54656f699e4f4800be2a10a86b75ead3

Sharing

Copy URL Twitter E-mail

General

Target

54656f699e4f4800be2a10a86b75ead3
Size

3.9MB
MD5

54656f699e4f4800be2a10a86b75ead3
SHA1

7a8b336e53bbcc98e34e43f05917ef4f0a51e5bf
SHA256

a83f37edb4a0f290f515a1941e81179331d11e432af54b8b128b80bff4f9b007
SHA512

a847b95c2896ba76f3886b70b8db11021cd4809aa171860f0f913d5ab537b7f7588a29d1cf8e418804da105c6fb7ad8ed5eb440244cc6c82b9eed547f2b46913
SSDEEP

98304:SYg2a+FwQkTA8LGncgeV9KTmmHpjCXeojGYEegA:22aUz+nGt/t9C+Kx

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 6 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/Plugins/Wdx/TextLine/TextLine.wdx	acprotect
static1/unpack001/Plugins/Wfx/procfs/PROCFS.wfx	acprotect
static1/unpack001/Plugins/Wfx/uninst/UnInstTC.wfx	acprotect
static1/unpack001/Plugins/Wlx/Imagine/Imagine.dll	acprotect
static1/unpack001/Plugins/Wlx/mmedia/mmedia.wlx	acprotect
static1/unpack001/Plugins/wlx/SWFView.wlx	acprotect

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Plugins/Wcx/rar/Default.SFX	upx
static1/unpack001/Plugins/Wdx/TextLine/TextLine.wdx	upx
static1/unpack001/Plugins/Wfx/procfs/PROCFS.wfx	upx
static1/unpack001/Plugins/Wfx/uninst/UnInstTC.wfx	upx
static1/unpack001/Plugins/Wlx/Imagine/Imagine.dll	upx
static1/unpack001/Plugins/Wlx/mmedia/mmedia.wlx	upx
static1/unpack001/TCscheme.exe	upx

Unsigned PE 55 IoCs

Checks for missing Authenticode signature.

resource
54656f699e4f4800be2a10a86b75ead3
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/CABRK.DLL
unpack001/FRERES32.DLL
unpack001/NoClose.pif
unpack001/Plugins/Wcx/7zip/7zip.wcx
unpack001/Plugins/Wcx/iso/iso.wcx
unpack001/Plugins/Wcx/rar/Default.SFX
unpack002/out.upx
unpack001/Plugins/Wcx/rar/Rar.exe
unpack001/Plugins/Wdx/CDocProp/CDocProp.wdx
unpack001/Plugins/Wdx/Exif/exif.wdx
unpack001/Plugins/Wdx/FileDiz/FileDiz.wdx
unpack001/Plugins/Wdx/ShellDetails/ShellDetails.wdx
unpack001/Plugins/Wdx/TextLine/TextLine.wdx
unpack001/Plugins/Wfx/Registry/registry.wfx
unpack001/Plugins/Wfx/procfs/PROCFS.wfx
unpack004/out.upx
unpack001/Plugins/Wfx/uninst/UnInstTC.wfx
unpack005/out.upx
unpack001/Plugins/Wlx/Imagine/Imagine.dll
unpack006/out.upx
unpack001/Plugins/Wlx/Imagine/Imagine.exe
unpack001/Plugins/Wlx/Imagine/Imagine.wcx
unpack001/Plugins/Wlx/Imagine/Imagine.wlx
unpack001/Plugins/Wlx/ieview/ieview.wlx
unpack001/Plugins/Wlx/mmedia/mmedia.wlx
unpack007/out.upx
unpack001/Plugins/Wlx/nfoviewer/nfoviewer.wlx
unpack001/Plugins/Wlx/office/office.wlx
unpack001/Plugins/wfx/StartupGuard.wfx
unpack001/Plugins/wfx/wincefs.wfx
unpack001/Plugins/wlx/SWFView.wlx
unpack001/TCMDLZMA.DLL
unpack001/TCUNZLIB.DLL
unpack001/TCscheme.exe
unpack001/Themes/DrvCst.dll
unpack001/Themes/DrvCtn.dll
unpack001/Themes/DrvXP.dll
unpack001/Themes/FileCst.dll
unpack001/Themes/FileCtn.dll
unpack001/Themes/FileXP.dll
unpack001/Themes/TBCst.dll
unpack001/Themes/TBCtn.dll
unpack001/Themes/TBXP.dll
unpack001/Tools/F4Menu/F4Menu.exe
unpack001/UNACEV2.DLL
unpack001/UNRAR.DLL
unpack001/WCMICONS.DLL
unpack001/sfxhead.sfx
unpack001/tcmatch.dll
unpack001/uninst.exe
unpack009/$PLUGINSDIR/LangDLL.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_1

Files

54656f699e4f4800be2a10a86b75ead3
.exe windows:4 windows x86 arch:x86

9632e80596371cfa7f563f680f3c4498

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

kernel32

SetErrorMode
GetExitCodeProcess
WaitForSingleObject
ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcmpiA
FindNextFileA
DeleteFileA
FindFirstFileA
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetModuleHandleA
ExitProcess
lstrcpynA
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GetVersion
GlobalUnlock
GlobalLock
GlobalAlloc
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
EnterCriticalSection
Sleep
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
GlobalFree
LoadLibraryA
GetProcAddress
CreateThread
FreeLibrary
MultiByteToWideChar
GetCurrentProcess
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
MulDiv
CopyFileA

user32

CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
ExitWindowsEx
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
PostQuitMessage

gdi32

GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateBrushIndirect
CreateFontA
SetBkMode
SetTextColor
SetBkColor
SelectObject

advapi32

RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyA
RegCloseKey

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

3764e6c387ce3c76b39936a24d523dce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileIntA
MultiByteToWideChar
GetPrivateProfileStringA
MulDiv
lstrcmpiA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GetModuleHandleA
GlobalAlloc

user32

PtInRect
MapWindowPoints
GetDlgCtrlID
LoadIconA
LoadImageA
LoadCursorA
CreateWindowExA
GetDC
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
EnableWindow
SendMessageA
SetWindowTextA
GetWindowTextA
wsprintfA
CharNextA
SetWindowLongA

gdi32

SetTextColor
CreateCompatibleDC
SelectObject
GetTextMetricsA
GetTextExtentPoint32A
DeleteDC
DeleteObject

comdlg32

GetOpenFileNameA
CommDlgExtendedError
GetSaveFileNameA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

ee01c5cc33cdb3294484fc93e41c14ad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
GlobalAlloc
GetModuleHandleA
lstrcpynA
lstrcmpA
MulDiv
lstrcpyA
GlobalFree

user32

LoadIconA
SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
DialogBoxParamA
GetDC
ShowWindow
EndDialog
SendMessageA

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 681B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 242B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

445ca064c668ebcb89957d525a8bef23

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalSize
GlobalFree
lstrcpyA
lstrcpynA
FreeLibrary
GetModuleHandleA
LoadLibraryA
GetProcAddress
lstrcatA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 478B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$TEMP/DrvCst.bmp
$TEMP/DrvCtn.bmp
$TEMP/DrvXP.bmp
$TEMP/FileCst.bmp
$TEMP/FileCtn.bmp
$TEMP/FileOrg.bmp
$TEMP/FileXP.bmp
$TEMP/TBCST.BMP
$TEMP/TBCtn.bmp
$TEMP/TBOrg.bmp
$TEMP/TBXP.bmp
$TEMP/drvOrg.bmp
$TEMP/face.ini
CABRK.DLL
.dll windows:1 windows x86 arch:x86

24443a39fe269254c2d4374dee7b22b6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

GetActiveWindow
MessageBoxA
wsprintfA

kernel32

CloseHandle
CreateEventA
CreateFileA
CreateMutexA
CreateThread
ExitProcess
ExitThread
GetCommandLineA
GetCurrentThreadId
GetCurrentThread
GetEnvironmentStrings
GetFileType
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStdHandle
GetVersion
LoadLibraryA
ReleaseMutex
SetConsoleCtrlHandler
SetEvent
SetStdHandle
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualAlloc
VirtualFree
WaitForSingleObject
WriteFile

Exports

Exports

_zFCIFDIGetErrno
_zFCIFDISetErrno
_zFDICopy
_zFDICreate
_zFDIDestroy
_zFDIIsCabinet

Sections

BEGTEXT
Size: 35KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DGROUP
Size: 2KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 11KB - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CGLPT64.SYS
.sys windows:6 windows x64 arch:x64

0f4173f7aa6a0a88d6b52a51ad811216

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:cb:fd:b3:b2:25:d4:fd:03:c7:6c:8e:b7:8f:36:85
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

11/05/2010, 00:00

Not After

11/05/2011, 23:59

Subject

CN=Ghisler Software GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e3:2f:35:53:db:7c:25:92:d3:3b:98:0b:89:b2:4a:22:26:5b:84:35
Signer

