52d5ebbc53d0c3d39ea5aebc2bb7c9dd

Sharing

Copy URL Twitter E-mail

General

Target

52d5ebbc53d0c3d39ea5aebc2bb7c9dd
Size

5.0MB
MD5

52d5ebbc53d0c3d39ea5aebc2bb7c9dd
SHA1

253ee6e18b46cc7ff1758487bb6e4140e37e4fbb
SHA256

cbadee46738c4d1187a22fc7e1afe4a43982a3202412834721eeeabe6dabd598
SHA512

143991db3d335b7386c2c914626a95a5cfbd7f93fdc12d15cc97b0b761147c0f7ce95140fde07a5729158818bf4124943916ddc071e14af270407cc162857336
SSDEEP

98304:PDWOcl3HqlTPhfhT5V/Dt7Q1SoDJa35grbq9E5Xm2P1JrWZmtV4V:PSOcl3SfFtRQ3DA36bqK5XfframtVo

Score

7^/10

upx aspackv2

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 23 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/Totalcmd/Plugins/wdx/AnyTag/anytag.wdx	acprotect
static1/unpack001/Totalcmd/Plugins/wdx/CDocProp/CDocProp.wdx	acprotect
static1/unpack001/Totalcmd/Plugins/wdx/CRC32Tag/CRC32Tag.wdx	acprotect
static1/unpack001/Totalcmd/Plugins/wdx/EXIF/EXIF.wdx	acprotect
static1/unpack001/Totalcmd/Plugins/wdx/FileX/FileX.wdx	acprotect
static1/unpack001/Totalcmd/Plugins/wdx/ImgSize/ImgSize.wdx	acprotect
static1/unpack001/Totalcmd/Plugins/wdx/Permissions/Permissions.wdx	acprotect
static1/unpack001/Totalcmd/Plugins/wdx/RarInfo/RarInfo.wdx	acprotect
static1/unpack001/Totalcmd/Plugins/wdx/ShareInfo/ShareInfo.wdx	acprotect
static1/unpack001/Totalcmd/Plugins/wdx/TextLine/TextLine.wdx	acprotect
static1/unpack001/Totalcmd/Plugins/wdx/UnicodeTest/UnicodeTest.wdx	acprotect
static1/unpack001/Totalcmd/Plugins/wdx/WDX4I/WDX4I.wdx	acprotect
static1/unpack001/Totalcmd/Plugins/wlx/ArchView/ArchView.wlx	acprotect
static1/unpack001/Totalcmd/Plugins/wlx/Fileinfo/fileinfo.wlx	acprotect
static1/unpack001/Totalcmd/Plugins/wlx/Fileinfo/unaspack.dll	acprotect
static1/unpack001/Totalcmd/Plugins/wlx/IEView/ieview.wlx	acprotect
static1/unpack001/Totalcmd/Plugins/wlx/Imagine/Imagine.DLL	acprotect
static1/unpack001/Totalcmd/Plugins/wlx/Mmedia/mmedia.wlx	acprotect
static1/unpack001/Totalcmd/Plugins/wlx/NFOViewer/nfoviewer.wlx	acprotect
static1/unpack001/Totalcmd/Plugins/wlx/Office/office.wlx	acprotect
static1/unpack001/Totalcmd/Plugins/wlx/SwfView/SWFView.wlx	acprotect
static1/unpack001/Totalcmd/Plugins/wlx/Visualdirsize/dirsizec.dll	acprotect
static1/unpack001/Totalcmd/Plugins/wlx/Visualdirsize/visualdirsize.wlx	acprotect

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/Totalcmd/Plugins/wlx/Excellence/Excellence.wlx	aspack_v212_v242

UPX packed file 22 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Totalcmd/Plugins/wdx/AnyTag/anytag.wdx	upx
static1/unpack001/Totalcmd/Plugins/wdx/CDocProp/CDocProp.wdx	upx
static1/unpack001/Totalcmd/Plugins/wdx/CRC32Tag/CRC32Tag.wdx	upx
static1/unpack001/Totalcmd/Plugins/wdx/EXIF/EXIF.wdx	upx
static1/unpack001/Totalcmd/Plugins/wdx/FileX/FileX.wdx	upx
static1/unpack001/Totalcmd/Plugins/wdx/ImgSize/ImgSize.wdx	upx
static1/unpack001/Totalcmd/Plugins/wdx/Permissions/Permissions.wdx	upx
static1/unpack001/Totalcmd/Plugins/wdx/RarInfo/RarInfo.wdx	upx
static1/unpack001/Totalcmd/Plugins/wdx/ShareInfo/ShareInfo.wdx	upx
static1/unpack001/Totalcmd/Plugins/wdx/TextLine/TextLine.wdx	upx
static1/unpack001/Totalcmd/Plugins/wdx/UnicodeTest/UnicodeTest.wdx	upx
static1/unpack001/Totalcmd/Plugins/wdx/WDX4I/WDX4I.wdx	upx
static1/unpack001/Totalcmd/Plugins/wlx/ArchView/ArchView.wlx	upx
static1/unpack001/Totalcmd/Plugins/wlx/Fileinfo/fileinfo.wlx	upx
static1/unpack001/Totalcmd/Plugins/wlx/Fileinfo/unaspack.dll	upx
static1/unpack001/Totalcmd/Plugins/wlx/IEView/ieview.wlx	upx
static1/unpack001/Totalcmd/Plugins/wlx/Imagine/Imagine.DLL	upx
static1/unpack001/Totalcmd/Plugins/wlx/Mmedia/mmedia.wlx	upx
static1/unpack001/Totalcmd/Plugins/wlx/NFOViewer/nfoviewer.wlx	upx
static1/unpack001/Totalcmd/Plugins/wlx/Office/office.wlx	upx
static1/unpack001/Totalcmd/Plugins/wlx/Visualdirsize/dirsizec.dll	upx
static1/unpack001/Totalcmd/Plugins/wlx/Visualdirsize/visualdirsize.wlx	upx

Unsigned PE 44 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Totalcmd/CABRK.DLL
unpack001/Totalcmd/CGLPTNT.SYS
unpack001/Totalcmd/FRERES32.DLL
unpack001/Totalcmd/Interface/Icons/tango.icl
unpack001/Totalcmd/Interface/Icons/tango_shell32.dll
unpack001/Totalcmd/Plugins/wcx/7zip/7zip.wcx
unpack001/Totalcmd/Plugins/wdx/AnyTag/anytag.wdx
unpack001/Totalcmd/Plugins/wdx/CDocProp/CDocProp.wdx
unpack001/Totalcmd/Plugins/wdx/CRC32Tag/CRC32Tag.wdx
unpack001/Totalcmd/Plugins/wdx/DirSizeCalc/DirSizeCalc.wdx
unpack001/Totalcmd/Plugins/wdx/EXIF/EXIF.wdx
unpack001/Totalcmd/Plugins/wdx/FileX/FileX.wdx
unpack001/Totalcmd/Plugins/wdx/ImgSize/ImgSize.wdx
unpack001/Totalcmd/Plugins/wdx/Permissions/Permissions.wdx
unpack001/Totalcmd/Plugins/wdx/RarInfo/RarInfo.wdx
unpack009/out.upx
unpack001/Totalcmd/Plugins/wdx/ShareInfo/ShareInfo.wdx
unpack001/Totalcmd/Plugins/wdx/TextLine/TextLine.wdx
unpack001/Totalcmd/Plugins/wdx/UnicodeTest/UnicodeTest.wdx
unpack001/Totalcmd/Plugins/wdx/WDX4I/WDX4I.wdx
unpack001/Totalcmd/Plugins/wlx/ArchView/ArchView.wlx
unpack001/Totalcmd/Plugins/wlx/Excellence/Excellence.wlx
unpack001/Totalcmd/Plugins/wlx/Fileinfo/fileinfo.wlx
unpack001/Totalcmd/Plugins/wlx/Fileinfo/unaspack.dll
unpack001/Totalcmd/Plugins/wlx/IEView/ieview.wlx
unpack001/Totalcmd/Plugins/wlx/Imagine/Imagine.DLL
unpack001/Totalcmd/Plugins/wlx/Imagine/Imagine.EXE
unpack001/Totalcmd/Plugins/wlx/Imagine/Imagine.wcx
unpack001/Totalcmd/Plugins/wlx/Imagine/Imagine.wlx
unpack001/Totalcmd/Plugins/wlx/Mmedia/mmedia.wlx
unpack001/Totalcmd/Plugins/wlx/NFOViewer/nfoviewer.wlx
unpack001/Totalcmd/Plugins/wlx/Office/MSWRD832.CNV
unpack001/Totalcmd/Plugins/wlx/Office/office.wlx
unpack001/Totalcmd/Plugins/wlx/Office2007/Office2007.wlx
unpack001/Totalcmd/Plugins/wlx/Quicksearch/tcmatch.dll
unpack001/Totalcmd/Plugins/wlx/SwfView/SWFView.wlx
unpack001/Totalcmd/Plugins/wlx/Visualdirsize/dirsizec.dll
unpack001/Totalcmd/Plugins/wlx/Visualdirsize/visualdirsize.wlx
unpack001/Totalcmd/SFXHEAD.SFX
unpack001/Totalcmd/TCMDLZMA.DLL
unpack001/Totalcmd/TCUNZLIB.DLL
unpack001/Totalcmd/UNACEV2.DLL
unpack001/Totalcmd/UNRAR.DLL
unpack001/Totalcmd/WCMICONS.DLL

