A120FE_9902_PE[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

A120FE_9902_PE.zip
Size

2.9MB
MD5

4bc67ccc7a6bb1f98700ef4bbc56cce3
SHA1

186a9970e6e36ba01f70710adad641bfbcb17baf
SHA256

f8ad9faf080b74e76e3bc44d258bc39b4074bdd1fcd7d020e35bce922bc35a19
SHA512

1296033ffe31a77ded12a527727b759293a6e3d4e606bdb8cf99d10d1043ea58b214ff5fcbf7f6de132240198c0aeee21ae1e06b92000c065941b055acf533ec
SSDEEP

49152:87urDBoTiskHrxlxvbMeE2yj/NkHlOqGdVZvsoyUycmPIPOtUYVUZh07qnO/5wCw:8irDBoesk7FVE2yj/uO3FsoytlQ2ojSU

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 4 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/Alcohol 120% FE (2.0.3.9902) (Portable Edition)/DevSupp.dll	acprotect
static1/unpack001/Alcohol 120% FE (2.0.3.9902) (Portable Edition)/Plugins/AxtraWd.dll	acprotect
static1/unpack001/Alcohol 120% FE (2.0.3.9902) (Portable Edition)/Plugins/DPM.dll	acprotect
static1/unpack001/Alcohol 120% FE (2.0.3.9902) (Portable Edition)/Plugins/DPMChart.dll	acprotect

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Alcohol 120% FE (2.0.3.9902) (Portable Edition)/Plugins/AxtraWd.dll	upx
static1/unpack001/Alcohol 120% FE (2.0.3.9902) (Portable Edition)/Plugins/DPM.dll	upx
static1/unpack001/Alcohol 120% FE (2.0.3.9902) (Portable Edition)/Plugins/DPMChart.dll	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Alcohol 120% FE (2.0.3.9902) (Portable Edition)/Plugins/DPM.dll
unpack003/out.upx
unpack001/Alcohol 120% FE (2.0.3.9902) (Portable Edition)/pfctoc.dll
unpack001/Alcohol 120% FE (2.0.3.9902) (Portable Edition)/pidalc.dll

Files

A120FE_9902_PE.zip
.zip
Alcohol 120% FE (2.0.3.9902) (Portable Edition)/Alcohol.exe
.exe windows:4 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:85:0c:72:1a:bf:6c:93:70:d1:bc:92:32:86:8c:28
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14/03/2017, 00:00

Not After

14/03/2018, 23:59

Subject

CN=Alcohol Soft,O=Alcohol Soft,L=Belfast,ST=Belfast,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:30:05:9d:83:02:f4:b7:d9:30:7a:67:6c:76:4b:e4:54:c7:98:61
Signer

Actual PE Digest

14:30:05:9d:83:02:f4:b7:d9:30:7a:67:6c:76:4b:e4:54:c7:98:61

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

SSE3
Size: - Virtual size: 5.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SSE2
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CODEINIT
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODESIGN
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Alcohol 120% FE (2.0.3.9902) (Portable Edition)/AxType.ini
Alcohol 120% FE (2.0.3.9902) (Portable Edition)/DevSupp.dll
.dll windows:4 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

60:8b:7c:5b:34:be:c5:ad:b2:4c:2d:3c:32:f6:2a:d5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

26/01/2016, 00:00

Not After

24/02/2017, 23:59

Subject

CN=Alcohol Soft,O=Alcohol Soft,L=Belfast,ST=Antrim,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:0d:ec:6c:11:41:57:9b:81:23:27:52:10:01:94:c1:b4:bf:b9:97
Signer

Actual PE Digest

4f:0d:ec:6c:11:41:57:9b:81:23:27:52:10:01:94:c1:b4:bf:b9:97

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

SSE3
Size: - Virtual size: 224KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SSE2
Size: 48KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Alcohol 120% FE (2.0.3.9902) (Portable Edition)/EnableLogging.reg
Alcohol 120% FE (2.0.3.9902) (Portable Edition)/Plugins/AxtraWd.dll
.dll windows:4 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

71:0b:89:28:5c:95:8b:2b:59:8f:a4:85:2b:c5:df:ff
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11/03/2015, 00:00

Not After

30/01/2016, 23:59

Subject

CN=Alcohol Soft,O=Alcohol Soft,L=Belfast,ST=Antrim,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b2:f3:c9:8f:61:e9:63:20:9e:cd:34:68:1e:b9:d3:52:e0:bf:a2:4e
Signer