Actual PE Digest

e3:2f:35:53:db:7c:25:92:d3:3b:98:0b:89:b2:4a:22:26:5b:84:35

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoWriteErrorLogEntry
swprintf
IoAllocateErrorLogEntry
DbgPrint
ExAllocatePoolWithTag
IoGetConfigurationInformation
IoBuildDeviceIoControlRequest
IoDeleteSymbolicLink
ExFreePoolWithTag
IoRegisterPlugPlayNotification
KeInitializeMutex
RtlInitUnicodeString
RtlIntegerToUnicodeString
IoDeleteDevice
KeInitializeEvent
KeReleaseMutex
IoGetDeviceObjectPointer
IoCreateUnprotectedSymbolicLink
IoUnregisterPlugPlayNotification
RtlAppendUnicodeStringToString
KeWaitForSingleObject
IoGetDeviceInterfaces
ObfDereferenceObject
IoCreateDevice
IofCallDriver
IofCompleteRequest
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
KeReadStateEvent
IoCancelIrp
KeDelayExecutionThread
KeQueryTimeIncrement
KeBugCheckEx

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CGLPT9X.VXD
CGLPTNT.SYS
.sys windows:5 windows x86 arch:x86

a1aafec5128ab759a4e2c7c3e94b392b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:cb:fd:b3:b2:25:d4:fd:03:c7:6c:8e:b7:8f:36:85
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

11/05/2010, 00:00

Not After

11/05/2011, 23:59

Subject

CN=Ghisler Software GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

55:f0:36:0a:b0:38:7d:85:9d:2e:a1:7c:e6:f5:37:3b:f8:ec:48:d3
Signer

Actual PE Digest

55:f0:36:0a:b0:38:7d:85:9d:2e:a1:7c:e6:f5:37:3b:f8:ec:48:d3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteDevice
ObfDereferenceObject
IoCreateDevice
ExFreePool
IoGetDeviceObjectPointer
RtlAppendUnicodeStringToString
ExAllocatePoolWithTag
RtlIntegerToUnicodeString
RtlInitUnicodeString
KeWaitForSingleObject
IofCallDriver
IoCreateUnprotectedSymbolicLink
KeInitializeEvent
IofCompleteRequest
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
IoDeleteSymbolicLink
IoCancelIrp
KeReadStateEvent
KeDelayExecutionThread
KeTickCount
KeQueryTimeIncrement
_allmul
wcslen
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
IoBuildDeviceIoControlRequest
IoGetConfigurationInformation

hal

READ_PORT_UCHAR
KfRaiseIrql
KfLowerIrql
WRITE_PORT_UCHAR

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 288B - Virtual size: 262B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FAQ.txt
FRERES32.DLL
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetFreeSystemResources32

Sections

CODE
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Keyboard_chs.txt
Keyboard_eng.TXT
Language/Wcmd_chs.lng
Language/Wcmd_chs.mnu
Language/Wcmd_eng.mnu
NoClose.ini
NoClose.pif
.exe windows:4 windows x86 arch:x86

4755901ae85dc368a090bd71a9aecb78

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3401
ord3830
ord3831
ord3346
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord1105
ord926
ord6877
ord1200
ord2764
ord860
ord858
ord924
ord4129
ord537
ord5683
ord5572
ord2915
ord1576
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord815
ord540
ord941
ord800
ord3825
ord825
ord1168

msvcrt

_except_handler3
_controlfp
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
__p___argc
__p___argv
strstr
_mbsicmp
__CxxFrameHandler
_setmbcp
_stricmp
__set_app_type

kernel32

CreateProcessA
ExpandEnvironmentStringsA
GetPrivateProfileStringA
GetPrivateProfileSectionA
Sleep
GetPrivateProfileIntA
GetVersion
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
CloseHandle
WaitForSingleObject
GetModuleHandleA
GetStartupInfoA
GetCommandLineA

user32

GetAsyncKeyState
GetMessageA
PostThreadMessageA

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Plugins/Wcx/7zip/7zip.wcx
.dll windows:5 windows x86 arch:x86

2af0eb9402509601fcca1ec65ff3f853

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ResetEvent
MoveFileA
GetVersionExA
CloseHandle
FileTimeToLocalFileTime
GetSystemTime
DeleteFileA
CreateThread
lstrcatA
WritePrivateProfileStringA
CreateFileA
FindResourceA
SetFilePointer
FreeLibrary
LoadResource
UpdateResourceA
ExpandEnvironmentStringsA
SizeofResource
ReadFile
LockResource
BeginUpdateResourceA
LoadLibraryExA
EnumResourceNamesA
EndUpdateResourceA
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
LoadLibraryA
GetFullPathNameA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetModuleFileNameA
lstrcpyA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetFileTime
GetLastError
SetLastError
SetFileAttributesA
GetTempFileNameA
RemoveDirectoryA
GetTempPathA
FindFirstFileA
FindClose
FindNextFileA
GetFileSize
SetEndOfFile
WriteFile
GetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
WaitForMultipleObjects
GlobalMemoryStatus
GetSystemInfo
GetModuleHandleA
VirtualFree
VirtualAlloc
InitializeCriticalSection
CreateSemaphoreA
ReleaseSemaphore
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
ExitProcess
HeapSize
Sleep
HeapReAlloc
HeapDestroy
HeapCreate
FileTimeToSystemTime
CreateEventA
SetEvent
WaitForSingleObject
SystemTimeToFileTime
LCMapStringW
LCMapStringA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
IsValidCodePage
GetOEMCP
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
ExitThread
GetCommandLineA
RaiseException
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP

user32

CharUpperA
CharLowerW
CharLowerA
IsWindowUnicode
CharUpperW
SetWindowTextW
GetWindowRect
SendDlgItemMessageA
LoadIconA
SetWindowLongA
InvalidateRect
GetWindowLongA
GetDlgItem
EndDialog
SendDlgItemMessageW
SetWindowPos
CheckDlgButton
IsDlgButtonChecked
SetWindowTextA
EnableWindow
GetDlgCtrlID
GetDlgItemTextA
SetDlgItemTextA
DialogBoxParamA
EnumChildWindows

gdi32

SetBkMode
DeleteObject
GetObjectA
GetStockObject
CreateFontIndirectA

shell32

ExtractIconA
ShellExecuteA

oleaut32

VariantCopy
VariantClear
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString

Exports

Exports

CanYouHandleThisFile
CloseArchive
ConfigurePacker
DeleteFiles
GetPackerCaps
GetPackerFileExt
OpenArchive
PackFiles
ProcessFile
ReadHeader
ReadHeaderEx
SetChangeVolProc
SetProcessDataProc

Sections

.text
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/Wcx/7zip/lang/SChinese.lng
Plugins/Wcx/7zip/lang/english.lng
Plugins/Wcx/7zip/readme.txt
Plugins/Wcx/iso/iso.wcx
.dll windows:4 windows x86 arch:x86

052a7fcfc875977687c706089aa04dc2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapDestroy
HeapCreate
CloseHandle
CreateFileA
HeapAlloc
HeapReAlloc
HeapFree
lstrcmpiA
lstrcmpA
lstrcpynA
ReadFile
SetFilePointer
FileTimeToDosDateTime
SystemTimeToFileTime
lstrlenA
lstrcatA
lstrcpyA
WideCharToMultiByte
GetACP
SetFileTime
LocalFileTimeToFileTime
WriteFile

Exports

Exports

CanYouHandleThisFile
CloseArchive
GetPackerCaps
OpenArchive
ProcessFile
ReadHeader
SetChangeVolProc
SetProcessDataProc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 887B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 257B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/Wcx/iso/iso_read.txt
Plugins/Wcx/rar/Default.SFX
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 43KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Plugins/Wcx/rar/Rar.exe
.exe windows:5 windows x86 arch:x86

4557b502e756a3acfc77d7bd38f2078e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
GetCurrentDirectoryA
CloseHandle
GetCurrentProcess
CreateFileW
BackupRead
BackupSeek
SetFileTime
MoveFileA
FlushFileBuffers
SetFilePointer
SetEndOfFile
GetFileTime
GetFileType
CreateFileA
ReadFile
WriteFile
GetDriveTypeA
GetDiskFreeSpaceA
GetProcAddress
GetModuleHandleA
GetFileAttributesA
GetFileAttributesW
SetFileAttributesA
SetFileAttributesW
GetFullPathNameA
GetFullPathNameW
MoveFileW
DeleteFileA
DeleteFileW
RemoveDirectoryA
RemoveDirectoryW
DeviceIoControl
CreateDirectoryA
CreateDirectoryW
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
FindClose
FindNextFileA
FindFirstFileA
GetLastError
FindFirstFileW
GetVersionExA
CreateThread
ExitThread
GetProcessAffinityMask
WaitForSingleObject
SetEvent
ResetEvent
WaitForMultipleObjects
CreateEventA
GetModuleFileNameA
SetErrorMode
FreeLibrary
LoadLibraryA
LoadLibraryExA
CompareStringA
SetThreadPriority
GetCurrentThread
SetPriorityClass
SetCurrentDirectoryA
LocalFileTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
IsDBCSLeadByte
GetCPInfo
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
SetEnvironmentVariableA
GetLocaleInfoA
FormatMessageA
LocalFree
SetConsoleCtrlHandler
Sleep
GetTickCount
GetSystemTime
SystemTimeToFileTime
GetStdHandle
GetConsoleMode
SetConsoleMode
FindNextFileW
ReadConsoleA
GetStringTypeW
GetStringTypeA
GetConsoleCP
HeapFree
HeapReAlloc
HeapAlloc
RtlUnwind
GetModuleHandleW
ExitProcess
GetSystemTimeAsFileTime
GetCommandLineA
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
RaiseException
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetVersion
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId

user32

CharUpperW
CharLowerW
ExitWindowsEx
CharLowerA
LoadStringA
CharUpperA
CharToOemBuffA
OemToCharA
OemToCharBuffA
CharToOemA

advapi32

RegQueryValueExA
RegCloseKey
GetFileSecurityW
GetFileSecurityA
GetSecurityDescriptorLength
SetFileSecurityW
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHFileOperationA

Sections

.text
Size: 297KB - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/Wdx/CDocProp/CDocProp.ini
Plugins/Wdx/CDocProp/CDocProp.wdx
.dll windows:4 windows x86 arch:x86

5b9573801bfa07dc637756e07b7def2f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileStringA
GetModuleFileNameA
FileTimeToSystemTime
FileTimeToLocalFileTime
MultiByteToWideChar
GetPrivateProfileIntA
WideCharToMultiByte
LCMapStringW
LCMapStringA
HeapFree
HeapAlloc
InterlockedDecrement
InterlockedIncrement
GetLastError
RtlUnwind
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
VirtualAlloc
HeapReAlloc
IsBadWritePtr
GetProcAddress
GetModuleHandleA
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
GetCPInfo
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
LoadLibraryA
GetStringTypeA
GetStringTypeW

ole32

StgOpenStorage
StgOpenStorageEx

Exports

Exports

ContentGetDetectString
ContentGetSupportedField
ContentGetSupportedFieldFlags
ContentGetValue
ContentGetValueW
ContentSetDefaultParams
ContentSetValue
ContentSetValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/Wdx/CDocProp/ReadMe.txt
Plugins/Wdx/Exif/ReadMe.txt
Plugins/Wdx/Exif/exif.wdx
.dll windows:4 windows x86 arch:x86

6420fae7f8429416821876766592413a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
SetFilePointer
CloseHandle
ReadFile
CreateFileA
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcAddress
GetModuleHandleA
ExitProcess
TerminateProcess
GetCurrentProcess
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
MultiByteToWideChar
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
EnterCriticalSection
LeaveCriticalSection
GetACP
GetOEMCP
GetCPInfo
HeapReAlloc
InitializeCriticalSection
RtlUnwind
InterlockedExchange
LoadLibraryA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetStdHandle
LCMapStringA
LCMapStringW
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
FlushFileBuffers

Exports

Exports

ContentGetDetectString
ContentGetSupportedField
ContentGetValue
ContentSetDefaultParams

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/Wdx/FileDiz/FileDiz.ini
Plugins/Wdx/FileDiz/FileDiz.wdx
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

ContentGetDetectString
ContentGetSupportedField
ContentGetValue

Sections

CODE
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 721B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 890B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Plugins/Wdx/FileDiz/Readme.txt
Plugins/Wdx/ShellDetails/ShellDetails.wdx
.dll windows:4 windows x86 arch:x86

997180d811fa4c428f936beab32181eb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rpcrt4

UuidFromStringA

kernel32

WritePrivateProfileStringA
FreeEnvironmentStringsA
GetEnvironmentStrings
FindFirstFileA
GetProcAddress
FindClose
LoadLibraryA
GetVersionExA
CloseHandle
GetPrivateProfileStringA
WriteFile
GetCommandLineA
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileSectionNamesA
WideCharToMultiByte
WaitForSingleObject
CreateSemaphoreA
ReleaseSemaphore
SystemTimeToFileTime
GetWindowsDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
IsBadReadPtr
SetUnhandledExceptionFilter
HeapSize
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
TlsAlloc
SetLastError
GetLastError
IsBadCodePtr
TlsFree
TlsSetValue
TlsGetValue
LCMapStringA
LCMapStringW
GetACP
GetOEMCP
GetCPInfo
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoA
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
IsBadWritePtr
InterlockedExchange
InitializeCriticalSection

shell32

ord16
ord155
SHGetDesktopFolder

ole32

CoInitialize
StringFromGUID2
CoUninitialize

oleaut32

SysFreeString
VariantTimeToSystemTime

Exports

Exports

ContentGetSupportedField
ContentGetValue
ContentSetDefaultParams

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/Wdx/ShellDetails/readme.htm
.html
Plugins/Wdx/TextLine/TextLine.ini
Plugins/Wdx/TextLine/TextLine.wdx
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

ContentGetSupportedField
ContentGetValue

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Plugins/Wfx/Registry/English.lng
Plugins/Wfx/Registry/Forensic.txt
Plugins/Wfx/Registry/Readme_eng.txt
Plugins/Wfx/Registry/SimplifiedChinese.lng
Plugins/Wfx/Registry/registry.wfx
.dll windows:5 windows x86 arch:x86

17028dddae9d975f049ae385f6f25011

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathMatchSpecW

comctl32

ImageList_Create
ImageList_Destroy
ImageList_ReplaceIcon

kernel32

LoadLibraryA
LoadResource
FindResourceExA
FindResourceA
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalAlloc
GetCurrentThreadId
GetTickCount
GlobalUnlock
GlobalLock
SetLastError
Sleep
DisableThreadLibraryCalls
GetPrivateProfileIntW
GetTempFileNameW
GetTempPathW
MulDiv
GetLastError
SetFilePointer
CreateThread
LocalFileTimeToFileTime
SystemTimeToFileTime
WriteFile
LocalFree
FlushFileBuffers
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
RtlUnwind
InitializeCriticalSectionAndSpinCount
LCMapStringA
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetProcAddress
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
LCMapStringW
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
HeapDestroy
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RaiseException
GetModuleHandleA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
GetFileAttributesW
InterlockedDecrement
InterlockedIncrement
HeapAlloc
HeapFree
FreeLibrary
WaitForSingleObject
WritePrivateProfileStringW
GetPrivateProfileStringW
GetModuleFileNameW
FindClose
ReadFile
GetCurrentProcess
CloseHandle
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
CreateFileW
CreateFileA
DeleteFileW
RemoveDirectoryA
RemoveDirectoryW
MultiByteToWideChar
WideCharToMultiByte
GetVersionExA
QueryPerformanceCounter

user32

SetWindowLongW
SetDlgItemInt
ChildWindowFromPoint
LoadImageA
DestroyIcon
GetSystemMetrics
LoadImageW
ModifyMenuW
EnableMenuItem
GetDlgItemInt
SetTimer
BringWindowToTop
CreateDialogIndirectParamW
SetWindowPos
DialogBoxIndirectParamW
LoadIconA
GetWindowDC
ReleaseDC
GetWindowLongA
GetDlgItemTextA
GetWindowTextW
DestroyWindow
FindWindowA
MessageBoxA
EnumDisplaySettingsA
FindWindowW
ShowWindow
FindWindowExW
MessageBoxW
GetDlgItemTextW
IsClipboardFormatAvailable
GetClipboardData
CallWindowProcA
MessageBeep
EndDialog
SetWindowTextW
GetSystemMenu
RemoveMenu
KillTimer
LoadMenuW
GetSubMenu
SetMenuDefaultItem
GetCursorPos
ClientToScreen
TrackPopupMenu
DestroyMenu
UnhookWindowsHookEx
SetWindowsHookExA
IsDialogMessageA
CallNextHookEx
LoadCursorA
SetCursor
SendMessageA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsDlgButtonChecked
CheckDlgButton
EnableWindow
CharLowerBuffW
WaitForInputIdle
SetFocus
DragDetect
SetCapture
DefWindowProcA
ReleaseCapture
GetCaretPos
GetParent
BeginPaint
GetSysColorBrush
FillRect
GetSysColor
DrawTextA
DrawTextW
EndPaint
GetKeyState
SetDlgItemTextW
SetDlgItemTextA
GetScrollInfo
SetScrollPos
GetClientRect
PtInRect
SetScrollInfo
ShowScrollBar
EnableScrollBar
RedrawWindow
SetCaretPos
ShowCaret
DestroyCaret
CreateCaret
SendMessageW
SetWindowLongA
GetTopWindow
ScreenToClient
GetWindow
GetDlgItem
IsWindow
GetWindowRect
MoveWindow
SetForegroundWindow

gdi32

CreateFontA
GetDeviceCaps
CreateCompatibleBitmap
CreateCompatibleDC
GetTextExtentPoint32A
GetCharWidthA
SetBkColor
SetBoundsRect
DeleteDC
DeleteObject
BitBlt
SetTextColor
TextOutA
SelectObject

advapi32

RegCloseKey
RegCreateKeyExW
RegSaveKeyW
RegRestoreKeyW
RegSetValueExW
RegDeleteValueW
RegQueryInfoKeyA
RegConnectRegistryW
RegOpenKeyW
RegEnumValueW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegDeleteKeyW
RegOpenKeyExW
RegEnumKeyExW

shell32

SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteExA

Exports

Exports

FsContentGetDefaultSortOrder
FsContentGetDefaultView
FsContentGetDefaultViewW
FsContentGetSupportedField
FsContentGetSupportedFieldFlags
FsContentGetValue
FsContentGetValueW
FsDeleteFile
FsDeleteFileW
FsExecuteFile
FsExecuteFileW
FsExtractCustomIcon
FsExtractCustomIconW
FsFindClose
FsFindFirst
FsFindFirstW
FsFindNext
FsFindNextW
FsGetDefRootName
FsGetFile
FsGetFileW
FsInit
FsInitW
FsMkDir
FsMkDirW
FsPutFile
FsPutFileW
FsRemoveDir
FsRemoveDirW
FsRenMovFile
FsRenMovFileW
FsSetDefaultParams
FsStatusInfo