Files

52d5ebbc53d0c3d39ea5aebc2bb7c9dd
.rar
Totalcmd/CABRK.DLL
.dll windows:1 windows x86 arch:x86

24443a39fe269254c2d4374dee7b22b6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

GetActiveWindow
MessageBoxA
wsprintfA

kernel32

CloseHandle
CreateEventA
CreateFileA
CreateMutexA
CreateThread
ExitProcess
ExitThread
GetCommandLineA
GetCurrentThreadId
GetCurrentThread
GetEnvironmentStrings
GetFileType
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStdHandle
GetVersion
LoadLibraryA
ReleaseMutex
SetConsoleCtrlHandler
SetEvent
SetStdHandle
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualAlloc
VirtualFree
WaitForSingleObject
WriteFile

Exports

Exports

_zFCIFDIGetErrno
_zFCIFDISetErrno
_zFDICopy
_zFDICreate
_zFDIDestroy
_zFDIIsCabinet

Sections

BEGTEXT
Size: 35KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DGROUP
Size: 2KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 11KB - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Totalcmd/CGLPT9X.VXD
Totalcmd/CGLPTNT.SYS
.sys windows:4 windows x86 arch:x86

31a233890b0ca744a835a871a3f0de57

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntoskrnl.exe

RtlAppendUnicodeStringToString
ObfDereferenceObject
IoDeleteDevice
IoGetDeviceObjectPointer
ExFreePool
IoCreateUnprotectedSymbolicLink
ExAllocatePoolWithTag
RtlIntegerToUnicodeString
RtlInitUnicodeString
KeWaitForSingleObject
IoCreateDevice
IoWriteErrorLogEntry
KeInitializeEvent
IofCompleteRequest
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
IoDeleteSymbolicLink
IoCancelIrp
KeReadStateEvent
KeDelayExecutionThread
KeTickCount
KeQueryTimeIncrement
wcslen
IoAllocateErrorLogEntry
IofCallDriver
IoGetConfigurationInformation
IoBuildDeviceIoControlRequest

hal

WRITE_PORT_UCHAR
READ_PORT_UCHAR
KfRaiseIrql
KfLowerIrql

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 246B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Totalcmd/FRERES32.DLL
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetFreeSystemResources32

Sections

CODE
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Totalcmd/Interface/Icons/tango.icl
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Totalcmd/Interface/Icons/tango_shell32.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 165B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Totalcmd/LANGUAGE/WCMD_CHN.LNG
Totalcmd/LANGUAGE/WCMD_CHN.MNU
Totalcmd/Plugins/wcx/7zip/7zip.wcx
.dll windows:5 windows x86 arch:x86

2af0eb9402509601fcca1ec65ff3f853

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ResetEvent
MoveFileA
GetVersionExA
CloseHandle
FileTimeToLocalFileTime
GetSystemTime
DeleteFileA
CreateThread
lstrcatA
WritePrivateProfileStringA
CreateFileA
FindResourceA
SetFilePointer
FreeLibrary
LoadResource
UpdateResourceA
ExpandEnvironmentStringsA
SizeofResource
ReadFile
LockResource
BeginUpdateResourceA
LoadLibraryExA
EnumResourceNamesA
EndUpdateResourceA
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
LoadLibraryA
GetFullPathNameA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetModuleFileNameA
lstrcpyA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetFileTime
GetLastError
SetLastError
SetFileAttributesA
GetTempFileNameA
RemoveDirectoryA
GetTempPathA
FindFirstFileA
FindClose
FindNextFileA
GetFileSize
SetEndOfFile
WriteFile
GetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
WaitForMultipleObjects
GlobalMemoryStatus
GetSystemInfo
GetModuleHandleA
VirtualFree
VirtualAlloc
InitializeCriticalSection
CreateSemaphoreA
ReleaseSemaphore
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
ExitProcess
HeapSize
Sleep
HeapReAlloc
HeapDestroy
HeapCreate
FileTimeToSystemTime
CreateEventA
SetEvent
WaitForSingleObject
SystemTimeToFileTime
LCMapStringW
LCMapStringA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
IsValidCodePage
GetOEMCP
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
ExitThread
GetCommandLineA
RaiseException
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP

user32

CharUpperA
CharLowerW
CharLowerA
IsWindowUnicode
CharUpperW
SetWindowTextW
GetWindowRect
SendDlgItemMessageA
LoadIconA
SetWindowLongA
InvalidateRect
GetWindowLongA
GetDlgItem
EndDialog
SendDlgItemMessageW
SetWindowPos
CheckDlgButton
IsDlgButtonChecked
SetWindowTextA
EnableWindow
GetDlgCtrlID
GetDlgItemTextA
SetDlgItemTextA
DialogBoxParamA
EnumChildWindows

gdi32

SetBkMode
DeleteObject
GetObjectA
GetStockObject
CreateFontIndirectA

shell32

ExtractIconA
ShellExecuteA

oleaut32

VariantCopy
VariantClear
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString

Exports

Exports

CanYouHandleThisFile
CloseArchive
ConfigurePacker
DeleteFiles
GetPackerCaps
GetPackerFileExt
OpenArchive
PackFiles
ProcessFile
ReadHeader
ReadHeaderEx
SetChangeVolProc
SetProcessDataProc

Sections

.text
Size: 215KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Totalcmd/Plugins/wcx/7zip/lang/chinese_simp.lng
Totalcmd/Plugins/wdx/AnyTag/Anytag.lng
Totalcmd/Plugins/wdx/AnyTag/anytag.any
Totalcmd/Plugins/wdx/AnyTag/anytag.wdx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ContentGetDetectString
ContentGetSupportedField
ContentGetValue
ContentSetDefaultParams

Sections

UPX0
Size: - Virtual size: 644KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 376KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Totalcmd/Plugins/wdx/CDocProp/CDocProp.ini
Totalcmd/Plugins/wdx/CDocProp/CDocProp.lng
Totalcmd/Plugins/wdx/CDocProp/CDocProp.wdx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ContentGetDetectString
ContentGetSupportedField
ContentGetValue
ContentSetDefaultParams

Sections

UPX0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Totalcmd/Plugins/wdx/CRC32Tag/CRC32Tag.lng
Totalcmd/Plugins/wdx/CRC32Tag/CRC32Tag.wdx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ContentGetDetectString
ContentGetSupportedField
ContentGetValue
ContentPluginUnloading
ContentSendStateInformation
ContentSetDefaultParams
ContentStopGetValue

Sections

UPX0
Size: - Virtual size: 5.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 63KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Totalcmd/Plugins/wdx/DirSizeCalc/DirSizeCalc.lng
Totalcmd/Plugins/wdx/DirSizeCalc/DirSizeCalc.wdx
.dll windows:4 windows x86 arch:x86

