject
BitBlt
DeleteDC
SetMapMode

advapi32

RegCloseKey
OpenThreadToken
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyA
RegCreateKeyA
RegQueryValueA
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken

shell32

ShellExecuteExA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetMalloc

ole32

StringFromGUID2
CoTaskMemAlloc
CoMarshalInterThreadInterfaceInStream
CoReleaseMarshalData
CoInitialize
CoGetInterfaceAndReleaseStream
CoCreateInstance
CoCreateGuid
StringFromCLSID
CoTaskMemFree
GetRunningObjectTable
CoRegisterClassObject
CoRevokeClassObject
CoUninitialize

oleaut32

SysAllocStringLen
SysAllocString
SysStringLen
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SysFreeString
VariantChangeType
GetErrorInfo
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
VariantClear
VariantCopy
SysReAllocStringLen

lz32

LZCopy
LZOpenFileA
LZClose

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

Sections

.text
Size: 276KB - Virtual size: 274KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
setup/setup.ini
setup/setup.inx
setup/shortcut.ini
setup/warnBP.txt
setup/warnBS.txt
setup/warnCHS.txt
setup/warnCHT.txt
setup/warnCZ.txt
setup/warnDA.txt
setup/warnDE.txt
setup/warnES.txt
setup/warnFI.txt
setup/warnFR.txt
setup/warnIT.txt
setup/warnJP.txt
setup/warnKO.txt
setup/warnNL.txt
setup/warnNO.txt
setup/warnNS.txt
setup/warnPL.txt
setup/warnSW.txt
setup/warnTW.txt
setup/warnUK.txt

Sharing

General

Malware Config

Signatures

Files

994ee7f950d09d543c6027009599bd19

Headers

File Characteristics

Imports

winmm

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

wsock32

Sections

.text Size: 196KB - Virtual size: 193KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 72KB - Virtual size: 93KB

.rsrc Size: 48KB - Virtual size: 44KB

a1105a9dcf360d9b8b3082d3207b35d5

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

wsock32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 56KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 8KB - Virtual size: 18KB

.rsrc Size: 12KB - Virtual size: 10KB

.reloc Size: 12KB - Virtual size: 10KB

517cc3a34335987a60dc4a59a1dc9ae0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

rasapi32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 50KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 14KB

.rsrc Size: 12KB - Virtual size: 10KB

.reloc Size: 12KB - Virtual size: 9KB

4d6b36810d3c5793c6c7932c9917b8d5

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7eCertificate

Extended Key Usages

Key Usages

61:05:87:58:00:03:00:00:00:5aCertificate

Extended Key Usages

Key Usages

c3:5d:6f:ed:6a:8e:8d:2d:0f:64:ff:f9:1b:cc:53:16:6b:0b:a5:d2Signer

Headers

.text
Size: 196KB - Virtual size: 193KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 72KB - Virtual size: 93KB

.rsrc
Size: 48KB - Virtual size: 44KB

.text
Size: 60KB - Virtual size: 56KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 8KB - Virtual size: 18KB

.rsrc
Size: 12KB - Virtual size: 10KB

.reloc
Size: 12KB - Virtual size: 10KB

.text
Size: 52KB - Virtual size: 50KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 14KB

.rsrc
Size: 12KB - Virtual size: 10KB

.reloc
Size: 12KB - Virtual size: 9KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

61:05:87:58:00:03:00:00:00:5a
Certificate

c3:5d:6f:ed:6a:8e:8d:2d:0f:64:ff:f9:1b:cc:53:16:6b:0b:a5:d2
Signer

.text
Size: 54KB - Virtual size: 53KB

.data
Size: 3KB - Virtual size: 10KB

.rsrc
Size: 1024B - Virtual size: 928B

.reloc
Size: 5KB - Virtual size: 4KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

61:05:87:58:00:03:00:00:00:5a
Certificate

93:fc:50:54:c7:4f:ba:27:c6:44:75:96:5a:2d:d6:a8:50:96:4d:3b
Signer

.text
Size: 52KB - Virtual size: 51KB

.data
Size: 3KB - Virtual size: 10KB

.rsrc
Size: 407KB - Virtual size: 406KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

61:05:87:58:00:03:00:00:00:5a
Certificate

61:5c:91:d8:eb:76:e7:95:5d:49:68:57:62:4c:f3:62:77:28:33:13
Signer