Sections

.text
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/Wfx/Registry/registry_vk.ini
Plugins/Wfx/procfs/PROCFS.wfx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

FsDeleteFile
FsExecuteFile
FsExtractCustomIcon
FsFindClose
FsFindFirst
FsFindNext
FsGetDefRootName
FsGetFile
FsInit
FsStatusInfo

Sections

UPX0
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Plugins/Wfx/procfs/readme.txt
Plugins/Wfx/uninst/Language/English.lng
Plugins/Wfx/uninst/Language/SChinese.lng
Plugins/Wfx/uninst/ReadMe.txt
Plugins/Wfx/uninst/UnInstTC.wfx
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

FsDeleteFile
FsExecuteFile
FsExtractCustomIcon
FsFindClose
FsFindFirst
FsFindNext
FsGetDefRootName
FsGetFile
FsInit
FsSetDefaultParams

Sections

UPX0
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 39KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Plugins/Wlx/Imagine/Imagine.dll
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetPluginInterface

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 488KB - Virtual size: 492KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 911KB - Virtual size: 911KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/Wlx/Imagine/Imagine.exe
.exe windows:4 windows x86 arch:x86

d0cd56dd3d9f2389ee1ea3b1b8aa4d16

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetModuleHandleA
FreeLibrary
GetCommandLineA
GetLastError
LoadLibraryA
lstrcpyA
GetModuleFileNameA
LocalFree
FormatMessageA
GetStartupInfoA
GetProcAddress

user32

DispatchMessageA
GetMessageA
MessageBoxA
TranslateMessage

Sections

.text
Size: 1024B - Virtual size: 551B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Plugins/Wlx/Imagine/Imagine.wcx
.dll windows:4 windows x86 arch:x86

65aa199237eadf52601eabd2e61be575

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
lstrcpyA
GetModuleFileNameA
FreeLibrary
FileTimeToDosDateTime
FileTimeToLocalFileTime
LocalAlloc
lstrcatA
LocalFree
lstrlenA

user32

GetForegroundWindow
wsprintfA

Exports

Exports

CanYouHandleThisFile
CloseArchive
GetPackerCaps
OpenArchive
PackFiles
PackSetDefaultParams
ProcessFile
ReadHeader
ReadHeaderEx
SetChangeVolProc
SetProcessDataProc

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 837B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/Wlx/Imagine/Imagine.wlx
.dll windows:4 windows x86 arch:x86

21c06424e680d8cc8ef33c1a336bf67e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
lstrcpyA
GetModuleFileNameA
FreeLibrary
GetProcAddress

Exports

Exports

ListGetDetectString
ListGetPreviewBitmap
ListLoad
ListLoadNext
ListPrint
ListSendCommand
ListSetDefaultParams

Sections

.text
Size: 1024B - Virtual size: 919B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/Wlx/Imagine/Language/SimplifiedChinese.lng
Plugins/Wlx/Imagine/ReadMe.txt
Plugins/Wlx/Imagine/WhatsNew.txt
Plugins/Wlx/ieview/Ieview.ini
Plugins/Wlx/ieview/ieview.wlx
.dll windows:4 windows x86 arch:x86

a4313749e4c6d84673ba9871bea8cd4c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

ord6

kernel32

InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
lstrlenA
WritePrivateProfileStringA
GetPrivateProfileIntA
InterlockedDecrement
GetPrivateProfileStringA
DeleteFileA
CreateDirectoryExA
ReadFile
SetFilePointer
CloseHandle
CreateFileA
LocalFree
GetLastError
GetCurrentProcessId
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
SetLastError
TlsFree
IsBadWritePtr
VirtualAlloc
SetEndOfFile
LoadLibraryA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
VirtualQuery
GetSystemInfo
VirtualProtect
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
WriteFile
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
VirtualFree
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCurrentProcess
TerminateProcess
GetModuleHandleA
GetProcAddress
GetCPInfo
GetOEMCP
TlsAlloc
HeapCreate
SetUnhandledExceptionFilter
ExitProcess
GetCommandLineA
TlsSetValue
GetCurrentThreadId
RtlUnwind
RaiseException
TlsGetValue

user32

EnumChildWindows
GetWindowRect
GetPropA
GetKeyState
LoadCursorA
RegisterClassA
CreateWindowExA
SetPropA
GetMenu
GetSubMenu
SetMenuItemInfoA
MoveWindow
RemovePropA
DefWindowProcA
SetWindowsHookExA
CallNextHookEx
GetWindowTextA
ClientToScreen
WindowFromPoint
EnumWindows
GetWindowThreadProcessId
MapVirtualKeyA
DestroyWindow
UnhookWindowsHookEx
SetWindowTextW
GetWindowLongA
SetWindowLongA
InvalidateRect
SetFocus
SendMessageA
GetFocus
GetClassNameA
GetCapture
PostMessageA
MessageBoxA
GetParent
GetClientRect

ole32

CoCreateInstance
CLSIDFromProgID
CLSIDFromString
OleUninitialize
OleInitialize
OleRun

oleaut32

SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SysStringByteLen
SysAllocStringByteLen
VariantClear
SysFreeString
SysAllocString
SysAllocStringLen
GetErrorInfo
SafeArrayCreateVector

Exports

Exports

ListCloseWindow
ListLoad
ListPrint
ListSearchText
ListSendCommand

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/Wlx/ieview/readme_eng.txt
Plugins/Wlx/mmedia/mmedia.ini
Plugins/Wlx/mmedia/mmedia.wlx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ListCloseWindow
ListGetDetectString
ListLoad
ListSendCommand
ListSetDefaultParams

Sections

UPX0
Size: - Virtual size: 108KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 49KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/Wlx/mmedia/readme.txt
Plugins/Wlx/nfoviewer/Readme.txt
Plugins/Wlx/nfoviewer/nfoviewer.wlx
.dll windows:4 windows x86 arch:x86

f696c3da519413dd95dd739b11026890

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
MulDiv
WritePrivateProfileStringA
GlobalAddAtomA
GetModuleFileNameA
GetPrivateProfileIntA
GlobalDeleteAtom
Sleep
GetCurrentThreadId
CreateFileA
ReadFile
WriteFile
GlobalFree
CloseHandle
GlobalAlloc
GlobalLock
GlobalUnlock
GetFileSize
GlobalSize

user32

UpdateWindow
EndPaint
BeginPaint
UnregisterHotKey
GetNextDlgTabItem
SendMessageA
GetClassNameA
GetFocus
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
SetWindowPos
GetWindowRect
GetParent
GetWindowLongA
SetScrollInfo
DefWindowProcA
SetCapture
ReleaseCapture
IsZoomed
GetKeyState
DialogBoxParamA
SetScrollPos
GetScrollRange
DestroyMenu
TrackPopupMenuEx
GetSubMenu
EnableMenuItem
CheckMenuItem
GetDesktopWindow
GetDlgItem
EndDialog
DestroyWindow
LoadIconA
RegisterClassA
CreateWindowExA
SetWindowLongA
RegisterHotKey
GetIconInfo
DrawTextA
InvalidateRect
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetDC
GetScrollPos
GetClientRect
FillRect
ReleaseDC
ShowWindow
LoadCursorA
SetCursor
LoadMenuA

gdi32

CreatePen
DeleteObject
BitBlt
LineTo
MoveToEx
TextOutA
SetBkColor
SetTextColor
CreateSolidBrush
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDIBits
RealizePalette
SelectPalette
GetStockObject
GetObjectA
GetDeviceCaps
CreateDCA
CreateFontIndirectA
StretchDIBits
RectVisible
CreateBitmap
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
SetDIBitsToDevice
CreateDIBSection
CreateDIBitmap
CreateFontA
SetStretchBltMode
SetBrushOrgEx
StretchBlt
SetBkMode
DeleteDC

comdlg32

ChooseColorA
GetSaveFileNameA

shell32

ShellExecuteA

msvcrt

fwrite
_iob
fprintf
abort
_stricmp
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_except_handler3
__CxxLongjmpUnwind
_setjmp3
longjmp
calloc
_mbsnbcpy
ceil
_CxxThrowException
_ftol
floor
realloc
??2@YAPAXI@Z
strncpy
sprintf
_strlwr
__CxxFrameHandler
strrchr
strstr
malloc
free
getc
fputc
fflush
ftell
fseek
fread
fopen
fclose
??3@YAXPAX@Z
_purecall