284697909dc949ffc537d13599bebad3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
DeleteCriticalSection
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryA
FindClose
FindNextFileA
InitializeCriticalSection
FindFirstFileA
ExpandEnvironmentStringsA
GetNumberFormatA
GetLocaleInfoA
GetUserDefaultLCID
CloseHandle
CreateFileA
GetVersionExA
LeaveCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
ReadFile
GetModuleFileNameA
GetModuleHandleA
WriteFile
GetCommandLineA
GetPrivateProfileSectionNamesA
GetPrivateProfileIntA
GetPrivateProfileStringA
DeviceIoControl
GetCurrentThreadId
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetACP
GetOEMCP
GetCPInfo
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
HeapFree
HeapAlloc
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
InterlockedExchange
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Exports

Exports

ContentGetDefaultSortOrder
ContentGetSupportedField
ContentGetSupportedFieldFlags
ContentGetValue
ContentPluginUnloading
ContentSendStateInformation
ContentSetDefaultParams
ContentStopGetValue

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Totalcmd/Plugins/wdx/EXIF/EXIF.lng
Totalcmd/Plugins/wdx/EXIF/EXIF.wdx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ContentGetDetectString
ContentGetSupportedField
ContentGetValue
ContentSetDefaultParams

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Totalcmd/Plugins/wdx/FileX/FileX.ini
.vbs
Totalcmd/Plugins/wdx/FileX/FileX.lng
Totalcmd/Plugins/wdx/FileX/FileX.wdx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ContentGetDetectString
ContentGetSupportedField
ContentGetValue
ContentSetDefaultParams

Sections

UPX0
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Totalcmd/Plugins/wdx/ImgSize/ImgSize.ini
Totalcmd/Plugins/wdx/ImgSize/ImgSize.lng
Totalcmd/Plugins/wdx/ImgSize/ImgSize.wdx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

ContentGetDefaultSortOrder
ContentGetDetectString
ContentGetSupportedField
ContentGetValue
ContentSetDefaultParams

Sections

UPX0
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 48KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Totalcmd/Plugins/wdx/Permissions/Permissions.lng
Totalcmd/Plugins/wdx/Permissions/Permissions.wdx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ContentGetSupportedField
ContentGetValue

Sections

UPX0
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Totalcmd/Plugins/wdx/RarInfo/RarInfo.lng
Totalcmd/Plugins/wdx/RarInfo/RarInfo.wdx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

ContentGetDetectString
ContentGetSupportedField
ContentGetValue
ContentPluginUnloading

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 179B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Totalcmd/Plugins/wdx/ShareInfo/ShareInfo.lng
Totalcmd/Plugins/wdx/ShareInfo/ShareInfo.wdx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ContentGetSupportedField
ContentGetValue

Sections

UPX0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Totalcmd/Plugins/wdx/TextLine/TextLine.ini
Totalcmd/Plugins/wdx/TextLine/TextLine.wdx
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

ContentGetSupportedField
ContentGetValue

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Totalcmd/Plugins/wdx/UnicodeTest/UnicodeTest.lng
Totalcmd/Plugins/wdx/UnicodeTest/UnicodeTest.wdx
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

ContentGetSupportedField
ContentGetValue

Sections

UPX0
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Totalcmd/Plugins/wdx/WDX4I/WDX4I.lng
Totalcmd/Plugins/wdx/WDX4I/WDX4I.wdx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ContentGetDetectString
ContentGetSupportedField
ContentGetSupportedFieldFlags
ContentGetValue
ContentSetDefaultParams
ContentSetValue
DllMain

Sections

UPX0
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Totalcmd/Plugins/wlx/ArchView/ArchView.wlx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ListCloseWindow
ListGetDetectString
ListLoad
ListSendCommand

Sections

UPX0
Size: - Virtual size: 260KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Totalcmd/Plugins/wlx/ArchView/Language/Template.lng
Totalcmd/Plugins/wlx/ArchView/Template.ini
Totalcmd/Plugins/wlx/Excellence/Excellence.lng
Totalcmd/Plugins/wlx/Excellence/Excellence.wlx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

ListCloseWindow
ListGetDetectString
ListLoad
ListSearchText
ListSendCommand
ListSetDefaultParams

Sections

CODE
Size: 258KB - Virtual size: 676KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 25KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upx
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Totalcmd/Plugins/wlx/Fileinfo/fileinfo.wlx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ListCloseWindow
ListLoad
ListSendCommand
ListSetDefaultParams

Sections

UPX0
Size: - Virtual size: 196KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 89KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Totalcmd/Plugins/wlx/Fileinfo/unaspack.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

PexAboutPlugIn
PexPreloadImage
PexRegisterPlugIn

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Totalcmd/Plugins/wlx/IEView/Ieview.ini
Totalcmd/Plugins/wlx/IEView/ieview.wlx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ListCloseWindow
ListLoad
ListPrint
ListSearchText
ListSendCommand

Sections

UPX0
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 49KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Totalcmd/Plugins/wlx/Imagine/Imagine.DLL
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetPluginInterface

Sections

UPX0
Size: - Virtual size: 976KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 448KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 186KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Totalcmd/Plugins/wlx/Imagine/Imagine.EXE
.exe windows:4 windows x86 arch:x86

d0cd56dd3d9f2389ee1ea3b1b8aa4d16

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetModuleHandleA
FreeLibrary
GetCommandLineA
GetLastError
LoadLibraryA
lstrcpyA
GetModuleFileNameA
LocalFree
FormatMessageA
GetStartupInfoA
GetProcAddress

user32

DispatchMessageA
GetMessageA
MessageBoxA
TranslateMessage

Sections

.text
Size: 1024B - Virtual size: 551B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Totalcmd/Plugins/wlx/Imagine/Imagine.Ini
Totalcmd/Plugins/wlx/Imagine/Imagine.wcx
.dll windows:4 windows x86 arch:x86

56775d3e42402e72b34d8cf03b3bc0a2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
lstrcpyA
GetModuleFileNameA
FreeLibrary
FileTimeToDosDateTime
FileTimeToLocalFileTime
CloseHandle
GetFileTime
CreateFileA
LocalAlloc
lstrcatA
LocalFree
lstrlenA

user32

wsprintfA

Exports

Exports

CanYouHandleThisFile
CloseArchive
GetPackerCaps
OpenArchive
PackFiles
PackSetDefaultParams
ProcessFile
ReadHeader
ReadHeaderEx
SetChangeVolProc
SetProcessDataProc

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 949B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 166B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Totalcmd/Plugins/wlx/Imagine/Imagine.wlx
.dll windows:4 windows x86 arch:x86

21c06424e680d8cc8ef33c1a336bf67e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
lstrcpyA
GetModuleFileNameA
FreeLibrary
GetProcAddress

Exports

Exports

ListGetDetectString
ListGetPreviewBitmap
ListLoad
ListLoadNext
ListPrint
ListSendCommand
ListSetDefaultParams

Sections

.text
Size: 1024B - Virtual size: 951B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Totalcmd/Plugins/wlx/Imagine/Language/SimplifiedChinese.LNG
Totalcmd/Plugins/wlx/Mmedia/mmedia.ini
Totalcmd/Plugins/wlx/Mmedia/mmedia.wlx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ListCloseWindow
ListGetDetectString
ListLoad
ListSendCommand
ListSetDefaultParams

