529fc92a8b4c57ce378e2f47ab8f3fa2

Resubmissions

11/01/2024, 05:17

240111-fyyknsgag2 8

11/01/2024, 05:13

240111-fwve8sfbfq 8

Sharing

Copy URL Twitter E-mail

General

Target

529fc92a8b4c57ce378e2f47ab8f3fa2
Size

8.0MB
MD5

529fc92a8b4c57ce378e2f47ab8f3fa2
SHA1

be55d31d3218f8da0a3bef9c18364e0c4f9c39ed
SHA256

aa0fae6cc1e9f7c43173722e0483bbb28147f3dada5bc81539737f30ab05c0ce
SHA512

d3fd5b370326c8559997593bb00ae7f32c12588d7b1be70161d59916e7d28909085520b9ea52ee6baa345ccb35c56f40d287412f219fdbcf4046d469db91fb1c
SSDEEP

196608:STTComzWcvogZwSNf1A4LlEjNJAwSZeZ4NV:y2fzHogZwST5EjNSwQV

Score

3^/10

pdf link

Malware Config

Signatures

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 26 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Lightening Cleaner 3.0/misc/activeupdate/patchbld.dll
unpack001/Lightening Cleaner 3.0/misc/au.dll
unpack001/Lightening Cleaner 3.0/misc/fscleaner.dll
unpack001/Lightening Cleaner 3.0/misc/gdiplus.dll
unpack001/Lightening Cleaner 3.0/misc/index.dll
unpack001/Lightening Cleaner 3.0/misc/irobot.dll
unpack001/Lightening Cleaner 3.0/misc/libcurl.dll
unpack001/Lightening Cleaner 3.0/misc/libeay32.dll
unpack001/Lightening Cleaner 3.0/misc/libexpat.dll
unpack001/Lightening Cleaner 3.0/misc/log.dll
unpack001/Lightening Cleaner 3.0/misc/mfc80u.dll
unpack001/Lightening Cleaner 3.0/misc/msvcp80.dll
unpack001/Lightening Cleaner 3.0/misc/msvcr80.dll
unpack001/Lightening Cleaner 3.0/misc/protect.dll
unpack001/Lightening Cleaner 3.0/misc/setting.dll
unpack001/Lightening Cleaner 3.0/misc/spyware.dll
unpack001/Lightening Cleaner 3.0/misc/ssleay32.dll
unpack001/Lightening Cleaner 3.0/misc/tmaiofc.sys
unpack001/Lightening Cleaner 3.0/misc/tool.dll
unpack001/Lightening Cleaner 3.0/misc/tool/antiarp.exe
unpack001/Lightening Cleaner 3.0/misc/tool/crctool.exe
unpack001/Lightening Cleaner 3.0/misc/tool/genhexstringfromstring.exe
unpack001/Lightening Cleaner 3.0/misc/tool/tdme
unpack001/Lightening Cleaner 3.0/misc/tool/testagentreportreader.exe
unpack001/Lightening Cleaner 3.0/misc/tool/usbmon.exe
unpack001/Lightening Cleaner 3.0/misc/update.dll

Files

529fc92a8b4c57ce378e2f47ab8f3fa2
.rar
Lightening Cleaner 3.0/LighteningCleaner.exe
.exe windows:4 windows x86 arch:x86

137828a4a44c35f16ca905592e6fe9a6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:52:12:f7:83:f4:d7:ab:a3:55:57:29:e9:9c:e0:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/01/2008, 00:00

Not After

16/02/2011, 23:59

Subject

CN=Trend Micro\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=RD,O=Trend Micro\, Inc.,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessW
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetLastError
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
Sleep
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/license_cn.doc
.doc windows office2003
Lightening Cleaner 3.0/license_en.pdf
.pdf
- http://www.treas.gov/ofac/
- http://www.trendmicro.com
- http://trendmicro.com
Lightening Cleaner 3.0/misc/activeupdate/GetServer.ini
Lightening Cleaner 3.0/misc/activeupdate/aucfg.ini
Lightening Cleaner 3.0/misc/activeupdate/cert5.db
Lightening Cleaner 3.0/misc/activeupdate/ciuas32.dll
.dll windows:4 windows x86 arch:x86

66c27965e1dc1bbf2d8bbdc94aaedff9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:52:12:f7:83:f4:d7:ab:a3:55:57:29:e9:9c:e0:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/01/2008, 00:00

Not After

16/02/2011, 23:59

Subject

CN=Trend Micro\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=RD,O=Trend Micro\, Inc.,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteFileA
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
GetLastError
FreeLibrary
LoadLibraryA
GetProcAddress
SetFileApisToOEM
AreFileApisANSI
SetFileApisToANSI
Sleep
GetCurrentThreadId
FindNextFileA
GetFileAttributesA
CloseHandle
CreateFileA
GetCurrentProcessId
GetFileSize
FindClose
FindFirstFileA
ReadFile
WriteFile
SetFilePointer
SetEndOfFile
GetCurrentDirectoryA
HeapAlloc
HeapFree
VirtualAlloc
GetModuleHandleA
HeapReAlloc
GetFullPathNameA
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetVersionExA
GetProcessHeap
RaiseException
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualFree
HeapDestroy
HeapCreate
ExitProcess
GetModuleFileNameA
HeapSize
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetDriveTypeA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
InitializeCriticalSection
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

Exports

Exports

TmGetHash
TmGetVersion
TmIsLibRunnable
TmPatchApply
TmPatchBuild

Sections

.text
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/activeupdate/ciussi32.dll
.dll windows:4 windows x86 arch:x86

8d33c4b43a94366f4386be378aee0afb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:52:12:f7:83:f4:d7:ab:a3:55:57:29:e9:9c:e0:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/01/2008, 00:00

Not After

16/02/2011, 23:59

Subject

CN=Trend Micro\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=RD,O=Trend Micro\, Inc.,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

VirtualAlloc
SetEnvironmentVariableA
SetEndOfFile
FlushFileBuffers
lstrlenA
LoadLibraryA
GetLastError
GetProcAddress
FreeLibrary
GetModuleHandleA
FindResourceA
SizeofResource
LockResource
LoadResource
FindResourceExA
GetModuleFileNameA
GetUserDefaultLangID
WideCharToMultiByte
CompareStringA
CompareStringW
MultiByteToWideChar
GetCurrentThreadId
GetCurrentProcessId
GetFileAttributesA
CreateFileA
GetFileSize
CloseHandle
GetWindowsDirectoryA
WriteFile
AreFileApisANSI
SetFileApisToANSI
SetFileApisToOEM
ReadFile
DeleteFileA
GetStringTypeW
GetStringTypeA
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetFullPathNameA
GetCurrentDirectoryA
Sleep
GetConsoleCP
GetConsoleMode
SetFileAttributesA
SetFilePointer
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
HeapCreate
VirtualFree
GetDriveTypeA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
ExitProcess
RtlUnwind
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetLocaleInfoA

user32

UnregisterClassA

shlwapi

PathAppendA

Exports

Exports

TmGetVersion
TmIsLibRunnable
TmPatchApply
TmPatchBuild

Sections

.text
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 571KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/activeupdate/patch.exe
.exe windows:4 windows x86 arch:x86

6735e8230ab3eae61a8a9d09e312aad6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:52:12:f7:83:f4:d7:ab:a3:55:57:29:e9:9c:e0:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/01/2008, 00:00

Not After

16/02/2011, 23:59

Subject

CN=Trend Micro\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=RD,O=Trend Micro\, Inc.,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
FreeLibrary
GetProcAddress
MoveFileExA
GetWindowsDirectoryA
GetShortPathNameA
GetVersion
GetTempFileNameA
GetTempPathA
GetModuleFileNameA
VirtualQuery
GetCurrentThreadId
GetCurrentProcessId
WaitForSingleObject
CloseHandle
GetLastError
CreateMutexA
ReleaseMutex
SetFileAttributesA
GetFileAttributesA
FindClose
FindNextFileA
FindFirstFileA
InterlockedIncrement
InterlockedDecrement
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
RaiseException
HeapValidate
IsBadReadPtr
GetModuleFileNameW
WriteConsoleW
GetFileType
GetStdHandle
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetFullPathNameA
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
DeleteFileA
RemoveDirectoryA
CreateDirectoryA
MoveFileA
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleA
ExitProcess
LCMapStringA
LCMapStringW
GetCPInfo
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
DebugBreak
lstrlenA
FatalAppExitA
WriteFile
HeapReAlloc
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetACP
GetOEMCP
IsValidCodePage
SetConsoleCtrlHandler
LoadLibraryW
GetCurrentDirectoryA
SetCurrentDirectoryA
OutputDebugStringA
OutputDebugStringW
ReadFile
GetConsoleCP
GetConsoleMode
CreateFileA
SetStdHandle
SetHandleCount
GetStartupInfoA
SetFilePointer
FlushFileBuffers
GetTimeZoneInformation
QueryPerformanceCounter
GetTickCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTimeFormatA
GetDateFormatA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
SetEndOfFile
CreateFileW
CompareStringA
CompareStringW
SetEnvironmentVariableA

Sections

.text
Size: 568KB - Virtual size: 564KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/activeupdate/patchbld.dll
.dll windows:4 windows x86 arch:x86

6de8fb9a21b404042c8324da50ece179

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

MessageBeep
wsprintfA
OemToCharA
LoadStringA
wvsprintfA
MessageBoxA

kernel32

RaiseException
GetLocaleInfoA
LoadLibraryA
CreateFileMappingA
ReadFile
CloseHandle
GetFileSize
CreateFileW
CreateFileA
GetSystemInfo
MapViewOfFile
UnmapViewOfFile
CreateMutexA
ReleaseMutex
GetCurrentThreadId
GetTickCount
GetCurrentProcessId
WaitForSingleObject
DeleteFileA
GlobalFree
GetTempPathA
GetTempFileNameA
SetThreadPriority
GetCurrentThread
MulDiv
GlobalAlloc
SetEndOfFile
SetFilePointer
GlobalMemoryStatus
SetConsoleCtrlHandler
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
GetVersion
SetFileApisToANSI
SetFileApisToOEM
MultiByteToWideChar
WideCharToMultiByte
GetVolumeInformationA
FindClose
FindNextFileW
FindFirstFileW
FindFirstFileA
FindNextFileA
FileTimeToDosDateTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetFileAttributesA
SetFileAttributesW
SetFileTime
GetFileAttributesA
GetFileAttributesW
GetShortPathNameW
GetFullPathNameW
GetShortPathNameA
GetFullPathNameA
GetLocaleInfoW
CreateProcessA
GetModuleFileNameA
GetModuleHandleA
ExitProcess
RtlUnwind
GetLastError
DeleteFileW
HeapAlloc
HeapFree
GetLocalTime
GetCommandLineA
GetProcAddress
HeapReAlloc
HeapWalk
HeapValidate
GetCurrentDirectoryA
SetCurrentDirectoryA
GetDriveTypeA
GetCurrentDirectoryW
FileTimeToSystemTime
GetDriveTypeW
SetStdHandle
GetFileType
MoveFileW
MoveFileA
SetEnvironmentVariableW
SetCurrentDirectoryW
SetEnvironmentVariableA
CreateDirectoryW
CreateDirectoryA
TerminateProcess
GetCurrentProcess
GetTimeZoneInformation
GetSystemTime
FlushFileBuffers
WriteFile
SetHandleCount
GetStdHandle
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
LCMapStringA
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW

Exports

Exports

RTPatchBuildClose@4
RTPatchBuildCompareFiles@52
RTPatchBuildGetErrorString@4
RTPatchBuildGetWarning@8
RTPatchBuildImportPatch@12
RTPatchBuildOpen@0
RTPatchBuildParseFile@20
RTPatchBuildSetAttribGet@8
RTPatchBuildSetDirWalk@8
RTPatchBuildSetFormat@8
RTPatchBuildSetOpen@8
RTPatchBuildSetSwapFile@8
RTPatchBuildTempFile@12
RTPatchBuildWriteHeader@40

Sections

.text
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

VMTASKBU
Size: 512B - Virtual size: 129B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/activeupdate/patchw32.DLL
.dll windows:1 windows x86 arch:x86

8f296cd7497fd33e575100bd64339788

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:17:08:2f:26:26:73:eb:00:df:1f:19:3d:e2:25:25
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

18/12/2007, 00:00

Not After

17/12/2010, 23:59

Subject

CN=Pocket Soft\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Pocket Soft\, Inc.,O=Pocket Soft\, Inc.,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

wsprintfA
DdeInitializeA
DispatchMessageA
OemToCharA
PeekMessageA
DdeUninitialize
TranslateMessage
CharToOemA
DdeCreateDataHandle
DdeDisconnect
DdeClientTransaction
DdeCreateStringHandleA
DdeFreeStringHandle
DdeConnect
LoadStringA
wvsprintfA

advapi32

RegCloseKey
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyA
RegEnumValueW
RegSetValueExW
RegEnumKeyW
RegDeleteValueA
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyA
RegDeleteKeyW
RegEnumKeyExA
SetFileSecurityW
GetFileSecurityW
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
FreeSid
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
AllocateAndInitializeSid
DuplicateToken
OpenProcessToken
OpenThreadToken

ole32

CoUninitialize
CoInitialize

version

GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoW
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

ReleaseMutex
GetPrivateProfileSectionA
GetProfileStringA
GetDiskFreeSpaceA
VirtualAlloc
GetSystemDirectoryA
FlushFileBuffers
CreateDirectoryA
VirtualFree
DeleteFileW
GetFileType
MoveFileW
GetDriveTypeW
GetCommandLineA
SetStdHandle
ExitProcess
GetCurrentProcessId
GetCPInfo
GetOEMCP
GetACP
GetTimeZoneInformation
GetStartupInfoA
GlobalFree
GlobalAlloc
MulDiv
GetVersion
FreeLibrary
GetDriveTypeA
GetProcAddress
LoadLibraryA
SetEndOfFile
SetFilePointer
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
GetWindowsDirectoryA
GetShortPathNameA
GetFullPathNameA
MoveFileExW
MoveFileExA
CopyFileA
GetFileAttributesA
GetModuleFileNameA
MoveFileA
SetEnvironmentVariableA
GetTempPathA
SetErrorMode
CreateMutexA
SetFileApisToANSI
CreateFileW
AreFileApisANSI
WaitForSingleObject
LocalFree
LocalAlloc
GetCurrentProcess
GetLastError
GetCurrentThread
WriteFile
lstrlenA
ReadFile
SetNamedPipeHandleState
WaitNamedPipeA
GetLocalTime
SetCurrentDirectoryW
GetEnvironmentStrings
WideCharToMultiByte
GetProfileSectionA
FindNextFileW
FindClose
GetPrivateProfileStringA
GetSystemTime
DeleteFileA
SetFileAttributesA
WriteProfileStringA
WriteProfileSectionA
WritePrivateProfileStringA
WritePrivateProfileSectionA
WriteProfileStringW
WritePrivateProfileStringW
CopyFileW
GetExitCodeProcess
CreateProcessA
lstrcmpiA
SystemTimeToFileTime
GetSystemInfo
LockResource
LoadResource
FindResourceA
SetFileApisToOEM
MultiByteToWideChar
GetVolumeInformationA
SetEnvironmentVariableW
GetCurrentDirectoryW
FindFirstFileW
FindFirstFileA
FindNextFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
GetModuleHandleA
SetFileAttributesW
SetFileTime
GetFileAttributesW
GetShortPathNameW
GetFullPathNameW
GetStdHandle
RaiseException
RemoveDirectoryW
RemoveDirectoryA
GetCurrentDirectoryA
SetCurrentDirectoryA
RtlUnwind
CreateDirectoryW
GetLogicalDrives

Exports

Exports

RTPBatSvr
RTPRegSvr
RTPRenSvr
RTPatchApply32@12
RTPatchApply32NoCall
RTPatchEnumPatches@12
RTPatchGetCost@24
RTPatchSetAttribGet@8
RTPatchSetAttribSet@8
RTPatchSetCreate@8
RTPatchSetDelete@8
RTPatchSetDirWalk@8
RTPatchSetOpen@8
RTPatchSetRename@8

Sections

.text
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 35KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/activeupdate/tmupdate.dll
.dll windows:4 windows x86 arch:x86

659383449790d42455b8f7d15265d12c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:52:12:f7:83:f4:d7:ab:a3:55:57:29:e9:9c:e0:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/01/2008, 00:00

Not After

16/02/2011, 23:59

Subject

CN=Trend Micro\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=RD,O=Trend Micro\, Inc.,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

ReleaseMutex
SetFileAttributesA
GetFileAttributesA
FindClose
FindNextFileA
FindFirstFileA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
CreateFileA
GetVersion
CreateMutexA
GetStdHandle
GetTickCount
QueryPerformanceCounter
GlobalMemoryStatus
FlushConsoleInputBuffer
SetLastError
SetHandleCount
OutputDebugStringW
OutputDebugStringA
WriteFile
IsValidCodePage
GetOEMCP
GetCurrentThread
lstrcmpiA
GetModuleHandleA
GetCurrentProcessId
GetCurrentThreadId
VirtualQuery
GetModuleFileNameA
GetVersionExA
Sleep
SetFileApisToANSI
MultiByteToWideChar
SetFileApisToOEM
WideCharToMultiByte
AreFileApisANSI
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
GetLastError
CreateProcessA
WaitForSingleObject
CloseHandle
GetStartupInfoA
SetFilePointer
GetConsoleCP
GetFileType
GetNumberOfConsoleInputEvents
PeekConsoleInputA
SetConsoleMode
ReadConsoleInputA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetDateFormatA
GetTimeFormatA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
SetCurrentDirectoryA
GetACP
GetCurrentDirectoryA
CreateFileW
SetStdHandle
FlushFileBuffers
ReadFile
VirtualAlloc
VirtualFree
HeapCreate
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedCompareExchange
RtlUnwind
GetModuleFileNameW
WriteConsoleW
GetSystemTimeAsFileTime
HeapValidate
IsBadReadPtr
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
Beep
CreateDirectoryA
SetEndOfFile
HeapFree
HeapAlloc
GetProcessHeap
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
DebugBreak
lstrlenA
GetFullPathNameA
SystemTimeToFileTime
DeleteFileA
RemoveDirectoryA
MoveFileA
GetFileInformationByHandle
PeekNamedPipe
GetCommandLineA
SetConsoleCtrlHandler
ExitProcess
LCMapStringA
LCMapStringW
GetCPInfo
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LoadLibraryW
FatalAppExitA
HeapReAlloc
HeapDestroy
GetConsoleMode

user32

MessageBoxA
GetDesktopWindow
wsprintfA
GetUserObjectInformationW
GetProcessWindowStation

gdi32

CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
GetObjectA
BitBlt
GetBitmapBits
DeleteObject
DeleteDC
CreateDCA

advapi32

ReportEventA
DeregisterEventSource
RegDeleteValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegConnectRegistryA
RegOpenKeyExA
RegCreateKeyExA
GetUserNameA
EqualSid
RegisterEventSourceA

wsock32

accept
bind
send
recv
setsockopt
__WSAFDIsSet
getsockopt
ntohs
getservbyport
gethostbyaddr
gethostbyname
ioctlsocket
htons
getservbyname
htonl
socket
connect
closesocket
shutdown
inet_ntoa
select
WSASetLastError
WSAGetLastError
getpeername
inet_addr
WSACleanup
WSAStartup
listen

mpr

WNetCancelConnection2A
WNetAddConnection2A

Exports

Exports

CreateServerIni
SetImpersonateHandle
TmuAddTrusted
TmuClearCache
TmuClearCacheEx
TmuCreateContext
TmuDelTrusted
TmuDmpTrusted
TmuDuplicate
TmuDuplicateEx
TmuEnumTrustedInfo
TmuGetConfig
TmuGetEngineVer
TmuGetEngineVerEx
TmuGetErrorString
TmuGetIncrementalInfo
TmuGetLastError
TmuGetPatchInfo
TmuGetPatchInfoEx
TmuGetPatternVer
TmuGetPatternVerEx
TmuGetPropertyEx
TmuGetRollbackInfo
TmuGetRollbackInfoEx
TmuGetServer
TmuGetServerInfo
TmuGetUpdateInfo
TmuGetVersion
TmuIsRollbackable
TmuMakeVersion
TmuMakeVersionBuild
TmuMakeVersionBuildString
TmuMakeVersionString
TmuMakeVsapiPtnVersion
TmuMakeVsapiPtnVersionString
TmuReleaseContext
TmuReloadSetting
TmuRollback
TmuRollbackEx
TmuSetConfig
TmuSetProperty
TmuSetPropertyEx
TmuUnpublished
TmuUpdate
TmuUpdateEx

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 412KB - Virtual size: 410KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/activeupdate/x500.db
Lightening Cleaner 3.0/misc/au.dll
.dll windows:4 windows x86 arch:x86

31212801b30e701e347ad5feb8b8228e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc80u

ord1079
ord1033
ord1087
ord1197
ord1199
ord1093
ord371
ord1908
ord1162
ord315
ord6751
ord899
ord2261
ord5558
ord3990
ord1472
ord287
ord2311
ord776
ord774
ord5398
ord2460
ord2468
ord293
ord1115
ord1192
ord577
ord283
ord765
ord1168
ord1170
ord314
ord1200
ord581
ord764

msvcr80

printf
wcsrchr
malloc
wcstombs_s
_wtoi
__CxxFrameHandler3
??2@YAPAXI@Z
_encode_pointer
_malloc_crt
_except_handler4_common
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
memset
_fullpath
_invalid_parameter_noinfo
memmove
strncpy
_vsnprintf
_itoa
_initterm_e
_initterm
_decode_pointer
free
_encoded_null

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
LocalAlloc
LocalFree
Sleep
GetFileAttributesA
CreateMutexA
GetLastError
WaitForSingleObject
ReleaseMutex
CloseHandle
LoadLibraryA
GetProcAddress
FreeLibrary
GetPrivateProfileStringW
GetPrivateProfileIntW
GetModuleFileNameW

user32

MessageBoxW

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

vsapi32

ord289
ord344
ord312
ord639
ord305

msvcp80

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z

Exports

Exports

GetClientPattern
GetServerPattern
UpdatePattern

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/autoupdate.exe
.exe windows:4 windows x86 arch:x86

9f288b215dc1d1fb111e1c7164bac6b8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:52:12:f7:83:f4:d7:ab:a3:55:57:29:e9:9c:e0:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/01/2008, 00:00

Not After

16/02/2011, 23:59

Subject

CN=Trend Micro\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=RD,O=Trend Micro\, Inc.,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc80u

ord4562
ord3942
ord2239
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord5096
ord1007
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord4032
ord354
ord3635
ord1058
ord1079
ord4574
ord293
ord577
ord4026
ord4112
ord501
ord709
ord4743
ord6086
ord1894
ord4347
ord2365
ord4276
ord283
ord2311
ord774
ord3383
ord5416
ord3176
ord4256
ord4480
ord2856
ord5196
ord1590
ord1646
ord1647
ord1955
ord5171
ord1353
ord5226
ord3339
ord6275
ord3796
ord6273
ord1513
ord2163
ord2169
ord2399
ord2381
ord2379
ord2397
ord2409
ord2386
ord2402
ord2407
ord2390
ord2392
ord2394
ord2388
ord2404
ord2384
ord931
ord927
ord929
ord925
ord920
ord5229
ord5231
ord5956
ord1591
ord4716
ord3397
ord5199
ord4179
ord6271
ord5067
ord1899
ord5148
ord4238
ord1392
ord3940
ord1608
ord1611
ord5908
ord6720
ord1542
ord1661
ord1662
ord4884
ord4729
ord4206
ord5178
ord1472
ord6700
ord290
ord899
ord1198
ord5209
ord5562
ord2531
ord2725
ord2829
ord4301
ord2708
ord2832
ord2534
ord2640
ord2527
ord3712
ord3713
ord3703
ord2638
ord3943
ord4475
ord4255
ord3327
ord3238
ord2085
ord4094
ord1946
ord605
ord2011
ord5971
ord1049
ord3824
ord757
ord566
ord3677
ord4535
ord4961
ord764

msvcr80

?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
wcsrchr
wcscat_s
__CxxFrameHandler3
exit
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter

kernel32

GetProcAddress
FreeLibrary
FindFirstFileW
FindNextFileW
FindClose
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoW
QueryPerformanceCounter
LoadLibraryW
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
WritePrivateProfileStringW
GetModuleFileNameW
SetCurrentDirectoryW
GetPrivateProfileStringW
GetTickCount
CreateThread
ExitProcess

user32

DrawIcon
GetClientRect
CheckMenuItem
SendMessageW
GetSubMenu
EnableWindow
IsIconic
GetSystemMenu
GetSystemMetrics
GetMenuState
LoadIconW
AppendMenuW

advapi32

RegCloseKey
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW

shell32

Shell_NotifyIconW

comctl32

InitCommonControlsEx

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/btn20.jpg
.jpg
Lightening Cleaner 3.0/misc/btn20_hover.jpg
.jpg
Lightening Cleaner 3.0/misc/btn35.jpg
.jpg
Lightening Cleaner 3.0/misc/btn35_hover.jpg
.jpg
Lightening Cleaner 3.0/misc/btnTool.jpg
.jpg
Lightening Cleaner 3.0/misc/btnTool_hover.jpg
.jpg
Lightening Cleaner 3.0/misc/btnbk.jpg
.jpg
Lightening Cleaner 3.0/misc/cb_check.png
.png
Lightening Cleaner 3.0/misc/cb_nocheck.png
.png
Lightening Cleaner 3.0/misc/cfg.ini
Lightening Cleaner 3.0/misc/config.xml
Lightening Cleaner 3.0/misc/fscleaner.dll
.dll windows:4 windows x86 arch:x86

b9ddb4319078d62b12534e9cf13afc09

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

mfc80u

ord4480
ord2856
ord5196
ord1590
ord1646
ord1647
ord1955
ord5171
ord1353
ord4961
ord3339
ord6275
ord3796
ord6273
ord1513
ord2163
ord2169
ord2399
ord2381
ord2379
ord2397
ord2409
ord2386
ord2402
ord2407
ord2390
ord2392
ord2394
ord2388
ord2404
ord2384
ord931
ord927
ord929
ord925
ord920
ord5229
ord5231
ord5956
ord1591
ord4276
ord4716
ord3397
ord5199
ord4179
ord6271
ord5067
ord1899
ord5148
ord4238
ord1392
ord3940
ord1608
ord1611
ord5908
ord6720
ord1542
ord1661
ord1662
ord2011
ord4884
ord4729
ord4206
ord5178
ord1476
ord2460
ord5398
ord314
ord6751
ord265
ord266
ord677
ord746
ord1002
ord425
ord864
ord2266
ord386
ord631
ord2271
ord3015
ord383
ord4256
ord1472
ord4078
ord5524
ord2260
ord5485
ord896
ord772
ord2461
ord2121
ord5443
ord3435
ord356
ord605
ord3635
ord501
ord709
ord347
ord602
ord3204
ord3155
ord1270
ord1271
ord5633
ord2255
ord1920
ord1925
ord1894
ord3570
ord3311
ord741
ord3678
ord3281
ord3157
ord5637
ord5636
ord4234
ord1582
ord2086
ord3417
ord587
ord777
ord2361
ord3198
ord5638
ord5727
ord6033
ord3296
ord4226
ord1536
ord290
ord3545
ord715
ord3133
ord1572
ord1634
ord326
ord2362
ord1115
ord5723
ord3756
ord3395
ord5519
ord6086
ord1058
ord1079
ord1192
ord1168
ord1170
ord1200
ord581
ord1162
ord1908
ord371
ord1093
ord1199
ord1197
ord1087
ord1033
ord315
ord765
ord1176
ord5742
ord3873
ord965
ord5869
ord970
ord2876
ord2489
ord1118
ord558
ord1021
ord444
ord3869
ord4109
ord2155
ord6063
ord4574
ord1785
ord658
ord572
ord3224
ord2952
ord5210
ord4232
ord1393
ord5911
ord6721
ord2083
ord762
ord4032
ord4008
ord6272
ord3795
ord6274
ord4320
ord2054
ord2009
ord5579
ord3800
ord1007
ord5096
ord6215
ord5378
ord3826
ord1911
ord2925
ord5220
ord5222
ord2239
ord3942
ord4562
ord5226
ord5209
ord5562
ord2531
ord2725
ord2829
ord4301
ord2708
ord2832
ord2534
ord2640
ord2527
ord3712
ord3713
ord3703
ord2638
ord3943
ord4475
ord4255
ord3327
ord3824
ord757
ord566
ord3677
ord6161
ord1479
ord282
ord6700
ord1178
ord1182
ord2904
ord5416
ord2305
ord6306
ord5626
ord1443
ord5342
ord5091
ord744
ord556
ord287
ord1430
ord5083
ord3195
ord2696
ord2697
ord5489
ord380
ord776
ord629
ord384
ord2311
ord280
ord4041
ord2261
ord4101
ord774
ord293
ord577
ord283
ord764
ord6291
ord5584

msvcr80

__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
__dllonexit
_encode_pointer
_unlock
__CxxFrameHandler3
wcsncpy_s
_wcsnicmp
fgetc
_wfopen
setlocale
memset
calloc
_recalloc
_resetstkoflw
feof
fputc
fclose
printf
_wtof
_strdup
free
wcscat_s
wcscpy_s
wcsftime
memcpy_s
_purecall
_localtime64_s
_time64
sscanf
wcsrchr
strcpy_s
strncat_s
malloc
strrchr
_except_handler4_common
?terminate@@YAXXZ
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
vsprintf_s

kernel32

GetEnvironmentVariableW
LoadLibraryW
GetProcAddress
FreeLibrary
MultiByteToWideChar
GetPrivateProfileStringW
TerminateThread
GetExitCodeThread
CreateMutexW
Sleep
WinExec
GetModuleFileNameW
WideCharToMultiByte
CreateDirectoryW
DeviceIoControl
FormatMessageW
CloseHandle
CreateFileA
GetVersion
GetLastError
GetModuleFileNameA
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
CopyFileW
MoveFileW
GetVersionExW
MoveFileExW
CreateFileW
DeleteFileW
GetTickCount
SetLastError
GetSystemDirectoryA
GetSystemDirectoryW
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
CreateMailslotW
GetOverlappedResult
CreateEventW
LocalFree
LocalAlloc
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
RaiseException
InitializeCriticalSection
DeleteCriticalSection
lstrlenW
SetUnhandledExceptionFilter
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
UnhandledExceptionFilter

user32

FillRect
DrawIcon
GetSystemMetrics
GetSysColor
LoadCursorW
SetRect
GetWindowRect
InvalidateRect
DrawStateW
GetWindowTextW
CopyRect
RedrawWindow
GetClientRect
UnregisterClassA
wsprintfW
EnableWindow
SendMessageW
SetWindowRgn

gdi32

CreateFontIndirectW
Rectangle
CreateRectRgnIndirect
GetTextExtentPoint32W
CreateFontW
GetStockObject
GetObjectW
SetDIBColorTable
SelectObject
GetDIBColorTable
StretchBlt
DeleteObject
CreateDIBSection
DeleteDC
RoundRect
CreateSolidBrush
CreatePen
GetBkColor
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC

msimg32

AlphaBlend
TransparentBlt

advapi32

RegCloseKey
QueryServiceStatus
StartServiceW
OpenServiceW
RegQueryValueExW
RegOpenKeyExW
CreateServiceA
OpenSCManagerW
OpenSCManagerA
DeleteService
ControlService
StartServiceA
OpenServiceA
CloseServiceHandle

shell32

ShellExecuteW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW

comctl32

_TrackMouseEvent

msvcp80

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z

gdiplus

GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipBitmapUnlockBits
GdipGetImageWidth
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipGetImageHeight

Exports

Exports

GetLCModule

Sections

.text
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/gdiplus.dll
.dll windows:5 windows x86 arch:x86

68a82f89c3fde2fdb45bbeddb19a9697

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegOpenKeyW
RegOpenKeyA
RegCloseKey
RegEnumValueW
RegQueryInfoKeyA
RegOpenKeyExA
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExA
RegQueryValueExW
RegEnumKeyExA
RegEnumKeyExW
RegCreateKeyExA
RegSetValueExW
RegSetValueExA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
RegEnumValueA

gdi32

GetDIBColorTable
FillRgn
SetMiterLimit
CreateSolidBrush
StrokePath
GetGraphicsMode
SetPolyFillMode
FillPath
StrokeAndFillPath
PolyPolyline
GetNearestPaletteIndex
ExtTextOutA
GetTextCharsetInfo
TranslateCharsetInfo
PolylineTo
Polyline
LineTo
GetCurrentPositionEx
ArcTo
SetArcDirection
SelectClipPath
GetPath
CloseFigure
AbortPath
FlattenPath
WidenPath
BeginPath
Ellipse
AngleArc
PolyBezierTo
PolyBezier
RoundRect
PolyDraw
Pie
Chord
Arc
EndPath
OffsetClipRgn
GetRgnBox
CombineRgn
SetPaletteEntries
ResizePalette
ExcludeClipRect
MoveToEx
PlayEnhMetaFile
GetWinMetaFileBits
PlgBlt
BitBlt
OffsetViewportOrgEx
StretchBlt
ScaleViewportExtEx
ScaleWindowExtEx
CombineTransform
SetMapperFlags
CreatePen
CreateDIBitmap
CreatePatternBrush
ExtSelectClipRgn
GetBkMode
GetTextAlign
ModifyWorldTransform
ExtCreateRegion
CreateCompatibleBitmap
GetNearestColor
SetStretchBltMode
StretchDIBits
SetTextAlign
SetTextJustification
PolyPolygon
PlayMetaFileRecord
ExtCreatePen
GetWorldTransform
GetROP2
SetROP2
Rectangle
Polygon
IntersectClipRect
SetBrushOrgEx
GetClipRgn
SelectClipRgn
GetBkColor
GetTextColor
CreatePenIndirect
GetObjectW
DPtoLP
CreateDIBPatternBrushPt
ExtTextOutW
SetBitmapBits
SetDIBColorTable
CreateEnhMetaFileW
GdiComment
GetMetaFileW
GetMetaFileA
SaveDC
SetWindowOrgEx
SetViewportOrgEx
SetGraphicsMode
SetWorldTransform
GetEnhMetaFileW
GetEnhMetaFileA
GetEnhMetaFileBits
CopyEnhMetaFileA
CopyMetaFileA
DeleteMetaFile
GetEnhMetaFileHeader
SetMetaFileBitsEx
SetEnhMetaFileBits
CreateEnhMetaFileA
SetMapMode
SetViewportExtEx
SetWindowExtEx
PlayMetaFile
CloseEnhMetaFile
DeleteEnhMetaFile
SetMetaRgn
GetMetaFileBitsEx
EnumMetaFile
EnumEnhMetaFile
PlayEnhMetaFileRecord
RestoreDC
GetStockObject
CreateBitmap
SetTextColor
SetBkColor
SetBkMode
CreatePalette
GetSystemPaletteEntries
GetSystemPaletteUse
GetDeviceCaps
ExtEscape
GetObjectType
GetPixel
DeleteObject
SelectPalette
GetTextFaceA
GetTextMetricsA
GetTextFaceW
GetTextMetricsW
EnumFontFamiliesExA
EnumFontFamiliesExW
SelectObject
CreateFontIndirectW
CreateFontIndirectA
GetRegionData
DeleteDC
CreateDCA
CreateICA
CreateRectRgn
GetRandomRgn
LPtoDP
GetWindowExtEx
GetViewportExtEx
GetWindowOrgEx
GetViewportOrgEx
GetMapMode
SetICMMode
Escape
GetDCOrgEx
GetObjectA
GetCurrentObject
GetDIBits
CreateCompatibleDC
CreateDIBSection
RealizePalette
GetPaletteEntries
GdiFlush
PatBlt
CreateBrushIndirect
SetDIBits

kernel32

CreateSemaphoreA
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
InterlockedExchange
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
RaiseException
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
CloseHandle
WriteFile
CreateFileA
WaitForSingleObject
SetEvent
lstrcmpiA
CreateThread
CreateEventA
WideCharToMultiByte
MultiByteToWideChar
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCPInfo
VirtualQuery
RtlUnwind
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
GetCommandLineA
GetSystemInfo
HeapReAlloc
HeapFree
VirtualAlloc
IsValidLocale
ConvertDefaultLocale
GetLocaleInfoW
GetModuleFileNameW
GetModuleFileNameA
FindResourceA
LoadResource
LockResource
GetProfileIntA
GetProfileStringA
lstrcmpiW
IsDBCSLeadByteEx
LocalReAlloc
MulDiv
SetLastError
LocalAlloc
LocalFree
GetFileTime
SearchPathW
SearchPathA
GetOEMCP
InterlockedIncrement
LoadLibraryW
GetSystemDirectoryA
CreateFileMappingW
ReleaseSemaphore
GetProfileSectionA
CreateFileW
SetEndOfFile
SetFilePointer
ReadFile
UnlockFile
GetFileInformationByHandle
LockFile
FlushFileBuffers
GetLastError
VirtualFree
GlobalAlloc
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GlobalLock
GlobalSize
GlobalUnlock
GlobalFree
HeapCreate
GetModuleHandleA
GetSystemDirectoryW
GetWindowsDirectoryA
FreeLibrary
HeapDestroy
LoadLibraryA
GetVersionExA
GetACP
GetModuleHandleW
GetProcAddress
GetSystemDefaultLCID

ole32

CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal

user32

MsgWaitForMultipleObjects
LoadBitmapW
LoadBitmapA
wsprintfW
ReleaseDC
GetDC
wsprintfA
GetSysColor
UnregisterClassA
DestroyWindow
GetSystemMetrics
DefWindowProcA
CreateWindowExA
RegisterWindowMessageA
RegisterClassA
DispatchMessageA
TranslateMessage
PeekMessageA
GetClientRect
GetDesktopWindow
GetWindowRect
WindowFromDC
ClientToScreen
wvsprintfA
CreateIconIndirect
GetIconInfo
GetDCEx
GetWindowLongA
GetClassLongA
SystemParametersInfoA

Exports

Exports

GdipAddPathArc
GdipAddPathArcI
GdipAddPathBezier
GdipAddPathBezierI
GdipAddPathBeziers
GdipAddPathBeziersI
GdipAddPathClosedCurve
GdipAddPathClosedCurve2
GdipAddPathClosedCurve2I
GdipAddPathClosedCurveI
GdipAddPathCurve
GdipAddPathCurve2
GdipAddPathCurve2I
GdipAddPathCurve3
GdipAddPathCurve3I
GdipAddPathCurveI
GdipAddPathEllipse
GdipAddPathEllipseI
GdipAddPathLine
GdipAddPathLine2
GdipAddPathLine2I
GdipAddPathLineI
GdipAddPathPath
GdipAddPathPie
GdipAddPathPieI
GdipAddPathPolygon
GdipAddPathPolygonI
GdipAddPathRectangle
GdipAddPathRectangleI
GdipAddPathRectangles
GdipAddPathRectanglesI
GdipAddPathString
GdipAddPathStringI
GdipAlloc
GdipBeginContainer
GdipBeginContainer2
GdipBeginContainerI
GdipBitmapGetPixel
GdipBitmapLockBits
GdipBitmapSetPixel
GdipBitmapSetResolution
GdipBitmapUnlockBits
GdipClearPathMarkers
GdipCloneBitmapArea
GdipCloneBitmapAreaI
GdipCloneBrush
GdipCloneCustomLineCap
GdipCloneFont
GdipCloneFontFamily
GdipCloneImage
GdipCloneImageAttributes
GdipCloneMatrix
GdipClonePath
GdipClonePen
GdipCloneRegion
GdipCloneStringFormat
GdipClosePathFigure
GdipClosePathFigures
GdipCombineRegionPath
GdipCombineRegionRect
GdipCombineRegionRectI
GdipCombineRegionRegion
GdipComment
GdipCreateAdjustableArrowCap
GdipCreateBitmapFromDirectDrawSurface
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromGdiDib
GdipCreateBitmapFromGraphics
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromHICON
GdipCreateBitmapFromResource
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateCachedBitmap
GdipCreateCustomLineCap
GdipCreateFont
GdipCreateFontFamilyFromName
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipCreateFontFromLogfontW
GdipCreateFromHDC
GdipCreateFromHDC2
GdipCreateFromHWND
GdipCreateFromHWNDICM
GdipCreateHBITMAPFromBitmap
GdipCreateHICONFromBitmap
GdipCreateHalftonePalette
GdipCreateHatchBrush
GdipCreateImageAttributes
GdipCreateLineBrush
GdipCreateLineBrushFromRect
GdipCreateLineBrushFromRectI
GdipCreateLineBrushFromRectWithAngle
GdipCreateLineBrushFromRectWithAngleI
GdipCreateLineBrushI
GdipCreateMatrix
GdipCreateMatrix2
GdipCreateMatrix3
GdipCreateMatrix3I
GdipCreateMetafileFromEmf
GdipCreateMetafileFromFile
GdipCreateMetafileFromStream
GdipCreateMetafileFromWmf
GdipCreateMetafileFromWmfFile
GdipCreatePath
GdipCreatePath2
GdipCreatePath2I
GdipCreatePathGradient
GdipCreatePathGradientFromPath
GdipCreatePathGradientI
GdipCreatePathIter
GdipCreatePen1
GdipCreatePen2
GdipCreateRegion
GdipCreateRegionHrgn
GdipCreateRegionPath
GdipCreateRegionRect
GdipCreateRegionRectI
GdipCreateRegionRgnData
GdipCreateSolidFill
GdipCreateStreamOnFile
GdipCreateStringFormat
GdipCreateTexture
GdipCreateTexture2
GdipCreateTexture2I
GdipCreateTextureIA
GdipCreateTextureIAI
GdipDeleteBrush
GdipDeleteCachedBitmap
GdipDeleteCustomLineCap
GdipDeleteFont
GdipDeleteFontFamily
GdipDeleteGraphics
GdipDeleteMatrix
GdipDeletePath
GdipDeletePathIter
GdipDeletePen
GdipDeletePrivateFontCollection
GdipDeleteRegion
GdipDeleteStringFormat
GdipDisposeImage
GdipDisposeImageAttributes
GdipDrawArc
GdipDrawArcI
GdipDrawBezier
GdipDrawBezierI
GdipDrawBeziers
GdipDrawBeziersI
GdipDrawCachedBitmap
GdipDrawClosedCurve
GdipDrawClosedCurve2
GdipDrawClosedCurve2I
GdipDrawClosedCurveI
GdipDrawCurve
GdipDrawCurve2
GdipDrawCurve2I
GdipDrawCurve3
GdipDrawCurve3I
GdipDrawCurveI
GdipDrawDriverString
GdipDrawEllipse
GdipDrawEllipseI
GdipDrawImage
GdipDrawImageI
GdipDrawImagePointRect
GdipDrawImagePointRectI
GdipDrawImagePoints
GdipDrawImagePointsI
GdipDrawImagePointsRect
GdipDrawImagePointsRectI
GdipDrawImageRect
GdipDrawImageRectI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipDrawLine
GdipDrawLineI
GdipDrawLines
GdipDrawLinesI
GdipDrawPath
GdipDrawPie
GdipDrawPieI
GdipDrawPolygon
GdipDrawPolygonI
GdipDrawRectangle
GdipDrawRectangleI
GdipDrawRectangles
GdipDrawRectanglesI
GdipDrawString
GdipEmfToWmfBits
GdipEndContainer
GdipEnumerateMetafileDestPoint
GdipEnumerateMetafileDestPointI
GdipEnumerateMetafileDestPoints
GdipEnumerateMetafileDestPointsI
GdipEnumerateMetafileDestRect
GdipEnumerateMetafileDestRectI
GdipEnumerateMetafileSrcRectDestPoint
GdipEnumerateMetafileSrcRectDestPointI
GdipEnumerateMetafileSrcRectDestPoints
GdipEnumerateMetafileSrcRectDestPointsI
GdipEnumerateMetafileSrcRectDestRect
GdipEnumerateMetafileSrcRectDestRectI
GdipFillClosedCurve
GdipFillClosedCurve2
GdipFillClosedCurve2I
GdipFillClosedCurveI
GdipFillEllipse
GdipFillEllipseI
GdipFillPath
GdipFillPie
GdipFillPieI
GdipFillPolygon
GdipFillPolygon2
GdipFillPolygon2I
GdipFillPolygonI
GdipFillRectangle
GdipFillRectangleI
GdipFillRectangles
GdipFillRectanglesI
GdipFillRegion
GdipFlattenPath
GdipFlush
GdipFree
GdipGetAdjustableArrowCapFillState
GdipGetAdjustableArrowCapHeight
GdipGetAdjustableArrowCapMiddleInset
GdipGetAdjustableArrowCapWidth
GdipGetAllPropertyItems
GdipGetBrushType
GdipGetCellAscent
GdipGetCellDescent
GdipGetClip
GdipGetClipBounds
GdipGetClipBoundsI
GdipGetCompositingMode
GdipGetCompositingQuality
GdipGetCustomLineCapBaseCap
GdipGetCustomLineCapBaseInset
GdipGetCustomLineCapStrokeCaps
GdipGetCustomLineCapStrokeJoin
GdipGetCustomLineCapType
GdipGetCustomLineCapWidthScale
GdipGetDC
GdipGetDpiX
GdipGetDpiY
GdipGetEmHeight
GdipGetEncoderParameterList
GdipGetEncoderParameterListSize
GdipGetFamily
GdipGetFamilyName
GdipGetFontCollectionFamilyCount
GdipGetFontCollectionFamilyList
GdipGetFontHeight
GdipGetFontHeightGivenDPI
GdipGetFontSize
GdipGetFontStyle
GdipGetFontUnit
GdipGetGenericFontFamilyMonospace
GdipGetGenericFontFamilySansSerif
GdipGetGenericFontFamilySerif
GdipGetHatchBackgroundColor
GdipGetHatchForegroundColor
GdipGetHatchStyle
GdipGetHemfFromMetafile
GdipGetImageAttributesAdjustedPalette
GdipGetImageBounds
GdipGetImageDecoders
GdipGetImageDecodersSize
GdipGetImageDimension
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipGetImageFlags
GdipGetImageGraphicsContext
GdipGetImageHeight
GdipGetImageHorizontalResolution
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageRawFormat
GdipGetImageThumbnail
GdipGetImageType
GdipGetImageVerticalResolution
GdipGetImageWidth
GdipGetInterpolationMode
GdipGetLineBlend
GdipGetLineBlendCount
GdipGetLineColors
GdipGetLineGammaCorrection
GdipGetLinePresetBlend
GdipGetLinePresetBlendCount
GdipGetLineRect
GdipGetLineRectI
GdipGetLineSpacing
GdipGetLineTransform
GdipGetLineWrapMode
GdipGetLogFontA
GdipGetLogFontW
GdipGetMatrixElements
GdipGetMetafileDownLevelRasterizationLimit
GdipGetMetafileHeaderFromEmf
GdipGetMetafileHeaderFromFile
GdipGetMetafileHeaderFromMetafile
GdipGetMetafileHeaderFromStream
GdipGetMetafileHeaderFromWmf
GdipGetNearestColor
GdipGetPageScale
GdipGetPageUnit
GdipGetPathData
GdipGetPathFillMode
GdipGetPathGradientBlend
GdipGetPathGradientBlendCount
GdipGetPathGradientCenterColor
GdipGetPathGradientCenterPoint
GdipGetPathGradientCenterPointI
GdipGetPathGradientFocusScales
GdipGetPathGradientGammaCorrection
GdipGetPathGradientPath
GdipGetPathGradientPointCount
GdipGetPathGradientPresetBlend
GdipGetPathGradientPresetBlendCount
GdipGetPathGradientRect
GdipGetPathGradientRectI
GdipGetPathGradientSurroundColorCount
GdipGetPathGradientSurroundColorsWithCount
GdipGetPathGradientTransform
GdipGetPathGradientWrapMode
GdipGetPathLastPoint
GdipGetPathPoints
GdipGetPathPointsI
GdipGetPathTypes
GdipGetPathWorldBounds
GdipGetPathWorldBoundsI
GdipGetPenBrushFill
GdipGetPenColor
GdipGetPenCompoundArray
GdipGetPenCompoundCount
GdipGetPenCustomEndCap
GdipGetPenCustomStartCap
GdipGetPenDashArray
GdipGetPenDashCap197819
GdipGetPenDashCount
GdipGetPenDashOffset
GdipGetPenDashStyle
GdipGetPenEndCap
GdipGetPenFillType
GdipGetPenLineJoin
GdipGetPenMiterLimit
GdipGetPenMode
GdipGetPenStartCap
GdipGetPenTransform
GdipGetPenUnit
GdipGetPenWidth
GdipGetPixelOffsetMode
GdipGetPointCount
GdipGetPropertyCount
GdipGetPropertyIdList
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipGetPropertySize
GdipGetRegionBounds
GdipGetRegionBoundsI
GdipGetRegionData
GdipGetRegionDataSize
GdipGetRegionHRgn
GdipGetRegionScans
GdipGetRegionScansCount
GdipGetRegionScansI
GdipGetRenderingOrigin
GdipGetSmoothingMode
GdipGetSolidFillColor
GdipGetStringFormatAlign
GdipGetStringFormatDigitSubstitution
GdipGetStringFormatFlags
GdipGetStringFormatHotkeyPrefix
GdipGetStringFormatLineAlign
GdipGetStringFormatMeasurableCharacterRangeCount
GdipGetStringFormatTabStopCount
GdipGetStringFormatTabStops
GdipGetStringFormatTrimming
GdipGetTextContrast
GdipGetTextRenderingHint
GdipGetTextureImage
GdipGetTextureTransform
GdipGetTextureWrapMode
GdipGetVisibleClipBounds
GdipGetVisibleClipBoundsI
GdipGetWorldTransform
GdipGraphicsClear
GdipImageForceValidation
GdipImageGetFrameCount
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageRotateFlip
GdipImageSelectActiveFrame
GdipInvertMatrix
GdipIsClipEmpty
GdipIsEmptyRegion
GdipIsEqualRegion
GdipIsInfiniteRegion
GdipIsMatrixEqual
GdipIsMatrixIdentity
GdipIsMatrixInvertible
GdipIsOutlineVisiblePathPoint
GdipIsOutlineVisiblePathPointI
GdipIsStyleAvailable
GdipIsVisibleClipEmpty
GdipIsVisiblePathPoint
GdipIsVisiblePathPointI
GdipIsVisiblePoint
GdipIsVisiblePointI
GdipIsVisibleRect
GdipIsVisibleRectI
GdipIsVisibleRegionPoint
GdipIsVisibleRegionPointI
GdipIsVisibleRegionRect
GdipIsVisibleRegionRectI
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipMeasureCharacterRanges
GdipMeasureDriverString
GdipMeasureString
GdipMultiplyLineTransform
GdipMultiplyMatrix
GdipMultiplyPathGradientTransform
GdipMultiplyPenTransform
GdipMultiplyTextureTransform
GdipMultiplyWorldTransform
GdipNewInstalledFontCollection
GdipNewPrivateFontCollection
GdipPathIterCopyData
GdipPathIterEnumerate
GdipPathIterGetCount
GdipPathIterGetSubpathCount
GdipPathIterHasCurve
GdipPathIterIsValid
GdipPathIterNextMarker
GdipPathIterNextMarkerPath
GdipPathIterNextPathType
GdipPathIterNextSubpath
GdipPathIterNextSubpathPath
GdipPathIterRewind
GdipPlayMetafileRecord
GdipPrivateAddFontFile
GdipPrivateAddMemoryFont
GdipRecordMetafile
GdipRecordMetafileFileName
GdipRecordMetafileFileNameI
GdipRecordMetafileI
GdipRecordMetafileStream
GdipRecordMetafileStreamI
GdipReleaseDC
GdipRemovePropertyItem
GdipResetClip
GdipResetImageAttributes
GdipResetLineTransform
GdipResetPageTransform
GdipResetPath
GdipResetPathGradientTransform
GdipResetPenTransform
GdipResetTextureTransform
GdipResetWorldTransform
GdipRestoreGraphics
GdipReversePath
GdipRotateLineTransform
GdipRotateMatrix
GdipRotatePathGradientTransform
GdipRotatePenTransform
GdipRotateTextureTransform
GdipRotateWorldTransform
GdipSaveAdd
GdipSaveAddImage
GdipSaveGraphics
GdipSaveImageToFile
GdipSaveImageToStream
GdipScaleLineTransform
GdipScaleMatrix
GdipScalePathGradientTransform
GdipScalePenTransform
GdipScaleTextureTransform
GdipScaleWorldTransform
GdipSetAdjustableArrowCapFillState
GdipSetAdjustableArrowCapHeight
GdipSetAdjustableArrowCapMiddleInset
GdipSetAdjustableArrowCapWidth
GdipSetClipGraphics
GdipSetClipHrgn
GdipSetClipPath
GdipSetClipRect
GdipSetClipRectI
GdipSetClipRegion
GdipSetCompositingMode
GdipSetCompositingQuality
GdipSetCustomLineCapBaseCap
GdipSetCustomLineCapBaseInset
GdipSetCustomLineCapStrokeCaps
GdipSetCustomLineCapStrokeJoin

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/hc_core.dll
.dll windows:4 windows x86 arch:x86

fb910e52762f8ef1e9499aad1ff23c49

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:52:12:f7:83:f4:d7:ab:a3:55:57:29:e9:9c:e0:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/01/2008, 00:00

Not After

16/02/2011, 23:59

Subject

CN=Trend Micro\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=RD,O=Trend Micro\, Inc.,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

wintrust

CryptCATAdminAcquireContext
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
WinVerifyTrust
CryptCATAdminCalcHashFromFileHandle

psapi

EnumProcessModules
GetModuleFileNameExW

crypt32

CertFreeCertificateContext
CryptMsgClose
CertCloseStore
CryptQueryObject
CertGetNameStringW
CryptMsgGetParam
CertFindCertificateInStore

vsapi32

ord305
ord351
ord653
ord603
ord669
ord289
ord324
ord348
ord331
ord437
ord652
ord215
ord312
ord357
ord349
ord651
ord363
ord302
ord377
ord338
ord332
ord344
ord665

version

VerQueryValueW
GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoW
GetFileVersionInfoSizeA
VerQueryValueA

iphlpapi

GetAdaptersInfo

kernel32

TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
MultiByteToWideChar
WideCharToMultiByte
GetUserDefaultLangID
FileTimeToSystemTime
TerminateThread
CreateFileW
GetOverlappedResult
GetLastError
SetLastError
CreateEventW
DeviceIoControl
CloseHandle
GetCurrentProcessId
ResumeThread
CreateThread
WaitForSingleObjectEx
GetProcAddress
GetModuleHandleW
GetFileSize
FindFirstFileW
FindNextFileW
SetFilePointer
DeleteFileW
WriteFile
CopyFileW
GetFileAttributesW
ReadFile
MoveFileW
FindClose
GetPrivateProfileStringW
LocalFree
DuplicateHandle
GetDriveTypeW
GetLogicalDrives
SetErrorMode
OpenProcess
GetWindowsDirectoryW
GetLongPathNameW
EnterCriticalSection
GetCurrentDirectoryW
FreeLibrary
GetSystemDirectoryW
LoadLibraryW
GetVersionExW
MoveFileExW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
Sleep
WaitForSingleObject
GetEnvironmentVariableW
TerminateProcess
Thread32Next
SuspendThread
Thread32First
OpenThread
CreateToolhelp32Snapshot
QueryDosDeviceW
GetCurrentProcess
LocalAlloc
VirtualFree
VirtualAlloc
GetLocalTime
DeleteCriticalSection
GetCurrentThreadId
OutputDebugStringA
DeleteFileA
GetModuleFileNameA
InitializeCriticalSection
GetExitCodeProcess
CreateProcessW
GetLogicalDriveStringsW
InterlockedExchange
CreateMailslotW
GetProcessHeap
SetEnvironmentVariableA
HeapFree
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
HeapSize
ExitProcess
GetStdHandle
HeapDestroy
HeapCreate
GetTickCount
GetCurrentDirectoryA
GetFullPathNameW
FlushFileBuffers
LoadLibraryA
GetLocaleInfoW
GetTimeZoneInformation
SetStdHandle
SetEndOfFile
CompareStringA
CompareStringW
LeaveCriticalSection
HeapAlloc
LCMapStringW
LCMapStringA
GetCPInfo
HeapReAlloc
GetDriveTypeA
FileTimeToLocalFileTime
RtlUnwind
RaiseException
GetVersionExA
GetCommandLineA
GetConsoleMode
GlobalFree
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
CreateDirectoryW
GetSystemTimeAsFileTime
GetConsoleCP

user32

GetWindowTextW
EnumWindows
wsprintfW
IsWindowVisible
GetWindowThreadProcessId

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
LookupAccountSidW
GetTokenInformation
OpenProcessToken
GetNamedSecurityInfoW
RegSetKeySecurity
FreeSid
AllocateAndInitializeSid
GetAce
GetLengthSid
SetNamedSecurityInfoW
GetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeSecurityDescriptor
GetAclInformation
SetSecurityDescriptorDacl
AddAce
InitializeAcl
GetSecurityInfo
RegGetKeySecurity
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyW
RegRestoreKeyW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoInitialize
CoCreateInstance

winhttp

WinHttpOpen
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle
WinHttpGetProxyForUrl