Exports

Exports

??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@XZ
??0CxIOFile@@QAE@ABV0@@Z
??0CxIOFile@@QAE@PAU_iobuf@@@Z
??0CxImage@@QAE@ABV0@_N11@Z
??0CxImage@@QAE@K@Z
??0CxImage@@QAE@KKKK@Z
??0CxMemFile@@QAE@ABV0@@Z
??0CxMemFile@@QAE@PAEK@Z
??1CxFile@@UAE@XZ
??1CxIOFile@@UAE@XZ
??1CxImage@@UAE@XZ
??1CxMemFile@@UAE@XZ
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxIOFile@@QAEAAV0@ABV0@@Z
??4CxImage@@QAEAAV0@ABV0@@Z
??4CxMemFile@@QAEAAV0@ABV0@@Z
??4tagCxTextInfo@@QAEAAU0@ABU0@@Z
??_7CxFile@@6B@
??_7CxIOFile@@6B@
??_7CxImage@@6B@
??_7CxMemFile@@6B@
??_FCxIOFile@@QAEXXZ
??_FCxImage@@QAEXXZ
??_FCxMemFile@@QAEXXZ
??_OCxImage@@QAEXABV0@@Z
?Alloc@CxMemFile@@IAEXK@Z
?Bitfield2RGB@CxImage@@IAEXPAEGGGE@Z
?BlendPalette@CxImage@@QAEXKJ@Z
?Clear@CxImage@@QAEXE@Z
?Close@CxIOFile@@UAE_NXZ
?Close@CxMemFile@@UAE_NXZ
?CompareColors@CxImage@@KAHPBX0@Z
?Copy@CxImage@@QAEXABV1@_N11@Z
?CopyInfo@CxImage@@IAEXABV1@@Z
?CopyToHandle@CxImage@@QAEPAXXZ
?Create@CxImage@@QAEPAXKKKK@Z
?CreateFromArray@CxImage@@QAE_NPAEKKKK_N@Z
?CreateFromHANDLE@CxImage@@QAE_NPAX@Z
?CreateFromHBITMAP@CxImage@@QAE_NPAUHBITMAP__@@PAUHPALETTE__@@@Z
?CreateFromHICON@CxImage@@QAE_NPAUHICON__@@@Z
?CreateFromMatrix@CxImage@@QAE_NPAPAEKKKK_N@Z
?Destroy@CxImage@@QAE_NXZ
?Draw2@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@@Z
?Draw2@CxImage@@QAEJPAUHDC__@@JJJJ@Z
?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@@Z
?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@@Z
?DrawLine@CxImage@@QAEXHHHHK@Z
?DrawLine@CxImage@@QAEXHHHHUtagRGBQUAD@@_N@Z
?DrawString@CxImage@@QAEJPAUHDC__@@JJPBDUtagRGBQUAD@@1JJEE_N@Z
?DrawStringEx@CxImage@@QAEJPAUHDC__@@JJPAUtagCxTextInfo@@_N@Z
?Enable@CxImage@@QAEX_N@Z
?Encode@CxImage@@QAE_NAAPAEAAJK@Z
?Encode@CxImage@@QAE_NPAU_iobuf@@K@Z
?Encode@CxImage@@QAE_NPAU_iobuf@@PAPAV1@HK@Z
?Encode@CxImage@@QAE_NPAVCxFile@@K@Z
?Encode@CxImage@@QAE_NPAVCxFile@@PAPAV1@HK@Z
?EncodeSafeCheck@CxImage@@IAE_NPAVCxFile@@@Z
?Eof@CxIOFile@@UAE_NXZ
?Eof@CxMemFile@@UAE_NXZ
?Error@CxIOFile@@UAEJXZ
?Error@CxMemFile@@UAEJXZ
?Flush@CxIOFile@@UAE_NXZ
?Flush@CxMemFile@@UAE_NXZ
?Free@CxMemFile@@IAEXXZ
?GetBits@CxImage@@QAEPAEK@Z
?GetBpp@CxImage@@QBEGXZ
?GetBuffer@CxMemFile@@QAEPAE_N@Z
?GetC@CxIOFile@@UAEJXZ
?GetC@CxMemFile@@UAEJXZ
?GetClrImportant@CxImage@@QBEKXZ
?GetCodecOption@CxImage@@QBEKXZ
?GetColorType@CxImage@@QAEEXZ
?GetDIB@CxImage@@QBEPAXXZ
?GetEffWidth@CxImage@@QBEKXZ
?GetEscape@CxImage@@QBEJXZ
?GetFlags@CxImage@@QBEKXZ
?GetFrame@CxImage@@QBEJXZ
?GetFrameDelay@CxImage@@QBEKXZ
?GetHeight@CxImage@@QBEKXZ
?GetJpegQuality@CxImage@@QBEEXZ
?GetJpegScale@CxImage@@QBEEXZ
?GetLastError@CxImage@@QAEPADXZ
?GetNearestIndex@CxImage@@QAEEUtagRGBQUAD@@@Z
?GetNumColors@CxImage@@QBEKXZ
?GetNumFrames@CxImage@@QBEJXZ
?GetOffset@CxImage@@QAEXPAJ0@Z
?GetPalette@CxImage@@QBEPAUtagRGBQUAD@@XZ
?GetPaletteColor@CxImage@@QAE?AUtagRGBQUAD@@E@Z
?GetPaletteColor@CxImage@@QAE_NEPAE00@Z
?GetPaletteSize@CxImage@@QAEKXZ
?GetPixelColor@CxImage@@QAE?AUtagRGBQUAD@@JJ_N@Z
?GetPixelGray@CxImage@@QAEEJJ@Z
?GetPixelIndex@CxImage@@QAEEJJ@Z
?GetProgress@CxImage@@QBEJXZ
?GetSize@CxImage@@QAEJXZ
?GetTransColor@CxImage@@QAE?AUtagRGBQUAD@@XZ
?GetTransIndex@CxImage@@QBEJXZ
?GetType@CxImage@@QBEKXZ
?GetVersion@CxImage@@QAEPBDXZ
?GetWidth@CxImage@@QBEKXZ
?GetXDPI@CxImage@@QBEJXZ
?GetYDPI@CxImage@@QBEJXZ
?Ghost@CxImage@@IAEXPAV1@@Z
?InitTextInfo@CxImage@@QAEXPAUtagCxTextInfo@@@Z
?IsEnabled@CxImage@@QBE_NXZ
?IsGrayScale@CxImage@@QAE_NXZ
?IsIndexed@CxImage@@QAE_NXZ
?IsInside@CxImage@@QAE_NJJ@Z
?IsTransparent@CxImage@@QAE_NJJ@Z
?IsTransparent@CxImage@@QBE_NXZ
?IsValid@CxImage@@QBE_NXZ
?MakeBitmap@CxImage@@QAEPAUHBITMAP__@@PAUHDC__@@@Z
?Open@CxIOFile@@QAE_NPBD0@Z
?Open@CxMemFile@@QAE_NXZ
?PutC@CxFile@@UAE_NE@Z
?PutC@CxIOFile@@UAE_NE@Z
?PutC@CxMemFile@@UAE_NE@Z
?RGBQUADtoRGB@CxImage@@QAEKUtagRGBQUAD@@@Z
?RGBtoBGR@CxImage@@IAEXPAEH@Z
?RGBtoRGBQUAD@CxImage@@QAE?AUtagRGBQUAD@@K@Z
?Read@CxIOFile@@UAEIPAXII@Z
?Read@CxMemFile@@UAEIPAXII@Z
?Save@CxImage@@QAE_NPBDK@Z
?Seek@CxIOFile@@UAE_NJH@Z
?Seek@CxMemFile@@UAE_NJH@Z
?SetClrImportant@CxImage@@QAEXK@Z
?SetCodecOption@CxImage@@QAEXK@Z
?SetEscape@CxImage@@QAEXJ@Z
?SetFlags@CxImage@@QAEXK_N@Z
?SetFrame@CxImage@@QAEXJ@Z
?SetFrameDelay@CxImage@@QAEXK@Z
?SetGrayPalette@CxImage@@QAEXXZ
?SetJpegQuality@CxImage@@QAEXE@Z
?SetJpegScale@CxImage@@QAEXE@Z
?SetOffset@CxImage@@QAEXJJ@Z
?SetPalette@CxImage@@QAEXKPAE00@Z
?SetPalette@CxImage@@QAEXPAUrgb_color@@K@Z
?SetPalette@CxImage@@QAEXPAUtagRGBQUAD@@K@Z
?SetPaletteColor@CxImage@@QAEXEEEEE@Z
?SetPaletteColor@CxImage@@QAEXEK@Z
?SetPaletteColor@CxImage@@QAEXEUtagRGBQUAD@@@Z
?SetPixelColor@CxImage@@QAEXJJK@Z
?SetPixelColor@CxImage@@QAEXJJUtagRGBQUAD@@_N@Z
?SetPixelIndex@CxImage@@QAEXJJE@Z
?SetProgress@CxImage@@QAEXJ@Z
?SetStdPalette@CxImage@@QAEXXZ
?SetTransColor@CxImage@@QAEXUtagRGBQUAD@@@Z
?SetTransIndex@CxImage@@QAEXJ@Z
?SetXDPI@CxImage@@QAEXJ@Z
?SetYDPI@CxImage@@QAEXJ@Z
?Size@CxIOFile@@UAEJXZ
?Size@CxMemFile@@UAEJXZ
?Startup@CxImage@@IAEXK@Z
?Stretch@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@K@Z
?Stretch@CxImage@@QAEJPAUHDC__@@JJJJK@Z
?SwapIndex@CxImage@@QAEXEE@Z
?Tell@CxIOFile@@UAEJXZ
?Tell@CxMemFile@@UAEJXZ
?Tile@CxImage@@QAEJPAUHDC__@@PAUtagRECT@@@Z
?Transfer@CxImage@@QAE_NAAV1@@Z
?Write@CxIOFile@@UAEIPBXII@Z
?Write@CxMemFile@@UAEIPBXII@Z
ListCloseWindow
ListGetDetectString
ListGetPreviewBitmap
ListLoad
ListSendCommand