Sections

UPX0
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Totalcmd/Plugins/wlx/NFOViewer/nfoviewer.wlx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@XZ
??0CxIOFile@@QAE@ABV0@@Z
??0CxIOFile@@QAE@PAU_iobuf@@@Z
??0CxImage@@QAE@ABV0@_N11@Z
??0CxImage@@QAE@K@Z
??0CxImage@@QAE@KKKK@Z
??0CxMemFile@@QAE@ABV0@@Z
??0CxMemFile@@QAE@PAEK@Z
??1CxFile@@UAE@XZ
??1CxIOFile@@UAE@XZ
??1CxImage@@UAE@XZ
??1CxMemFile@@UAE@XZ
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxIOFile@@QAEAAV0@ABV0@@Z
??4CxImage@@QAEAAV0@ABV0@@Z
??4CxMemFile@@QAEAAV0@ABV0@@Z
??4tagCxTextInfo@@QAEAAU0@ABU0@@Z
??_7CxFile@@6B@
??_7CxIOFile@@6B@
??_7CxImage@@6B@
??_7CxMemFile@@6B@
??_FCxIOFile@@QAEXXZ
??_FCxImage@@QAEXXZ
??_FCxMemFile@@QAEXXZ
??_OCxImage@@QAEXABV0@@Z
?Alloc@CxMemFile@@IAEXK@Z
?Bitfield2RGB@CxImage@@IAEXPAEGGGE@Z
?BlendPalette@CxImage@@QAEXKJ@Z
?Clear@CxImage@@QAEXE@Z
?Close@CxIOFile@@UAE_NXZ
?Close@CxMemFile@@UAE_NXZ
?CompareColors@CxImage@@KAHPBX0@Z
?Copy@CxImage@@QAEXABV1@_N11@Z
?CopyInfo@CxImage@@IAEXABV1@@Z
?CopyToHandle@CxImage@@QAEPAXXZ
?Create@CxImage@@QAEPAXKKKK@Z
?CreateFromArray@CxImage@@QAE_NPAEKKKK_N@Z
?CreateFromHANDLE@CxImage@@QAE_NPAX@Z
?CreateFromHBITMAP@CxImage@@QAE_NPAUHBITMAP__@@PAUHPALETTE__@@@Z
?CreateFromHICON@CxImage@@QAE_NPAUHICON__@@@Z
?CreateFromMatrix@CxImage@@QAE_NPAPAEKKKK_N@Z
?Destroy@CxImage@@QAE_NXZ
?Draw2@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@@Z
?Draw2@CxImage@@QAEJPAUHDC__@@JJJJ@Z
?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@@Z
?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@@Z
?DrawLine@CxImage@@QAEXHHHHK@Z
?DrawLine@CxImage@@QAEXHHHHUtagRGBQUAD@@_N@Z
?DrawString@CxImage@@QAEJPAUHDC__@@JJPBDUtagRGBQUAD@@1JJEE_N@Z
?DrawStringEx@CxImage@@QAEJPAUHDC__@@JJPAUtagCxTextInfo@@_N@Z
?Enable@CxImage@@QAEX_N@Z
?Encode@CxImage@@QAE_NAAPAEAAJK@Z
?Encode@CxImage@@QAE_NPAU_iobuf@@K@Z
?Encode@CxImage@@QAE_NPAU_iobuf@@PAPAV1@HK@Z
?Encode@CxImage@@QAE_NPAVCxFile@@K@Z
?Encode@CxImage@@QAE_NPAVCxFile@@PAPAV1@HK@Z
?EncodeSafeCheck@CxImage@@IAE_NPAVCxFile@@@Z
?Eof@CxIOFile@@UAE_NXZ
?Eof@CxMemFile@@UAE_NXZ
?Error@CxIOFile@@UAEJXZ
?Error@CxMemFile@@UAEJXZ
?Flush@CxIOFile@@UAE_NXZ
?Flush@CxMemFile@@UAE_NXZ
?Free@CxMemFile@@IAEXXZ
?GetBits@CxImage@@QAEPAEK@Z
?GetBpp@CxImage@@QBEGXZ
?GetBuffer@CxMemFile@@QAEPAE_N@Z
?GetC@CxIOFile@@UAEJXZ
?GetC@CxMemFile@@UAEJXZ
?GetClrImportant@CxImage@@QBEKXZ
?GetCodecOption@CxImage@@QBEKXZ
?GetColorType@CxImage@@QAEEXZ
?GetDIB@CxImage@@QBEPAXXZ
?GetEffWidth@CxImage@@QBEKXZ
?GetEscape@CxImage@@QBEJXZ
?GetFlags@CxImage@@QBEKXZ
?GetFrame@CxImage@@QBEJXZ
?GetFrameDelay@CxImage@@QBEKXZ
?GetHeight@CxImage@@QBEKXZ
?GetJpegQuality@CxImage@@QBEEXZ
?GetJpegScale@CxImage@@QBEEXZ
?GetLastError@CxImage@@QAEPADXZ
?GetNearestIndex@CxImage@@QAEEUtagRGBQUAD@@@Z
?GetNumColors@CxImage@@QBEKXZ
?GetNumFrames@CxImage@@QBEJXZ
?GetOffset@CxImage@@QAEXPAJ0@Z
?GetPalette@CxImage@@QBEPAUtagRGBQUAD@@XZ
?GetPaletteColor@CxImage@@QAE?AUtagRGBQUAD@@E@Z
?GetPaletteColor@CxImage@@QAE_NEPAE00@Z
?GetPaletteSize@CxImage@@QAEKXZ
?GetPixelColor@CxImage@@QAE?AUtagRGBQUAD@@JJ_N@Z
?GetPixelGray@CxImage@@QAEEJJ@Z
?GetPixelIndex@CxImage@@QAEEJJ@Z
?GetProgress@CxImage@@QBEJXZ
?GetSize@CxImage@@QAEJXZ
?GetTransColor@CxImage@@QAE?AUtagRGBQUAD@@XZ
?GetTransIndex@CxImage@@QBEJXZ
?GetType@CxImage@@QBEKXZ
?GetVersion@CxImage@@QAEPBDXZ
?GetWidth@CxImage@@QBEKXZ
?GetXDPI@CxImage@@QBEJXZ
?GetYDPI@CxImage@@QBEJXZ
?Ghost@CxImage@@IAEXPAV1@@Z
?InitTextInfo@CxImage@@QAEXPAUtagCxTextInfo@@@Z
?IsEnabled@CxImage@@QBE_NXZ
?IsGrayScale@CxImage@@QAE_NXZ
?IsIndexed@CxImage@@QAE_NXZ
?IsInside@CxImage@@QAE_NJJ@Z
?IsTransparent@CxImage@@QAE_NJJ@Z
?IsTransparent@CxImage@@QBE_NXZ
?IsValid@CxImage@@QBE_NXZ
?MakeBitmap@CxImage@@QAEPAUHBITMAP__@@PAUHDC__@@@Z
?Open@CxIOFile@@QAE_NPBD0@Z
?Open@CxMemFile@@QAE_NXZ
?PutC@CxFile@@UAE_NE@Z
?PutC@CxIOFile@@UAE_NE@Z
?PutC@CxMemFile@@UAE_NE@Z
?RGBQUADtoRGB@CxImage@@QAEKUtagRGBQUAD@@@Z
?RGBtoBGR@CxImage@@IAEXPAEH@Z
?RGBtoRGBQUAD@CxImage@@QAE?AUtagRGBQUAD@@K@Z
?Read@CxIOFile@@UAEIPAXII@Z
?Read@CxMemFile@@UAEIPAXII@Z
?Save@CxImage@@QAE_NPBDK@Z
?Seek@CxIOFile@@UAE_NJH@Z
?Seek@CxMemFile@@UAE_NJH@Z
?SetClrImportant@CxImage@@QAEXK@Z
?SetCodecOption@CxImage@@QAEXK@Z
?SetEscape@CxImage@@QAEXJ@Z
?SetFlags@CxImage@@QAEXK_N@Z
?SetFrame@CxImage@@QAEXJ@Z
?SetFrameDelay@CxImage@@QAEXK@Z
?SetGrayPalette@CxImage@@QAEXXZ
?SetJpegQuality@CxImage@@QAEXE@Z
?SetJpegScale@CxImage@@QAEXE@Z
?SetOffset@CxImage@@QAEXJJ@Z
?SetPalette@CxImage@@QAEXKPAE00@Z
?SetPalette@CxImage@@QAEXPAUrgb_color@@K@Z
?SetPalette@CxImage@@QAEXPAUtagRGBQUAD@@K@Z
?SetPaletteColor@CxImage@@QAEXEEEEE@Z
?SetPaletteColor@CxImage@@QAEXEK@Z
?SetPaletteColor@CxImage@@QAEXEUtagRGBQUAD@@@Z
?SetPixelColor@CxImage@@QAEXJJK@Z
?SetPixelColor@CxImage@@QAEXJJUtagRGBQUAD@@_N@Z
?SetPixelIndex@CxImage@@QAEXJJE@Z
?SetProgress@CxImage@@QAEXJ@Z
?SetStdPalette@CxImage@@QAEXXZ
?SetTransColor@CxImage@@QAEXUtagRGBQUAD@@@Z
?SetTransIndex@CxImage@@QAEXJ@Z
?SetXDPI@CxImage@@QAEXJ@Z
?SetYDPI@CxImage@@QAEXJ@Z
?Size@CxIOFile@@UAEJXZ
?Size@CxMemFile@@UAEJXZ
?Startup@CxImage@@IAEXK@Z
?Stretch@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@K@Z
?Stretch@CxImage@@QAEJPAUHDC__@@JJJJK@Z
?SwapIndex@CxImage@@QAEXEE@Z
?Tell@CxIOFile@@UAEJXZ
?Tell@CxMemFile@@UAEJXZ
?Tile@CxImage@@QAEJPAUHDC__@@PAUtagRECT@@@Z
?Transfer@CxImage@@QAE_NAAV1@@Z
?Write@CxIOFile@@UAEIPBXII@Z
?Write@CxMemFile@@UAEIPBXII@Z
ListCloseWindow
ListGetDetectString
ListGetPreviewBitmap
ListLoad
ListSendCommand