Exports

Exports

HC_Clean
HC_Deinitialize
HC_GetSessionId
HC_Initialize
HC_RegisterProgressCallback
HC_RestoreFile
HC_RestoreSession
HC_Scan
HC_SetProfile
HC_StopAction

Sections

.text
Size: 484KB - Virtual size: 482KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/home.png
.png
Lightening Cleaner 3.0/misc/icon_clean.png
.png
Lightening Cleaner 3.0/misc/icon_scan.png
.png
Lightening Cleaner 3.0/misc/icrchdler.dll
.dll windows:4 windows x86 arch:x86

539b6a706edf8e00b5a55e98fc8c0949

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:52:12:f7:83:f4:d7:ab:a3:55:57:29:e9:9c:e0:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/01/2008, 00:00

Not After

16/02/2011, 23:59

Subject

CN=Trend Micro\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=RD,O=Trend Micro\, Inc.,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

libcurl

curl_slist_append
curl_easy_setopt
curl_slist_free_all
curl_easy_init
curl_easy_cleanup
curl_global_init
curl_easy_getinfo
curl_easy_perform
curl_global_cleanup

perficrcperfmonmgr

?Initialize@CiCrcPerfMonMgr@@QAEJXZ
?Instance@CiCrcPerfMonMgr@@SAPAV1@XZ
?CloseSingleton@CiCrcPerfMonMgr@@SAXXZ
?UnInitialize@CiCrcPerfMonMgr@@QAEXXZ

kernel32

GetLastError
GetModuleFileNameW
DeleteFileW
InterlockedExchange
GetPrivateProfileIntW
GetPrivateProfileStringW
GetDiskFreeSpaceExW
CreateFileW
SetLastError
SetFilePointer
SetEndOfFile
WaitForMultipleObjects
SetEvent
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
GetSystemInfo
WaitForSingleObject
Sleep
ReleaseMutex
GetTempFileNameW
CopyFileW
MoveFileExW
CreateProcessW
CreateThread
GetVolumeInformationW
GetWindowsDirectoryW
TerminateThread
GetProcAddress
GetModuleHandleA
ResetEvent
CloseHandle
CreateEventW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetNamedPipeHandleState
WaitNamedPipeW
InterlockedCompareExchange
GetTickCount
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetLocaleInfoW
IsValidLocale
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
GetCurrentProcessId
GetCurrentThreadId
LoadLibraryA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetFileAttributesW
CreateDirectoryW
GetSystemTimeAsFileTime
ExitThread
GetCommandLineA
GetVersionExA
RaiseException
RtlUnwind
HeapCreate
VirtualFree
VirtualAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
ExitProcess
WriteFile
GetConsoleCP
GetConsoleMode
ReadFile
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStdHandle
GetTimeZoneInformation
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA

advapi32

GetSecurityDescriptorOwner
SetSecurityInfo
GetSecurityDescriptorSacl
InitializeAcl
GetSecurityDescriptorDacl
GetSecurityDescriptorControl
GetSecurityDescriptorLength
MakeSelfRelativeSD
CopySid
GetLengthSid
IsValidSid
AddAce
GetAce
GetAclInformation
GetSecurityDescriptorGroup

shlwapi

PathAppendW

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

RegisteriCRCHandlerEventCallback
iCRCCachePurge
iCRCChkServerStatus
iCRCFreeBucket
iCRCGetBloomFilterPatternVersion
iCRCGetForceQueryPeriod
iCRCGetGlobalConfig
iCRCGetMinimalVSAPIVerRequired
iCRCGetQueryTimeout
iCRCGetSSLOptions
iCRCGetScanMode
iCRCGetServerConfig
iCRCGetUserAgent
iCRCHandlerDeinitialize
iCRCHandlerInitialize
iCRCQuery
iCRCReloadBloomFilter
iCRCSetForceQueryPeriod
iCRCSetQueryTimeout
iCRCSetSSLOptions
iCRCSetScanMode
iCRCSetServerConfig
iCRCSetUserAgent

Sections

.text
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/immune.png
.png
Lightening Cleaner 3.0/misc/index.dll
.dll windows:4 windows x86 arch:x86

ee841b2d08f3205169b2c5b806b57efa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc80u

ord1058
ord1079
ord4109
ord762
ord4256
ord4480
ord2856
ord5196
ord1590
ord1646
ord1647
ord1955
ord5171
ord1353
ord4961
ord3339
ord6275
ord3796
ord6273
ord1513
ord2163
ord2169
ord2399
ord2381
ord2379
ord2397
ord2409
ord2386
ord2402
ord2407
ord2390
ord2392
ord2394
ord2388
ord2404
ord2384
ord931
ord927
ord929
ord925
ord920
ord5229
ord5231
ord5956
ord1591
ord4276
ord4716
ord3397
ord5199
ord4179
ord6271
ord5067
ord1899
ord5148
ord4238
ord1392
ord3940
ord1608
ord1611
ord5908
ord6720
ord1542
ord1661
ord1662
ord2011
ord4884
ord4729
ord4206
ord5178
ord293
ord577
ord283
ord314
ord6751
ord774
ord776
ord2460
ord5398
ord5226
ord356
ord605
ord3635
ord6063
ord709
ord347
ord602
ord3204
ord3155
ord1270
ord1271
ord5633
ord2255
ord1920
ord1925
ord1894
ord3678
ord572
ord741
ord3198
ord326
ord2362
ord5584
ord6033
ord5723
ord5727
ord5636
ord5638
ord3756
ord3395
ord5519
ord6086
ord3311
ord5210
ord4234
ord1393
ord5911
ord6721
ord1582
ord2086
ord1182
ord1178
ord3570
ord1176
ord3417
ord587
ord777
ord2361
ord3281
ord5637
ord3157
ord3296
ord4226
ord1536
ord1472
ord6700
ord290
ord4574
ord1785
ord4032
ord4008
ord765
ord315
ord1033
ord1087
ord1197
ord1199
ord1093
ord371
ord1908
ord1162
ord1115
ord1192
ord1168
ord1170
ord1200
ord581
ord5209
ord5562
ord2531
ord2725
ord2829
ord4301
ord2708
ord6272
ord3795
ord6274
ord4320
ord2054
ord2009
ord5579
ord3800
ord1007
ord5096
ord6215
ord5378
ord3826
ord1911
ord2925
ord5220
ord5222
ord2239
ord3942
ord501
ord4562
ord2832
ord2534
ord2640
ord2527
ord3712
ord3713
ord3703
ord2638
ord3943
ord4475
ord4255
ord3327
ord3824
ord757
ord566
ord3677
ord3435
ord764

msvcr80

_initterm
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
__dllonexit
_encode_pointer
_unlock
_adjust_fdiv
calloc
memcpy_s
malloc
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
_amsg_exit
__CxxFrameHandler3
?terminate@@YAXXZ
memset
_recalloc
_initterm_e
__CppXcptFilter
free
_resetstkoflw
_purecall

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
LocalAlloc
LocalFree
InterlockedExchange
lstrlenW
LeaveCriticalSection
EnterCriticalSection
MulDiv
GetPrivateProfileStringW
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
GetSystemTimeAsFileTime

user32

SendMessageW
UnregisterClassA
LoadCursorW
EnableWindow
GetClientRect
GetSysColor
GetSystemMetrics
DrawIcon
FillRect
RedrawWindow
CopyRect
GetWindowTextW
DrawStateW
InvalidateRect
GetWindowRect
SetRect
SetWindowRgn

gdi32

GetStockObject
GetObjectW
CreateFontIndirectW
CreateDCW
GetDeviceCaps
DeleteDC
CreateDIBSection
DeleteObject
StretchBlt
BitBlt
SelectObject
SetDIBColorTable
GetBkColor
CreatePen
RoundRect
CreateFontW
GetTextExtentPoint32W
CreateRectRgnIndirect
CreateSolidBrush
GetDIBColorTable
CreateCompatibleDC
CreateCompatibleBitmap

msimg32

AlphaBlend
TransparentBlt

shell32

ShellExecuteW

comctl32

_TrackMouseEvent

gdiplus

GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdipCloneImage

Exports

Exports

GetLCModule

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/irobot.dll
.dll windows:5 windows x86 arch:x86

eddbdfcb14e3fa806c01a61f8c6338a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

wintrust

CryptCATAdminAcquireContext
WinVerifyTrust
CryptCATAdminReleaseCatalogContext
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminCalcHashFromFileHandle

psapi

GetModuleFileNameExW
EnumProcessModules

crypt32

CryptQueryObject
CertFindCertificateInStore
CertGetNameStringW
CertFreeCertificateContext
CertCloseStore
CryptMsgClose
CryptMsgGetParam

vsapi32

ord377
ord215
ord653
ord302
ord603
ord363
ord338
ord349
ord348
ord332
ord357
ord312
ord344
ord289
ord351
ord324
ord437

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

MultiByteToWideChar
FileTimeToSystemTime
GetLastError
GetFileAttributesW
WriteFile
MoveFileW
CreateFileW
CloseHandle
ReadFile
SetFilePointer
GetFileSize
DeleteFileW
CopyFileW
FindFirstFileW
FindNextFileW
FindClose
OpenProcess
GetCurrentProcessId
LocalFree
DuplicateHandle
GetWindowsDirectoryW
GetLongPathNameW
EnterCriticalSection
LeaveCriticalSection
GetCurrentDirectoryW
GetSystemDirectoryW
FreeLibrary
LoadLibraryW
GetProcAddress
GetVersionExW
CreateEventW
WaitForSingleObject
Sleep
WaitNamedPipeW
GetCurrentDirectoryA
CreateToolhelp32Snapshot
Thread32First
OpenThread
SuspendThread
Thread32Next
TerminateProcess
GetCurrentProcess
LocalAlloc
GetModuleHandleW
VirtualAlloc
VirtualFree
GetUserDefaultLangID
SetLastError
GetLocalTime
InitializeCriticalSection
DeleteCriticalSection
DeleteFileA
GetCurrentThreadId
GetModuleFileNameA
OutputDebugStringA
GetExitCodeProcess
CreateProcessW
GetPrivateProfileStringW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
InterlockedExchange
CreateMailslotW
GetOverlappedResult
DeviceIoControl
HeapCreate
GetStdHandle
ExitProcess
GetModuleHandleA
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetFullPathNameW
GetUserDefaultLCID
GetLocaleInfoA
WideCharToMultiByte
HeapDestroy
SetHandleCount
GetFileType
GetStartupInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
FlushFileBuffers
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
SetStdHandle
GetTimeZoneInformation
SetEndOfFile
GetProcessHeap
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetEnvironmentVariableW
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
CreateDirectoryW
ExitThread
CreateThread
GetConsoleCP
GetConsoleMode
GetCommandLineA
RaiseException
RtlUnwind
FileTimeToLocalFileTime
GetDriveTypeA
GetDriveTypeW
GetSystemTimeAsFileTime
HeapReAlloc
GetCPInfo
LCMapStringA
LCMapStringW
GetStringTypeW
GetACP
GetOEMCP
IsValidCodePage

user32

MessageBoxW
wsprintfW

advapi32

RegCreateKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
LookupAccountSidW
GetTokenInformation
OpenProcessToken
AddAce
GetAce
GetAclInformation
GetSecurityDescriptorDacl
RegGetKeySecurity
GetSecurityInfo
SetNamedSecurityInfoW
GetNamedSecurityInfoW
FreeSid
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
AllocateAndInitializeSid
InitializeAcl
GetLengthSid
RegSetValueExW
RegQueryInfoKeyW
RegQueryValueExW
RegEnumValueW
RegEnumKeyW
RegEnumKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegRestoreKeyW

shell32

SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

Exports

Exports

HC_Clean
HC_CreateProfile
HC_Deinitialize
HC_FirstResult
HC_GetSessionId
HC_Initialize
HC_NextResult
HC_RegisterProgressCallback
HC_RestoreSession
HC_Scan
HC_SetActionOnResult
HC_SetFlagConfig
HC_SetProfile
HC_SetStringConfig
HC_StopAction

Sections

.text
Size: 431KB - Virtual size: 430KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/lan/en.ini
Lightening Cleaner 3.0/misc/lan/sc.ini
Lightening Cleaner 3.0/misc/lan/tc.ini
Lightening Cleaner 3.0/misc/libcurl.dll
.dll windows:4 windows x86 arch:x86

60efbe4ee5068898faa430656ec15ad3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

recvfrom
sendto
select
__WSAFDIsSet
gethostname
connect
setsockopt
getsockopt
inet_ntoa
recv
inet_addr
WSASetLastError
gethostbyname
htons
send
WSAStartup
WSACleanup
ioctlsocket
socket
bind
ntohs
listen
getsockname
accept
closesocket
WSAGetLastError

wldap32

ord22
ord211
ord143
ord60
ord50
ord26
ord30
ord32
ord35
ord79
ord200
ord33
ord301
ord27
ord41
ord46

libeay32

ord2436
ord466
ord468
ord467
ord281
ord280
ord654
ord585
ord657
ord1015
ord2291
ord2604
ord298
ord224
ord223
ord227
ord254
ord181
ord2442
ord188
ord1951
ord566
ord578
ord579
ord1216
ord2023
ord2075
ord1653
ord1654
ord1958
ord2596
ord958
ord625
ord556
ord680
ord2454
ord391
ord653
ord641
ord464
ord341
ord342
ord340
ord2437
ord2254
ord2435
ord784
ord809
ord808
ord1

ssleay32

ord5
ord48
ord126
ord49
ord75
ord24
ord222
ord17
ord235
ord183
ord74
ord76
ord8
ord86
ord96
ord58
ord108
ord77
ord242
ord61
ord157
ord43
ord127
ord130
ord110
ord116
ord113
ord172
ord12
ord243
ord6
ord15
ord141
ord21
ord90
ord87
ord31
ord78
ord30

kernel32

SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
InitializeCriticalSection
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
SetStdHandle
GetTimeZoneInformation
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetModuleFileNameA
WriteFile
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
LCMapStringW
WideCharToMultiByte
LCMapStringA
GetCurrentDirectoryA
GetFullPathNameA
MultiByteToWideChar
ExitProcess
RtlUnwind
DeleteCriticalSection
GetStartupInfoA
SetHandleCount
IsDebuggerPresent
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetProcessHeap
GetVersionExA
GetCommandLineA
HeapReAlloc
GetFileInformationByHandle
SetFilePointer
CreateThread
ExitThread
HeapAlloc
HeapFree
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
LeaveCriticalSection
EnterCriticalSection
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
Sleep
FormatMessageA
SleepEx
GetTickCount
TerminateThread
GetExitCodeThread
CreateMutexA
CreateEventA
SetEvent
ReleaseMutex
WaitForSingleObject
GetCurrentProcess
DuplicateHandle
CloseHandle
SetLastError
ExpandEnvironmentStringsA
LoadLibraryA
GetLastError
GetProcAddress
FreeLibrary
GetStdHandle
GetFileType
WaitForMultipleObjects
PeekNamedPipe
ReadFile

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_version
curl_version_info

Sections

.text
Size: 216KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/libeay32.dll
.dll windows:4 windows x86 arch:x86

f0045e8a39c0df5b9797e5dfd59f97ff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

recvfrom
sendto
bind
listen
accept
ntohl
inet_ntoa
WSACancelBlockingCall
WSACleanup
WSAStartup
gethostbyname
getsockopt
getservbyname
ntohs
htons
htonl
socket
setsockopt
connect
send
WSASetLastError
recv
WSAGetLastError
shutdown
closesocket

gdi32

CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
GetObjectA
BitBlt
GetBitmapBits
DeleteObject
DeleteDC
CreateDCA

advapi32

ReportEventA
DeregisterEventSource
RegisterEventSourceA

user32

MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW

kernel32

CompareStringA
GetLocaleInfoA
CompareStringW
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEndOfFile
SetFileAttributesA
ReadConsoleInputA
GetFileAttributesA
SetConsoleMode
GetSystemTimeAsFileTime
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSection
LCMapStringW
LCMapStringA
ExitProcess
GetProcAddress
GetModuleHandleA
GetCurrentThreadId
GetLastError
GetVersion
GetFileType
GetStdHandle
GetCurrentThread
GetThreadTimes
FindNextFileA
FindFirstFileA
FindClose
FreeLibrary
LoadLibraryA
SetLastError
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
CloseHandle
GetVersionExA
FlushConsoleInputBuffer
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
HeapReAlloc
HeapAlloc
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
SetConsoleCtrlHandler
GetCommandLineA
GetProcessHeap
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
WideCharToMultiByte
DeleteCriticalSection
SetHandleCount
GetStartupInfoA
Sleep
WriteFile
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapSize
GetTimeZoneInformation
MultiByteToWideChar
ReadFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
RtlUnwind
SetStdHandle
SetFilePointer
GetFullPathNameA
GetCurrentDirectoryA

Exports

Exports

ACCESS_DESCRIPTION_free
ACCESS_DESCRIPTION_it
ACCESS_DESCRIPTION_new
AES_bi_ige_encrypt
AES_cbc_encrypt
AES_cfb128_encrypt
AES_cfb1_encrypt
AES_cfb8_encrypt
AES_cfbr_encrypt_block
AES_ctr128_encrypt
AES_decrypt
AES_ecb_encrypt
AES_encrypt
AES_ige_encrypt
AES_ofb128_encrypt
AES_options
AES_set_decrypt_key
AES_set_encrypt_key
AES_unwrap_key
AES_wrap_key
ASN1_ANY_it
ASN1_BIT_STRING_asn1_meth
ASN1_BIT_STRING_free
ASN1_BIT_STRING_get_bit
ASN1_BIT_STRING_it
ASN1_BIT_STRING_name_print
ASN1_BIT_STRING_new
ASN1_BIT_STRING_num_asc
ASN1_BIT_STRING_set
ASN1_BIT_STRING_set_asc
ASN1_BIT_STRING_set_bit
ASN1_BMPSTRING_free
ASN1_BMPSTRING_it
ASN1_BMPSTRING_new
ASN1_BOOLEAN_it
ASN1_ENUMERATED_free
ASN1_ENUMERATED_get
ASN1_ENUMERATED_it
ASN1_ENUMERATED_new
ASN1_ENUMERATED_set
ASN1_ENUMERATED_to_BN
ASN1_FBOOLEAN_it
ASN1_GENERALIZEDTIME_check
ASN1_GENERALIZEDTIME_free
ASN1_GENERALIZEDTIME_it
ASN1_GENERALIZEDTIME_new
ASN1_GENERALIZEDTIME_print
ASN1_GENERALIZEDTIME_set
ASN1_GENERALIZEDTIME_set_string
ASN1_GENERALSTRING_free
ASN1_GENERALSTRING_it
ASN1_GENERALSTRING_new
ASN1_HEADER_free
ASN1_HEADER_new
ASN1_IA5STRING_asn1_meth
ASN1_IA5STRING_free
ASN1_IA5STRING_it
ASN1_IA5STRING_new
ASN1_INTEGER_cmp
ASN1_INTEGER_dup
ASN1_INTEGER_free
ASN1_INTEGER_get
ASN1_INTEGER_it
ASN1_INTEGER_new
ASN1_INTEGER_set
ASN1_INTEGER_to_BN
ASN1_NULL_free
ASN1_NULL_it
ASN1_NULL_new
ASN1_OBJECT_create
ASN1_OBJECT_free
ASN1_OBJECT_it
ASN1_OBJECT_new
ASN1_OCTET_STRING_NDEF_it
ASN1_OCTET_STRING_cmp
ASN1_OCTET_STRING_dup
ASN1_OCTET_STRING_free
ASN1_OCTET_STRING_it
ASN1_OCTET_STRING_new
ASN1_OCTET_STRING_set
ASN1_PRINTABLESTRING_free
ASN1_PRINTABLESTRING_it
ASN1_PRINTABLESTRING_new
ASN1_PRINTABLE_free
ASN1_PRINTABLE_it
ASN1_PRINTABLE_new
ASN1_PRINTABLE_type
ASN1_SEQUENCE_it
ASN1_STRING_TABLE_add
ASN1_STRING_TABLE_cleanup
ASN1_STRING_TABLE_get
ASN1_STRING_cmp
ASN1_STRING_data
ASN1_STRING_dup
ASN1_STRING_encode
ASN1_STRING_free
ASN1_STRING_get_default_mask
ASN1_STRING_length
ASN1_STRING_length_set
ASN1_STRING_new
ASN1_STRING_print
ASN1_STRING_print_ex
ASN1_STRING_print_ex_fp
ASN1_STRING_set
ASN1_STRING_set0
ASN1_STRING_set_by_NID
ASN1_STRING_set_default_mask
ASN1_STRING_set_default_mask_asc
ASN1_STRING_to_UTF8
ASN1_STRING_type
ASN1_STRING_type_new
ASN1_T61STRING_free
ASN1_T61STRING_it
ASN1_T61STRING_new
ASN1_TBOOLEAN_it
ASN1_TIME_check
ASN1_TIME_free
ASN1_TIME_it
ASN1_TIME_new
ASN1_TIME_print
ASN1_TIME_set
ASN1_TIME_to_generalizedtime
ASN1_TYPE_free
ASN1_TYPE_get
ASN1_TYPE_get_int_octetstring
ASN1_TYPE_get_octetstring
ASN1_TYPE_new
ASN1_TYPE_set
ASN1_TYPE_set1
ASN1_TYPE_set_int_octetstring
ASN1_TYPE_set_octetstring
ASN1_UNIVERSALSTRING_free
ASN1_UNIVERSALSTRING_it
ASN1_UNIVERSALSTRING_new
ASN1_UNIVERSALSTRING_to_string
ASN1_UTCTIME_check
ASN1_UTCTIME_cmp_time_t
ASN1_UTCTIME_free
ASN1_UTCTIME_it
ASN1_UTCTIME_new
ASN1_UTCTIME_print
ASN1_UTCTIME_set
ASN1_UTCTIME_set_string
ASN1_UTF8STRING_free
ASN1_UTF8STRING_it
ASN1_UTF8STRING_new
ASN1_VISIBLESTRING_free
ASN1_VISIBLESTRING_it
ASN1_VISIBLESTRING_new
ASN1_add_oid_module
ASN1_check_infinite_end
ASN1_const_check_infinite_end
ASN1_d2i_bio
ASN1_d2i_fp
ASN1_digest
ASN1_dup
ASN1_generate_nconf
ASN1_generate_v3
ASN1_get_object
ASN1_i2d_bio
ASN1_i2d_fp
ASN1_item_d2i
ASN1_item_d2i_bio
ASN1_item_d2i_fp
ASN1_item_digest
ASN1_item_dup
ASN1_item_ex_d2i
ASN1_item_ex_free
ASN1_item_ex_i2d
ASN1_item_ex_new
ASN1_item_free
ASN1_item_i2d
ASN1_item_i2d_bio
ASN1_item_i2d_fp
ASN1_item_ndef_i2d
ASN1_item_new
ASN1_item_pack
ASN1_item_sign
ASN1_item_unpack
ASN1_item_verify
ASN1_mbstring_copy
ASN1_mbstring_ncopy
ASN1_object_size
ASN1_pack_string
ASN1_parse
ASN1_parse_dump
ASN1_primitive_free
ASN1_primitive_new
ASN1_put_eoc
ASN1_put_object
ASN1_seq_pack
ASN1_seq_unpack
ASN1_sign
ASN1_tag2bit
ASN1_tag2str
ASN1_template_d2i
ASN1_template_free
ASN1_template_i2d
ASN1_template_new
ASN1_unpack_string
ASN1_verify
AUTHORITY_INFO_ACCESS_free
AUTHORITY_INFO_ACCESS_it
AUTHORITY_INFO_ACCESS_new
AUTHORITY_KEYID_free
AUTHORITY_KEYID_it
AUTHORITY_KEYID_new
BASIC_CONSTRAINTS_free
BASIC_CONSTRAINTS_it
BASIC_CONSTRAINTS_new
BF_cbc_encrypt
BF_cfb64_encrypt
BF_decrypt
BF_ecb_encrypt
BF_encrypt
BF_ofb64_encrypt
BF_options
BF_set_key
BIGNUM_it
BIO_accept
BIO_callback_ctrl
BIO_clear_flags
BIO_copy_next_retry
BIO_ctrl
BIO_ctrl_get_read_request
BIO_ctrl_get_write_guarantee
BIO_ctrl_pending
BIO_ctrl_reset_read_request
BIO_ctrl_wpending
BIO_debug_callback
BIO_dgram_non_fatal_error
BIO_dump
BIO_dump_cb
BIO_dump_fp
BIO_dump_indent
BIO_dump_indent_cb
BIO_dump_indent_fp
BIO_dup_chain
BIO_f_base64
BIO_f_buffer
BIO_f_cipher
BIO_f_md
BIO_f_nbio_test
BIO_f_null
BIO_f_reliable
BIO_fd_non_fatal_error
BIO_fd_should_retry
BIO_find_type
BIO_free
BIO_free_all
BIO_get_accept_socket
BIO_get_callback
BIO_get_callback_arg
BIO_get_ex_data
BIO_get_ex_new_index
BIO_get_host_ip
BIO_get_port
BIO_get_retry_BIO
BIO_get_retry_reason
BIO_gethostbyname
BIO_gets
BIO_indent
BIO_int_ctrl
BIO_method_name
BIO_method_type
BIO_new
BIO_new_accept
BIO_new_bio_pair
BIO_new_connect
BIO_new_dgram
BIO_new_fd
BIO_new_file
BIO_new_fp
BIO_new_mem_buf
BIO_new_socket
BIO_next
BIO_nread
BIO_nread0
BIO_number_read
BIO_number_written
BIO_nwrite
BIO_nwrite0
BIO_pop
BIO_printf
BIO_ptr_ctrl
BIO_push
BIO_puts
BIO_read
BIO_s_accept
BIO_s_bio
BIO_s_connect
BIO_s_datagram
BIO_s_fd
BIO_s_file
BIO_s_mem
BIO_s_null
BIO_s_socket
BIO_set
BIO_set_callback
BIO_set_callback_arg
BIO_set_cipher
BIO_set_ex_data
BIO_set_flags
BIO_set_tcp_ndelay
BIO_snprintf
BIO_sock_cleanup
BIO_sock_error
BIO_sock_init
BIO_sock_non_fatal_error
BIO_sock_should_retry
BIO_socket_ioctl
BIO_socket_nbio
BIO_test_flags
BIO_vfree
BIO_vprintf
BIO_vsnprintf
BIO_write
BN_BLINDING_convert
BN_BLINDING_convert_ex
BN_BLINDING_create_param
BN_BLINDING_free
BN_BLINDING_get_flags
BN_BLINDING_get_thread_id
BN_BLINDING_invert
BN_BLINDING_invert_ex
BN_BLINDING_new
BN_BLINDING_set_flags
BN_BLINDING_set_thread_id
BN_BLINDING_update
BN_CTX_end
BN_CTX_free
BN_CTX_get
BN_CTX_init
BN_CTX_new
BN_CTX_start
BN_GENCB_call
BN_GF2m_add
BN_GF2m_arr2poly
BN_GF2m_mod
BN_GF2m_mod_arr
BN_GF2m_mod_div
BN_GF2m_mod_div_arr
BN_GF2m_mod_exp
BN_GF2m_mod_exp_arr
BN_GF2m_mod_inv
BN_GF2m_mod_inv_arr
BN_GF2m_mod_mul
BN_GF2m_mod_mul_arr
BN_GF2m_mod_solve_quad
BN_GF2m_mod_solve_quad_arr
BN_GF2m_mod_sqr
BN_GF2m_mod_sqr_arr
BN_GF2m_mod_sqrt
BN_GF2m_mod_sqrt_arr
BN_GF2m_poly2arr
BN_MONT_CTX_copy
BN_MONT_CTX_free
BN_MONT_CTX_init
BN_MONT_CTX_new
BN_MONT_CTX_set
BN_MONT_CTX_set_locked
BN_RECP_CTX_free
BN_RECP_CTX_init
BN_RECP_CTX_new
BN_RECP_CTX_set
BN_add
BN_add_word
BN_bin2bn
BN_bn2bin
BN_bn2dec
BN_bn2hex
BN_bn2mpi
BN_bntest_rand
BN_clear
BN_clear_bit
BN_clear_free
BN_cmp
BN_copy
BN_dec2bn
BN_div
BN_div_recp
BN_div_word
BN_dup
BN_exp
BN_free
BN_from_montgomery
BN_gcd
BN_generate_prime
BN_generate_prime_ex
BN_get0_nist_prime_192
BN_get0_nist_prime_224
BN_get0_nist_prime_256
BN_get0_nist_prime_384
BN_get0_nist_prime_521
BN_get_params
BN_get_word
BN_hex2bn
BN_init
BN_is_bit_set
BN_is_prime
BN_is_prime_ex
BN_is_prime_fasttest
BN_is_prime_fasttest_ex
BN_kronecker
BN_lshift
BN_lshift1
BN_mask_bits
BN_mod_add
BN_mod_add_quick
BN_mod_exp
BN_mod_exp2_mont
BN_mod_exp_mont
BN_mod_exp_mont_consttime
BN_mod_exp_mont_word
BN_mod_exp_recp
BN_mod_exp_simple
BN_mod_inverse
BN_mod_lshift
BN_mod_lshift1
BN_mod_lshift1_quick
BN_mod_lshift_quick
BN_mod_mul
BN_mod_mul_montgomery
BN_mod_mul_reciprocal
BN_mod_sqr
BN_mod_sqrt
BN_mod_sub
BN_mod_sub_quick
BN_mod_word
BN_mpi2bn
BN_mul
BN_mul_word
BN_new
BN_nist_mod_192
BN_nist_mod_224
BN_nist_mod_256
BN_nist_mod_384
BN_nist_mod_521
BN_nnmod
BN_num_bits
BN_num_bits_word
BN_options
BN_print
BN_print_fp
BN_pseudo_rand
BN_pseudo_rand_range
BN_rand
BN_rand_range
BN_reciprocal
BN_rshift
BN_rshift1
BN_set_bit
BN_set_negative
BN_set_params
BN_set_word
BN_sqr
BN_sub
BN_sub_word
BN_swap
BN_to_ASN1_ENUMERATED
BN_to_ASN1_INTEGER
BN_uadd
BN_ucmp
BN_usub
BN_value_one
BUF_MEM_free
BUF_MEM_grow
BUF_MEM_grow_clean
BUF_MEM_new
BUF_memdup
BUF_strdup
BUF_strlcat
BUF_strlcpy
BUF_strndup
CAST_cbc_encrypt
CAST_cfb64_encrypt
CAST_decrypt
CAST_ecb_encrypt
CAST_encrypt
CAST_ofb64_encrypt
CAST_set_key
CBIGNUM_it
CERTIFICATEPOLICIES_free
CERTIFICATEPOLICIES_it
CERTIFICATEPOLICIES_new
COMP_CTX_free
COMP_CTX_new
COMP_compress_block
COMP_expand_block
COMP_rle
COMP_zlib
COMP_zlib_cleanup
CONF_dump_bio
CONF_dump_fp
CONF_free
CONF_get1_default_config_file
CONF_get_number
CONF_get_section
CONF_get_string
CONF_imodule_get_flags