Actual PE Digest

b2:f3:c9:8f:61:e9:63:20:9e:cd:34:68:1e:b9:d3:52:e0:bf:a2:4e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

@$xp$13IExtractImage
@$xp$14IExtractImage2
@$xp$17Uptunicode@TEditW
@$xp$19Uptunicode@TButtonW
@$xp$20Uptshellutils@TCSIDL
@$xp$21Uptunicode@TCheckboxW
@$xp$22Uptunicode@TPTStringsW
@$xp$23MX_TProgressBarVistaFix
@$xp$23Uptshellutils@TLinkData
@$xp$23Upttreelist@TPTListView
@$xp$23Upttreelist@TPTTreeView
@$xp$23Uptunicode@TStaticTextW
@$xp$24Uptunicode@TAccessCanvas
@$xp$24Uptunicode@TPTHintWindow
@$xp$24Uptunicode@TSpeedButtonW
@$xp$25Uptimagecombo@TPTCombobox
@$xp$25Uptshellutils@TPTPidlList
@$xp$25Uptshellutils@TPTShortcut
@$xp$25Uptunicode@TPTStringListW
@$xp$27Uptimagecombo@TPTImageCombo
@$xp$28Uptshellutils@TPTIdListArray
@$xp$28Uptunicode@TPTStringListRecW
@$xp$29Uptshellcontrols@TPTShellList
@$xp$29Uptshellcontrols@TPTShellTree
@$xp$29Uptshellutils@TLinkDataOption
@$xp$29Uptshellutils@_TPTShortcut@_1
@$xp$29Upttreelist@TPTCustomListView
@$xp$29Upttreelist@TPTCustomTreeView
@$xp$29Uptunicode@_TPTStringListW@_1
@$xp$30Uptshellcontrols@TPTShListData
@$xp$30Uptshellcontrols@TPTShTreeData
@$xp$30Uptshellcontrols@TPTShellCombo
@$xp$30Uptshellutils@TLinkDataOptions
@$xp$30Uptshellutils@TPTShellIconSize
@$xp$30Upttreelist@TPTLvSortDirection
@$xp$30Uptunicode@TPTWideCanvasHelper
@$xp$31Uptfilematch@TPTFileMatchOption
@$xp$31Uptimagecombo@TPTCustomCombobox
@$xp$31Uptimagecombo@TPTImageComboItem
@$xp$31Uptshellcontrols@TPTShComboData
@$xp$32Uptfilematch@TPTFileMatchOptions
@$xp$32Uptshellcontrols@TPTOleDragEvent
@$xp$32Uptshellcontrols@TPTOleDropEvent
@$xp$32Uptshellcontrols@TPTShellLocator
@$xp$32Uptthumbnails@TPTShellThumbnails
@$xp$33Uptimagecombo@TPTCustomImageCombo
@$xp$33Uptshellutils@IPTDropTargetHelper
@$xp$33Uptshellutils@TPTDropTargetHelper
@$xp$34Uptshellcontrols@TPTLVEditedWEvent
@$xp$34Uptshellcontrols@TPTShAddItemEvent
@$xp$34Uptshellcontrols@TPTShellViewStyle
@$xp$34Uptshellcontrols@TPTTVEditedWEvent
@$xp$34Uptshellutils@TPTDeviceChangeEvent
@$xp$34Uptshellutils@TPTFriendlyNameFlags
@$xp$35Uptshellcontrols@TPTCustomShellList
@$xp$35Uptshellcontrols@TPTCustomShellTree
@$xp$35Uptshellcontrols@TPTShellListOption
@$xp$35Uptshellcontrols@TPTShellTreeOption
@$xp$36Uptshellcontrols@TPTCustomShellCombo
@$xp$36Uptshellcontrols@TPTShPopupHintEvent
@$xp$36Uptshellcontrols@TPTShellComboOption
@$xp$36Uptshellcontrols@TPTShellListOptions
@$xp$36Uptshellcontrols@TPTShellTreeOptions
@$xp$36Uptshellutils@TPTDeviceChangeHandler
@$xp$37Uptimagecombo@TPTDeleteComboItemEvent
@$xp$37Uptshellcontrols@TPTOleDragStartEvent
@$xp$37Uptshellcontrols@TPTShellComboOptions
@$xp$38Uptshellcontrols@TPTShellLocator_Which
@$xp$38Upttreelist@TPTLvHeaderSortDisplayMode