Sections

UPX0
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 55KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Totalcmd/Plugins/wlx/Office/MSCONV97.DLL
.dll windows:4 windows x86 arch:x86

c35de38aad4dc0bb58d2f69ffd4f7fff

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:07:11:43:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/05/2002, 00:55

Not After

25/11/2003, 01:05

Subject

CN=Microsoft Corporation,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9d:27:72:15:89:42:87:5c:8d:80:9c:90:9c:b1:53:0a:3f:48:26:9a
Signer

Actual PE Digest

9d:27:72:15:89:42:87:5c:8d:80:9c:90:9c:b1:53:0a:3f:48:26:9a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

StgOpenStorage
StgCreateDocfile
OleUninitialize
OleBuildVersion
OleInitialize

kernel32

GlobalLock
GlobalReAlloc
IsDBCSLeadByte
LocalAlloc
LocalFree
GlobalAlloc
GlobalFree
GlobalHandle
LocalLock
LocalUnlock
LocalReAlloc
LocalSize
GlobalSize
GetProcAddress
SetFilePointer
GetFileSize
DeleteFileA
MoveFileA
CloseHandle
FlushFileBuffers
GetLocalTime
GlobalUnlock
FreeLibrary
LoadLibraryA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetOEMCP
GetLastError
lstrlenW
IsValidCodePage
CreateFileA
ReadFile
WriteFile
SetEndOfFile
GetModuleFileNameA
GetWindowsDirectoryA
GetTempFileNameA
GetTempPathA
GetFileAttributesA
TerminateProcess
RaiseException
SetUnhandledExceptionFilter
FindResourceA
SizeofResource
LoadResource
LockResource
FreeResource
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetSystemTimeAsFileTime

user32

GetLastActivePopup
MessageBoxA
IsCharAlphaA
EnableWindow
wsprintfA
CharLowerA
CharUpperA
IsWindowEnabled
EnumThreadWindows
SetFocus
DialogBoxParamA
GetFocus
wvsprintfA
ReleaseDC
GetDC
OemToCharA
LoadStringA

gdi32

GetEnhMetaFileBits
DeleteEnhMetaFile
SetEnhMetaFileBits
SetMetaFileBitsEx
GetObjectType
DeleteMetaFile
GetMetaFileBitsEx

advapi32

RegOpenKeyExA
RegSetValueExA
RegEnumKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

msvcrt

_XcptFilter
__dllonexit
_except_handler3
_adjust_fdiv
malloc
_initterm
free
longjmp
memmove
_onexit

Exports

Exports

ByteToRtfHex
CbFetchLpbFromHpd
CbHplFoo
CbIntToPpch
CbLongToPpchR
CbOfH
CbReadFn
CbReadStm
CbStFromXst
CbSzz
CbULongToPpch
CbUnsToPpch
CbWriteFn
CbWriteLpbToHpd
CbWriteStm
CchFetchLpszFromHpd
CchFetchSzIszRtf
CchFormatDisplayPathSz
CchStripSz
ChLowerFromCopg
ChUpperFromCopg
CloseRtfGroup
CopyLpvFooPsd
CpgFromFsCpg
CtOfDbcsLpch
DeleteFromHpl
DelimRtfGroup
DirSet
DisableWindows
DllMain
EnableWindows
FApplyGrpprlPsdToLpv
FBltFn
FChIsLowerFromCopg
FChIsUpperFromCopg
FCloseAllFiles
FCloseAndDeleteFn
FCloseAndRenameFn
FCloseFn
FCloseHpd
FCloseStorage
FCloseStream
FCmpFn
FDeleteFn
FEnsureHpl
FEnsureOleAvail
FExpandHpl
FExportFilterCore
FFhFromFn
FFilespecFromDirSz
FFindFile
FFullPath
FFullPathEx
FGetDir
FHandlerInstalled
FImportFilterCore
FInitConvIO
FInitDll
FInitFilters
FInitHeaps
FInsertInHplCore
FIsDestIszRtf
FIsDocfileFn
FIsOpenFn
FIsSymbolIszRtf
FIsTrueLpsz
FNeHpl
FNeedsStarIdx
FOpenRootStorage
FOpenRootStorageXsz
FOpenStorage
FOpenStorageXsz
FOpenStream
FOpenStreamXsz
FReadFnPhpl
FReadFnPhq
FReallocH
FReallocHq
FRegisterClsid
FRegisterConverterClasses
FRegisterOleFileType
FRegisterPrefs
FRenameFn
FRequestFile
FSearchFntName
FSpaceOn
FStrIEq
FSurrogatePairToUCS4
FUCS4ToSurrogatePair
FWriteLpszToHpd
FcCurrFn
FcMaxFn
FcMaxStm
FcSeekFn
FcSeekStm
FcSetMaxStm
FcTruncateFn
FceCheckFormat
FceForeignToRtf
FceRtfToForeign
FeGetError
FetchCoreDllVersion
FhFromFn
FillLpFromHpl
FillLrgw
FltFromDtGrt
FltFromExtension
FnOpen
FnOpenFh
FnOpenMemory
FnOpenStm
FnOpenStmPstg
FnOutCur
FnSetOutFn
FreeFdt
FreeH
FreeHpl
FreeHq
FreeLpv
FreeLpvFooPsd
GetCbFcPch
GetDateTimePdt
GetDateTimePul
GetRWNames
GetszFmrgszRtfFntName
GrtFromDtTerminal
HAllocCbCore
HpInHpl
HpdOpenConverterKey
HpdOpenProc
HplAllocProc
HplCloneHplProc
HqAllocLcbCore
HqCloneHq
HxBltHxLpsz
HxCloneHx
HxLoadRes
ICmpLpsz
ICmpLpszCch
ICmpLpxsz
ICmpLpxszCch
ICmpLrgb
ICmpiLpsz
ICmpiLpszCch
IFromPch
IMacFromHpl
IchFindMemberLpsz
IdDialogBox
IdMessageBoxExpandRcid
IdMessageBoxRcid
IdMessageBoxSz
IdMessageBoxSzRcid
InitExceptions
IszRtfFromIdx
IszRtfFromPch
IszRtfFromSz
LcbFetchLpvFooPsd
LcbFillRtfBuffer
LcbOfHq
LcbWriteLpvFooPsd
LpInHpl
LpbFromRgbHex
LpchBltLpszCch
LpchBltLpszHx
LpchFindChCch
LpchFindLastLpszCh
LpchFindLastLpszSbch
LpchFindLpsz
LpchFindLpszCh
LpchFindLpszNc
LpchFindLpszSbch
LpchMacBltLpsz
LpchMacBltLpszCch
LpszBltLpszCch
LpszBltLpszCchMax
LpszCatLpszCch
LpszFromLong
LpszFromLpxsz
LpszFromUlong
LpszGetFmrgszRtfFntName
LpszInSzz
LpszLowerLpsz
LpszUpperLpsz
LpvAllocLcbCore
LpvLockHq
LpxchBltLpxsz
LpxchBltLpxszCch
LpxchFindLpxszNc
LpxszFromLpsz
MsoCpgFromChs
MsoFsFromWch
MsoMultiByteToWideChar
MsoWideCharToMultiByte
MsoXchToLower
MsoXchToLowerLid
MsoXchToUpper
MsoXchToUpperLid
NCalculateExportPercentComplete
NCalculateImportPercentComplete
NFetchFromHpd
NFetchPercentComplete
OpenRtfDest
OpenRtfGroup
OutB
OutBHex
OutBytes
OutEscLpsz
OutEscLrgb
OutExtBHex
OutFnFcLcbHex
OutInt
OutIszRtf
OutIszRtfInt
OutIszRtfLong
OutIszRtfUns
OutL68k
OutLong
OutLpsz
OutLx86
OutNl
OutRgb
OutRgbHex
OutRtfUc
OutRtfXch
OutW68k
OutWx86
PauseExceptions
PchFromIszRtf
PchSkipSpacesPch
PjbNextExc
PopExc
PutPInHpl
PvLockH
PxchFindXch
ResumeExceptions
RgbHexFromLpb
SendExportPercentComplete
SendImportPercentComplete
SetExportPercentOptions
SetFilterOption
SetImportPercentOptions
SetPercentComplete
SetSpace
ShrinkHpl
ShutdownProc
StFromXst
StdFlushMemory
StgRootFromFn
StmFromFn
SwapLpvFooPsd
SyncFn
SzAllocFromPxch
SzFromXsz
SzzFromSoz
ThrowExcFce
UTF8ToUnicode
UchFromPchHex
UchFromPchHexCore
UnensureOleAvail
UnicodeToUTF8
UninitConvIO
UninitDlgs
UninitFilters
UninitHeaps
UnloadResHx
UnlockH
UnlockHq
UsrAltFromUsrXchIdct
UsrBaseFromCpg
UsrFromXch
WriteHplFn
WriteHqFn
XchLowerXch
XchUpperXch
XszAllocFromPch
XszLowerXsz
XszUpperXsz