Sections

.text
Size: 712KB - Virtual size: 708KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/libexpat.dll
.dll windows:4 windows x86 arch:x86

727518929ac61e1912d18bb38178c42d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
HeapFree
HeapReAlloc
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapSize
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
RtlUnwind
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

XML_DefaultCurrent
XML_ErrorString
XML_ExpatVersion
XML_ExpatVersionInfo
XML_ExternalEntityParserCreate
XML_FreeContentModel
XML_GetBase
XML_GetBuffer
XML_GetCurrentByteCount
XML_GetCurrentByteIndex
XML_GetCurrentColumnNumber
XML_GetCurrentLineNumber
XML_GetErrorCode
XML_GetFeatureList
XML_GetIdAttributeIndex
XML_GetInputContext
XML_GetParsingStatus
XML_GetSpecifiedAttributeCount
XML_MemFree
XML_MemMalloc
XML_MemRealloc
XML_Parse
XML_ParseBuffer
XML_ParserCreate
XML_ParserCreateNS
XML_ParserCreate_MM
XML_ParserFree
XML_ParserReset
XML_ResumeParser
XML_SetAttlistDeclHandler
XML_SetBase
XML_SetCdataSectionHandler
XML_SetCharacterDataHandler
XML_SetCommentHandler
XML_SetDefaultHandler
XML_SetDefaultHandlerExpand
XML_SetDoctypeDeclHandler
XML_SetElementDeclHandler
XML_SetElementHandler
XML_SetEncoding
XML_SetEndCdataSectionHandler
XML_SetEndDoctypeDeclHandler
XML_SetEndElementHandler
XML_SetEndNamespaceDeclHandler
XML_SetEntityDeclHandler
XML_SetExternalEntityRefHandler
XML_SetExternalEntityRefHandlerArg
XML_SetNamespaceDeclHandler
XML_SetNotStandaloneHandler
XML_SetNotationDeclHandler
XML_SetParamEntityParsing
XML_SetProcessingInstructionHandler
XML_SetReturnNSTriplet
XML_SetSkippedEntityHandler
XML_SetStartCdataSectionHandler
XML_SetStartDoctypeDeclHandler
XML_SetStartElementHandler
XML_SetStartNamespaceDeclHandler
XML_SetUnknownEncodingHandler
XML_SetUnparsedEntityDeclHandler
XML_SetUserData
XML_SetXmlDeclHandler
XML_StopParser
XML_UseForeignDTD
XML_UseParserAsHandlerArg

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/lightening.exe
.exe windows:4 windows x86 arch:x86

1abf21d1921f9583989ba56609f805d9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:52:12:f7:83:f4:d7:ab:a3:55:57:29:e9:9c:e0:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/01/2008, 00:00

Not After

16/02/2011, 23:59

Subject

CN=Trend Micro\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=RD,O=Trend Micro\, Inc.,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc80u

ord2461
ord3435
ord354
ord605
ord1785
ord3635
ord501
ord709
ord347
ord602
ord3204
ord3155
ord1270
ord1271
ord5633
ord2255
ord1920
ord1925
ord1894
ord4574
ord4109
ord6063
ord4119
ord1176
ord4256
ord4480
ord2856
ord5196
ord1590
ord1646
ord1647
ord1955
ord5171
ord1353
ord4961
ord3339
ord6275
ord3796
ord6273
ord1513
ord2163
ord2169
ord2399
ord2381
ord2379
ord2397
ord2409
ord2386
ord2402
ord2407
ord2390
ord2392
ord2394
ord2388
ord2404
ord2384
ord931
ord927
ord929
ord925
ord920
ord5229
ord5231
ord5956
ord1591
ord4276
ord4716
ord3397
ord5199
ord4179
ord6271
ord5067
ord1899
ord5148
ord4238
ord1392
ord3940
ord1608
ord1611
ord5908
ord280
ord1542
ord1661
ord1662
ord4884
ord5178
ord2279
ord2742
ord2460
ord1479
ord6086
ord4112
ord2366
ord5609
ord899
ord1883
ord1058
ord1079
ord4388
ord3678
ord572
ord741
ord3198
ord326
ord2362
ord5584
ord6033
ord5723
ord5727
ord5636
ord5638
ord3756
ord3395
ord5519
ord3311
ord5210
ord4234
ord1393
ord5911
ord6721
ord1582
ord2086
ord3545
ord715
ord3133
ord3157
ord3281
ord5637
ord1572
ord1634
ord777
ord4098
ord4729
ord3417
ord587
ord2361
ord4226
ord1536
ord290
ord282
ord6700
ord4032
ord4008
ord6272
ord3795
ord6274
ord765
ord315
ord1087
ord1162
ord1200
ord581
ord1178
ord266
ord265
ord1182
ord5485
ord5524
ord5558
ord1472
ord1443
ord6306
ord6291
ord5091
ord744
ord556
ord2271
ord631
ord386
ord4320
ord2054
ord2009
ord5579
ord3800
ord1007
ord5096
ord6215
ord5378
ord3826
ord1911
ord2925
ord5220
ord5222
ord3942
ord4562
ord5226
ord5209
ord5562
ord2531
ord2725
ord2829
ord4301
ord2708
ord2832
ord2534
ord2640
ord2527
ord3712
ord3713
ord3703
ord2638
ord3943
ord4475
ord4255
ord3327
ord2239
ord2159
ord5971
ord3824
ord6751
ord1067
ord314
ord2011
ord757
ord566
ord3677
ord5398
ord4535
ord2311
ord776
ord293
ord762
ord774
ord577
ord283
ord6720
ord764
ord1198

msvcr80

exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
__CxxFrameHandler3
calloc
memcpy_s
malloc
_recalloc
free
_wcmdln
memset
_resetstkoflw
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_initterm
_initterm_e
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
wcsrchr
_localtime64_s
wcsftime
_time64
_configthreadlocale

kernel32

UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetStartupInfoW
InterlockedCompareExchange
LocalAlloc
LocalFree
ExitProcess
MoveFileExW
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
CloseHandle
CreateMutexW
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryW
InterlockedExchange
lstrlenW
LeaveCriticalSection
EnterCriticalSection
Sleep
SetUnhandledExceptionFilter
GetPrivateProfileStringW
CreateProcessW
WritePrivateProfileStringW
GetPrivateProfileIntW
SetCurrentDirectoryW
CreateThread
GetSystemDefaultLangID
GlobalMemoryStatus
lstrlenA
GetCurrentThread
GetCurrentProcess
GetModuleHandleA
FormatMessageW
MultiByteToWideChar
CreateDirectoryW
VirtualQuery
GetModuleFileNameW
GetCommandLineW
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
IsDebuggerPresent

user32

GetWindowRect
InvalidateRect
SendMessageW
GetClientRect
GetSystemMetrics
EnableWindow
wsprintfW
GetSysColor
SetParent
BringWindowToTop
LoadIconW
DrawStateW
GetWindowTextW
CopyRect
LoadCursorW
RedrawWindow
FillRect
DrawIcon
UnregisterClassA

gdi32

CreateCompatibleBitmap
GetBkColor
GetStockObject
CreateFontIndirectW
GetObjectW
GetDIBColorTable
CreatePen
Rectangle
CreateFontW
GetTextExtentPoint32W
SetDIBColorTable
SelectObject
StretchBlt
DeleteObject
CreateDIBSection
BitBlt
DeleteDC
CreateCompatibleDC

msimg32

TransparentBlt
AlphaBlend

advapi32

RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey

shell32

ShellExecuteW

comctl32

InitCommonControlsEx
_TrackMouseEvent

urlmon

URLDownloadToFileW

imagehlp

SymGetSymFromAddr
StackWalk64
SymInitialize
SymCleanup

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

gdiplus

GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromFile
GdipGetImagePixelFormat
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageWidth
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipDrawImageI
GdipDrawString
GdipSetTextRenderingHint
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipDisposeImage
GdipSetSolidFillColor
GdipCreateSolidFill
GdipDeleteBrush
GdipAlloc
GdipFree
GdipCloneImage
GdipDeleteFont
GdipDeleteFontFamily
GdipCreateFont
GdipCloneBrush

wininet

DeleteUrlCacheEntryW

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/loading.jpg
.jpg
Lightening Cleaner 3.0/misc/log.dll
.dll windows:4 windows x86 arch:x86

0247298adfd3370e4c748f46b0ff9119

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc80u

ord1472
ord5558
ord5524
ord5485
ord3677
ord566
ord757
ord3824
ord3327
ord4255
ord4475
ord3943
ord2638
ord3703
ord3713
ord3712
ord2527
ord2640
ord2534
ord2832
ord2708
ord4301
ord2829
ord2725
ord2531
ord5562
ord5209
ord5226
ord4562
ord3942
ord2239
ord5222
ord5220
ord2925
ord3826
ord5378
ord6215
ord5096
ord1007
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord4032
ord6751
ord765
ord315
ord1079
ord1033
ord1087
ord1197
ord1199
ord1093
ord371
ord1908
ord1162
ord1115
ord1192
ord1168
ord1170
ord314
ord1200
ord581
ord1443
ord6306
ord6291
ord5091
ord744
ord556
ord2271
ord631
ord386
ord2311
ord776
ord293
ord762
ord774
ord577
ord283
ord1911
ord764

msvcr80

_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
?terminate@@YAXXZ
__CppXcptFilter
_time64
wcsftime
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
free
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
__dllonexit
_encode_pointer
_unlock
__CxxFrameHandler3
wcsrchr
_localtime64_s
__clean_type_info_names_internal

kernel32

SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
LocalAlloc
LocalFree
CreateDirectoryW
VirtualQuery
GetModuleFileNameW
GetCommandLineW
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter

Exports

Exports

GetDebug

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/mainbk.jpg
.jpg
Lightening Cleaner 3.0/misc/menu_active.jpg
.jpg
Lightening Cleaner 3.0/misc/menu_hover.jpg
.jpg
Lightening Cleaner 3.0/misc/menu_normal.jpg
.jpg
Lightening Cleaner 3.0/misc/menuicon.png
.png
Lightening Cleaner 3.0/misc/mfc80u.dll
.dll windows:4 windows x86 arch:x86

ec3a3e73c915b29faaecfea40905d0c8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr80

?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
__dllonexit
_encode_pointer
_unlock
?terminate@@YAXXZ
strcpy_s
_itow_s
_ultow_s
_ltow_s
iswdigit
ceil
wcsncmp
_wcsnicmp
_wfullpath
_wtol
__wargv
__argc
swscanf_s
_beginthreadex
_endthreadex
_wcsdup
_expand
_wtoi
_recalloc
wcstod
wcstoul
_mbspbrk
wcstol
_resetstkoflw
_wmakepath_s
_wsplitpath_s
_vsnwprintf_s
_snwscanf_s
labs
abs
calloc
_msize
wcscat_s
_snwprintf_s
_errno
_purecall
_localtime64_s
_mktime64
realloc
fclose
fflush
ftell
fseek
fgetws
fputws
fwrite
clearerr_s
ferror
feof
fread
__doserrno
_fdopen
_open_osfhandle
_fileno
_get_osfhandle
wcscpy_s
abort
memcmp
swprintf_s
wcsncpy_s
_mbscspn
_mbscmp
_vscprintf
wcscmp
wcscspn
wcsspn
iswspace
_mbsinc
_mbsupr_s
_wcsrev
memcpy_s
_mbsspn
_mbscoll
wcspbrk
memset
_wcsicoll
wcsstr
wcsrchr
_mbsrchr
_mbschr
vsprintf_s
_wcsupr_s
wcslen
_wcslwr_s
_ismbcspace
vswprintf_s
_mbsstr
_mbsicoll
_mbsrev
strlen
malloc
free
wcscoll
memmove
_vscwprintf
_mbsicmp
_wcsicmp
memmove_s
_mbslwr_s
wcschr
_CxxThrowException
memcpy
__clean_type_info_names_internal
__CxxFrameHandler3

kernel32

GetLocaleInfoA
GetSystemTimeAsFileTime
GetEnvironmentVariableW
FindResourceExW
FindResourceW
LoadResource
FormatMessageA
WideCharToMultiByte
SizeofResource
FormatMessageW
GetEnvironmentVariableA
MultiByteToWideChar
GetLastError
LockResource
LocalFree
SetLastError
GetAtomNameW
GlobalGetAtomNameW
lstrlenW
lstrcmpA
lstrlenA
DuplicateHandle
GetCurrentProcess
CreateFileW
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
CloseHandle
LockFile
UnlockFile
SetEndOfFile
GetFileSize
MoveFileW
DeleteFileW
LoadLibraryW
GetProcAddress
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
lstrcmpiW
GetThreadLocale
GetStringTypeExW
GetModuleFileNameW
GetShortPathNameW
GlobalLock
GlobalSize
GlobalAlloc
GlobalUnlock
GlobalReAlloc
GlobalFree
GetFileTime
GetFileAttributesW
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileAttributesW
SetFileTime
FreeLibrary
GetModuleHandleW
InterlockedDecrement
LocalAlloc
TlsAlloc
InitializeCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TlsGetValue
LocalReAlloc
TlsSetValue
WaitForSingleObject
CreateSemaphoreW
ReleaseSemaphore
CreateMutexW
ReleaseMutex
CreateEventW
WaitForMultipleObjects
lstrcmpW
GetVersionExA
GlobalDeleteAtom
GlobalFindAtomW
CompareStringW
GlobalAddAtomW
GetCurrentThreadId
GetVersion
GetCurrentProcessId
GetVersionExW
MulDiv
GetProfileIntW
LoadLibraryA
VirtualProtect
GetModuleHandleA
RaiseException
GlobalFlags
GetDiskFreeSpaceW
GetTempFileNameW
LocalLock
LocalUnlock
GetTempPathW
SearchPathW
SetEvent
SetThreadPriority
ResumeThread
SuspendThread
GetLocaleInfoW
ConvertDefaultLocale
EnumResourceLanguagesW
GetCurrentThread
InterlockedExchange
CompareStringA
SetErrorMode
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetCurrentDirectoryW
InterlockedIncrement
FindNextFileW
GetTickCount
CopyFileW
GetUserDefaultLCID
IsDBCSLeadByte
lstrcpyW
lstrcpyA
GetSystemTime
LoadLibraryExW
Sleep
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetACP

gdi32

GetCurrentPositionEx
OffsetRgn
SetBrushOrgEx
GetRgnBox
CreateMetaFileW
CopyMetaFileW
LPtoDP
Ellipse
CreateEllipticRgn
AbortDoc
EndDoc
EndPage
StartPage
SetAbortProc
DPtoLP
SetRectRgn
CombineRgn
GetMapMode
GetPixel
CreateDIBPatternBrushPt
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
EnumMetaFile
PlayMetaFile
PlayMetaFileRecord
GetObjectType
ExtSelectClipRgn
GetClipRgn
CreateRectRgn
SelectClipPath
PolyBezierTo
SetColorAdjustment
PolylineTo
PolyDraw
SetArcDirection
ArcTo
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
LineTo
OffsetClipRgn
ExcludeClipRect
SelectClipRgn
OffsetWindowOrgEx
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SelectPalette
StartDocW
EnumFontFamiliesExW
CreateDCW
BitBlt
CreateRectRgnIndirect
PatBlt
UnrealizeObject
Rectangle
CreatePen
CreatePatternBrush
CreateBitmap
TextOutW
DeleteMetaFile
CloseMetaFile
RectVisible
PtVisible
IntersectClipRect
SetWindowOrgEx
GetWindowOrgEx
GetViewportOrgEx
GetDeviceCaps
Escape
ExtTextOutW
MoveToEx
GetTextAlign
GetTextExtentPoint32A
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
GetNearestColor
GetViewportExtEx
GetWindowExtEx
CreateFontIndirectW
GetTextFaceW
GetTextColor
GetStretchBltMode
GetPolyFillMode
GetBkMode
GetROP2
RestoreDC
SaveDC
GetStockObject
GetTextMetricsW
GetTextExtentPoint32W
DeleteObject
GetCharWidthW
CreateFontW
DeleteDC
StretchDIBits
SelectObject
GetBkColor
CreateCompatibleBitmap
CreateCompatibleDC
SetTextColor
SetBkColor
GetObjectW
GetClipBox

user32

IntersectRect
RegisterWindowMessageW
GetWindowLongW
SetWindowLongW
SetWindowPos
IsWindow
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetMessageTime
GetMessagePos
DefWindowProcW
GetPropW
CallWindowProcW
RemovePropW
CallNextHookEx
GetClassLongW
GetClassInfoExW
GetClassNameW
SetPropW
SetWindowsHookExW
CreateWindowExW
DestroyWindow
GetKeyState
GetDlgCtrlID
SendMessageW
GetWindowTextLengthW
GetWindowTextW
GetDlgItem
SetWindowPlacement
TrackPopupMenu
TrackPopupMenuEx
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetMenu
GetClassInfoW
RegisterClassW
WinHelpW
GetCapture
GetParent
GetWindow
IsChild
MessageBoxW
GetTopWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetScrollInfo
GetScrollInfo
IsWindowVisible
ScrollWindow
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
ScreenToClient
EqualRect
DeferWindowPos
AdjustWindowRectEx
GetFocus
SetActiveWindow
SetFocus
PtInRect
PeekMessageW
DispatchMessageW
GetSysColor
GetClientRect
MapWindowPoints
SendDlgItemMessageW
SendDlgItemMessageA
UpdateWindow
PostMessageW
LoadIconW
EnableWindow
SetRectEmpty
LoadAcceleratorsW
TranslateAcceleratorW
ReleaseCapture
SetCursor
GetDesktopWindow
IsWindowEnabled
ShowWindow
GetWindowThreadProcessId
GetActiveWindow
LoadMenuW
DestroyMenu
SetMenu
UnpackDDElParam
ReuseDDElParam
InvalidateRect
CreatePopupMenu
InsertMenuItemW
BringWindowToTop
LoadCursorW
OffsetRect
WaitMessage
WindowFromPoint
SetCapture
ClientToScreen
GetMessageW
TranslateMessage
DefFrameProcW
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
RedrawWindow
InflateRect
KillTimer
SetTimer
SetRect
GetDC
ReleaseDC
IsZoomed
SetParent
IsRectEmpty
GetSystemMenu
DeleteMenu
AppendMenuW
GetDCEx
LockWindowUpdate
GetTabbedTextExtentA
DrawTextW
DrawTextExW
GrayStringW
UnionRect
MapVirtualKeyW
GetKeyNameTextW
LoadBitmapW
DrawFocusRect
FillRect
CreateDialogIndirectParamW
EndDialog
GetNextDlgTabItem
GetAsyncKeyState
MapDialogRect
GetDialogBaseUnits
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutW
GetMenuStringW
SystemParametersInfoW
GetMenuItemInfoW
GetSysColorBrush
SetWindowTextW
CheckDlgButton
CheckRadioButton
GetDlgItemInt
GetDlgItemTextW
SetDlgItemInt
SetDlgItemTextW
IsDlgButtonChecked
ScrollWindowEx
IsDialogMessageW
MoveWindow
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
ModifyMenuW
GetMenuCheckMarkDimensions
DestroyIcon
SetCursorPos
DestroyCursor
FindWindowW
SetWindowRgn
DrawIcon
GetTabbedTextExtentW
IsClipboardFormatAvailable
MessageBeep
RemoveMenu
ValidateRect
PostQuitMessage
UnregisterClassW
ShowOwnedPopups
InsertMenuW
RegisterClipboardFormatW
SendNotifyMessageW
CopyAcceleratorTableW
InSendMessage
PostThreadMessageW
CreateMenu
WindowFromDC
CountClipboardFormats
SetWindowContextHelpId
CharNextW
InvalidateRgn
GetNextDlgGroupItem
ClipCursor
DrawEdge
EnumChildWindows
SystemParametersInfoA
GetWindowRect
GetWindowPlacement
IsIconic
MsgWaitForMultipleObjects
UnhookWindowsHookEx
GetCursorPos
CharUpperW
CharToOemBuffA
UnregisterClassA
OemToCharBuffA
GetSystemMetrics

shlwapi

UrlUnescapeW
PathFindFileNameW
PathRemoveExtensionW
PathFindExtensionW
PathStripToRootW
PathIsUNCW

Sections

.text
Size: 912KB - Virtual size: 911KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/microsoft.vc80.crt.manifest
.xml
Lightening Cleaner 3.0/misc/microsoft.vc80.mfc.manifest
.xml
Lightening Cleaner 3.0/misc/msvcp80.dll
.dll windows:4 windows x86 arch:x86

9fb682fe34f5d965faf4cf424fa6c000

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr80

setvbuf
fwrite
??0exception@std@@QAE@XZ
_Getdays
_Getmonths
fgetpos
fseek
fsetpos
fclose
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
__iob_func
_invoke_watson
_fsopen
wcstombs_s
_wfsopen
_get_osplatform
mbstowcs_s
atan2
cos
exp
ldexp
log
pow
sin
sqrt
tan
fgetwc
fputwc
ungetwc
_Strftime
strcspn
_strtoi64
_strtoui64
sprintf_s
abort
??0exception@std@@QAE@ABQBDH@Z
_realloc_crt
setlocale
_malloc_crt
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
__uncaught_exception
fflush
towupper
strcmp
_create_locale
_ui64toa_s
_free_locale
__pctype_func
_errno
___mb_cur_max_l_func
___lc_codepage_func
___lc_handle_func
__crtCompareStringA
___lc_collate_cp_func
__crtLCMapStringA
memcpy
isupper
_calloc_crt
islower
__crtGetStringTypeW
__crtLCMapStringW
__crtCompareStringW
isspace
tolower
strtod
isdigit
isalnum
?terminate@@YAXXZ
_unlock
_encode_pointer
__dllonexit
_lock
_onexit
_decode_pointer
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
__clean_type_info_names_internal
ungetc
fputc
fgetc
__CxxFrameHandler3
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??2@YAPAXI@Z
_invalid_parameter_noinfo
??_V@YAXPAX@Z
_Gettnames
localeconv
free
memset
memchr
strlen
memcmp
wcslen
memmove_s
memcpy_s
??3@YAXPAX@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
towlower
??0exception@std@@QAE@ABQBD@Z

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
Sleep
InterlockedDecrement
InterlockedIncrement
GetLocaleInfoA
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
InterlockedCompareExchange
GetSystemTimeAsFileTime