@$xp$39Uptshellcontrols@TPTCustomShellList_LCS
@$xp$39Uptshellcontrols@TPTShDblClickOpenEvent
@$xp$39Upttreelist@TPTLvOnItemContextMenuEvent
@$xp$39Upttreelist@TPTTvOnNodeContextMenuEvent
@$xp$40Uptshellcontrols@TPTOleDragCompleteEvent
@$xp$41Uptshellcontrols@TPTShListDeleteItemEvent
@$xp$41Uptshellcontrols@TPTShTreeDeleteItemEvent
@$xp$41Uptshellcontrols@TPTShTreeInsertItemEvent
@$xp$42Uptimagecombo@TPTDeleteImageComboItemEvent
@$xp$42Uptshellcontrols@TPTShComboDeleteItemEvent
@$xp$43Uptimagecombo@TPTImageComboGetItemDataEvent
@$xp$49Uptshellcontrols@TPTShLvBeforeShellMenuPopupEvent
@$xp$49Uptshellcontrols@TPTShTvBeforeShellMenuPopupEvent
@$xp$52Uptshellcontrols@TPTShLvAfterShellMenuSelectionEvent
@$xp$52Uptshellcontrols@TPTShTvAfterShellMenuSelectionEvent
@@Tdatetimesettingdialog@Finalize
@@Tdatetimesettingdialog@Initialize
@@Tfilemasteringwizard@Finalize
@@Tfilemasteringwizard@Initialize
@MX_TProgressBarVistaFix@
@MX_TProgressBarVistaFix@$bctr$qqrp18Classes@TComponent
@MX_TProgressBarVistaFix@Dispatch$qqrpv
@MX_TProgressBarVistaFix@WMEraseBkgnd$qqrr22Messages@TWMEraseBkgnd
@Uptfilematch@Finalization$qqrv
@Uptfilematch@PtMatchesWildcard$qqrx17System@WideStringt159System@%Set$t31Uptfilematch@TPTFileMatchOption$iuc$0$iuc$1%
@Uptfilematch@PtMatchesWildcardList$qqrx17System@WideStringt159System@%Set$t31Uptfilematch@TPTFileMatchOption$iuc$0$iuc$1%
@Uptfilematch@initialization$qqrv
@Uptimagecombo@Finalization$qqrv
@Uptimagecombo@TPTCombobox@
@Uptimagecombo@TPTCustomCombobox@
@Uptimagecombo@TPTCustomCombobox@CNCommand$qqrr19Messages@TWMCommand
@Uptimagecombo@TPTCustomCombobox@DeleteItem$qqrpv
@Uptimagecombo@TPTCustomCombobox@SelEndCancel$qqrv
@Uptimagecombo@TPTCustomCombobox@SelEndOk$qqrv
@Uptimagecombo@TPTCustomCombobox@SetItemHeight2$qqri
@Uptimagecombo@TPTCustomCombobox@WMDeleteItem$qqrr22Messages@TWMDeleteItem
@Uptimagecombo@TPTCustomImageCombo@
@Uptimagecombo@TPTCustomImageCombo@$bctr$qqrp18Classes@TComponent
@Uptimagecombo@TPTCustomImageCombo@$bdtr$qqrv
@Uptimagecombo@TPTCustomImageCombo@AddItem$qqrx17System@WideStringii
@Uptimagecombo@TPTCustomImageCombo@AutoSize$qqrp7HFONT__
@Uptimagecombo@TPTCustomImageCombo@CNDrawItem$qqrr20Messages@TWMDrawItem
@Uptimagecombo@TPTCustomImageCombo@CreateParams$qqrr22Controls@TCreateParams
@Uptimagecombo@TPTCustomImageCombo@CreateWnd$qqrv
@Uptimagecombo@TPTCustomImageCombo@DeleteItem$qqrpv
@Uptimagecombo@TPTCustomImageCombo@DestroyWnd$qqrv
@Uptimagecombo@TPTCustomImageCombo@DoAutoSize$qqrp7HFONT__
@Uptimagecombo@TPTCustomImageCombo@DrawItem$qqrirx11Types@TRect47System@%Set$t18Windows@Windows__1$iuc$0$iuc$12%
@Uptimagecombo@TPTCustomImageCombo@GetImageComboItem$qqri
@Uptimagecombo@TPTCustomImageCombo@GetItemData$qqrp31Uptimagecombo@TPTImageComboItem