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Totalcmd/Plugins/wlx/Office/MSWRD832.CNV
.dll windows:4 windows x86 arch:x86

1c7e2317fbfc41d6ec62c19c4058f061

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

StgCreateDocfile
OleLoad
OleSave
OleConvertIStorageToOLESTREAM
CoFileTimeToDosDateTime

kernel32

FreeLibrary
LoadLibraryExA
GetLocaleInfoA
GetVersionExA
lstrcatA
LoadLibraryA
SetErrorMode
GlobalSize
lstrlenW
GetProcAddress
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
HeapSize
RaiseException
SetFilePointer
VirtualQuery
InterlockedExchange
GetSystemDefaultLangID
GetModuleFileNameA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcpynA
lstrlenA
GetStringTypeW
SetStdHandle
VirtualProtect
GetSystemInfo
FlushFileBuffers
GetOEMCP
CloseHandle
HeapReAlloc
VirtualAlloc
GetCPInfo
GetACP
GetCommandLineA
ExitProcess
GetModuleHandleA
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
HeapAlloc

user32

CharUpperA
IsCharAlphaA
CharPrevA
CharLowerA
GetDC
ReleaseDC
IsCharAlphaNumericA
IsCharUpperA
LoadStringA

gdi32

DeleteEnhMetaFile
SetMapMode
SetDIBitsToDevice
GetDeviceCaps
GetObjectType
GetWinMetaFileBits
EnumEnhMetaFile
CreateMetaFileA
EnumMetaFile
CloseMetaFile
PlayMetaFileRecord
DeleteMetaFile
GetMetaFileBitsEx
SetMetaFileBitsEx
SetEnhMetaFileBits

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

AbortForeignToRtf
AbortRtfToForeign
CchFetchLpszError
CchFetchMainStream
ConvertForeignToRtf
DllMain
FFetchSzzClasses
FFileRecognized32
FPrivateRetryMemError
FRegisterConverter
ForeignToRtf32
GetReadNames
GetWriteNames
InitConverter32
IsFormatCorrect32
RegisterApp
UninitConverter
_AbortProcessing

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Totalcmd/Plugins/wlx/Office/office.ini
Totalcmd/Plugins/wlx/Office/office.wlx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ListCloseWindow
ListLoad
ListPrint
ListSearchText
ListSendCommand

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Totalcmd/Plugins/wlx/Office2007/Office2007.wlx
.dll windows:5 windows x86 arch:x86

2aec3a4253e29cc2740a40532ecdf53e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
ReadFile
GetFileType
GetCurrentDirectoryA
GetCurrentProcess
GetProcessHeap
SetEndOfFile
GetModuleHandleA
IsValidLocale
SystemTimeToFileTime
SetFilePointer
DosDateTimeToFileTime
CloseHandle
GlobalFree
MultiByteToWideChar
MulDiv
WideCharToMultiByte
GetTickCount
FreeLibrary
lstrlenA
SetErrorMode
CreateFileA
LoadLibraryA
GetProcAddress
InitializeCriticalSection
EnumSystemLocalesA
GetUserDefaultLCID
GetLastError
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
GetCurrentThreadId
GetCommandLineA
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
RaiseException
RtlUnwind
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
HeapSize
GetLocaleInfoW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
CreateFileW

user32

DestroyWindow
GetParent
GetClientRect
CreateWindowExA
ShowWindow
PostMessageA
SetWindowTextA
SetWindowTextW
SendMessageA

gdi32

LPtoDP
DeleteDC
CreateFontA
GetDeviceCaps
DPtoLP
SetMapMode
StartDocA
EndDoc
GetStockObject
EndPage

comdlg32

PrintDlgA

advapi32

RegEnumValueA
RegOpenKeyExA
RegCloseKey

oleaut32

SysFreeString
SysAllocStringLen

Exports

Exports

ListCloseWindow
ListGetDetectString
ListLoad
ListNotificationReceived
ListPrint
ListSearchText
ListSendCommand
ListSetDefaultParams

Sections

.text
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Totalcmd/Plugins/wlx/Quicksearch/tcmatch.dll
.dll windows:5 windows x86 arch:x86

fe0a0c633291db8901eb8cb6c9228ab7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
ReadFile
GetFileSize
CreateFileA
GetModuleFileNameA
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetSystemDefaultLangID
GetFileAttributesW
QueryPerformanceCounter
GetModuleFileNameW
GetEnvironmentVariableW
GetShortPathNameW
FileTimeToSystemTime
FileTimeToLocalFileTime
FreeLibrary
GetProcAddress
LoadLibraryW
CompareStringW
CompareStringA
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
RaiseException
HeapReAlloc
HeapAlloc
RtlUnwind
FindClose
GetDriveTypeW
FindFirstFileW
GetCurrentThreadId
GetCommandLineA
LCMapStringA
LCMapStringW
GetCPInfo
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
GetACP
GetOEMCP
IsValidCodePage
WriteFile
GetStdHandle
ExitProcess
GetFullPathNameW
GetCurrentDirectoryA
HeapSize
GetModuleHandleA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetFileType
GetStartupInfoA
SetFilePointer
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetLocaleInfoW
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileW
GetDriveTypeA
SetEndOfFile
GetProcessHeap
SetEnvironmentVariableA

user32

CharLowerW

Exports

Exports

MatchFileW
MatchGetSetOptions

Sections

.text
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Totalcmd/Plugins/wlx/Quicksearch/tcmatch.ini
Totalcmd/Plugins/wlx/Quicksearch/tcmatch.tbl
Totalcmd/Plugins/wlx/SwfView/SWFView.wlx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

ListCloseWindow
ListGetDetectString
ListGetPreviewBitmap
ListLoad
ListLoadNext
ListSendCommand

Sections

Size: - Virtual size: 404KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 217KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Totalcmd/Plugins/wlx/Visualdirsize/Language/English.lng
Totalcmd/Plugins/wlx/Visualdirsize/dirsizec.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

ShowConfiguration

Sections

UPX0
Size: - Virtual size: 332KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 186KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Totalcmd/Plugins/wlx/Visualdirsize/visualdirsize.wlx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

ListCloseWindow
ListLoad
ListSetDefaultParams

Sections

UPX0
Size: - Virtual size: 468KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 270KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Totalcmd/SFXHEAD.SFX
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 15KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Totalcmd/SHARE_NT.EXE
Totalcmd/TCMADMIN.EXE
.exe windows:4 windows x86 arch:x86

e9c039b49e915df7ad58958d55c37de7

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

37:a0:b9:1e:84:74:70:cf:eb:b8:c5:a4:fb:26:56:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