Exports

Exports

??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAD@Z
??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAD@Z
??$?5DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?5GU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAG@Z
??$?5GU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@PAG@Z
??$?5GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?5MDU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@M@0@@Z
??$?5MGU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@M@0@@Z
??$?5M_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$complex@M@0@@Z
??$?5NDU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@N@0@@Z
??$?5NGU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@N@0@@Z
??$?5N_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$complex@N@0@@Z
??$?5ODU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@O@0@@Z
??$?5OGU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@O@0@@Z
??$?5O_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$complex@O@0@@Z
??$?5U?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAC@Z
??$?5U?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAE@Z
??$?5U?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAC@Z
??$?5U?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAE@Z
??$?5_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AA_W@Z
??$?5_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@PA_W@Z
??$?5_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?6GU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@G@Z
??$?6GU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@PBG@Z
??$?6GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?6MDU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@M@0@@Z
??$?6MGU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@M@0@@Z
??$?6M_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$complex@M@0@@Z
??$?6NDU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@N@0@@Z
??$?6NGU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@N@0@@Z
??$?6N_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$complex@N@0@@Z
??$?6ODU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@O@0@@Z
??$?6OGU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@O@0@@Z
??$?6O_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$complex@O@0@@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@C@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@E@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBC@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBE@Z
??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z
??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@_W@Z
??$?6_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?8M@std@@YA_NABMABV?$complex@M@0@@Z
??$?8M@std@@YA_NABV?$complex@M@0@0@Z
??$?8M@std@@YA_NABV?$complex@M@0@ABM@Z
??$?8N@std@@YA_NABNABV?$complex@N@0@@Z
??$?8N@std@@YA_NABV?$complex@N@0@0@Z
??$?8N@std@@YA_NABV?$complex@N@0@ABN@Z
??$?8O@std@@YA_NABOABV?$complex@O@0@@Z
??$?8O@std@@YA_NABV?$complex@O@0@0@Z
??$?8O@std@@YA_NABV?$complex@O@0@ABO@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?9M@std@@YA_NABMABV?$complex@M@0@@Z
??$?9M@std@@YA_NABV?$complex@M@0@0@Z
??$?9M@std@@YA_NABV?$complex@M@0@ABM@Z
??$?9N@std@@YA_NABNABV?$complex@N@0@@Z
??$?9N@std@@YA_NABV?$complex@N@0@0@Z
??$?9N@std@@YA_NABV?$complex@N@0@ABN@Z
??$?9O@std@@YA_NABOABV?$complex@O@0@@Z
??$?9O@std@@YA_NABV?$complex@O@0@0@Z
??$?9O@std@@YA_NABV?$complex@O@0@ABO@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?DM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?DM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?DM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?DN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?DN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?DN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?DO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?DO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?DO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?GM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?GM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?GM@std@@YA?AV?$complex@M@0@ABV10@@Z
??$?GM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?GN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?GN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?GN@std@@YA?AV?$complex@N@0@ABV10@@Z
??$?GN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?GO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?GO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?GO@std@@YA?AV?$complex@O@0@ABV10@@Z
??$?GO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@DABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@GABV10@@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
??$?HM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?HM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?HM@std@@YA?AV?$complex@M@0@ABV10@@Z
??$?HM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?HN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?HN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?HN@std@@YA?AV?$complex@N@0@ABV10@@Z
??$?HN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?HO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?HO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?HO@std@@YA?AV?$complex@O@0@ABV10@@Z
??$?HO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@_WABV10@@Z
??$?KM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?KM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?KM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?KN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?KN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?KN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?KO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?KO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?KO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?NGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?NGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?NGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?N_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?N_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?N_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?OGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?OGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?OGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?O_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?O_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?O_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?PDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?PDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?PDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?PGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?PGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?PGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?P_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?P_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?P_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$_Fabs@M@std@@YAMABV?$complex@M@0@PAH@Z
??$_Fabs@N@std@@YANABV?$complex@N@0@PAH@Z
??$_Fabs@O@std@@YAOABV?$complex@O@0@PAH@Z
??$abs@M@std@@YAMABV?$complex@M@0@@Z
??$abs@N@std@@YANABV?$complex@N@0@@Z
??$abs@O@std@@YAOABV?$complex@O@0@@Z
??$arg@M@std@@YAMABV?$complex@M@0@@Z
??$arg@N@std@@YANABV?$complex@N@0@@Z
??$arg@O@std@@YAOABV?$complex@O@0@@Z
??$conj@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$conj@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$conj@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$cos@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$cos@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$cos@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$cosh@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$cosh@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$cosh@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$exp@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$exp@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$exp@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@D@Z
??$getline@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$getline@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@G@Z
??$getline@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$getline@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@_W@Z
??$imag@M@std@@YAMABV?$complex@M@0@@Z
??$imag@N@std@@YANABV?$complex@N@0@@Z
??$imag@O@std@@YAOABV?$complex@O@0@@Z
??$log10@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$log10@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$log10@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$log@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$log@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$log@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$norm@M@std@@YAMABV?$complex@M@0@@Z
??$norm@N@std@@YANABV?$complex@N@0@@Z
??$norm@O@std@@YAOABV?$complex@O@0@@Z
??$polar@M@std@@YA?AV?$complex@M@0@ABM0@Z
??$polar@M@std@@YA?AV?$complex@M@0@ABM@Z
??$polar@N@std@@YA?AV?$complex@N@0@ABN0@Z
??$polar@N@std@@YA?AV?$complex@N@0@ABN@Z
??$polar@O@std@@YA?AV?$complex@O@0@ABO0@Z
??$polar@O@std@@YA?AV?$complex@O@0@ABO@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABV10@H@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABV10@H@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABV10@H@Z
??$real@M@std@@YAMABV?$complex@M@0@@Z
??$real@N@std@@YANABV?$complex@N@0@@Z
??$real@O@std@@YAOABV?$complex@O@0@@Z
??$sin@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$sin@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$sin@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$sinh@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$sinh@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$sinh@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$sqrt@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$sqrt@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$sqrt@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$tan@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$tan@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$tan@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$tanh@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$tanh@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$tanh@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??0?$_Complex_base@MU_C_float_complex@@@std@@QAE@ABM0@Z
??0?$_Complex_base@NU_C_double_complex@@@std@@QAE@ABN0@Z
??0?$_Complex_base@OU_C_ldouble_complex@@@std@@QAE@ABO0@Z
??0?$_Mpunct@D@std@@IAE@PBDI_N@Z
??0?$_Mpunct@D@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$_Mpunct@D@std@@QAE@I_N@Z
??0?$_Mpunct@G@std@@IAE@PBDI_N@Z
??0?$_Mpunct@G@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$_Mpunct@G@std@@QAE@I_N@Z
??0?$_Mpunct@_W@std@@IAE@PBDI_N@Z
??0?$_Mpunct@_W@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$_Mpunct@_W@std@@QAE@I_N@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@QAE@ABV01@@Z
??0?$_String_val@GV?$allocator@G@std@@@std@@IAE@V?$allocator@G@1@@Z
??0?$_String_val@GV?$allocator@G@std@@@std@@QAE@ABV01@@Z
??0?$_String_val@_WV?$allocator@_W@std@@@std@@IAE@V?$allocator@_W@1@@Z
??0?$_String_val@_WV?$allocator@_W@std@@@std@@QAE@ABV01@@Z
??0?$allocator@D@std@@QAE@ABV01@@Z
??0?$allocator@D@std@@QAE@XZ
??0?$allocator@G@std@@QAE@ABV01@@Z
??0?$allocator@G@std@@QAE@XZ
??0?$allocator@X@std@@QAE@ABV01@@Z
??0?$allocator@X@std@@QAE@XZ
??0?$allocator@_W@std@@QAE@ABV01@@Z
??0?$allocator@_W@std@@QAE@XZ
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_filebuf@_WU?$char_traits@_W@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_filebuf@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBGHH@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PBDHH@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PBGHH@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PB_WHH@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@PBDHH@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@PBGHH@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@PB_WHH@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBGHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PBDHH@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PBGHH@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@PBDHH@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@PBGHH@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N1@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_istringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_istringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBGHH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PBDHH@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PBGHH@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@PBDHH@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@PBGHH@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@1@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@II@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@IIABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGIABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@V?$_String_const_iterator@GU?$char_traits@G@std@@V?$allocator@G@2@@1@0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@II@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@IIABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@I_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@I_WABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WIABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_stringbuf@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_stringbuf@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??0?$codecvt@DDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@DDH@std@@QAE@I@Z
??0?$codecvt@GDH@std@@IAE@PBDI@Z
??0?$codecvt@GDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@GDH@std@@QAE@I@Z
??0?$codecvt@_WDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@_WDH@std@@QAE@I@Z
??0?$collate@D@std@@IAE@PBDI@Z
??0?$collate@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$collate@D@std@@QAE@I@Z
??0?$collate@G@std@@IAE@PBDI@Z
??0?$collate@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$collate@G@std@@QAE@I@Z
??0?$collate@_W@std@@IAE@PBDI@Z
??0?$collate@_W@std@@QAE@ABV_Locinfo@1@I@Z
??0?$collate@_W@std@@QAE@I@Z
??0?$complex@M@std@@QAE@ABM0@Z
??0?$complex@M@std@@QAE@ABU_C_float_complex@@@Z
??0?$complex@M@std@@QAE@ABV?$complex@N@1@@Z
??0?$complex@M@std@@QAE@ABV?$complex@O@1@@Z
??0?$complex@N@std@@QAE@ABN0@Z
??0?$complex@N@std@@QAE@ABU_C_double_complex@@@Z
??0?$complex@N@std@@QAE@ABV?$complex@M@1@@Z
??0?$complex@N@std@@QAE@ABV?$complex@O@1@@Z
??0?$complex@O@std@@QAE@ABO0@Z
??0?$complex@O@std@@QAE@ABU_C_ldouble_complex@@@Z
??0?$complex@O@std@@QAE@ABV?$complex@M@1@@Z
??0?$complex@O@std@@QAE@ABV?$complex@N@1@@Z
??0?$ctype@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@D@std@@QAE@PBF_NI@Z
??0?$ctype@G@std@@IAE@PBDI@Z
??0?$ctype@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@G@std@@QAE@I@Z
??0?$ctype@_W@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@_W@std@@QAE@I@Z
??0?$messages@D@std@@IAE@PBDI@Z
??0?$messages@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$messages@D@std@@QAE@I@Z
??0?$messages@G@std@@IAE@PBDI@Z
??0?$messages@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$messages@G@std@@QAE@I@Z
??0?$messages@_W@std@@IAE@PBDI@Z
??0?$messages@_W@std@@QAE@ABV_Locinfo@1@I@Z
??0?$messages@_W@std@@QAE@I@Z
??0?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$money_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$money_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$moneypunct@D$00@std@@IAE@PBDI@Z
??0?$moneypunct@D$00@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@D$00@std@@QAE@I@Z
??0?$moneypunct@D$0A@@std@@IAE@PBDI@Z
??0?$moneypunct@D$0A@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@D$0A@@std@@QAE@I@Z
??0?$moneypunct@G$00@std@@IAE@PBDI@Z
??0?$moneypunct@G$00@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@G$00@std@@QAE@I@Z
??0?$moneypunct@G$0A@@std@@IAE@PBDI@Z
??0?$moneypunct@G$0A@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@G$0A@@std@@QAE@I@Z
??0?$moneypunct@_W$00@std@@IAE@PBDI@Z
??0?$moneypunct@_W$00@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@_W$00@std@@QAE@I@Z
??0?$moneypunct@_W$0A@@std@@IAE@PBDI@Z
??0?$moneypunct@_W$0A@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@_W$0A@@std@@QAE@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z

Sections

.text
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 292KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/msvcr80.dll
.dll windows:4 windows x86 arch:x86

8eb98c77a1ada89df5027bd5bf01c2f6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_getdrives

kernel32

LoadLibraryW
GetLocalTime
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetSystemDirectoryW
GetLongPathNameW
GetCurrentThreadId
TlsGetValue
DebugBreak
OutputDebugStringA
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitThread
CloseHandle
GetLastError
ResumeThread
CreateThread
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
Sleep
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapReAlloc
VirtualAlloc
SetHandleCount
GetFileType
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
WriteConsoleW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSection
MultiByteToWideChar
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
WideCharToMultiByte
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetLocalTime
GetLocaleInfoA
GetLocaleInfoW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
RtlUnwind
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
HeapSize
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
SetStdHandle
CreateFileA
CompareStringA
CompareStringW
Beep
GetDiskFreeSpaceA
GetLogicalDrives
SetErrorMode
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetDriveTypeA
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
DeleteFileW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
MoveFileA
RaiseException
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
CreateProcessW
HeapValidate
HeapCompact
HeapWalk
VirtualProtect
GetSystemInfo
VirtualQuery
IsDBCSLeadByteEx
ReadConsoleA
ReadConsoleW
SetConsoleMode
SetEndOfFile
DuplicateHandle
GetFileInformationByHandle
PeekNamedPipe
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ReadConsoleInputW
LockFile
UnlockFile
CreatePipe
ReadFile
CreateFileW
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??0bad_typeid@std@@QAE@ABV01@@Z
??0bad_typeid@std@@QAE@PBD@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABQBDH@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??1__non_rtti_object@std@@UAE@XZ
??1bad_cast@std@@UAE@XZ
??1bad_typeid@std@@UAE@XZ
??1exception@std@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??3@YAXPAX@Z
??4__non_rtti_object@std@@QAEAAV01@ABV01@@Z
??4bad_cast@std@@QAEAAV01@ABV01@@Z
??4bad_typeid@std@@QAEAAV01@ABV01@@Z
??4exception@std@@QAEAAV01@ABV01@@Z
??8type_info@@QBE_NABV0@@Z
??9type_info@@QBE_NABV0@@Z
??_7__non_rtti_object@std@@6B@
??_7bad_cast@std@@6B@
??_7bad_typeid@std@@6B@
??_7exception@@6B@
??_7exception@std@@6B@
??_Fbad_cast@std@@QAEXXZ
??_Fbad_typeid@std@@QAEXXZ
??_U@YAPAXI@Z
??_V@YAXPAX@Z
?_Name_base@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_Name_base_internal@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_Type_info_dtor@type_info@@CAXPAV1@@Z
?_Type_info_dtor_internal@type_info@@CAXPAV1@@Z
?_ValidateExecute@@YAHP6GHXZ@Z
?_ValidateRead@@YAHPBXI@Z
?_ValidateWrite@@YAHPAXI@Z
?_inconsistency@@YAXXZ
?_invalid_parameter@@YAXPBG00II@Z
?_is_exception_typeof@@YAHABVtype_info@@PAU_EXCEPTION_POINTERS@@@Z
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
?_open@@YAHPBDHH@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZH@Z
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?_sopen@@YAHPBDHHH@Z
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?_wopen@@YAHPB_WHH@Z
?_wsopen@@YAHPB_WHHH@Z
?before@type_info@@QBEHABV1@@Z
?name@type_info@@QBEPBDPAU__type_info_node@@@Z
?raw_name@type_info@@QBEPBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZH@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZH@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?swprintf@@YAHPAGIPBGZZ
?swprintf@@YAHPA_WIPB_WZZ
?terminate@@YAXXZ
?unexpected@@YAXXZ
?vswprintf@@YAHPA_WIPB_WPAD@Z
?what@exception@std@@UBEPBDXZ
@_calloc_crt@8
@_malloc_crt@4
@_realloc_crt@8
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CRT_RTC_INIT
_CRT_RTC_INITW
_CreateFrameInfo
_CxxThrowException
_EH_prolog
_FindAndUnlinkFrame
_Getdays
_Getmonths
_Gettnames
_HUGE
_IsExceptionObjectToBeDestroyed
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_Strftime
_XcptFilter
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CppXcptFilter
__CxxCallUnwindDelDtor
__CxxCallUnwindDtor
__CxxCallUnwindStdDelDtor
__CxxCallUnwindVecDtor
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__STRINGTOLD_L
__TypeMatch
___fls_getvalue@4
___fls_setvalue@8
___lc_codepage_func
___lc_collate_cp_func
___lc_handle_func
___mb_cur_max_func
___mb_cur_max_l_func
___setlc_active_func
___unguarded_readlc_active_add_func
__argc
__argv
__badioinfo
__clean_type_info_names_internal
__control87_2
__create_locale
__crtCompareStringA
__crtCompareStringW
__crtGetLocaleInfoW
__crtGetStringTypeW
__crtLCMapStringA
__crtLCMapStringW
__daylight
__dllonexit
__doserrno
__dstbias
__fpecode
__free_locale
__get_app_type
__get_current_locale
__get_flsindex
__get_tlsindex
__getmainargs
__initenv
__iob_func
__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__lc_clike
__lc_codepage
__lc_collate_cp
__lc_handle
__lconv
__lconv_init
__libm_sse2_acos
__libm_sse2_acosf
__libm_sse2_asin
__libm_sse2_asinf
__libm_sse2_atan
__libm_sse2_atan2
__libm_sse2_atanf
__libm_sse2_cos
__libm_sse2_cosf
__libm_sse2_exp
__libm_sse2_expf
__libm_sse2_log
__libm_sse2_log10
__libm_sse2_log10f
__libm_sse2_logf
__libm_sse2_pow
__libm_sse2_powf
__libm_sse2_sin
__libm_sse2_sinf
__libm_sse2_tan
__libm_sse2_tanf
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__osplatform
__p__osver
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__winmajor
__p__winminor
__p__winver
__p__wpgmptr
__pctype_func
__pioinfo
__pwctype_func
__pxcptinfoptrs
__report_gsfailure
__set_app_type
__set_flsgetvalue
__setlc_active
__setusermatherr
__strncnt
__swprintf_l
__sys_errlist
__sys_nerr
__threadhandle
__threadid
__timezone
__toascii
__tzname
__unDName
__unDNameEx
__unDNameHelper
__uncaught_exception
__unguarded_readlc_active
__vswprintf_l
__wargv
__wcserror
__wcserror_s
__wcsncnt
__wgetmainargs
__winitenv
_abnormal_termination
_abs64
_access
_access_s
_acmdln
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_adjust_fdiv
_aexit_rtn
_aligned_free
_aligned_malloc
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_realloc
_amsg_exit
_assert
_atodbl
_atodbl_l
_atof_l
_atoflt
_atoflt_l
_atoi64
_atoi64_l
_atoi_l
_atol_l
_atoldbl
_atoldbl_l
_beep
_beginthread
_beginthreadex
_byteswap_uint64
_byteswap_ulong
_byteswap_ushort
_c_exit
_cabs
_callnewh
_calloc_crt
_cexit
_cgets
_cgets_s
_cgetws
_cgetws_s
_chdir
_chdrive
_chgsign
_chkesp
_chmod
_chsize
_chsize_s
_clearfp
_close
_commit
_commode
_configthreadlocale
_control87
_controlfp
_controlfp_s
_copysign
_cprintf
_cprintf_l
_cprintf_p
_cprintf_p_l
_cprintf_s
_cprintf_s_l
_cputs
_cputws
_creat
_create_locale
_crt_debugger_hook
_cscanf
_cscanf_l
_cscanf_s
_cscanf_s_l
_ctime32
_ctime32_s
_ctime64
_ctime64_s
_cwait
_cwprintf
_cwprintf_l
_cwprintf_p
_cwprintf_p_l
_cwprintf_s
_cwprintf_s_l
_cwscanf
_cwscanf_l
_cwscanf_s
_cwscanf_s_l
_daylight
_decode_pointer
_difftime32
_difftime64
_dosmaperr
_dstbias
_dup
_dup2
_dupenv_s
_ecvt
_ecvt_s
_encode_pointer
_encoded_null
_endthread
_endthreadex
_environ
_eof
_errno
_except_handler2
_except_handler3
_except_handler4_common
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fclose_nolock
_fcloseall
_fcvt
_fcvt_s
_fdopen
_fflush_nolock
_fgetchar
_fgetwc_nolock
_fgetwchar
_filbuf
_filelength
_filelengthi64
_fileno
_findclose
_findfirst32
_findfirst32i64
_findfirst64
_findfirst64i32
_findnext32
_findnext32i64
_findnext64
_findnext64i32
_finite
_flsbuf
_flushall
_fmode
_fpclass
_fpieee_flt
_fpreset
_fprintf_l
_fprintf_p
_fprintf_p_l
_fprintf_s_l
_fputchar
_fputwc_nolock
_fputwchar
_fread_nolock
_free_locale
_freea
_freea_s
_freefls
_fscanf_l
_fscanf_s_l
_fseek_nolock
_fseeki64
_fseeki64_nolock
_fsopen
_fstat32
_fstat32i64
_fstat64
_fstat64i32
_ftell_nolock
_ftelli64
_ftelli64_nolock
_ftime32
_ftime32_s
_ftime64
_ftime64_s
_ftol
_fullpath
_futime32
_futime64
_fwprintf_l
_fwprintf_p
_fwprintf_p_l
_fwprintf_s_l
_fwrite_nolock
_fwscanf_l
_fwscanf_s_l
_gcvt
_gcvt_s
_get_amblksiz
_get_current_locale
_get_daylight
_get_doserrno
_get_dstbias
_get_errno
_get_fmode
_get_heap_handle
_get_invalid_parameter_handler
_get_osfhandle
_get_osplatform
_get_osver
_get_output_format
_get_pgmptr
_get_printf_count_output
_get_purecall_handler
_get_sbh_threshold
_get_terminate
_get_timezone
_get_tzname
_get_unexpected
_get_winmajor
_get_winminor
_get_winver
_get_wpgmptr
_getch
_getch_nolock
_getche
_getche_nolock
_getcwd
_getdcwd
_getdcwd_nolock
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getptd
_getsystime
_getw
_getwch
_getwch_nolock

Sections

.text
Size: 396KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/nav.jpg
.jpg
Lightening Cleaner 3.0/misc/pattern/blacklist.dat
Lightening Cleaner 3.0/misc/pattern/filepattern.ptn
Lightening Cleaner 3.0/misc/pattern/ptnimmune.dat
Lightening Cleaner 3.0/misc/pattern/ssapiptn.da6
Lightening Cleaner 3.0/misc/perficrcperfmonmgr.dll
.dll regsvr32 windows:4 windows x86 arch:x86

97b84c325f3ee32e23fb9d4492a0af02

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:52:12:f7:83:f4:d7:ab:a3:55:57:29:e9:9c:e0:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/01/2008, 00:00

Not After

16/02/2011, 23:59

Subject

CN=Trend Micro\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=RD,O=Trend Micro\, Inc.,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

loadperf

UnloadPerfCounterTextStringsW
LoadPerfCounterTextStringsW

kernel32

GetModuleHandleW
LocalFree
GetSystemInfo
SetThreadLocale
LoadLibraryExW
GetSystemDefaultLangID
EnumResourceLanguagesW
MultiByteToWideChar
FreeLibrary
InterlockedDecrement
InterlockedIncrement
QueryPerformanceFrequency
GetModuleFileNameW
SetLastError
GetCurrentThread
GetCurrentProcess
WaitForSingleObject
ReleaseMutex
CreateMutexW
UnmapViewOfFile
OpenFileMappingW
CreateFileMappingW
MapViewOfFileEx
lstrcmpiW
CloseHandle
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
RaiseException
VerSetConditionMask
VerifyVersionInfoW
lstrlenW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetThreadLocale
CreateFileA
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
IsValidCodePage
InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
VirtualProtect
VirtualAlloc
GetProcAddress
GetModuleHandleA
VirtualQuery
RtlUnwind
GetCurrentThreadId
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualFree
HeapCreate
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryA
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetOEMCP

user32

UnregisterClassA
CharNextW

advapi32

GetTokenInformation
GetAce
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
CopySid
IsValidSid
GetLengthSid
RegEnumKeyExW
SetSecurityInfo
OpenThreadToken
OpenProcessToken
GetSecurityDescriptorLength
MakeSelfRelativeSD
InitializeSecurityDescriptor
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
MakeAbsoluteSD
GetSecurityDescriptorControl
GetAclInformation
InitializeAcl
AddAce
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
GetSecurityInfo

ole32

StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysStringLen

userenv

UnloadUserProfile

Exports

Exports

??0CiCrcPerfMonMgr@@QAE@XZ
??1CiCrcPerfMonMgr@@UAE@XZ
??_7CiCrcPerfMonMgr@@6B@
?CloseSingleton@CiCrcPerfMonMgr@@SAXXZ
?CreateMap@CiCrcPerfMonMgr@@EAEJGPAUHINSTANCE__@@PAI@Z
?GetAppName@CiCrcPerfMonMgr@@EBEPB_WXZ
?Initialize@CiCrcPerfMonMgr@@QAEJXZ
?Instance@CiCrcPerfMonMgr@@SAPAV1@XZ
?UnInitialize@CiCrcPerfMonMgr@@QAEXXZ
?UpdateDacl@CiCrcPerfMonMgr@@QAE_NXZ
?m_Instance@CiCrcPerfMonMgr@@0PAV1@A
?m_LockSingleton@CiCrcPerfMonMgr@@0VCSLock@@A
?m_iInitCount@CiCrcPerfMonMgr@@0HA
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
TMClosePerfMon
TMCollectPerfMon
TMOpenPerfMon
_ClosePerfMon@0
_CollectPerfMon@16
_OpenPerfMon@4

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/plugin.ini
Lightening Cleaner 3.0/misc/progress.jpg
.jpg
Lightening Cleaner 3.0/misc/protect.dll
.dll windows:4 windows x86 arch:x86

a80c1205ebe3fefd87e61a5700e048d6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc80u

ord3796
ord6273
ord1513
ord2163
ord2169
ord2399
ord2381
ord2379
ord2397
ord2409
ord2386
ord2402
ord2407
ord2390
ord2392
ord2394
ord2388
ord2404
ord2384
ord931
ord927
ord929
ord925
ord920
ord5229
ord5231
ord5956
ord1591
ord4276
ord4716
ord3397
ord5199
ord4179
ord6271
ord5067
ord1899
ord5148
ord4238
ord1392
ord3940
ord1608
ord1611
ord5908
ord6720
ord1542
ord1661
ord1662
ord2011
ord4884
ord4729
ord4206
ord5178
ord1472
ord6700
ord282
ord1479
ord899
ord2461
ord2460
ord776
ord3435
ord356
ord605
ord3635
ord501
ord709
ord347
ord602
ord6215
ord3155
ord1270
ord1271
ord5633
ord6275
ord1920
ord1925
ord1894
ord3417
ord572
ord587
ord777
ord3678
ord4109
ord2361
ord3281
ord5637
ord3157
ord5636
ord3198
ord5638
ord5727
ord6033
ord3296
ord5210
ord4226
ord1393
ord5911
ord6721
ord1536
ord290
ord741
ord326
ord2362
ord5584
ord5723
ord3756
ord3395
ord5519
ord1058
ord1079
ord3311
ord4234
ord1582
ord2086
ord3570
ord3339
ord4961
ord1353
ord5171
ord765
ord315
ord1033
ord1087
ord1197
ord1199
ord1093
ord371
ord1908
ord1162
ord1115
ord1192
ord1168
ord1170
ord1200
ord581
ord5378
ord3826
ord1911
ord2925
ord5220
ord5222
ord2239
ord3942
ord4562
ord5226
ord1955
ord1647
ord1646
ord1590
ord5196
ord2856
ord4480
ord4256
ord762
ord1176
ord1178
ord1182
ord280
ord774
ord5398
ord2311
ord293
ord6751
ord314
ord1118
ord577
ord283
ord6063
ord4574
ord1785
ord4032
ord4008
ord6272
ord3795
ord6274
ord4320
ord2054
ord2009
ord5579
ord3800
ord1007
ord2255
ord5096
ord5209
ord5562
ord2531
ord2725
ord2829
ord4301
ord2708
ord2832
ord2534
ord2640
ord2527
ord3712
ord3713
ord3703
ord2638
ord3943
ord4475
ord4255
ord3327
ord3824
ord757
ord566
ord3677
ord3204
ord764

msvcr80

_decode_pointer
_onexit
_lock
__dllonexit
_encode_pointer
_malloc_crt
__CxxFrameHandler3
malloc
_resetstkoflw
_purecall
calloc
_encoded_null
_unlock
_initterm
_recalloc
free
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
wcscpy_s
wcsrchr
_amsg_exit
_initterm_e
wcscat_s
memcpy_s
memset

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
InterlockedCompareExchange
LocalAlloc
LocalFree
InterlockedExchange
LeaveCriticalSection
EnterCriticalSection
GetPrivateProfileStringW
lstrlenW
WinExec
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcpyW
WaitForSingleObject
GetLastError
Sleep
TerminateProcess
OpenProcess
CreateProcessW
CreateDirectoryW
CopyFileW
GetFileAttributesW
GetWindowsDirectoryW
GetModuleFileNameW
CloseHandle
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetSystemDirectoryW
CreateFileW
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
GetSystemTimeAsFileTime

user32

EnableWindow
UnregisterClassA
GetClientRect
CopyRect
GetWindowTextW
DrawStateW
InvalidateRect
GetWindowRect
SetRect
SetWindowRgn
GetSysColor
GetSystemMetrics
DrawIcon
FillRect
SendMessageW
LoadCursorW

gdi32

CreateFontW
GetTextExtentPoint32W
CreateRectRgnIndirect
GetStockObject
GetBkColor
RoundRect
CreatePen
GetObjectW
SetDIBColorTable
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteDC
CreateDIBSection
DeleteObject
CreateFontIndirectW
GetDIBColorTable
StretchBlt

msimg32

AlphaBlend
TransparentBlt

advapi32

CloseServiceHandle
StartServiceW
ControlService
ChangeServiceConfigW
QueryServiceStatusEx
RegOpenKeyExW
OpenServiceW
OpenSCManagerW
RegCloseKey
RegDeleteValueW

shell32

ShellExecuteW

comctl32

_TrackMouseEvent

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

gdiplus

GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipBitmapUnlockBits
GdipGetImageWidth
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipGetImageHeight
GdipDisposeImage