@Uptimagecombo@TPTCustomImageCombo@Notification$qqrp18Classes@TComponent18Classes@TOperation
@Uptimagecombo@TPTCustomImageCombo@SetImageList$qqrpx19Controls@TImageList
@Uptimagecombo@TPTCustomImageCombo@SetIndentPixels$qqri
@Uptimagecombo@TPTCustomImageCombo@WMEraseBkgnd$qqrr22Messages@TWMEraseBkgnd
@Uptimagecombo@TPTCustomImageCombo@WMSetFont$qqrr19Messages@TWMSetFont
@Uptimagecombo@TPTImageCombo@
@Uptimagecombo@TPTImageComboItem@
@Uptimagecombo@TPTImageComboItem@$bctr$qqrp33Uptimagecombo@TPTCustomImageCombo
@Uptimagecombo@TPTImageComboItem@$bdtr$qqrv
@Uptimagecombo@TPTImageComboItem@SetCaption$qqrx17System@WideString
@Uptimagecombo@TPTImageComboItem@SetImageIndex$qqri
@Uptimagecombo@TPTImageComboItem@SetIndent$qqri
@Uptimagecombo@TPTImageComboItem@SetOverlayIndex$qqri
@Uptimagecombo@initialization$qqrv
@Uptshconsts@Finalization$qqrv
@Uptshconsts@PTLoadStr$qqrpv
@Uptshconsts@PTLoadStr$qqrx20System@UnicodeString
@Uptshconsts@_SArrangeIconsMenu
@Uptshconsts@_SAttributesChars
@Uptshconsts@_SBackHint
@Uptshconsts@_SBrowseForFolder
@Uptshconsts@_SBytes
@Uptshconsts@_SCancelButton
@Uptshconsts@_SCannotCreateFolder
@Uptshconsts@_SCannotReadDrive
@Uptshconsts@_SClose
@Uptshconsts@_SColumnAttributes
@Uptshconsts@_SColumnComment
@Uptshconsts@_SColumnDateDeleted
@Uptshconsts@_SColumnInFolder
@Uptshconsts@_SColumnLocation
@Uptshconsts@_SColumnModified
@Uptshconsts@_SColumnName
@Uptshconsts@_SColumnOriginalLocation
@Uptshconsts@_SColumnSize
@Uptshconsts@_SColumnStatus
@Uptshconsts@_SColumnSynchCopyIn
@Uptshconsts@_SColumnType
@Uptshconsts@_SCopyContext
@Uptshconsts@_SCopyHint
@Uptshconsts@_SCreateFolder
@Uptshconsts@_SCreateFolderContext
@Uptshconsts@_SCreateNewFolderHint
@Uptshconsts@_SCutContext
@Uptshconsts@_SCutHint
@Uptshconsts@_SDeleteContext
@Uptshconsts@_SDeleteHint
@Uptshconsts@_SDeleteMenu
@Uptshconsts@_SDiskIsWriteProtected
@Uptshconsts@_SDoYouReallyWantToExit
@Uptshconsts@_SDoesNotExistCreate
@Uptshconsts@_SDriveDoesNotExist
@Uptshconsts@_SEditCopyMenu
@Uptshconsts@_SEditCutMenu
@Uptshconsts@_SEditPasteMenu
@Uptshconsts@_SExistsAndIsReadOnly
@Uptshconsts@_SFileAlreadyInUse
@Uptshconsts@_SFileCannotBeAccessed
@Uptshconsts@_SFileExistsReplace
@Uptshconsts@_SFileName
@Uptshconsts@_SFileNotFound
@Uptshconsts@_SFilenameIsInvalid
@Uptshconsts@_SFilenameIsReservedDeviceName
@Uptshconsts@_SFilesOfType
@Uptshconsts@_SFilesizeKB
@Uptshconsts@_SFilesizeX_YBytes
@Uptshconsts@_SFolderDoesNotExist
@Uptshconsts@_SHelpButton
@Uptshconsts@_SInsufficientDiskSpace
@Uptshconsts@_SInvertSelectionMenu
@Uptshconsts@_SLineUpIconsMenu
@Uptshconsts@_SLookIn
@Uptshconsts@_SMapNetworkDriveHint
@Uptshconsts@_SNewContext
@Uptshconsts@_SNewDocFilePrefix
@Uptshconsts@_SNewFolder
@Uptshconsts@_SNewFolderContext
@Uptshconsts@_SNewFolderMenu