26/08/2009, 00:00

Not After

26/08/2010, 23:59

Subject

CN=Ghisler Software GmbH,O=Ghisler Software GmbH,POSTALCODE=3065,STREET=Huehnerbuehlstr. 45,L=Bolligen,ST=BE,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:78:49:99:1b:99:63:3f:c9:9c:97:35:e5:08:7a:da:a4:1b:b1:d5
Signer

Actual PE Digest

0b:78:49:99:1b:99:63:3f:c9:9c:97:35:e5:08:7a:da:a4:1b:b1:d5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileWithProgressW
GetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
SetFilePointer
RemoveDirectoryW
SetVolumeLabelW
CreateDirectoryW
DeleteFileW
CopyFileExW
ConnectNamedPipe
GetCurrentThreadId
CreateFileA
WaitNamedPipeA
GetVersionExA
CreateThread
GetCurrentProcess
DisconnectNamedPipe
CreateFileW
DeviceIoControl
CloseHandle
CreateNamedPipeA
LocalFree
GetTickCount
WriteFile
PeekNamedPipe
ReadFile
Sleep
LoadLibraryA
GetProcAddress
GetLastError
SetFileAttributesW
LocalAlloc
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

user32

MessageBoxA

advapi32

SetFileSecurityW
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
SetSecurityDescriptorControl
IsValidSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetUserNameA
LookupAccountNameA
GetFileSecurityW

shell32

SHFileOperationW

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Totalcmd/TCMDLZMA.DLL
.dll windows:4 windows x86 arch:x86

5be619a7249b480dd0aa78294ba8ed23

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
VirtualFree
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLastError
WaitForSingleObject
CloseHandle
CreateEventA
SetEvent
ResetEvent
CreateSemaphoreA
ReleaseSemaphore
InitializeCriticalSection
HeapAlloc
HeapFree
CreateThread
GetCurrentThreadId
TlsSetValue
ExitThread
RtlUnwind
GetCommandLineA
GetVersion
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapReAlloc
ExitProcess
TlsAlloc
TlsFree
SetLastError
TlsGetValue
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Exports

Exports

LzmaCompress
LzmaDec_Allocate
LzmaDec_Constr
LzmaDec_DecodeToBuf
LzmaDec_Free
LzmaDec_Init
LzmaEncProps_Init
LzmaEnc_Create
LzmaEnc_Destroy
LzmaEnc_Encode
LzmaEnc_SetProps
LzmaEnc_WriteProperties
LzmaUncompress

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Totalcmd/TCMDX64.EXE
.exe windows:4 windows x64 arch:x64

72c3de96ddf20cc679ac45ffb2a3a1e4

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

37:a0:b9:1e:84:74:70:cf:eb:b8:c5:a4:fb:26:56:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

26/08/2009, 00:00

Not After

26/08/2010, 23:59

Subject

CN=Ghisler Software GmbH,O=Ghisler Software GmbH,POSTALCODE=3065,STREET=Huehnerbuehlstr. 45,L=Bolligen,ST=BE,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:b8:62:30:bf:99:34:63:58:42:21:cf:cb:4c:eb:f1:c9:2e:17:fb
Signer

Actual PE Digest

7b:b8:62:30:bf:99:34:63:58:42:21:cf:cb:4c:eb:f1:c9:2e:17:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

ord17

user32

ReleaseDC
PeekMessageA
GetMenuItemID
DestroyMenu
FillRect
GetActiveWindow
PostQuitMessage
CreatePopupMenu
GetDC
RegisterClassExA
GetMenuItemInfoA
GetMenuItemCount
CharUpperW
TranslateMessage
DefWindowProcA
DispatchMessageA
DestroyWindow
GetMenuItemInfoW
MessageBoxA
DeleteMenu
GetDesktopWindow
MessageBoxW
wsprintfW
GetSysColor
SystemParametersInfoA
CreateWindowExA

kernel32

GetStringTypeW
GetStringTypeA
ReadFile
GetModuleFileNameW
CreateThread
CreateNamedPipeA
WideCharToMultiByte
PeekNamedPipe
GetACP
ConnectNamedPipe
MultiByteToWideChar
SetErrorMode
GetTickCount
Sleep
DisconnectNamedPipe
CreateFileA
GetVersionExA
WaitNamedPipeA
GetLastError
CloseHandle
WriteFile
GetCurrentProcessId
GetProcAddress
SetFilePointer
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LoadLibraryA
LCMapStringW
LCMapStringA
GetLocaleInfoA
HeapReAlloc
IsValidCodePage
GetOEMCP
GetCPInfo
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapSize
GetSystemTimeAsFileTime
QueryPerformanceCounter
FlsAlloc
GetCurrentThreadId
SetLastError
HeapAlloc
HeapFree
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RaiseException
RtlPcToFileHeader
GetModuleHandleA
ExitProcess
GetStdHandle
GetModuleFileNameA
HeapSetInformation
HeapCreate
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
FlsGetValue
FlsSetValue
TlsFree
FlsFree

gdi32

TranslateCharsetInfo
SetBkMode
DeleteDC
DeleteObject
CreateSolidBrush
CreateDIBSection
SelectObject
CreateFontIndirectA
GetDIBits
SetBkColor
GetObjectA
GdiFlush
CreateCompatibleDC
SetTextColor

shell32

SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetMalloc

ole32

OleUninitialize
CoUninitialize
OleInitialize
CLSIDFromString
CoCreateInstance
CoInitialize

advapi32

RegEnumKeyA
RegCloseKey
RegQueryValueW
RegQueryValueA
RegOpenKeyA
RegOpenKeyW

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Totalcmd/TCUNZLIB.DLL
.dll windows:4 windows x86 arch:x86

f7dca6848e944b0b8072cfb7eed5ece0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
FindFirstFileA
CreateFileA
FindClose
ReadFile
SetFilePointer
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
HeapFree
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
RtlUnwind
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
WriteFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
InterlockedDecrement
InterlockedIncrement
FlushFileBuffers
SetStdHandle
LCMapStringA
LCMapStringW

Exports

Exports

DllMain
_DoneInflate@4
_InflateChunk@32
_StartInflate@12
_UnzipBzip2@44
_UnzipPpmd@44

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Totalcmd/TOTALCMD.EXE
.exe windows:1 windows x86 arch:x86

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

37:a0:b9:1e:84:74:70:cf:eb:b8:c5:a4:fb:26:56:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

26/08/2009, 00:00

Not After

26/08/2010, 23:59

Subject

CN=Ghisler Software GmbH,O=Ghisler Software GmbH,POSTALCODE=3065,STREET=Huehnerbuehlstr. 45,L=Bolligen,ST=BE,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c3:37:32:45:99:ca:8f:c1:33:cb:58:9f:e2:7c:56:8e:f0:03:11:f1
Signer

Actual PE Digest

c3:37:32:45:99:ca:8f:c1:33:cb:58:9f:e2:7c:56:8e:f0:03:11:f1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 407KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 6KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 592KB - Virtual size: 592KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Totalcmd/TOTALCMD.INC
Totalcmd/Temp/DEFAULT.BAR
Totalcmd/Temp/TCIGNORE.TXT
Totalcmd/Temp/USER.INI
Totalcmd/Temp/wincmd.key
Totalcmd/UNACEV2.DLL
.dll windows:1 windows x86 arch:x86

8390514c40641509cd0941c1fb7588ab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