Sections

.text
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/Wlx/office/ReadMe.txt
Plugins/Wlx/office/office.ini
Plugins/Wlx/office/office.wlx
.dll windows:4 windows x86 arch:x86

7d37a3493cbf623405620172ed9b9f1a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord720
ord858
ord420
ord1567
ord268
ord2107
ord3300
ord3127
ord3663
ord2841
ord5450
ord5440
ord5651
ord5583
ord3507
ord3176
ord3183
ord3180
ord2601
ord5773
ord6010
ord3318
ord5442
ord6385
ord4177
ord2917
ord6312
ord958
ord2803
ord823
ord4278
ord825
ord5186
ord1979
ord540
ord860
ord354
ord665
ord537
ord800
ord6383
ord3614
ord6394
ord3616
ord350

msvcrt

_makepath
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
sprintf
strchr
_splitpath
_stricmp
strncpy
sscanf
__CxxFrameHandler
??1type_info@@UAE@XZ

kernel32

GetPrivateProfileStringA
GetProcAddress
GetLastError
GetTempFileNameA
FreeLibrary
OpenFile
GlobalFree
lstrlenA
GlobalAlloc
LoadLibraryA
lstrcpyA
GlobalUnlock
GlobalLock
SetErrorMode
GetModuleFileNameA
GetTempPathA

user32

GetMenu
GetWindowLongA
GetClientRect
CreateWindowExA
IsWindow
SendMessageA
SetWindowLongA
CharToOemA
GetSubMenu
SetMenuItemInfoA
GetParent
DestroyWindow
OemToCharA

gdi32

StartDocA
EndDoc
SetMapMode
GetDeviceCaps
DPtoLP
LPtoDP
EndPage
DeleteDC

comdlg32

PrintDlgA

advapi32

RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
RegCloseKey

ole32

OleInitialize
OleUninitialize

Exports

Exports

ListCloseWindow
ListLoad
ListPrint
ListSearchText
ListSendCommand

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/wfx/Read.Me
Plugins/wfx/ReadMe.txt
Plugins/wfx/StartupGuard.ini
Plugins/wfx/StartupGuard.wfx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

FsDeleteFile
FsDisconnect
FsExecuteFile
FsExtractCustomIcon
FsFindClose
FsFindFirst
FsFindNext
FsGetDefRootName
FsInit
FsPutFile
FsStatusInfo

Sections

CODE
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 309B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 18B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Plugins/wfx/wincefs.wfx
.dll windows:4 windows x86 arch:x86

004d8b1546e42498481dc8efed3c7ecd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapCreate
SetLastError
WideCharToMultiByte
MultiByteToWideChar
SetFileTime
WriteFile
CloseHandle
SetFilePointer
GetLastError
CreateFileA
GetExitCodeThread
CreateThread
GetFileTime
ReadFile
GetFileSize
DeleteFileA
ExitProcess
LeaveCriticalSection
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
HeapAlloc
RtlUnwind
HeapFree
GetCommandLineA
GetVersion
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
WaitForSingleObject
VirtualFree
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
InterlockedIncrement
GetProcAddress
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
FreeEnvironmentStringsA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
InterlockedDecrement

user32

MessageBoxA
MessageBeep

rapi

CeSetFileAttributes
CeRemoveDirectory
CeWriteFile
CeSetFileTime
CeCreateFile
CeCloseHandle
CeSetFilePointer
CeReadFile
CeDeleteFile
CeMoveFile
CeCopyFile
CeGetLastError
CeSHGetShortcutTarget
CeGetFileAttributes
CeCreateDirectory
CeFindAllFiles
CeRapiFreeBuffer
CeRapiInitEx
CeRapiUninit

Exports

Exports

FsDeleteFile
FsDisconnect
FsExecuteFile
FsFindClose
FsFindFirst
FsFindNext
FsGetDefRootName
FsGetFile
FsInit
FsMkDir
FsPutFile
FsRemoveDir
FsRenMovFile
FsSetAttr
FsSetTime

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/wlx/Readme.txt
Plugins/wlx/SWFView.wlx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

ListCloseWindow
ListGetDetectString
ListGetPreviewBitmap
ListLoad
ListLoadNext
ListSendCommand

Sections

Size: - Virtual size: 404KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 217KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Readme.txt
SHARE_NT.EXE
Sounds/Connected.wav
Sounds/TransferComplete.wav
TCMADMIN.EXE
.exe windows:4 windows x86 arch:x86

7ebd298e98d74dad1ec6c558681acda7

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

37:a0:b9:1e:84:74:70:cf:eb:b8:c5:a4:fb:26:56:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

26/08/2009, 00:00

Not After

26/08/2010, 23:59

Subject

CN=Ghisler Software GmbH,O=Ghisler Software GmbH,POSTALCODE=3065,STREET=Huehnerbuehlstr. 45,L=Bolligen,ST=BE,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

24:4e:3a:b0:0f:9b:1e:5b:7a:98:d6:45:e6:1f:a2:98:37:e6:f2:60
Signer

Actual PE Digest

24:4e:3a:b0:0f:9b:1e:5b:7a:98:d6:45:e6:1f:a2:98:37:e6:f2:60

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
SetFilePointer
RemoveDirectoryW
SetVolumeLabelW
CreateDirectoryW
DeleteFileW
MoveFileWithProgressW
ConnectNamedPipe
GetCurrentThreadId
CreateFileA
WaitNamedPipeA
GetVersionExA
CreateThread
GetCurrentProcess
CopyFileExW
DisconnectNamedPipe
CreateFileW
DeviceIoControl
CloseHandle
CreateNamedPipeA
LocalFree
GetTickCount
WriteFile
PeekNamedPipe
ReadFile
Sleep
LoadLibraryA
GetProcAddress
GetLastError
SetFileAttributesW
LocalAlloc
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

user32

MessageBoxA

advapi32

SetFileSecurityW
GetSecurityDescriptorControl
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
SetSecurityDescriptorControl
IsValidSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetUserNameA
LookupAccountNameA
GetFileSecurityW

shell32

SHFileOperationW

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TCMDLZMA.DLL
.dll windows:4 windows x86 arch:x86

5be619a7249b480dd0aa78294ba8ed23

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
VirtualFree
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLastError
WaitForSingleObject
CloseHandle
CreateEventA
SetEvent
ResetEvent
CreateSemaphoreA
ReleaseSemaphore
InitializeCriticalSection
HeapAlloc
HeapFree
CreateThread
GetCurrentThreadId
TlsSetValue
ExitThread
RtlUnwind
GetCommandLineA
GetVersion
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapReAlloc
ExitProcess
TlsAlloc
TlsFree
SetLastError
TlsGetValue
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Exports

Exports

LzmaCompress
LzmaDec_Allocate
LzmaDec_Constr
LzmaDec_DecodeToBuf
LzmaDec_Free
LzmaDec_Init
LzmaEncProps_Init
LzmaEnc_Create
LzmaEnc_Destroy
LzmaEnc_Encode
LzmaEnc_SetProps
LzmaEnc_WriteProperties
LzmaUncompress

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TCMDX64.EXE
.exe windows:4 windows x64 arch:x64

8295974c081d0e9e58e33d212700c10a

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

37:a0:b9:1e:84:74:70:cf:eb:b8:c5:a4:fb:26:56:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

26/08/2009, 00:00

Not After

26/08/2010, 23:59

Subject

CN=Ghisler Software GmbH,O=Ghisler Software GmbH,POSTALCODE=3065,STREET=Huehnerbuehlstr. 45,L=Bolligen,ST=BE,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