Exports

Exports

GetLCModule

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/protect.png
.png
Lightening Cleaner 3.0/misc/radio.png
.png
Lightening Cleaner 3.0/misc/radio_check.png
.png
Lightening Cleaner 3.0/misc/scan.png
.png
Lightening Cleaner 3.0/misc/sep_left.gif
.gif
Lightening Cleaner 3.0/misc/sep_middle.gif
.gif
Lightening Cleaner 3.0/misc/sep_right.gif
.gif
Lightening Cleaner 3.0/misc/setting.dll
.dll windows:4 windows x86 arch:x86

1a7bf0968616f222258237a713619798

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc80u

ord2155
ord3756
ord2311
ord280
ord4574
ord6063
ord2460
ord5398
ord283
ord762
ord4256
ord4480
ord2856
ord5196
ord1590
ord1646
ord1647
ord1955
ord5171
ord1353
ord4961
ord3339
ord6275
ord3796
ord6273
ord1513
ord2163
ord2169
ord2399
ord2381
ord2379
ord2397
ord2409
ord2386
ord2402
ord2407
ord2390
ord2392
ord2394
ord2388
ord2404
ord2384
ord931
ord927
ord929
ord925
ord920
ord5229
ord5231
ord5956
ord1591
ord4276
ord4716
ord3397
ord5199
ord4179
ord6271
ord5067
ord1899
ord5148
ord4238
ord1392
ord3940
ord1608
ord1611
ord5908
ord6720
ord1542
ord1661
ord1662
ord2011
ord4884
ord4729
ord4206
ord5178
ord1472
ord5222
ord282
ord1479
ord899
ord1118
ord774
ord314
ord6751
ord3435
ord356
ord605
ord3635
ord501
ord709
ord347
ord602
ord3204
ord3155
ord1270
ord1271
ord5633
ord2255
ord1920
ord1925
ord1894
ord1182
ord1178
ord3570
ord3311
ord741
ord3678
ord1176
ord4234
ord1582
ord2086
ord3198
ord326
ord2362
ord5584
ord6033
ord5723
ord5727
ord5636
ord5638
ord3395
ord5519
ord4109
ord1058
ord1079
ord3417
ord587
ord4226
ord1536
ord2077
ord777
ord2361
ord3281
ord5637
ord3157
ord3296
ord290
ord776
ord577
ord293
ord765
ord315
ord1033
ord1087
ord1197
ord1199
ord1093
ord371
ord1908
ord1162
ord1115
ord1192
ord1168
ord1170
ord1200
ord581
ord2239
ord3942
ord4562
ord5226
ord5209
ord5562
ord2531
ord2725
ord6232
ord1785
ord620
ord572
ord3189
ord2985
ord5210
ord1393
ord5911
ord6721
ord4032
ord4008
ord6272
ord3795
ord6274
ord4320
ord2054
ord2009
ord5579
ord3800
ord1007
ord5096
ord6215
ord5378
ord3826
ord1911
ord2925
ord2461
ord5220
ord2829
ord4301
ord2708
ord2832
ord2534
ord2640
ord2527
ord3712
ord3713
ord3703
ord2638
ord3943
ord4475
ord4255
ord3327
ord3824
ord757
ord566
ord3677
ord6700
ord764

msvcr80

_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
__dllonexit
_encode_pointer
_amsg_exit
__CxxFrameHandler3
calloc
memcpy_s
malloc
_recalloc
__clean_type_info_names_internal
_initterm_e
_unlock
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
?terminate@@YAXXZ
memset
free
_initterm
_adjust_fdiv
_resetstkoflw
_purecall
wcsrchr

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
InterlockedCompareExchange
Sleep
LocalAlloc
LocalFree
MulDiv
InterlockedExchange
lstrlenW
LeaveCriticalSection
EnterCriticalSection
Process32NextW
CloseHandle
TerminateProcess
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
GetPrivateProfileIntW
GetPrivateProfileStringW
CreateProcessW
WritePrivateProfileStringW
GetModuleFileNameW
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
GetSystemTimeAsFileTime

user32

UnregisterClassA
SendMessageW
RedrawWindow
EnableWindow
GetClientRect
GetSysColor
GetSystemMetrics
DrawIcon
FillRect
LoadCursorW
CopyRect
GetWindowTextW
DrawStateW
InvalidateRect
GetWindowRect
SetRect
SetWindowRgn

gdi32

SelectObject
SetDIBColorTable
GetObjectW
GetBkColor
GetStockObject
CreateFontIndirectW
GetDIBColorTable
GetDeviceCaps
CreateFontW
CreatePen
RoundRect
GetTextExtentPoint32W
CreateRectRgnIndirect
StretchBlt
DeleteObject
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateDCW
DeleteDC
BitBlt

msimg32

AlphaBlend
TransparentBlt

advapi32

RegSetValueExW
RegCloseKey
RegDeleteValueW
RegOpenKeyExW

shell32

ShellExecuteW

comctl32

_TrackMouseEvent

psapi

GetModuleFileNameExW

gdiplus

GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageI
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdipDeleteGraphics

Exports

Exports

GetLCModule

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/setting.ini
Lightening Cleaner 3.0/misc/setting.png
.png
Lightening Cleaner 3.0/misc/spyware.dll
.dll windows:4 windows x86 arch:x86

c43596be8b9bd978762d4b68bfb5bf11

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc80u

ord3397
ord5210
ord4179
ord6271
ord5067
ord1899
ord5148
ord4238
ord1393
ord3940
ord1608
ord1611
ord5911
ord6721
ord266
ord3677
ord566
ord757
ord3824
ord3327
ord4475
ord2832
ord5562
ord5209
ord5226
ord4562
ord3942
ord2239
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord5096
ord1007
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord4032
ord283
ord314
ord6751
ord2460
ord1785
ord4574
ord6063
ord2155
ord1118
ord6086
ord558
ord746
ord2490
ord1002
ord2878
ord280
ord386
ord631
ord2271
ord384
ord629
ord5083
ord3877
ord744
ord5091
ord6291
ord6306
ord1443
ord4256
ord5199
ord1392
ord5908
ord6720
ord1542
ord1661
ord1662
ord2011
ord4884
ord4729
ord4206
ord3712
ord1472
ord6700
ord282
ord1479
ord4078
ord6133
ord899
ord896
ord4716
ord3435
ord605
ord3635
ord356
ord501
ord709
ord347
ord602
ord3204
ord3155
ord1270
ord1271
ord5633
ord2255
ord1920
ord1925
ord1894
ord3678
ord741
ord3198
ord326
ord2362
ord5584
ord6033
ord5723
ord5727
ord5636
ord5638
ord3756
ord3395
ord5519
ord4109
ord1058
ord1079
ord3311
ord4234
ord1582
ord2086
ord1182
ord1178
ord3417
ord587
ord777
ord2361
ord3281
ord5637
ord3157
ord3296
ord4226
ord1536
ord290
ord3545
ord715
ord3133
ord1572
ord1634
ord4276
ord1591
ord5956
ord5231
ord5229
ord920
ord925
ord765
ord315
ord1033
ord1087
ord1197
ord1199
ord1093
ord371
ord1908
ord1162
ord1115
ord1192
ord1168
ord1170
ord1200
ord581
ord3713
ord3703
ord2638
ord3943
ord4480
ord4255
ord3674
ord754
ord572
ord3581
ord1476
ord1906
ord1176
ord5430
ord425
ord929
ord927
ord931
ord2384
ord2404
ord2388
ord2394
ord2392
ord2390
ord2407
ord2402
ord2386
ord2409
ord2397
ord2379
ord2381
ord2399
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1955
ord1647
ord1646
ord1590
ord5196
ord2531
ord2725
ord2829
ord4301
ord2708
ord2856
ord2534
ord2640
ord277
ord2527
ord3015
ord4059
ord864
ord965
ord444
ord2311
ord2461
ord776
ord5398
ord265
ord556
ord762
ord4041
ord2261
ord4101
ord774
ord293
ord577
ord5178
ord764

msvcr80

_purecall
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_wtol
memset
wcsrchr
strcpy_s
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
vsprintf_s
_crt_debugger_hook
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
__dllonexit
_encode_pointer
_resetstkoflw
free
strncat_s
malloc
printf
strrchr
_CxxThrowException
_recalloc
memcpy_s
calloc
__CxxFrameHandler3
_unlock

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
LocalAlloc
LocalFree
InterlockedExchange
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
LoadLibraryW
CreateDirectoryW
FileTimeToSystemTime
GetFileTime
Sleep
TerminateThread
CreateThread
GetPrivateProfileStringW
ReadFile
CreateFileW
GetLogicalDrives
GetModuleFileNameW
WideCharToMultiByte
lstrlenW
DeviceIoControl
FormatMessageW
CloseHandle
CreateFileA
GetVersion
GetLastError
GetModuleFileNameA
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetSystemTimeAsFileTime

user32

GetWindowRect
InvalidateRect
DrawStateW
GetWindowTextW
CopyRect
LoadCursorW
SetRect
FillRect
DrawIcon
GetSystemMetrics
GetSysColor
GetClientRect
SendMessageW
EnableWindow
UnregisterClassA
SetWindowRgn
RedrawWindow

gdi32

Rectangle
CreateRectRgnIndirect
GetTextExtentPoint32W
CreateFontW
RoundRect
CreatePen
SetDIBColorTable
SelectObject
GetDIBColorTable
StretchBlt
DeleteObject
CreateDIBSection
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetStockObject
GetObjectW
CreateFontIndirectW

msimg32

TransparentBlt
AlphaBlend

advapi32

CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextW
CreateServiceA
OpenSCManagerW
OpenSCManagerA
DeleteService
ControlService
StartServiceA
OpenServiceA
CloseServiceHandle

shell32

ShellExecuteW

comctl32

_TrackMouseEvent

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

gdiplus

GdipFree
GdipAlloc
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageI

Exports

Exports

GetLCModule

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/spyware.png
.png
Lightening Cleaner 3.0/misc/ssapi.log
Lightening Cleaner 3.0/misc/ssapi32.dll
.dll windows:4 windows x86 arch:x86

8ca54bf9b4fc8cf17071a17dd3a2dad6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:52:12:f7:83:f4:d7:ab:a3:55:57:29:e9:9c:e0:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/01/2008, 00:00

Not After

16/02/2011, 23:59

Subject

CN=Trend Micro\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=RD,O=Trend Micro\, Inc.,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

FindFirstUrlCacheEntryW
DeleteUrlCacheEntryW
InternetSetOptionW
FindCloseUrlCache
InternetCanonicalizeUrlW
InternetCrackUrlW

userenv

GetUserProfileDirectoryW
GetProfilesDirectoryW

ws2_32

WSAStartup
WSAEnumNameSpaceProvidersW
WSCUnInstallNameSpace
WSCInstallNameSpace
WSCWriteNameSpaceOrder
WSACleanup
WSAGetLastError
WSCGetProviderPath
WSCDeinstallProvider
WSCInstallProvider
WSCEnumProtocols

shfolder

SHGetFolderPathW

crypt32

CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CertCloseStore
CertFreeCertificateContext
CryptMsgClose
CertGetNameStringW

wintrust

CryptCATAdminCalcHashFromFileHandle
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseCatalogContext
WinVerifyTrust
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext

kernel32

CreateFileA
GetFileType
GetModuleFileNameA
GetStdHandle
InterlockedDecrement
InterlockedIncrement
GetFileAttributesA
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetFileInformationByHandle
SizeofResource
LockResource
LoadResource
GetShortPathNameW
GetTempPathW
GetWindowsDirectoryW
FindResourceW
FindResourceExW
DeleteFileW
GetLastError
SetFileAttributesW
WideCharToMultiByte
CreateDirectoryW
GetPrivateProfileStringW
SetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CopyFileW
GetTempFileNameW
WritePrivateProfileStringW
MultiByteToWideChar
GetSystemDirectoryW
GetCurrentThreadId
CloseHandle
OpenProcess
GetProcAddress
LoadLibraryW
HeapFree
HeapAlloc
GetProcessHeap
GetLocalTime
GetModuleHandleW
GetModuleFileNameW
WaitForSingleObject
SetEvent
lstrlenW
Sleep
GlobalFree
GlobalAlloc
CreateEventW
GetComputerNameW
GetVersionExW
RemoveDirectoryW
GetUserDefaultLangID
QueryPerformanceFrequency
QueryPerformanceCounter
MoveFileW
lstrlenA
FreeLibrary
SetHandleCount
GetStartupInfoA
SetFilePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExpandEnvironmentStringsW
GetLongPathNameW
GetPrivateProfileSectionW
GetFullPathNameW
WriteProfileStringW
TerminateThread
SuspendThread
OpenThread
CompareFileTime
SetThreadPriority
GetThreadPriority
GetCurrentThread
lstrcpynW
SetLastError
GetFileAttributesW
MoveFileExW
CreateProcessW
VerLanguageNameW
FindClose
FindNextFileW
FindFirstFileW
ReleaseMutex
CreateMutexW
GetVolumeInformationW
SetErrorMode
Thread32Next
Thread32First
CreateToolhelp32Snapshot
ResumeThread
LocalFree
LocalAlloc
CreateFileW
ReadProcessMemory
CreateRemoteThread
WriteProcessMemory
GetDriveTypeW
GetLogicalDriveStringsW
IsBadStringPtrA
GetProfileStringW
GetVolumeNameForVolumeMountPointW
QueryDosDeviceW
TerminateProcess
InterlockedExchange
WriteFile
CreateMailslotW
GetOverlappedResult
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
DeleteFileA
GetConsoleMode
GetConsoleCP
RtlUnwind
GetThreadLocale
GetLocaleInfoA
GetACP
SetStdHandle
WriteConsoleA
ReadFile
CreateThread
GetCurrentProcessId
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
LoadLibraryA
SetEndOfFile
FlushFileBuffers
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEnvironmentVariableW
DeviceIoControl
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
RaiseException
ExitProcess
HeapCreate
VirtualAlloc
VirtualFree
GetCPInfo
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCommandLineA

user32

wsprintfW
GetActiveWindow
GetSystemMetrics
FindWindowW
GetWindowThreadProcessId
LoadStringW
UnregisterClassA

advapi32

RegSetValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegQueryValueExW
RegEnumValueW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegUnLoadKeyW
RegLoadKeyW
LockServiceDatabase
ChangeServiceConfigW
UnlockServiceDatabase
StartServiceW
CreateServiceW
RegRestoreKeyW
RegSaveKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
QueryServiceStatus
OpenSCManagerW
OpenServiceW
ControlService
DeleteService
CloseServiceHandle
OpenProcessToken
GetTokenInformation
LookupAccountSidW
GetUserNameW
RegCreateKeyW
RegDeleteKeyW
RegCloseKey

shell32

SHGetMalloc
SHGetPathFromIDListW
SHGetDesktopFolder
SHChangeNotify

ole32

CoUninitialize
CLSIDFromString
CoInitialize
StringFromGUID2

oleaut32

SysAllocString
SysStringLen
SysFreeString
VariantInit
VariantClear
SysAllocStringByteLen
VariantChangeType
VariantCopy
SysStringByteLen

shlwapi

PathRemoveBlanksW
PathStripToRootW
PathSearchAndQualifyW
SHDeleteKeyW
UrlCompareW
PathUnquoteSpacesW
PathAppendW
PathRemoveArgsW
PathIsLFNFileSpecW
PathAddBackslashW
PathIsDirectoryW
PathAddBackslashA
PathRemoveBackslashW
PathFileExistsW

netapi32

NetQueryDisplayInformation
NetApiBufferFree

pdh

PdhCloseQuery
PdhGetFormattedCounterValue
PdhCollectQueryData
PdhAddCounterW
PdhOpenQueryW
PdhEnumObjectItemsW
PdhEnumObjectsW

Exports

Exports

SSAddBlacklistItem
SSAddItem
SSAddReferentialScanItem
SSAddWhitelistItem
SSBackup
SSCheckBlacklist
SSCheckWhitelist
SSClean
SSCleanByName
SSCleanFile
SSCloseHandle
SSEnableScanner
SSGetBackupItems
SSGetBlacklistCount
SSGetCountSelectedByScannerId
SSGetEngineProperty
SSGetEngineStatus
SSGetFirstBlacklistItem
SSGetFirstRow
SSGetFirstRowByField
SSGetFirstRowByLongKey
SSGetFirstRowByStrKey
SSGetFirstWhitelistItem
SSGetItem
SSGetItemCount
SSGetItemCountByScannerId
SSGetItemIndexByCompanyName
SSGetLastError
SSGetNextBlacklistItem
SSGetNextRow
SSGetNextRowByField
SSGetNextRowByLongKey
SSGetNextRowByStrKey
SSGetNextWhitelistItem
SSGetOption
SSGetPatternProperty
SSGetRowById
SSGetScannerInfo
SSGetWhitelistCount
SSInit
SSIsSpywarePatternLoaded
SSLoadBlacklist
SSLoadEnvironment
SSLoadWhitelist
SSOpenTableLongEnum
SSOpenTableSeqEnum
SSOpenTableStrEnum
SSParseField
SSQuit
SSReadSpywarePattern
SSRemoveBlacklistItems
SSRemoveItems
SSRemoveReferentialScanItem
SSRemoveWhitelistItems
SSRestore
SSSaveBlacklist
SSSaveWhitelist
SSScan
SSScanDir
SSScanDomain
SSScanEx
SSScanFile
SSScanRelatedReferences
SSSelectByItem
SSSelectItems
SSSetCallbackFunc
SSSetOption
SSStopScan
SSToggleBlacklistItems
SSToggleWhitelistItems
SSUpdateItem

Sections

.text
Size: 984KB - Virtual size: 980KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 244KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/ssleay32.dll
.dll windows:4 windows x86 arch:x86

21f6fa139e45c8a784ff36ad5074ec73

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

libeay32

ord3695
ord3550
ord3418
ord203
ord128
ord31
ord830
ord727
ord2760
ord282
ord572
ord3719
ord216
ord206
ord497
ord4046
ord3682
ord2877
ord3711
ord205
ord486
ord484
ord763
ord577
ord907
ord87
ord481
ord3729
ord333
ord2915
ord256
ord1096
ord1097
ord3816
ord3888
ord3896
ord2589
ord1145
ord1144
ord1081
ord2292
ord3823
ord3846
ord622
ord627
ord657
ord653
ord623
ord2784
ord965
ord964
ord2572
ord3288
ord2747
ord3704
ord3758
ord3767
ord3647
ord3766
ord3365
ord3857
ord3460
ord3454
ord3754
ord3394
ord187
ord897
ord3414
ord3495
ord67
ord65
ord53
ord78
ord98
ord3826
ord3559
ord3399
ord636
ord914
ord2478
ord626
ord890
ord1004
ord3527
ord364
ord3178
ord2051
ord58
ord66
ord630
ord628
ord1041
ord1007
ord1005
ord1027
ord3378
ord3437
ord316
ord629
ord892
ord74
ord3866
ord248
ord1655
ord575
ord1025
ord246
ord1100
ord679
ord2524
ord3595
ord1023
ord3505
ord401
ord93
ord3396
ord3657
ord4045
ord2475
ord887
ord889
ord891
ord315
ord1147
ord189
ord314
ord956
ord280
ord2181
ord399
ord748
ord279
ord283
ord400
ord751
ord750
ord774
ord3205
ord37
ord35
ord824
ord822
ord8
ord1091
ord3700
ord3623
ord32
ord718
ord7
ord716
ord703
ord680
ord86
ord88
ord1101
ord293
ord322
ord2996
ord3155
ord2927
ord325
ord329
ord318
ord304
ord292
ord299
ord955
ord2252
ord91
ord247
ord225
ord151
ord120
ord3883
ord495
ord313
ord3724
ord909
ord912
ord635
ord285
ord498
ord219
ord3666
ord118
ord201
ord123
ord3663
ord3575
ord3608
ord3512
ord3459
ord2924
ord3480
ord3010
ord111
ord2578
ord3570
ord3644
ord2929
ord3422
ord110
ord866
ord3239
ord202
ord3879
ord109
ord89
ord3841
ord3874
ord961
ord2894
ord3067
ord323
ord3844
ord3244
ord2936
ord354
ord3245
ord3836
ord464
ord911
ord493
ord289
ord2201
ord167
ord52
ord85
ord169
ord168
ord3873
ord222
ord490
ord754
ord2411
ord910
ord2630
ord3109
ord269
ord188
ord181
ord654
ord290
ord281
ord2821
ord641
ord176
ord857
ord2206
ord252
ord903
ord1654
ord1653
ord904
ord901
ord1010
ord905

kernel32

CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CloseHandle
HeapSize
SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LoadLibraryA
WriteFile
VirtualAlloc
HeapReAlloc
RtlUnwind
InitializeCriticalSection
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
Sleep
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleA
GetProcAddress
GetProcessHeap
HeapAlloc
GetVersionExA
HeapFree
GetCommandLineA
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
GetLastError
SetLastError

Exports

Exports

BIO_f_ssl
BIO_new_buffer_ssl_connect
BIO_new_ssl
BIO_new_ssl_connect
BIO_ssl_copy_session_id
BIO_ssl_shutdown
DTLSv1_client_method
DTLSv1_method
DTLSv1_server_method
ERR_load_SSL_strings
SSL_CIPHER_description
SSL_CIPHER_get_bits
SSL_CIPHER_get_name
SSL_CIPHER_get_version
SSL_COMP_add_compression_method
SSL_COMP_get_compression_methods
SSL_COMP_get_name
SSL_CTX_add_client_CA
SSL_CTX_add_session
SSL_CTX_callback_ctrl
SSL_CTX_check_private_key
SSL_CTX_ctrl
SSL_CTX_flush_sessions
SSL_CTX_free
SSL_CTX_get_cert_store
SSL_CTX_get_client_CA_list
SSL_CTX_get_client_cert_cb
SSL_CTX_get_ex_data
SSL_CTX_get_ex_new_index
SSL_CTX_get_info_callback
SSL_CTX_get_quiet_shutdown
SSL_CTX_get_timeout
SSL_CTX_get_verify_callback
SSL_CTX_get_verify_depth
SSL_CTX_get_verify_mode
SSL_CTX_load_verify_locations
SSL_CTX_new
SSL_CTX_remove_session
SSL_CTX_sess_get_get_cb
SSL_CTX_sess_get_new_cb
SSL_CTX_sess_get_remove_cb
SSL_CTX_sess_set_get_cb
SSL_CTX_sess_set_new_cb
SSL_CTX_sess_set_remove_cb
SSL_CTX_sessions
SSL_CTX_set_cert_store
SSL_CTX_set_cert_verify_callback
SSL_CTX_set_cipher_list
SSL_CTX_set_client_CA_list
SSL_CTX_set_client_cert_cb
SSL_CTX_set_client_cert_engine
SSL_CTX_set_cookie_generate_cb
SSL_CTX_set_cookie_verify_cb
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_set_default_verify_paths
SSL_CTX_set_ex_data
SSL_CTX_set_generate_session_id
SSL_CTX_set_info_callback
SSL_CTX_set_msg_callback
SSL_CTX_set_purpose
SSL_CTX_set_quiet_shutdown
SSL_CTX_set_session_id_context
SSL_CTX_set_ssl_version
SSL_CTX_set_timeout
SSL_CTX_set_tmp_dh_callback
SSL_CTX_set_tmp_ecdh_callback
SSL_CTX_set_tmp_rsa_callback
SSL_CTX_set_trust
SSL_CTX_set_verify
SSL_CTX_set_verify_depth
SSL_CTX_use_PrivateKey
SSL_CTX_use_PrivateKey_ASN1
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_RSAPrivateKey
SSL_CTX_use_RSAPrivateKey_ASN1
SSL_CTX_use_RSAPrivateKey_file
SSL_CTX_use_certificate
SSL_CTX_use_certificate_ASN1
SSL_CTX_use_certificate_chain_file
SSL_CTX_use_certificate_file
SSL_SESSION_cmp
SSL_SESSION_free
SSL_SESSION_get_ex_data
SSL_SESSION_get_ex_new_index
SSL_SESSION_get_id
SSL_SESSION_get_time
SSL_SESSION_get_timeout
SSL_SESSION_hash
SSL_SESSION_new
SSL_SESSION_print
SSL_SESSION_print_fp
SSL_SESSION_set_ex_data
SSL_SESSION_set_time
SSL_SESSION_set_timeout
SSL_accept
SSL_add_client_CA
SSL_add_dir_cert_subjects_to_stack
SSL_add_file_cert_subjects_to_stack
SSL_alert_desc_string
SSL_alert_desc_string_long
SSL_alert_type_string
SSL_alert_type_string_long
SSL_callback_ctrl
SSL_check_private_key
SSL_clear
SSL_connect
SSL_copy_session_id
SSL_ctrl
SSL_do_handshake
SSL_dup
SSL_dup_CA_list
SSL_free
SSL_get1_session
SSL_get_SSL_CTX
SSL_get_certificate
SSL_get_cipher_list
SSL_get_ciphers
SSL_get_client_CA_list
SSL_get_current_cipher
SSL_get_current_compression
SSL_get_current_expansion
SSL_get_default_timeout
SSL_get_error
SSL_get_ex_data
SSL_get_ex_data_X509_STORE_CTX_idx
SSL_get_ex_new_index
SSL_get_fd
SSL_get_finished
SSL_get_info_callback
SSL_get_peer_cert_chain
SSL_get_peer_certificate
SSL_get_peer_finished
SSL_get_privatekey
SSL_get_quiet_shutdown
SSL_get_rbio
SSL_get_read_ahead
SSL_get_rfd
SSL_get_session
SSL_get_shared_ciphers
SSL_get_shutdown
SSL_get_ssl_method
SSL_get_verify_callback
SSL_get_verify_depth
SSL_get_verify_mode
SSL_get_verify_result
SSL_get_version
SSL_get_wbio
SSL_get_wfd
SSL_has_matching_session_id
SSL_library_init
SSL_load_client_CA_file
SSL_load_error_strings
SSL_new
SSL_peek
SSL_pending
SSL_read
SSL_renegotiate
SSL_renegotiate_pending
SSL_rstate_string
SSL_rstate_string_long
SSL_set_SSL_CTX
SSL_set_accept_state
SSL_set_bio
SSL_set_cipher_list
SSL_set_client_CA_list
SSL_set_connect_state
SSL_set_ex_data
SSL_set_fd
SSL_set_generate_session_id
SSL_set_info_callback
SSL_set_msg_callback
SSL_set_purpose
SSL_set_quiet_shutdown
SSL_set_read_ahead
SSL_set_rfd
SSL_set_session
SSL_set_session_id_context
SSL_set_shutdown
SSL_set_ssl_method
SSL_set_tmp_dh_callback
SSL_set_tmp_ecdh_callback
SSL_set_tmp_rsa_callback
SSL_set_trust
SSL_set_verify
SSL_set_verify_depth
SSL_set_verify_result
SSL_set_wfd
SSL_shutdown
SSL_state
SSL_state_string
SSL_state_string_long
SSL_use_PrivateKey
SSL_use_PrivateKey_ASN1
SSL_use_PrivateKey_file
SSL_use_RSAPrivateKey
SSL_use_RSAPrivateKey_ASN1
SSL_use_RSAPrivateKey_file
SSL_use_certificate
SSL_use_certificate_ASN1
SSL_use_certificate_file
SSL_version
SSL_want
SSL_write
SSLv23_client_method
SSLv23_method
SSLv23_server_method
SSLv2_client_method
SSLv2_method
SSLv2_server_method
SSLv3_client_method
SSLv3_method
SSLv3_server_method
TLSv1_client_method
TLSv1_method
TLSv1_server_method
d2i_SSL_SESSION
i2d_SSL_SESSION
ssl2_ciphers
ssl3_ciphers