ShellExecuteA
ShellExecuteExA

kernel32

AllocConsole
CloseHandle
CreateDirectoryA
CreateFileA
CreateProcessA
DeleteFileA
DeviceIoControl
DisableThreadLibraryCalls
DosDateTimeToFileTime
ExitProcess
ExitThread
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FindClose
FindFirstFileA
FindNextFileA
FlushFileBuffers
FreeConsole
GetCommandLineA
GetConsoleCursorInfo
GetConsoleScreenBufferInfo
GetCurrentDirectoryA
GetCurrentProcess
GetDiskFreeSpaceA
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentVariableA
GetExitCodeProcess
GetFileAttributesA
GetFileInformationByHandle
GetFileTime
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetShortPathNameA
GetStartupInfoA
GetStdHandle
GetSystemTime
GetTempPathA
GetTimeZoneInformation
GetVersion
GetVolumeInformationA
GlobalMemoryStatus
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
LCMapStringA
LoadLibraryA
LocalFileTimeToFileTime
MoveFileA
PeekConsoleInputA
ReadConsoleInputA
ReadConsoleOutputAttribute
ReadConsoleOutputA
ReadFile
RemoveDirectoryA
ScrollConsoleScreenBufferA
SearchPathA
SetConsoleCtrlHandler
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleScreenBufferSize
SetConsoleWindowInfo
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetFileAttributesA
SetFilePointer
SetFileTime
SetHandleCount
SetStdHandle
Sleep
SystemTimeToFileTime
TerminateProcess
VirtualAlloc
VirtualFree
WaitForSingleObject
WriteConsoleOutputA
WriteConsoleOutputCharacterA
WriteFile

advapi32

RegCloseKey
RegCreateKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

gdi32

CreateFontA
DeleteObject

user32

CharToOemBuffA
CreateDialogParamA
DestroyWindow
DialogBoxParamA
DispatchMessageA
EnableWindow
EndDialog
GetDlgItem
GetDlgItemTextA
GetKeyState
GetWindowTextA
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
MessageBeep
MessageBoxA
OemToCharBuffA
PeekMessageA
SendDlgItemMessageA
SetCursor
SetDlgItemTextA
SetFocus
SetTimer
SetWindowTextA
ShowCursor
ShowWindow
TranslateMessage

Exports

Exports

ACEExtract
ACEInitDll
ACEList
ACEReadArchiveData
ACETest
___DllMainCRTStartup@12

Sections

AUTO
Size: 59KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DGROUP
Size: 4KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 210KB - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Totalcmd/UNRAR.DLL
.dll windows:4 windows x86 arch:x86

b4d076238051fcc22607f17c728e83bc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetFileSecurityA
SetFileSecurityW

kernel32

CloseHandle
CompareStringA
CompareStringW
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DeleteCriticalSection
DeleteFileA
DeleteFileW
DeviceIoControl
EnterCriticalSection
ExitProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetCPInfo
GetCurrentProcess
GetCurrentThreadId
GetEnvironmentStrings
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetSystemTime
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
InitializeCriticalSection
IsDBCSLeadByte
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LocalFileTimeToFileTime
MoveFileA
MultiByteToWideChar
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
Sleep
SystemTimeToFileTime
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WideCharToMultiByte
WriteFile

user32

CharLowerA
CharLowerW
CharToOemA
CharToOemBuffA
CharUpperA
CharUpperW
EnumThreadWindows
MessageBoxA
OemToCharA
OemToCharBuffA
wsprintfA

Exports

Exports

RARCloseArchive
RARGetDllVersion
RAROpenArchive
RAROpenArchiveEx
RARProcessFile
RARProcessFileW
RARReadHeader
RARReadHeaderEx
RARSetCallback
RARSetChangeVolProc
RARSetPassword
RARSetProcessDataProc
___CPPdebugHook

Sections

.text
Size: 138KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Totalcmd/USERCMD.INI
Totalcmd/WC32TO16.EXE
Totalcmd/WCMICONS.DLL
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 623KB - Virtual size: 623KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Totalcmd/WCMICONS.INC
Totalcmd/WCMZIP32.DLL
.dll windows:4 windows x86 arch:x86

f8b8f7b7ac5f9d18bec26bf18529430f

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7d:6d:8a:1e:e5:d0:8c:18:f0:72:f8:63:31:39:fb:7a
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

09/03/2007, 00:00

Not After

07/04/2009, 23:59

Subject

CN=C. Ghisler & Co.,OU=DEVELOPMENT,O=C. Ghisler & Co.,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

49:7e:93:33:ed:f9:48:ba:ef:15:60:85:b8:91:84:49:84:04:ec:4b
Signer

Actual PE Digest

49:7e:93:33:ed:f9:48:ba:ef:15:60:85:b8:91:84:49:84:04:ec:4b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

QueryPerformanceCounter
CreateMutexA
ReleaseMutex
WaitForSingleObject
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
EnterCriticalSection
LeaveCriticalSection
GetLastError
CloseHandle
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
RtlUnwind
FlushFileBuffers
WriteFile
ReadFile
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
CreateFileA
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
InterlockedDecrement
InterlockedIncrement
SetEndOfFile
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

IsDialogMessageA
TranslateMessage
DispatchMessageA
SendMessageA
PeekMessageA

Exports

Exports

_DecryptAESMemoryCBC@16
_DecryptZipAES@12
_DeflateChunk@32
_DoneDeflate@4
_EncryptAESMemoryCBC@20
_EncryptZipAES@12
_EndZipAES@8
_GetKeys@12
_GetRandomData@8
_InitZipAES@24
_SetPassCryptAES@12
_StartDeflate@12
_UpdateOnlyCrc@12
_file_compress@24

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Totalcmd/Wincmd.ini
Totalcmd/使用手册.doc
.doc windows office2003
Totalcmd/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

24443a39fe269254c2d4374dee7b22b6

Headers

File Characteristics

Imports

user32

kernel32

Exports

Exports

Sections

BEGTEXT Size: 35KB - Virtual size:

DGROUP Size: 2KB - Virtual size:

.bss Size: 11KB - Virtual size:

.idata Size: 1024B - Virtual size:

.edata Size: 512B - Virtual size:

.reloc Size: 2KB - Virtual size:

31a233890b0ca744a835a871a3f0de57

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 2KB - Virtual size: 2KB

.data Size: 32B - Virtual size: 8B

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 256B - Virtual size: 246B

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 3KB - Virtual size: 3KB

DATA Size: 512B - Virtual size: 128B

BSS Size: - Virtual size: 1KB

.idata Size: 1024B - Virtual size: 704B

.edata Size: 512B - Virtual size: 88B

.reloc Size: 512B - Virtual size: 372B

.rsrc Size: 512B - Virtual size:

Headers

File Characteristics

Sections

.rsrc Size: 1.6MB - Virtual size: 1.6MB

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 165B

.rsrc Size: 14KB - Virtual size: 14KB

.reloc Size: 512B - Virtual size: 8B

2af0eb9402509601fcca1ec65ff3f853

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

oleaut32

Exports

Exports

Sections

.text Size: 215KB - Virtual size: 215KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: 12KB - Virtual size: 28KB

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 17KB - Virtual size: 17KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 644KB

UPX1 Size: 376KB - Virtual size: 380KB

.rsrc Size: 4KB - Virtual size: 8KB

BEGTEXT
Size: 35KB - Virtual size:

DGROUP
Size: 2KB - Virtual size:

.bss
Size: 11KB - Virtual size:

.idata
Size: 1024B - Virtual size:

.edata
Size: 512B - Virtual size:

.reloc
Size: 2KB - Virtual size:

.text
Size: 2KB - Virtual size: 2KB

.data
Size: 32B - Virtual size: 8B

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 256B - Virtual size: 246B

CODE
Size: 3KB - Virtual size: 3KB

DATA
Size: 512B - Virtual size: 128B

BSS
Size: - Virtual size: 1KB

.idata
Size: 1024B - Virtual size: 704B

.edata
Size: 512B - Virtual size: 88B

.reloc
Size: 512B - Virtual size: 372B

.rsrc
Size: 512B - Virtual size:

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 512B - Virtual size: 165B

.rsrc
Size: 14KB - Virtual size: 14KB

.reloc
Size: 512B - Virtual size: 8B

.text
Size: 215KB - Virtual size: 215KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 12KB - Virtual size: 28KB

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 17KB - Virtual size: 17KB

UPX0
Size: - Virtual size: 644KB

UPX1
Size: 376KB - Virtual size: 380KB

.rsrc
Size: 4KB - Virtual size: 8KB

UPX0
Size: - Virtual size: 60KB

UPX1
Size: 32KB - Virtual size: 32KB

.rsrc
Size: 1KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 5.0MB

UPX1
Size: 63KB - Virtual size: 64KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 56KB - Virtual size: 52KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 912B

.reloc
Size: 8KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 56KB

UPX1
Size: 33KB - Virtual size: 36KB

UPX2
Size: 512B - Virtual size: 4KB

UPX0
Size: - Virtual size: 52KB

UPX1
Size: 21KB - Virtual size: 24KB

.rsrc
Size: 1KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 92KB

UPX1
Size: 48KB - Virtual size: 52KB

.rsrc
Size: 1KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 40KB