59:a4:86:ff:02:f4:4c:f5:b8:72:c9:ac:d7:75:6f:23:9d:28:0a:63
Signer

Actual PE Digest

59:a4:86:ff:02:f4:4c:f5:b8:72:c9:ac:d7:75:6f:23:9d:28:0a:63

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

ord17

user32

GetMenuItemID
FillRect
CreatePopupMenu
TranslateMessage
GetDC
CreateWindowExA
RegisterClassExA
SystemParametersInfoA
MessageBoxW
GetSysColor
GetDesktopWindow
PeekMessageA
ReleaseDC
GetMenuItemInfoA
DestroyMenu
GetActiveWindow
GetMenuItemCount
CharUpperW
DestroyWindow
DefWindowProcA
GetMenuItemInfoW
DispatchMessageA
DeleteMenu
wsprintfW
MessageBoxA
PostQuitMessage

kernel32

GetLocaleInfoA
ConnectNamedPipe
GetACP
SetErrorMode
MultiByteToWideChar
GetTickCount
Sleep
LoadLibraryA
DisconnectNamedPipe
WaitNamedPipeA
WriteFile
GetLastError
GetVersionExA
CloseHandle
GetCurrentProcessId
ReadFile
GetProcAddress
GetModuleFileNameW
CreateThread
CreateNamedPipeA
PeekNamedPipe
WideCharToMultiByte
HeapReAlloc
SetFilePointer
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
HeapSize
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetOEMCP
GetCPInfo
GetSystemTimeAsFileTime
QueryPerformanceCounter
FlsAlloc
GetCurrentThreadId
SetLastError
HeapFree
HeapAlloc
GetCommandLineA
GetProcessHeap
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapSetInformation
HeapCreate
GetModuleHandleA
ExitProcess
GetStdHandle
GetModuleFileNameA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
FlsGetValue
FlsSetValue
TlsFree
FlsFree

gdi32

CreateCompatibleDC
GetObjectA
TranslateCharsetInfo
SetTextColor
SetBkMode
DeleteDC
DeleteObject
CreateDIBSection
SelectObject
CreateFontIndirectA
CreateSolidBrush
GetDIBits
SetBkColor
GdiFlush

shell32

SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetMalloc

ole32

CLSIDFromString
OleInitialize
CoCreateInstance
CoInitialize
CoUninitialize
OleUninitialize

advapi32

RegOpenKeyA
RegCloseKey
RegQueryValueW
RegEnumKeyA
RegOpenKeyW
RegQueryValueA

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TCUNZLIB.DLL
.dll windows:4 windows x86 arch:x86

f7dca6848e944b0b8072cfb7eed5ece0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
FindFirstFileA
CreateFileA
FindClose
ReadFile
SetFilePointer
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
HeapFree
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
RtlUnwind
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
WriteFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
InterlockedDecrement
InterlockedIncrement
FlushFileBuffers
SetStdHandle
LCMapStringA
LCMapStringW

Exports

Exports

DllMain
_DoneInflate@4
_InflateChunk@32
_StartInflate@12
_UnzipBzip2@44
_UnzipPpmd@44

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TCscheme.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 724KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 67KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
TOTALCMD.EXE
.exe windows:1 windows x86 arch:x86

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

37:a0:b9:1e:84:74:70:cf:eb:b8:c5:a4:fb:26:56:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

26/08/2009, 00:00

Not After

26/08/2010, 23:59

Subject

CN=Ghisler Software GmbH,O=Ghisler Software GmbH,POSTALCODE=3065,STREET=Huehnerbuehlstr. 45,L=Bolligen,ST=BE,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2c:3b:b2:4b:d4:bd:63:3c:54:27:c3:91:97:e6:93:dc:61:cf:d6:cc
Signer

Actual PE Digest

2c:3b:b2:4b:d4:bd:63:3c:54:27:c3:91:97:e6:93:dc:61:cf:d6:cc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 411KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 6KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 616KB - Virtual size: 616KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TOTALCMD.EXE.MANIFEST
.xml
TOTALCMD_eng.INC
TcUsbRun.exe
.exe windows:4 windows x86 arch:x86

b96f0baa433a2a3423846c6bcecdcfee

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

37:a0:b9:1e:84:74:70:cf:eb:b8:c5:a4:fb:26:56:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

26/08/2009, 00:00

Not After

26/08/2010, 23:59

Subject

CN=Ghisler Software GmbH,O=Ghisler Software GmbH,POSTALCODE=3065,STREET=Huehnerbuehlstr. 45,L=Bolligen,ST=BE,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

be:f9:56:ad:52:52:30:4c:62:17:b9:7a:38:d4:8d:8c:ff:d3:38:a8
Signer

Actual PE Digest

be:f9:56:ad:52:52:30:4c:62:17:b9:7a:38:d4:8d:8c:ff:d3:38:a8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
GetSystemInfo
HeapCreate
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
lstrlenW
LeaveCriticalSection
GetFileAttributesW
GetStringTypeA
RtlUnwind
LCMapStringW
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameW
lstrcmpiA
Sleep
GetLastError
GetVersionExA
GetModuleFileNameA
GetProcAddress
GetCurrentProcess
CreateEventA
CreateThread
WaitForSingleObject
CloseHandle
InterlockedDecrement
SetEvent
HeapFree
HeapAlloc
GetCommandLineA
ExitProcess
GetStartupInfoA
GetModuleHandleA
EnterCriticalSection
GetStringTypeW

user32

PostThreadMessageA
CharNextA
MessageBoxA
GetMessageA
DispatchMessageA

advapi32

RegSetValueExA
RegQueryValueExA
RegCreateKeyA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegOpenKeyA
RegDeleteKeyA
GetTokenInformation
OpenProcessToken
RegCloseKey

shell32

ShellExecuteW
ShellExecuteExW

ole32

CoUninitialize
CoInitialize

oleaut32

SysStringLen
LoadRegTypeLi
SysFreeString

atl

ord30
ord58
ord32
ord16
ord57
ord18
ord17
ord20
ord21
ord23

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Themes/DftCst.BAR
Themes/DftCtn.BAR
Themes/DftXP.BAR
Themes/Dftorg.BAR
Themes/DrvCst.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Themes/DrvCtn.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Themes/DrvXP.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Themes/FileCst.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Themes/FileCtn.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Themes/FileXP.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Themes/TBCst.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Themes/TBCtn.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Themes/TBXP.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tools/F4Menu/F4Menu.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Tools/F4Menu/F4Menu.exe.manifest
.xml
Tools/F4Menu/F4Menu.ini.template
Tools/F4Menu/Language/Chs.lng
Tools/F4Menu/Language/Danish.lng
Tools/F4Menu/Language/Dutch.lng
Tools/F4Menu/Language/English.lng
Tools/F4Menu/Language/French.lng
Tools/F4Menu/Language/German.lng
Tools/F4Menu/Language/Hungarian.lng
Tools/F4Menu/Language/Korean.lng
Tools/F4Menu/Language/Polish.lng
Tools/F4Menu/Language/Romanian.lng
Tools/F4Menu/Language/Russian.lng
Tools/F4Menu/Language/Spanish.lng
Tools/F4Menu/Readme_cn.txt
Tools/F4Menu/Readme_en.txt
Totalcmd_chs.inc
UNACEV2.DLL
.dll windows:1 windows x86 arch:x86

8390514c40641509cd0941c1fb7588ab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

ShellExecuteA
ShellExecuteExA

kernel32

AllocConsole
CloseHandle
CreateDirectoryA
CreateFileA
CreateProcessA
DeleteFileA
DeviceIoControl
DisableThreadLibraryCalls
DosDateTimeToFileTime
ExitProcess
ExitThread
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FindClose
FindFirstFileA
FindNextFileA
FlushFileBuffers
FreeConsole
GetCommandLineA
GetConsoleCursorInfo
GetConsoleScreenBufferInfo
GetCurrentDirectoryA
GetCurrentProcess
GetDiskFreeSpaceA
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentVariableA
GetExitCodeProcess
GetFileAttributesA
GetFileInformationByHandle
GetFileTime
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetShortPathNameA
GetStartupInfoA
GetStdHandle
GetSystemTime
GetTempPathA
GetTimeZoneInformation
GetVersion
GetVolumeInformationA
GlobalMemoryStatus
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
LCMapStringA
LoadLibraryA
LocalFileTimeToFileTime
MoveFileA
PeekConsoleInputA
ReadConsoleInputA
ReadConsoleOutputAttribute
ReadConsoleOutputA
ReadFile
RemoveDirectoryA
ScrollConsoleScreenBufferA
SearchPathA
SetConsoleCtrlHandler
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleScreenBufferSize
SetConsoleWindowInfo
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetFileAttributesA
SetFilePointer
SetFileTime
SetHandleCount
SetStdHandle
Sleep
SystemTimeToFileTime
TerminateProcess
VirtualAlloc
VirtualFree
WaitForSingleObject
WriteConsoleOutputA
WriteConsoleOutputCharacterA
WriteFile

advapi32

RegCloseKey
RegCreateKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

gdi32

CreateFontA
DeleteObject

user32

CharToOemBuffA
CreateDialogParamA
DestroyWindow
DialogBoxParamA
DispatchMessageA
EnableWindow
EndDialog
GetDlgItem
GetDlgItemTextA
GetKeyState
GetWindowTextA
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
MessageBeep
MessageBoxA
OemToCharBuffA
PeekMessageA
SendDlgItemMessageA
SetCursor
SetDlgItemTextA
SetFocus
SetTimer
SetWindowTextA
ShowCursor
ShowWindow
TranslateMessage