Sections

.text
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/tmaiofc.sys
.sys windows:5 windows x86 arch:x86

37931adbe2e734a8fa8c6d4070a2a7fc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
IofCompleteRequest
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
DbgPrint
IoDeleteSymbolicLink
ExAllocatePoolWithTag
ZwQuerySystemInformation
NtClose
ZwSetInformationObject
ZwClose
ZwWaitForSingleObject
PsCreateSystemThread
KeUnstackDetachProcess
KeStackAttachProcess
PsLookupProcessByProcessId
MmIsAddressValid
ExFreePoolWithTag
RtlCompareMemory
wcslen
KeSetEvent
IoFreeIrp
KeWaitForSingleObject
IofCallDriver
RtlAssert
KeGetCurrentThread
IoAllocateIrp
KeInitializeEvent
ObfDereferenceObject
ObReferenceObjectByHandle
IoFileObjectType
wcsncpy
IoCreateFile
IoReleaseVpbSpinLock
IoAcquireVpbSpinLock
SeCreateAccessState
IoGetFileObjectGenericMapping
ObCreateObject
ObInsertObject
_stricmp
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
IoFreeMdl
MmBuildMdlForNonPagedPool
IoAllocateMdl
RtlCompareUnicodeString
ZwCreateFile
_strnicmp
KeBugCheckEx
RtlUpperChar
_except_handler3

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 512B - Virtual size: 413B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 896B - Virtual size: 874B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/tmcomm.sys
.sys windows:6 windows x86 arch:x86

4e665333a0b0ec32a40538796f7fb7b4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:52:12:f7:83:f4:d7:ab:a3:55:57:29:e9:9c:e0:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/01/2008, 00:00

Not After

16/02/2011, 23:59

Subject

CN=Trend Micro\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=RD,O=Trend Micro\, Inc.,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

84:65:9e:e3:84:16:0d:20:af:b4:df:c9:d2:30:46:80:f7:6d:c6:e6
Signer

Actual PE Digest

84:65:9e:e3:84:16:0d:20:af:b4:df:c9:d2:30:46:80:f7:6d:c6:e6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExReleaseFastMutexUnsafe
wcsncpy
memcpy
wcsrchr
KeSetEvent
KePulseEvent
KeClearEvent
KeInitializeSemaphore
KeWaitForSingleObject
DbgPrint
KeReleaseSemaphore
RtlSubAuthoritySid
RtlInitializeSid
ExAllocatePoolWithTag
RtlLengthRequiredSid
ExFreePoolWithTag
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
ObfDereferenceObject
ZwSetEvent
ZwClose
KeUnstackDetachProcess
ZwRequestWaitReplyPort
memmove
KeStackAttachProcess
ZwConnectPort
RtlInitUnicodeString
ZwCreateSection
ZwWaitForSingleObject
ZwOpenEvent
ObfReferenceObject
IoGetCurrentProcess
memset
MmIsAddressValid
ZwWriteFile
ZwReadFile
ZwQueryInformationFile
ZwSetInformationFile
ZwCreateFile
swprintf
towupper
_wcsnicmp
KeInitializeEvent
_snprintf
PsGetCurrentProcessId
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwCreateKey
ZwCreateEvent
KeWaitForMultipleObjects
ObReferenceObjectByHandle
ZwNotifyChangeKey
PsGetCurrentThreadId
_vsnprintf
KeSetPriorityThread
PsTerminateSystemThread
PsCreateSystemThread
KeNumberProcessors
ZwQuerySystemInformation
ZwQueryDirectoryFile
ZwOpenDirectoryObject
ZwQueryDirectoryObject
ZwDuplicateObject
ZwOpenKey
ZwEnumerateKey
ZwEnumerateValueKey
ZwQueryValueKey
ZwDeleteValueKey
ZwDeleteKey
ExGetPreviousMode
ZwTerminateProcess
ObOpenObjectByPointer
KeLeaveCriticalRegion
ZwOpenProcess
ZwQueryKey
ZwSetValueKey
MmHighestUserAddress
IoFreeIrp
IoFreeMdl
_purecall
IoBuildAsynchronousFsdRequest
ProbeForWrite
_strnicmp
RtlQueryRegistryValues
RtlAppendUnicodeToString
KeDelayExecutionThread
mbstowcs
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
NtClose
ZwSetInformationObject
_stricmp
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwOpenFile
RtlEqualUnicodeString
IoFileObjectType
IoCreateFile
IofCallDriver
IoAllocateIrp
MmBuildMdlForNonPagedPool
IoAllocateMdl
PsGetVersion
MmGetSystemRoutineAddress
RtlCompareMemory
RtlCopyUnicodeString
RtlImageNtHeader
PsLookupProcessByProcessId
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
strrchr
KeBugCheckEx
RtlAppendUnicodeStringToString
IofCompleteRequest
ExEventObjectType
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
ProbeForRead
IoGetDeviceObjectPointer
RtlUpperChar
RtlCompareUnicodeString
strncpy
KeServiceDescriptorTable
NtOpenProcess
ObReferenceObjectByPointer
MmSectionObjectType
ObQueryNameString
ObOpenObjectByName
IoDriverObjectType
NtQueryInformationProcess
_snwprintf
KeAddSystemServiceTable
ZwQueryObject
ZwQuerySecurityObject
ObInsertObject
_allrem
IoBuildDeviceIoControlRequest
IoReleaseVpbSpinLock
IoAcquireVpbSpinLock
SeCreateAccessState
IoGetFileObjectGenericMapping
ObCreateObject
KeTickCount
RtlUnwind
KeEnterCriticalRegion
PsProcessType
ExAcquireFastMutexUnsafe
ZwSetSecurityObject
IoDeviceObjectType
IoCreateDevice
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
SeExports
IoIsWdmVersionAvailable
RtlLengthSid
wcschr
RtlAbsoluteToSelfRelativeSD
MmUnlockPages
KeGetCurrentThread

hal

KfLowerIrql
KeRaiseIrqlToDpcLevel

classpnp.sys

ClassInitialize

Exports

Exports

??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
??0CBlobConfig@@QAE@ABV0@@Z
??0CBlobConfig@@QAE@K@Z
??0CContext@@QAE@ABV0@@Z
??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
??0CContextList@@QAE@ABV0@@Z
??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
??0CDebugLog@@QAE@ABV0@@Z
??0CDebugLog@@QAE@PBG@Z
??0CExclusionExtConfig@@QAE@ABV0@@Z
??0CExclusionExtConfig@@QAE@KKE@Z
??0CExclusionFileNameConfig@@QAE@ABV0@@Z
??0CExclusionFileNameConfig@@QAE@KK@Z
??0CExclusionFilePathConfig@@QAE@ABV0@@Z
??0CExclusionFilePathConfig@@QAE@KK@Z
??0CExclusionFolderConfig@@QAE@ABV0@@Z
??0CExclusionFolderConfig@@QAE@KK@Z
??0CExclusionRegistryConfig@@QAE@ABV0@@Z
??0CExclusionRegistryConfig@@QAE@KK@Z
??0CFile@@QAE@ABV0@@Z
??0CFile@@QAE@E@Z
??0CFileExtension@@QAE@ABV0@@Z
??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
??0CKEvent@@QAE@ABV0@@Z
??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
??0CList@@QAE@ABV0@@Z
??0CList@@QAE@KPAVIMemoryAllocator@@@Z
??0CLockEvent@@QAE@ABV0@@Z
??0CLockEvent@@QAE@XZ
??0CLockList@@QAE@ABV0@@Z
??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
??0CMemoryAllocator@@QAE@ABV0@@Z
??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
??0CMemoryPoolAllocator@@QAE@ABV0@@Z
??0CModuleConfig@@QAE@ABV0@@Z
??0CModuleConfig@@QAE@XZ
??0CModuleConfigList@@QAE@ABV0@@Z
??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
??0CModuleFileExtConfig@@QAE@ABV0@@Z
??0CModuleFileExtConfig@@QAE@KKE@Z
??0CModuleFlagConfig@@QAE@ABV0@@Z
??0CModuleFlagConfig@@QAE@K@Z
??0CModuleMultiStringConfig@@QAE@ABV0@@Z
??0CModuleMultiStringConfig@@QAE@KK@Z
??0CModuleStringConfig@@QAE@ABV0@@Z
??0CModuleStringConfig@@QAE@K@Z
??0CSmartLock@@QAE@AAVCLockEvent@@@Z
??0CSmartLock@@QAE@XZ
??0CSmartReference@@QAE@AAJ@Z
??0CSmartReference@@QAE@AAK@Z
??0CStrList@@QAE@ABV0@@Z
??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
??0CSystemThread@@QAE@ABV0@@Z
??0CSystemThread@@QAE@K@Z
??0CUserFuncAdapterJob@@QAE@ABV0@@Z
??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z0@Z
??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
??0CWorkerThread@@QAE@ABV0@@Z
??0CWorkerThreadJob@@QAE@ABV0@@Z
??0CWorkerThreadJob@@QAE@E@Z
??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
??0CWorkerThreadJobQueue@@QAE@K@Z
??0CWorkerThreadPool@@QAE@ABV0@@Z
??0CWorkerThreadPool@@QAE@K@Z
??0IMemoryAllocator@@QAE@ABV0@@Z
??0IMemoryAllocator@@QAE@XZ
??1CAutoUpdateConfigThread@@UAE@XZ
??1CBlobConfig@@UAE@XZ
??1CContext@@UAE@XZ
??1CContextList@@UAE@XZ
??1CDebugLog@@UAE@XZ
??1CExclusionExtConfig@@UAE@XZ
??1CExclusionFileNameConfig@@UAE@XZ
??1CExclusionFilePathConfig@@UAE@XZ
??1CExclusionFolderConfig@@UAE@XZ
??1CExclusionRegistryConfig@@UAE@XZ
??1CFile@@UAE@XZ
??1CFileExtension@@UAE@XZ
??1CKEvent@@UAE@XZ
??1CList@@UAE@XZ
??1CLockEvent@@UAE@XZ
??1CLockList@@UAE@XZ
??1CMemoryAllocator@@UAE@XZ
??1CMemoryPoolAllocator@@UAE@XZ
??1CModuleConfig@@UAE@XZ
??1CModuleConfigList@@UAE@XZ
??1CModuleFileExtConfig@@UAE@XZ
??1CModuleFlagConfig@@UAE@XZ
??1CModuleMultiStringConfig@@UAE@XZ
??1CModuleStringConfig@@UAE@XZ
??1CSmartLock@@QAE@XZ
??1CSmartReference@@QAE@XZ
??1CStrList@@UAE@XZ
??1CSystemThread@@UAE@XZ
??1CUserFuncAdapterJob@@UAE@XZ
??1CWorkerThread@@UAE@XZ
??1CWorkerThreadJob@@UAE@XZ
??1CWorkerThreadJobQueue@@UAE@XZ
??1CWorkerThreadPool@@UAE@XZ
??1IMemoryAllocator@@UAE@XZ
??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
??2CMemoryAllocator@@SGPAXI@Z
??2CMemoryPoolAllocator@@SGPAXI@Z
??3@YAXPAX@Z
??3IMemoryAllocator@@SGXPAX@Z
??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
??4CBlobConfig@@QAEAAV0@ABV0@@Z
??4CContext@@QAEAAV0@ABV0@@Z
??4CDebugLog@@QAEAAV0@ABV0@@Z
??4CFile@@QAEAAV0@ABV0@@Z
??4CKEvent@@QAEAAV0@ABV0@@Z
??4CLockEvent@@QAEAAV0@ABV0@@Z
??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
??4CModuleConfig@@QAEAAV0@ABV0@@Z
??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
??4CSmartLock@@QAEAAV0@ABV0@@Z
??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
??4CSystemThread@@QAEAAV0@ABV0@@Z
??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
??4CWorkerThread@@QAEAAV0@ABV0@@Z
??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
??_7CAutoUpdateConfigThread@@6B@
??_7CBlobConfig@@6B@
??_7CContext@@6B@
??_7CContextList@@6B@
??_7CDebugLog@@6B@
??_7CExclusionExtConfig@@6B@
??_7CExclusionFileNameConfig@@6B@
??_7CExclusionFilePathConfig@@6B@
??_7CExclusionFolderConfig@@6B@
??_7CExclusionRegistryConfig@@6B@
??_7CFile@@6B@
??_7CFileExtension@@6B@
??_7CKEvent@@6B@
??_7CList@@6B@
??_7CLockEvent@@6B@
??_7CLockList@@6B@
??_7CMemoryAllocator@@6B@
??_7CMemoryPoolAllocator@@6B@
??_7CModuleConfig@@6B@
??_7CModuleConfigList@@6B@
??_7CModuleFileExtConfig@@6B@
??_7CModuleFlagConfig@@6B@
??_7CModuleMultiStringConfig@@6B@
??_7CModuleStringConfig@@6B@
??_7CStrList@@6B@
??_7CSystemThread@@6B@
??_7CUserFuncAdapterJob@@6B@
??_7CWorkerThread@@6B@
??_7CWorkerThreadJob@@6B@
??_7CWorkerThreadJobQueue@@6B@
??_7CWorkerThreadPool@@6B@
??_7IMemoryAllocator@@6B@
??_FCContextList@@QAEXXZ
??_FCFile@@QAEXXZ
??_FCFileExtension@@QAEXXZ
??_FCModuleConfigList@@QAEXXZ
??_FCStrList@@QAEXXZ
??_FCSystemThread@@QAEXXZ
??_FCWorkerThread@@QAEXXZ
??_FCWorkerThreadJob@@QAEXXZ
??_FCWorkerThreadJobQueue@@QAEXXZ
??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
??_V@YAXPAX@Z
?Acquire@CLockEvent@@QAEXXZ
?Add@CContextList@@QAEEPAVCContext@@@Z
?Add@CFileExtension@@QAEEPBGK@Z
?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
?Add@CStrList@@QAEEPBG@Z
?AddNode@CLockList@@UAEEQAXE@Z
?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
?Cancel@CWorkerThreadJob@@QAEXXZ
?CheckNode@CLockList@@UAEHQAX@Z
?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
?Cleanup@CBlobConfig@@AAEXXZ
?Cleanup@CModuleFileExtConfig@@IAEXXZ
?Cleanup@CModuleMultiStringConfig@@IAEXXZ
?Cleanup@CModuleStringConfig@@AAEXXZ
?Close@CFile@@QAEJXZ
?Count@CLockList@@QAEKXZ
?Create@CFile@@QAEJPBGKKKK@Z
?Create@CSystemThread@@QAEEXZ
?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
?CreatePool@CWorkerThreadPool@@QAEEXZ
?CreateThreads@CWorkerThreadPool@@QAEEK@Z
?CreateWIRP@CFile@@QAEJPBGKKKK@Z
?Delete@CFile@@QAEJXZ
?Delete@CFileExtension@@QAEEPBGK@Z
?Delete@CStrList@@QAEEPBG@Z
?DeleteAll@CList@@UAEXXZ
?DeleteAll@CLockList@@UAEXXZ
?DeleteNode@CContextList@@MAEXPAX@Z
?DeleteNode@CList@@UAEXPAX@Z
?DeleteNode@CModuleConfigList@@MAEXPAX@Z
?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
?DisableWriteProtectFromCR0@@YGXPAPAX@Z
?DoIt@CWorkerThreadJob@@QAEJXZ
?EntryPoint@CSystemThread@@KGXPAX@Z
?Find@CContextList@@QAEPAVCContext@@K@Z
?Find@CContextList@@QAEPAVCContext@@PAX@Z
?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
?FindNode@CContextList@@IAEPAXPAX@Z
?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
?First@CList@@UAEPAXXZ
?First@CLockList@@UAEPAXXZ
?Free@CMemoryAllocator@@UAEXPAX@Z
?Free@CMemoryPoolAllocator@@UAEXPAX@Z
?GetAttributes@CFile@@QAEKXZ
?GetBasicInfomration@CFile@@IAEJXZ
?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
?GetCategory@CContext@@QAEKXZ
?GetData@CBlobConfig@@QAEHPAXPAK@Z
?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
?GetData@CModuleFlagConfig@@QAEKXZ
?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
?GetData@CModuleStringConfig@@QAEPAGXZ
?GetData@CStrList@@QAEEPAGPAK@Z
?GetDataType@CModuleConfig@@QAEKXZ
?GetEngineContext@CContext@@QAEPAXXZ
?GetFBCallBackRoutine@CContext@@QAEKXZ
?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
?GetFlagConfig@CContext@@UAEJKPAK@Z
?GetID@CModuleConfig@@QAEKXZ
?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
?GetLength@CModuleStringConfig@@QAEKXZ
?GetLinkContext@CContext@@QAEPAXXZ
?GetLogFlag@CDebugLog@@QAEKXZ
?GetModuleId@CModuleConfig@@QAEKXZ
?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
?GetReportCallBackRoutine@CContext@@QAEKXZ
?GetSize@CBlobConfig@@QAEKXZ
?GetStringConfig@CContext@@QAEPAGK@Z
?GetStringConfig@CContext@@UAEJKPAGPAK@Z
?GetThreadCount@CWorkerThreadPool@@QAEKXZ
?GetThreadID@CSystemThread@@QAEKXZ
?GetType@CContext@@QAEKXZ
?GetUserParameter@CContext@@QAEKXZ
?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
?InitializeFlagConfig@CContext@@QAEHKK@Z
?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
?InitializeStringConfig@CContext@@QAEHKPBG@Z
?Insert@CList@@UAEXQAXE@Z
?Insert@CLockList@@UAEXQAXE@Z
?InsertAfter@CList@@UAEXPAX0@Z
?InsertBefore@CList@@UAEXPAX0@Z
?Instance@CWorkerThreadPool@@SGPAV1@XZ
?IsEmpty@CList@@UAEEXZ
?IsEmpty@CLockList@@UAEEXZ
?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
?IsFull@CLockList@@QBEEXZ
?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
?IsOpened@CFile@@QAEEXZ
?IsTerminated@CWorkerThreadPool@@QAEEXZ
?IsValid@CMemoryAllocator@@UAEEXZ
?IsValid@CMemoryPoolAllocator@@UAEEXZ
?IsValid@IMemoryAllocator@@UAEEXZ
?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
?JobFunction@CUserFuncAdapterJob@@MAEXXZ
?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
?Limit@CLockList@@QAEKXZ
?MatchAllExtensions@CFileExtension@@QAEEXZ
?MatchNoExtensions@CFileExtension@@QAEEXZ
?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
?NeedDelete@CWorkerThreadJob@@QAEEXZ
?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
?NewNode@CList@@UAEPAXXZ
?NewNode@CStrList@@EAEPAXXZ
?NewNodeVariant@CList@@IAEPAXK@Z
?Next@CList@@UBEPAXQAX@Z
?Next@CLockList@@UBEPAXQAX@Z
?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
?NotityTerminate@CWorkerThread@@QAEXXZ
?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
?Pulse@CKEvent@@QAEJJE@Z
?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
?Read@CFile@@QAEJPADKPAK@Z
?ReferenceCount@CContext@@QAEAAKXZ
?Release@CLockEvent@@QAEXXZ
?Remove@CContextList@@UAEEQAX@Z
?Remove@CList@@UAEEQAX@Z
?Remove@CLockList@@UAEEQAX@Z
?RemoveHead@CList@@UAEPAXXZ
?RemoveHead@CLockList@@UAEPAXXZ
?RemoveTail@CList@@UAEPAXXZ
?RemoveTail@CLockList@@UAEPAXXZ
?Reset@CKEvent@@QAEXXZ
?RestoreCR0@@YGXPAX@Z
?Run@CAutoUpdateConfigThread@@UAEXXZ
?Run@CWorkerThread@@UAEXXZ
?SeekToEnd@CFile@@QAEJXZ
?Set@CKEvent@@QAEJJE@Z
?SetAttributes@CFile@@QAEJK@Z
?SetBlobCofig@CContext@@UAEJKPAXK@Z
?SetData@CBlobConfig@@QAEHPAXK@Z
?SetData@CModuleFileExtConfig@@QAEHPBG@Z
?SetData@CModuleFlagConfig@@QAEHK@Z
?SetData@CModuleMultiStringConfig@@QAEHPBG@Z
?SetData@CModuleStringConfig@@QAEHPBG@Z
?SetEngineContext@CContext@@QAEXPAX@Z
?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
?SetFlagConfig@CContext@@UAEJKK@Z
?SetLinkContext@CContext@@QAEXPAX@Z
?SetLogFlag@CDebugLog@@QAEEK@Z
?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
?SetMultiStringConfig@CContext@@UAEJKPBG@Z
?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
?SetPriority@CSystemThread@@QAEXK@Z
?SetStopUse@CContext@@QAEXXZ
?SetStringConfig@CContext@@UAEJKPBG@Z
?Setup@CSystemThread@@MAEXXZ
?StopUse@CContext@@QAEHXZ
?TearDown@CSystemThread@@MAEXXZ
?Terminate@CSystemThread@@QAEXE@Z
?Terminate@CWorkerThreadPool@@QAEEXZ
?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
?WaitFinish@CWorkerThreadJob@@QAEXXZ
?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
?Write@CDebugLog@@QAAXPBDZZ
?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
?WriteSystemInformation@CDebugLog@@QAEXXZ
?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
?WriteToFile@CDebugLog@@IAEXPADK@Z
?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
?_pPagedAllocator@@3PAVCMemoryAllocator@@A
?m_lpInstance@CWorkerThreadPool@@1PAV1@A
?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
_DeInitKmLPC@0
_GetModuleInfoByAddress@8
_GetModuleInfoByModuleName@8
_InitKmLPC@0
_KmCallUm@8
_ModGetExportProcAddress@8
_ModLoadDLLToBuffer@4
_ModLoadModule@8
_ModUnLoadModule@4
_NormalizeFileName@4
_NormalizeFullNtPathToDosName@4
_TmCommConfigRoutine@4
_UtilCleanFileReadOnly@4
_UtilDeleteFileForce@4
_UtilGetFileObjectForProcessByEPROC@8
_UtilGetFileObjectFromFileName@12
_UtilGetProcessName@12
_UtilGetSystemTime@4
_UtilIoSetFileInfo@24
_UtilIopCreateFileIRP@40
_UtilKeGetLowFileDevice@16
_UtilModuleIATHook@24
_UtilModuleIATUnHook@8
_UtilQueryKeyValue@24
_UtilVolumeDeviceToDosName@8
_UtilWaitValueChangeToZero@8
_UtilWriteVersionToRegistry@8
_UtilbuildDynamicDiskMappingTable@0
__UtilDosPathNameToNtPathName@12

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/tmengdrv.dll
.dll windows:4 windows x86 arch:x86

154c1b0aadea3fea3dd9483391aad81f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:52:12:f7:83:f4:d7:ab:a3:55:57:29:e9:9c:e0:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/01/2008, 00:00

Not After

16/02/2011, 23:59

Subject

CN=Trend Micro\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=RD,O=Trend Micro\, Inc.,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

setupapi

InstallHinfSectionW

kernel32

OpenEventW
FindClose
GetSystemDirectoryW
SetEndOfFile
GetLocaleInfoW
GetVersionExW
CreateMutexW
DeviceIoControl
GetOverlappedResult
OutputDebugStringW
CreateFileW
CloseHandle
CreateMailslotW
GetCurrentDirectoryW
CreateEventW
WaitForSingleObject
GetTickCount
Sleep
GetLastError
SetLastError
ReadFile
FindFirstFileW
GetModuleHandleA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateDirectoryW
GetCurrentThreadId
GetCurrentProcessId
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetSystemTimeAsFileTime
DeleteFileW
GetFullPathNameW
GetLocalTime
CreateFileA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
GetCurrentThread
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
ExitProcess
FatalAppExitA
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
WideCharToMultiByte
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
VirtualAlloc
HeapReAlloc
WriteFile
GetTimeZoneInformation
SetFilePointer
GetCurrentDirectoryA
SetCurrentDirectoryA
GetDriveTypeA
GetFullPathNameA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryA
SetStdHandle

user32

wsprintfW

advapi32

RegDeleteKeyW
RegDeleteValueW
QueryServiceConfigW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
CreateServiceW
ChangeServiceConfig2W
OpenSCManagerW
ControlService
StartServiceW
OpenServiceW
DeleteService
CloseServiceHandle
QueryServiceStatus
RegCreateKeyExW

shell32

ShellExecuteExW
SHGetFolderPathW

Exports

Exports

TMAV_Configure
TMAV_InstallPlugin
TMAV_InstallService
TMAV_InstallServiceEx
TMAV_QueryServiceHomeDirectory
TMAV_QueryServiceInformation
TMAV_SetServiceStartType
TMAV_SetTmBmSrvDescription
TMAV_SetTmBmSrvPath
TMAV_StartService
TMAV_StartServiceEx
TMAV_StopService
TMAV_UnInstallPlugin
TMAV_UnInstallService
TMAV_UnInstallServiceEx

Sections

.text
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/tool.dll
.dll windows:4 windows x86 arch:x86

3014edc0ab5dead120b2a7fa519c4011

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc80u

ord3942
ord2239
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord5096
ord1007
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord4032
ord1785
ord4574
ord6063
ord386
ord631
ord2271
ord762
ord6086
ord2155
ord6061
ord6278
ord1118
ord314
ord6751
ord2011
ord2366
ord4256
ord4480
ord2856
ord5196
ord1590
ord1646
ord1647
ord1955
ord5171
ord1353
ord4961
ord3339
ord6275
ord3796
ord6273
ord1513
ord2163
ord2169
ord2399
ord2381
ord2379
ord2397
ord2409
ord2386
ord2402
ord2407
ord2390
ord2392
ord2394
ord2388
ord2404
ord2384
ord931
ord927
ord929
ord925
ord920
ord5229
ord5231
ord5956
ord1591
ord4276
ord4716
ord3397
ord5199
ord4179
ord6271
ord5067
ord1899
ord5148
ord4238
ord1392
ord3940
ord1608
ord1611
ord4562
ord6720
ord1542
ord1661
ord1662
ord4884
ord4729
ord4206
ord5178
ord4074
ord2461
ord3435
ord354
ord605
ord6721
ord5911
ord1393
ord5210
ord2985
ord3189
ord572
ord620
ord1883
ord3635
ord501
ord709
ord347
ord602
ord3155
ord1270
ord5633
ord2255
ord3204
ord3281
ord1271
ord5637
ord1920
ord1925
ord1182
ord1178
ord3417
ord2077
ord587
ord3678
ord4109
ord2361
ord3198
ord5638
ord5727
ord6033
ord1894
ord1176
ord4226
ord1536
ord290
ord356
ord741
ord326
ord2362
ord5584
ord5723
ord5636
ord3756
ord3395
ord5519
ord1058
ord1079
ord3311
ord4234
ord1582
ord2086
ord3157
ord3296
ord5226
ord5209
ord5562
ord2531
ord765
ord315
ord1033
ord1087
ord1197
ord1199
ord1093
ord371
ord1908
ord1162
ord1115
ord1192
ord1168
ord1170
ord1200
ord581
ord2725
ord2829
ord4301
ord2708
ord2832
ord2534
ord2640
ord2527
ord3712
ord3713
ord3703
ord2638
ord3943
ord4475
ord4255
ord3327
ord3824
ord757
ord566
ord3677
ord896
ord899
ord900
ord4101
ord1479
ord282
ord6700
ord1472
ord284
ord283
ord5398
ord2460
ord777
ord2121
ord776
ord774
ord265
ord266
ord280
ord2311
ord577
ord293
ord5908
ord764

msvcr80

wcsncmp
_wfopen
memset
strerror
_errno
fseek
ftell
fread
fclose
fwrite
wcsncpy
wcstol
_swprintf
wcsstr
__clean_type_info_names_internal
_except_handler4_common
wcschr
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
__dllonexit
_encode_pointer
_unlock
?terminate@@YAXXZ
__CxxFrameHandler3
calloc
memcpy_s
_wcsnicmp
?_type_info_dtor_internal_method@type_info@@QAEXXZ
memcpy
memmove
_wtoi
malloc
_recalloc
_resetstkoflw
_purecall
free

kernel32

MultiByteToWideChar
WideCharToMultiByte
DeleteFileW
CreateThread
GetPrivateProfileStringW
EnterCriticalSection
LeaveCriticalSection
lstrlenW
InterlockedExchange
MulDiv
LocalFree
LocalAlloc
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
GetSystemTimeAsFileTime

user32

EnableWindow
GetClientRect
CopyRect
GetWindowTextW
DrawStateW
InvalidateRect
GetSysColor
GetWindowRect
DrawIcon
FillRect
RedrawWindow
LoadCursorW
SetRect
SetWindowRgn
GetSystemMetrics
SendMessageW
UnregisterClassA
GetWindow

gdi32

CreateRectRgnIndirect
GetBkColor
GetDeviceCaps
CreateDCW
CreateFontIndirectW
GetStockObject
GetTextExtentPoint32W
CreateFontW
GetObjectW
SetDIBColorTable
SelectObject
GetDIBColorTable
StretchBlt
DeleteObject
CreateDIBSection
DeleteDC
BitBlt
RoundRect
CreatePen
CreateCompatibleBitmap
CreateCompatibleDC

msimg32

AlphaBlend
TransparentBlt

shell32

ShellExecuteW

comctl32

_TrackMouseEvent

urlmon

URLDownloadToFileW

gdiplus

GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipFree

Exports

Exports

GetLCModule

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/tool.png
.png
Lightening Cleaner 3.0/misc/tool/antiarp.exe
.exe windows:5 windows x86 arch:x86