Exports

Exports

ACEExtract
ACEInitDll
ACEList
ACEReadArchiveData
ACETest
___DllMainCRTStartup@12

Sections

AUTO
Size: 59KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DGROUP
Size: 4KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 210KB - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
UNRAR.DLL
.dll windows:5 windows x86 arch:x86

41aab8a60ae80b8c8098eacc3e085c4b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetEndOfFile
GetFileType
CreateFileA
CreateFileW
ReadFile
GetStdHandle
WriteFile
GetProcAddress
GetModuleHandleA
GetFileAttributesA
GetFileAttributesW
SetFileAttributesA
SetFileAttributesW
GetFullPathNameA
DeleteFileA
DeleteFileW
DeviceIoControl
CreateDirectoryA
CreateDirectoryW
FindClose
FindNextFileA
FindFirstFileA
SetFilePointer
FindFirstFileW
GetVersionExA
GetModuleFileNameA
CompareStringA
LocalFileTimeToFileTime
SystemTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemTime
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
IsDBCSLeadByte
GetCPInfo
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
MoveFileA
SetFileTime
GetCurrentProcess
GetLastError
CloseHandle
Sleep
FindNextFileW
GetLocaleInfoA
RtlUnwind
HeapAlloc
HeapFree
HeapReAlloc
RaiseException
GetModuleHandleW
ExitProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapCreate
HeapDestroy
GetACP
GetOEMCP
IsValidCodePage
HeapSize
LoadLibraryA
GetVersion
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetStringTypeA
GetStringTypeW
WriteConsoleW

user32

CharUpperW
CharLowerW
CharLowerA
CharToOemA
CharUpperA
OemToCharA
CharToOemBuffA
OemToCharBuffA

advapi32

SetFileSecurityW
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

Exports

Exports

RARCloseArchive
RARGetDllVersion
RAROpenArchive
RAROpenArchiveEx
RARProcessFile
RARProcessFileW
RARReadHeader
RARReadHeaderEx
RARSetCallback
RARSetChangeVolProc
RARSetPassword
RARSetProcessDataProc

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UserApps_chs.bar
UserApps_eng.bar
Usercmd_chs.ini
Usercmd_eng.ini
WC32TO16.EXE
WCMICONS.DLL
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 623KB - Virtual size: 623KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WCMICONS.INC
WCMZIP32.DLL
.dll windows:4 windows x86 arch:x86

f8b8f7b7ac5f9d18bec26bf18529430f

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7d:6d:8a:1e:e5:d0:8c:18:f0:72:f8:63:31:39:fb:7a
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

09/03/2007, 00:00

Not After

07/04/2009, 23:59

Subject

CN=C. Ghisler & Co.,OU=DEVELOPMENT,O=C. Ghisler & Co.,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

49:7e:93:33:ed:f9:48:ba:ef:15:60:85:b8:91:84:49:84:04:ec:4b
Signer

Actual PE Digest

49:7e:93:33:ed:f9:48:ba:ef:15:60:85:b8:91:84:49:84:04:ec:4b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

QueryPerformanceCounter
CreateMutexA
ReleaseMutex
WaitForSingleObject
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
EnterCriticalSection
LeaveCriticalSection
GetLastError
CloseHandle
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
RtlUnwind
FlushFileBuffers
WriteFile
ReadFile
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
CreateFileA
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
InterlockedDecrement
InterlockedIncrement
SetEndOfFile
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

IsDialogMessageA
TranslateMessage
DispatchMessageA
SendMessageA
PeekMessageA

Exports

Exports

_DecryptAESMemoryCBC@16
_DecryptZipAES@12
_DeflateChunk@32
_DoneDeflate@4
_EncryptAESMemoryCBC@20
_EncryptZipAES@12
_EndZipAES@8
_GetKeys@12
_GetRandomData@8
_InitZipAES@24
_SetPassCryptAES@12
_StartDeflate@12
_UpdateOnlyCrc@12
_file_compress@24

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sfxhead.sfx
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 5KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tcmatch.dll
.dll windows:5 windows x86 arch:x86

5c654e2f0ed29741543db08339544c59

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
ReadFile
GetFileSize
CreateFileA
GetModuleFileNameA
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetSystemDefaultLangID
GetFileAttributesW
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
GetModuleFileNameW
GetEnvironmentVariableW
GetShortPathNameW
FreeLibrary
GetProcAddress
LoadLibraryW
FileTimeToSystemTime
FileTimeToLocalFileTime
CompareStringW
CompareStringA
GetDriveTypeA
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
RaiseException
HeapReAlloc
HeapAlloc
RtlUnwind
FindClose
GetDriveTypeW
FindFirstFileW
GetCurrentThreadId
GetCommandLineA
LCMapStringA
LCMapStringW
GetCPInfo
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
GetACP
GetOEMCP
IsValidCodePage
WriteFile
GetStdHandle
ExitProcess
GetFullPathNameW
GetFileInformationByHandle
PeekNamedPipe
GetFileType
CreateFileW
GetCurrentDirectoryA
HeapSize
GetModuleHandleA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetStartupInfoA
SetFilePointer
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetLocaleInfoW
SetStdHandle
SetEndOfFile
GetProcessHeap
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA

user32

CharLowerW

shell32

ShellExecuteW

Exports

Exports

MatchFileW
MatchGetSetOptions

Sections

.text
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tcmatch.ini
tcmatch.tbl
uninst.exe
.exe windows:4 windows x86 arch:x86

9632e80596371cfa7f563f680f3c4498

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

kernel32

SetErrorMode
GetExitCodeProcess
WaitForSingleObject
ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcmpiA
FindNextFileA
DeleteFileA
FindFirstFileA
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetModuleHandleA
ExitProcess
lstrcpynA
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GetVersion
GlobalUnlock
GlobalLock
GlobalAlloc
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
EnterCriticalSection
Sleep
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
GlobalFree
LoadLibraryA
GetProcAddress
CreateThread
FreeLibrary
MultiByteToWideChar
GetCurrentProcess
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
MulDiv
CopyFileA

user32

CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
ExitWindowsEx
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
PostQuitMessage

gdi32

GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateBrushIndirect
CreateFontA
SetBkMode
SetTextColor
SetBkColor
SelectObject

advapi32

RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyA
RegCloseKey

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

ee01c5cc33cdb3294484fc93e41c14ad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
GlobalAlloc
GetModuleHandleA
lstrcpynA
lstrcmpA
MulDiv
lstrcpyA
GlobalFree

user32

LoadIconA
SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
DialogBoxParamA
GetDC
ShowWindow
EndDialog
SendMessageA

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 681B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 242B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9632e80596371cfa7f563f680f3c4498

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 10KB - Virtual size: 12KB

3764e6c387ce3c76b39936a24d523dce

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 924B

ee01c5cc33cdb3294484fc93e41c14ad

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 681B

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 242B

445ca064c668ebcb89957d525a8bef23

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 864B

.data Size: - Virtual size: 56B

.reloc Size: 512B - Virtual size: 478B

24443a39fe269254c2d4374dee7b22b6

Headers

File Characteristics

Imports

user32

kernel32

Exports

Exports

Sections

BEGTEXT Size: 35KB - Virtual size:

DGROUP Size: 2KB - Virtual size:

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 10KB - Virtual size: 12KB

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 924B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 681B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 242B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 864B

.data
Size: - Virtual size: 56B

.reloc
Size: 512B - Virtual size: 478B

BEGTEXT
Size: 35KB - Virtual size:

DGROUP
Size: 2KB - Virtual size:

.bss
Size: 11KB - Virtual size:

.idata
Size: 1024B - Virtual size:

.edata
Size: 512B - Virtual size:

.reloc
Size: 2KB - Virtual size:

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

56:cb:fd:b3:b2:25:d4:fd:03:c7:6c:8e:b7:8f:36:85
Certificate

e3:2f:35:53:db:7c:25:92:d3:3b:98:0b:89:b2:4a:22:26:5b:84:35
Signer

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 1024B - Virtual size: 796B

.data
Size: 512B - Virtual size: 408B

.pdata
Size: 512B - Virtual size: 276B

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

56:cb:fd:b3:b2:25:d4:fd:03:c7:6c:8e:b7:8f:36:85
Certificate

55:f0:36:0a:b0:38:7d:85:9d:2e:a1:7c:e6:f5:37:3b:f8:ec:48:d3
Signer

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 192B - Virtual size: 184B

.data
Size: 32B - Virtual size: 20B

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 288B - Virtual size: 262B

CODE
Size: 3KB - Virtual size: 3KB

DATA
Size: 512B - Virtual size: 128B

BSS
Size: - Virtual size: 1KB