761a50cbffa66ef18f7fa5fc25d12769

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__winitenv
_cexit
_XcptFilter
_exit
_c_exit
exit
swprintf
strrchr
fopen
fprintf
fclose
wcscat
printf

advapi32

OpenServiceW
ControlService
DeleteService
OpenSCManagerW
CloseServiceHandle
CreateServiceW
QueryServiceStatus
StartServiceW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

kernel32

DeleteFileW
CreateProcessW
WaitForSingleObject
GetLastError
Sleep
FindResourceW
WinExec
LoadResource
LockResource
WriteFile
CloseHandle
GetVersionExW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLocalTime
GetWindowsDirectoryA
SizeofResource
GetCurrentDirectoryW
CreateFileW

ole32

CoUninitialize
CoInitialize
CoCreateInstance

user32

MessageBoxW

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 629KB - Virtual size: 628KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/tool/crctool.exe
.exe windows:4 windows x86 arch:x86

17f7672a94e9ea1d2f812b549823f5cb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
FindNextFileA
FindFirstFileA
GetFileAttributesA
IsBadWritePtr
IsBadReadPtr
HeapValidate
GetCommandLineA
GetVersion
ExitProcess
DebugBreak
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
GetProcAddress
LoadLibraryA
InterlockedIncrement
GetModuleFileNameA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetLastError
CloseHandle
HeapAlloc
HeapReAlloc
HeapFree
VirtualFree
VirtualAlloc
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
TerminateProcess
GetCurrentProcess
ReadFile
SetFilePointer
SetHandleCount
GetFileType
GetStartupInfoA
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
RtlUnwind
SetConsoleCtrlHandler
SetStdHandle
FlushFileBuffers
CreateFileA
GetCPInfo
GetACP
GetOEMCP
SetEndOfFile
LCMapStringA
LCMapStringW

Sections

.text
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/tool/genhexstringfromstring.exe
.exe windows:4 windows x86 arch:x86

902b1db537fc6071289ab50925e23296

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
RtlUnwind
RaiseException
IsBadWritePtr
IsBadReadPtr
HeapValidate
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
LCMapStringA
LCMapStringW
DebugBreak
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
GetProcAddress
LoadLibraryA
InterlockedIncrement
GetModuleFileNameA
GetCPInfo
CompareStringA
CompareStringW
GetLastError
CloseHandle
ReadFile
SetFilePointer
FlushFileBuffers
HeapFree
SetUnhandledExceptionFilter
HeapAlloc
HeapReAlloc
VirtualFree
VirtualAlloc
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
GetTimeZoneInformation
CreateFileA
SetStdHandle
IsBadCodePtr
GetACP
GetOEMCP
SetEndOfFile
GetLocaleInfoW
SetEnvironmentVariableA

Sections

.text
Size: 516KB - Virtual size: 514KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/tool/tdme
.exe windows:4 windows x86 arch:x86

6c75b6a494b7751db507f87c2e42b852

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetDlgItem
IsDlgButtonChecked
PostMessageA
KillTimer
SetTimer
MessageBoxW
DialogBoxParamW
DialogBoxParamA
SetWindowLongA
GetWindowLongA
GetWindowTextLengthW
GetWindowTextW
GetWindowTextLengthA
GetWindowTextA
SetWindowTextW
SetWindowTextA
SendMessageW
SendMessageA
LoadStringW
LoadStringA
CharUpperW
CharUpperA
EndDialog

oleaut32

SysFreeString
SysAllocString
VariantClear

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetFileInfoA
SHBrowseForFolderA

ole32

CoUninitialize
CoInitialize

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
_rotr
memset
memcpy
free
malloc
memmove
_CxxThrowException
_purecall
memcmp
__CxxFrameHandler

kernel32

MultiByteToWideChar
GetStartupInfoA
GetModuleHandleA
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventA
WaitForSingleObject
VirtualFree
VirtualAlloc
FileTimeToLocalFileTime
Sleep
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
GetModuleHandleW
GetProcAddress
FileTimeToSystemTime
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetFileSize
CreateFileA
FindFirstFileW
FindFirstFileA
FindClose
GetCurrentDirectoryW
GetCurrentDirectoryA
GetFullPathNameW
GetFullPathNameA
lstrlenA
DeleteFileW
DeleteFileA
CreateDirectoryW
CreateDirectoryA
MoveFileW
RemoveDirectoryW
SetFileAttributesW
MoveFileA
RemoveDirectoryA
SetFileAttributesA
SetLastError
CreateFileW
SetFileTime
CloseHandle
FormatMessageW
FormatMessageA
LocalFree
GetModuleFileNameW
GetModuleFileNameA
AreFileApisANSI
GetCommandLineW
DeleteCriticalSection
GetVersionExA
WideCharToMultiByte
GetLastError

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/tool/testagentreportreader.exe
.exe windows:4 windows x86 arch:x86

5433803ae56bfb29487fb6c3eb59be16

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
CloseHandle
Sleep
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateMutexA
ReleaseMutex
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
HeapAlloc
HeapFree
GetCommandLineA
GetVersionExA
GetProcessHeap
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
MultiByteToWideChar
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
HeapSize
ExitProcess
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CreateFileA
LoadLibraryA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/tool/usbmon.exe
.exe windows:4 windows x86 arch:x86

d9168a0c6214324aa606f42527453983

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushFileBuffers
GetCurrentProcess
GetVolumeInformationW
GetFullPathNameW
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
RtlUnwind
ExitProcess
HeapReAlloc
RaiseException
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
SetFilePointer
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
VirtualAlloc
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
WriteFile
ReadFile
GetThreadLocale
GlobalFindAtomW
LoadLibraryA
GetVersionExA
GetCurrentProcessId
GlobalAddAtomW
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
CompareStringW
GlobalFlags
GetModuleHandleA
InterlockedDecrement
WritePrivateProfileStringW
GlobalFree
GlobalUnlock
FormatMessageW
LocalFree
SetLastError
GetFileAttributesW
SetFileAttributesW
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
FindFirstFileW
FindClose
FileTimeToLocalFileTime
FileTimeToSystemTime
SetErrorMode
lstrlenW
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
LoadLibraryW
WideCharToMultiByte
CompareStringA
MultiByteToWideChar
InterlockedExchange
GlobalLock
lstrcmpW
GlobalAlloc
FreeLibrary
GetProcAddress
LockResource
SizeofResource
GetDriveTypeW
GetLogicalDrives
Sleep
CloseHandle
DeleteFileW
CreateFileW
GetModuleFileNameW
GetLastError
CreateMutexW
GetModuleHandleW
GetCommandLineW
FindResourceW
GetStartupInfoA
LoadResource

user32

ShowWindow
LoadCursorW
GetSysColorBrush
CharUpperW
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
DestroyMenu
GetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
CopyRect
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
GetWindow
GetDlgCtrlID
GetWindowRect
GetWindowLongW
GetClassNameW
PtInRect
GetWindowTextW
SetWindowTextW
GetSysColor
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
UnhookWindowsHookEx
GetClientRect
SetCursor
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
EnableMenuItem
CheckMenuItem
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
SendMessageW
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
PostMessageW
PostQuitMessage
GetSystemMetrics
UnregisterClassA

gdi32

ScaleWindowExtEx
DeleteDC
GetStockObject
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
GetDeviceCaps
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
PtVisible

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegOpenKeyExW

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/tool_default.png
.png
Lightening Cleaner 3.0/misc/update.dll
.dll windows:4 windows x86 arch:x86

c066da7a4061c623825e9bba48780014

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc80u

ord925
ord920
ord5229
ord5231
ord5956
ord1591
ord4276
ord4716
ord3397
ord5199
ord4179
ord6271
ord5067
ord1899
ord5148
ord4238
ord1392
ord3940
ord1608
ord1611
ord5908
ord6720
ord1542
ord1661
ord1662
ord2011
ord4884
ord4729
ord4206
ord5178
ord1472
ord293
ord314
ord6751
ord774
ord776
ord2460
ord5398
ord2311
ord3383
ord5416
ord6700
ord290
ord899
ord280
ord386
ord631
ord2271
ord2468
ord556
ord744
ord5091
ord265
ord5325
ord1443
ord282
ord1479
ord6133
ord1476
ord4098
ord3435
ord356
ord605
ord3635
ord501
ord709
ord347
ord602
ord3204
ord3155
ord1270
ord1271
ord5633
ord2255
ord3826
ord1925
ord1894
ord3678
ord572
ord741
ord3198
ord929
ord2362
ord5584
ord6033
ord5723
ord5727
ord5636
ord5638
ord3756
ord3395
ord5519
ord4109
ord1058
ord1079
ord3311
ord5210
ord4234
ord1393
ord5911
ord6721
ord1582
ord2086
ord1182
ord1178
ord3570
ord1176
ord3281
ord3157
ord5637
ord3417
ord587
ord777
ord2361
ord3296
ord4226
ord1536
ord3545
ord715
ord3133
ord1572
ord1634
ord1908
ord4347
ord927
ord931
ord2384
ord2404
ord765
ord315
ord1033
ord1087
ord1197
ord1199
ord1093
ord371
ord1162
ord1115
ord1192
ord1168
ord1170
ord1200
ord581
ord1911
ord2925
ord5220
ord5222
ord2239
ord3942
ord4562
ord5226
ord5209
ord5562
ord2531
ord2725
ord2829
ord4301
ord2708
ord2832
ord2534
ord2640
ord2388
ord2394
ord2392
ord2390
ord2407
ord2402
ord2386
ord2409
ord2397
ord2379
ord2381
ord2399
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1955
ord1647
ord1646
ord1590
ord5196
ord2856
ord4480
ord4256
ord762
ord1118
ord577
ord283
ord6086
ord6063
ord4574
ord2155
ord1785
ord4032
ord4008
ord6272
ord3795
ord6274
ord4320
ord2054
ord2009
ord5579
ord3800
ord1007
ord5096
ord6215
ord326
ord5378
ord2527
ord3712
ord3713
ord3703
ord2638
ord3943
ord4475
ord4255
ord3327
ord3824
ord757
ord566
ord3677
ord1920
ord764

msvcr80

_recalloc
malloc
memcpy_s
calloc
_invalid_parameter_noinfo
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
free
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_resetstkoflw
memset
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__CxxFrameHandler3
_unlock
__dllonexit
_encode_pointer
strrchr
wcsrchr
printf
_purecall
_crt_debugger_hook

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
LocalAlloc
LocalFree
ResetEvent
SetEvent
WaitForSingleObject
CreateEventW
InterlockedExchange
lstrlenW
LeaveCriticalSection
EnterCriticalSection
MulDiv
OpenMutexW
TerminateThread
GetLastError
WritePrivateProfileStringW
DeleteFileW
CreateDirectoryW
GetModuleFileNameA
MoveFileExW
GetPrivateProfileIntW
FindClose
FindNextFileW
FindFirstFileW
GetProcAddress
LoadLibraryW
CreateProcessW
GetModuleFileNameW
ExitProcess
CloseHandle
CreateMutexW
GetPrivateProfileStringW
CreateThread
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
GetSystemTimeAsFileTime

user32

SetWindowRgn
GetWindowRect
InvalidateRect
DrawStateW
GetWindowTextW
UnregisterClassA
LoadCursorW
RedrawWindow
FillRect
DrawIcon
GetSystemMetrics
GetSysColor
GetClientRect
BringWindowToTop
SendMessageW
EnableWindow
CopyRect
SetRect

gdi32

DeleteObject
StretchBlt
GetDIBColorTable
SelectObject
SetDIBColorTable
GetBkColor
CreateDIBSection
CreateSolidBrush
RoundRect
CreateFontW
GetTextExtentPoint32W
CreateRectRgnIndirect
Rectangle
DeleteDC
GetDeviceCaps
CreateDCW
CreateFontIndirectW
GetObjectW
GetStockObject
BitBlt
CreatePen
CreateCompatibleDC
CreateCompatibleBitmap

msimg32

TransparentBlt
AlphaBlend

advapi32

CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW

shell32

ShellExecuteW

comctl32

_TrackMouseEvent

urlmon

URLDownloadToFileW

gdiplus

GdiplusShutdown
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdiplusStartup

wininet

DeleteUrlCacheEntryW

Exports

Exports

GetLCModule

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/update.png
.png
Lightening Cleaner 3.0/misc/vsapi32.dll
.dll windows:4 windows x86 arch:x86

663c07d3533877b7a4cc6c116800acb9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:52:12:f7:83:f4:d7:ab:a3:55:57:29:e9:9c:e0:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/01/2008, 00:00

Not After

16/02/2011, 23:59

Subject

CN=Trend Micro\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=RD,O=Trend Micro\, Inc.,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
SetFileAttributesA
GetFileAttributesW
MultiByteToWideChar
SetFileAttributesW
GetLastError
WideCharToMultiByte
DeleteCriticalSection
InitializeCriticalSection
FindClose
FindFirstFileA
FindNextFileA
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
CloseHandle
GetFileSize
SetFilePointer
CreateFileA
CreateFileW
ReadFile
WriteFile
SetEndOfFile
GetFileTime
SetFileTime
OutputDebugStringA
DuplicateHandle
GetCurrentProcess
HeapFree
HeapAlloc
MoveFileA
MoveFileW
DeleteFileW
CreateDirectoryW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
InterlockedDecrement
InterlockedIncrement
GetTimeZoneInformation
GetSystemTime
GetLocalTime
FindNextFileW
GetCurrentDirectoryA
SetCurrentDirectoryA
GetCurrentDirectoryW
GetFullPathNameW
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCommandLineA
GetVersion
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
ExitProcess
FatalAppExitA
RtlUnwind
Sleep
TerminateProcess
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
LCMapStringA
LCMapStringW
GetFullPathNameA
GetDriveTypeA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
CompareStringA
CompareStringW
GetACP
GetOEMCP
SetEnvironmentVariableA
SetStdHandle
FlushFileBuffers
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
GetProcAddress
LoadLibraryA
GetLocaleInfoW
DeleteFileA
RemoveDirectoryA
CreateDirectoryA

Exports

Exports

FreeVirusPattern
OleRemoveVirus
ReadPatternFile
ScanFileVirus
VSActOnFile
VSActOnFileW
VSAddArchProcessExcludeExtName
VSAddArchProcessExtName
VSAddDataType
VSAddProcessExcludeExtName
VSAddProcessExtName
VSAddSpywareExcludeName
VSArchFileNeedProcess
VSBackupFile
VSBackupFileW
VSBackupVSCData
VSBaseName
VSCalculateCRC
VSCharType
VSCheckPatternFile
VSCheckPatternFileW
VSCleanEncryptedVirus
VSCleanVirus
VSCleanVirusW
VSClearArchProcessExcludeExtNameTable
VSClearArchProcessExtNameTable
VSClearProcessExcludeExtNameTable
VSClearProcessExtNameTable
VSClearSpywareExcludeNameTable
VSCloseFile
VSCloseResource
VSConvertCharacter
VSCopyFile
VSCopyFileFD
VSCopyFileW
VSCrc32
VSCreateDirectoryTree
VSDCIsCompressed
VSDataType
VSDataTypeFD
VSDecompress
VSDecompressFile
VSDelDataType
VSDelUserDecodeFunc
VSDeleteArchProcessExcludeExtName
VSDeleteArchProcessExtName
VSDeleteProcessExcludeExtName
VSDeleteProcessExtName
VSDeleteSpywareExcludeName
VSDeleteUnusedPattern
VSDisablePattern
VSEncBackupFile
VSEncBackupFileW
VSFileNeedProcess
VSFileNeedProcessW
VSFileType
VSFindFirst
VSFindNewestPattern
VSFindNext
VSFormatDate
VSFormatDateTime
VSFreePatternList
VSFreePatternNode
VSGetActiveScanFlag
VSGetArchProcessExcludeExtName
VSGetArchProcessExcludeExtNumber
VSGetArchProcessExtName
VSGetArchProcessExtNumber
VSGetArchProcessExtTableSize
VSGetBackupEncodeFlag
VSGetBackupFileInfo
VSGetBackupFileInfoW
VSGetCharacterEnvType
VSGetCleanBackupFlag
VSGetCleanZipFlag
VSGetConfChangeFlag
VSGetConfig
VSGetConfigEx
VSGetCurrentPatternFileInternalVersion
VSGetCurrentPatternFileVersion
VSGetDataTypeInfo
VSGetDebug
VSGetDecodeFlag
VSGetDecompressLayer
VSGetDefaultExcludeExtList
VSGetDefaultExcludeExtListSize
VSGetDefaultExtList
VSGetDefaultExtListSize
VSGetDefaultHospitalPath
VSGetDefaultPatternFile
VSGetDefaultPatternPath
VSGetDefaultTempPath
VSGetDetectableVirusNumber
VSGetEncodeAction
VSGetEncryptTempFileFlag
VSGetExpandLiteFlag
VSGetExtractAmgFlag
VSGetExtractArchiveFlag
VSGetExtractFileCountLimit
VSGetExtractFileRatioLimit
VSGetExtractFileSizeLimit
VSGetExtractPath
VSGetGenericVirusReport
VSGetHeuristicLevel
VSGetKeepDecompressFileFlag
VSGetLastPattern
VSGetLastPatternW
VSGetLogFilePath
VSGetLogFlag
VSGetMemoryDecompressSize
VSGetMsgScanLayer
VSGetMultiPatternFilesInfo
VSGetOleEmbedScanLayer
VSGetPatternHandle
VSGetPatternInternalVersion
VSGetPatternList
VSGetPatternPath
VSGetPatternPathW
VSGetPatternProperty
VSGetProcessAllFileFlag
VSGetProcessAllFileInArcFlag
VSGetProcessAllSubDirFlag
VSGetProcessExcludeExtName
VSGetProcessExcludeExtNumber
VSGetProcessExtName
VSGetProcessExtNumber
VSGetProcessExtTableSize
VSGetRTFScanLayer
VSGetRedAlertFlag
VSGetScanBPFlag
VSGetScanGenericMacroFlag
VSGetScanJavaFlag
VSGetScanMacroFlag
VSGetScanMemoryFlag
VSGetScanTask
VSGetScanTaskStatus
VSGetScriptTrapFlag
VSGetSmartDecompressFlag
VSGetSoftMiceFlag
VSGetSpywareExcludeName
VSGetSpywareExcludeNameEx
VSGetSpywareExcludeNumber
VSGetStripMacroFlag
VSGetTempPath
VSGetUserName
VSGetVSCInfo
VSGetVSDebug
VSGetVSVerboseLevel
VSGetVerboseLevel
VSGetVersion
VSGetVersionString
VSGetVirusAction
VSGetVirusHospitalPath
VSGetVirusInfo
VSGetVirusNameInfo
VSGetVirusNameInfoEx
VSGetVirusPatternInfo
VSGetVirusPatternInfoEx
VSGetVirusPatternInformation
VSGetVirusPropertyByName
VSGetVolume
VSInit
VSIsDir
VSIsFullPathName
VSIsNewerEngine
VSIsTwoByteWord
VSLog
VSLseekResource
VSMatch
VSMergeDir
VSMkdir
VSNoVolumeName
VSOpenFile
VSOpenFileW
VSOpenResource
VSPatternVersionToString
VSProcessDir
VSProcessFile
VSQuit
VSReadControlPattern
VSReadFile
VSReadLog
VSReadPattern
VSReadPatternInFile
VSReadPatternInFileW
VSReadResource
VSReadVirusPattern
VSRemoveAllTempFile
VSRemoveWhiteChar
VSResetConfChangeFlag
VSResetScanCounter
VSResourceDataType
VSResourceSize
VSRestoreFile
VSRestoreFileW
VSScanBP
VSScanDir
VSScanFile
VSScanFileFD
VSScanResource
VSSearchArchProcessExcludeExtName
VSSearchArchProcessExtName
VSSearchProcessExcludeExtName
VSSearchSpywareExcludeName
VSSeekFile
VSSetActiveScanFlag
VSSetAskActionFunc
VSSetBackupEncodeFlag
VSSetCharacterEnvType
VSSetCleanBackupFlag
VSSetCleanZipFlag
VSSetConfig
VSSetConfigEx
VSSetCountFileFlag
VSSetDataTypeInfo
VSSetDebug
VSSetDecodeFlag
VSSetDecompressLayer
VSSetDefaultHospitalPath
VSSetDefaultPatternFile
VSSetDefaultPatternPath
VSSetDefaultTempPath
VSSetEncodeAction
VSSetEncryptTempFileFlag
VSSetExpandLiteFlag
VSSetExtractAmgFlag
VSSetExtractArchiveFlag
VSSetExtractFileCountLimit
VSSetExtractFileRatioLimit
VSSetExtractFileSizeLimit
VSSetExtractPath
VSSetFeedbackCallBackFunc
VSSetHeuristicLevel
VSSetKeepDecompressFileFlag
VSSetLogFilePath
VSSetLogFilePathFunc
VSSetLogFlag
VSSetMemoryDecompressSize
VSSetMsgScanLayer
VSSetOleEmbedCallBackFunc
VSSetOleEmbedScanLayer
VSSetPatternPath
VSSetPostExtractArchFunc
VSSetPreExtractArchFunc
VSSetProcessAllFileFlag
VSSetProcessAllFileInArcFlag
VSSetProcessAllSubDirFlag
VSSetProcessFileCallBackFunc
VSSetRTFScanLayer
VSSetRedAlertFlag
VSSetRenameFileNameFunc
VSSetScanBPFlag
VSSetScanGenericMacroFlag
VSSetScanJavaFlag
VSSetScanMacroFlag
VSSetScanMemoryFlag
VSSetScriptTrapFlag
VSSetSmartDecompressFlag
VSSetSoftMiceFlag
VSSetStripMacroFlag
VSSetTempPath
VSSetUserDecodeFunc
VSSetUserLogFunc
VSSetVSCInfo
VSSetVSDebug
VSSetVSVerboseLevel
VSSetVerboseLevel
VSSetVirusAction
VSSetVirusHospitalPath
VSSetVolume
VSSizeOfFile
VSStoreVSCData
VSStricmp
VSStringToPatternVersion
VSStrip
VSStrnicmp
VSSwapLong
VSSwapLongTable
VSSwapShort
VSSwapShortTable
VSToLowerString
VSToUpperString
VSUpdateZip
VSVirusScan
VSVirusScanFile
VSVirusScanFileW
VSVirusScanFileWithoutFNFilter
VSWriteFile
VSWriteResource
_VSIScanEnableSignature
_VSIScanGetVirusInfo
_VSIScanGetVirusInfoEx
_VSScanVirusInMemory

Sections

.text
Size: 1016KB - Virtual size: 1015KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/misc/vstlib32.dll
.dll windows:4 windows x86 arch:x86

efd3dc97d639046ba190f6017f1b9539

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:52:12:f7:83:f4:d7:ab:a3:55:57:29:e9:9c:e0:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/01/2008, 00:00

Not After

16/02/2011, 23:59

Subject

CN=Trend Micro\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=RD,O=Trend Micro\, Inc.,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

FindNextUrlCacheEntryExW
FindCloseUrlCache
FindFirstUrlCacheEntryExW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

SetEndOfFile
WriteConsoleW
GetModuleFileNameW
GetModuleHandleW
GetSystemTimeAsFileTime
Sleep
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
CreateEventW
GetLastError
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetEvent
GetLongPathNameW
GetQueuedCompletionStatus
ReadDirectoryChangesW
CreateIoCompletionPort
CreateFileW
GetDriveTypeW
ReadFile
CloseHandle
MultiByteToWideChar
lstrlenA
GetUserDefaultLangID
ResetEvent
WaitForMultipleObjects
GetProcAddress
LoadLibraryW
FreeLibrary
RaiseException
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetConsoleOutputCP
WriteConsoleA
CreateFileA
GetLogicalDriveStringsW
LoadLibraryA
GetStringTypeW
GetStringTypeA
SetFilePointer
RtlUnwind
DeleteFileW
ExitThread
ResumeThread
CreateThread
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCPInfo
GetOEMCP
IsValidCodePage
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
LCMapStringA
WideCharToMultiByte
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers

user32

UnregisterClassA

advapi32

RegEnumKeyW
RegNotifyChangeKeyValue
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW

ole32

CoInitialize
CoUninitialize

shell32

SHGetFolderPathW

shlwapi

PathAppendW

Exports

Exports

??4Cvstlib@@QAEAAV0@ABV0@@Z
VSTAddBlacklistItem
VSTAddWhitelistItem
VSTAllowItem
VSTCleanFile
VSTDenyItem
VSTEnumItem
VSTGetCleanedItem
VSTGetError
VSTGetFileEvent
VSTGetNotifiedItem
VSTGetProperty
VSTInit
VSTInvoke
VSTResetItemStart
VSTSetOption
VSTSetScanners
VSTShutdown
VSTSnapShot
VSTWait
VSTWakeUp

Sections

.text
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lightening Cleaner 3.0/readme.txt
Lightening Cleaner 3.0/what's new.txt
Lightening Cleaner 3.0/新云软件.url
.url

Resubmissions

Sharing

General

Malware Config

Signatures

Files

137828a4a44c35f16ca905592e6fe9a6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

64:52:12:f7:83:f4:d7:ab:a3:55:57:29:e9:9c:e0:65Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 16KB - Virtual size: 15KB

66c27965e1dc1bbf2d8bbdc94aaedff9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

64:52:12:f7:83:f4:d7:ab:a3:55:57:29:e9:9c:e0:65Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 140KB - Virtual size: 136KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 12KB - Virtual size: 19KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 8KB

8d33c4b43a94366f4386be378aee0afb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

64:52:12:f7:83:f4:d7:ab:a3:55:57:29:e9:9c:e0:65Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

version

kernel32

user32

shlwapi

Exports

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

64:52:12:f7:83:f4:d7:ab:a3:55:57:29:e9:9c:e0:65
Certificate

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 16KB - Virtual size: 15KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

64:52:12:f7:83:f4:d7:ab:a3:55:57:29:e9:9c:e0:65
Certificate

.text
Size: 140KB - Virtual size: 136KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 12KB - Virtual size: 19KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 8KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

64:52:12:f7:83:f4:d7:ab:a3:55:57:29:e9:9c:e0:65
Certificate

.text
Size: 148KB - Virtual size: 145KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 12KB - Virtual size: 571KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 10KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

64:52:12:f7:83:f4:d7:ab:a3:55:57:29:e9:9c:e0:65
Certificate

.text
Size: 568KB - Virtual size: 564KB

.rdata
Size: 120KB - Virtual size: 116KB

.data
Size: 8KB - Virtual size: 27KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 239KB - Virtual size: 239KB

VMTASKBU
Size: 512B - Virtual size: 129B

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 30KB - Virtual size: 135KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 16KB - Virtual size: 16KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

06:17:08:2f:26:26:73:eb:00:df:1f:19:3d:e2:25:25
Certificate