@Uptshconsts@_SNewFolderShortname
@Uptshconsts@_SNewMenu
@Uptshconsts@_SNewPopupContext
@Uptshconsts@_SNewShortcut
@Uptshconsts@_SNewShortcutContext
@Uptshconsts@_SNewShortcutMenu
@Uptshconsts@_SOKButton
@Uptshconsts@_SOpenAsReadOnly
@Uptshconsts@_SOpenButton
@Uptshconsts@_SOpenCaption
@Uptshconsts@_SPasteContext
@Uptshconsts@_SPasteHint
@Uptshconsts@_SPasteShortcutMenu
@Uptshconsts@_SPathDoesNotExist
@Uptshconsts@_SPropertiesContext
@Uptshconsts@_SPropertiesHint
@Uptshconsts@_SPropertiesMenu
@Uptshconsts@_SRefreshMenu
@Uptshconsts@_SRemovableDiskHasChanged
@Uptshconsts@_SRenameContext
@Uptshconsts@_SRenameMenu
@Uptshconsts@_SRightDragCopyContext
@Uptshconsts@_SRightDragMoveContext
@Uptshconsts@_SSaveAsCaption
@Uptshconsts@_SSaveAsType
@Uptshconsts@_SSaveButton
@Uptshconsts@_SSaveFileAsType
@Uptshconsts@_SSaveIn
@Uptshconsts@_SSelectAllContext
@Uptshconsts@_SSelectAllHint
@Uptshconsts@_SSelectAllMenu
@Uptshconsts@_SSendToContext
@Uptshconsts@_SSendToMenu
@Uptshconsts@_SSystemFolder
@Uptshconsts@_SThereCanBeOnlyOne
@Uptshconsts@_SToggleAllContext
@Uptshconsts@_SUnableToCreateFile
@Uptshconsts@_SUnableToCreateFolder
@Uptshconsts@_SUndoContext
@Uptshconsts@_SUndoHint
@Uptshconsts@_SUndoMenu
@Uptshconsts@_SUnmapNetworkDriveHint
@Uptshconsts@_SUpOneLevelHint
@Uptshconsts@_SViewContext
@Uptshconsts@_SViewDetailsContext
@Uptshconsts@_SViewDetailsHint
@Uptshconsts@_SViewDetailsMenu
@Uptshconsts@_SViewLargeIconsContext
@Uptshconsts@_SViewLargeIconsHint
@Uptshconsts@_SViewLargeIconsMenu
@Uptshconsts@_SViewListContext
@Uptshconsts@_SViewListHint
@Uptshconsts@_SViewListMenu
@Uptshconsts@_SViewMenu
@Uptshconsts@_SViewSmallIconsContext
@Uptshconsts@_SViewSmallIconsHint
@Uptshconsts@_SViewSmallIconsMenu
@Uptshconsts@_SViewThumbnailsContext
@Uptshconsts@_SViewThumbnailsMenu
@Uptshconsts@_SViewsHint
@Uptshconsts@_SYouMustTypeFilename
@Uptshconsts@initialization$qqrv
@Uptshell95@BHID_LinkTargetItem
@Uptshell95@BHID_SFObject
@Uptshell95@BHID_SFUIObject
@Uptshell95@BHID_SFViewObject
@Uptshell95@BHID_Storage
@Uptshell95@BHID_StorageEnum
@Uptshell95@BHID_Stream
@Uptshell95@Finalization$qqrv
@Uptshell95@IID_IExtactImage
@Uptshell95@IID_IExtractImage2
@Uptshell95@IID_IShellItem
@Uptshell95@initialization$qqrv
@Uptshellcontrols@CF_FILECONTENTS
@Uptshellcontrols@CF_IDLIST
@Uptshellcontrols@Finalization$qqrv
@Uptshellcontrols@PTSH_AUTOOPEN_DELAY_MS
@Uptshellcontrols@PTSH_AUTOOPEN_THRESHOLD_X
@Uptshellcontrols@PTSH_AUTOOPEN_THRESHOLD_Y
@Uptshellcontrols@PTSH_AUTOSCROLL_MINDELAY_MS
@Uptshellcontrols@PTSH_AUTOSCROLL_THRESHOLD_X
@Uptshellcontrols@PTSH_AUTOSCROLL_THRESHOLD_Y
@Uptshellcontrols@PTSH_CHANGE_NOTIFY_DELAY
@Uptshellcontrols@PTSH_CHANGE_NOTIFY_FASTDELAY
@Uptshellcontrols@PTSH_MAX_FOLDER_ATTEMPTS
@Uptshellcontrols@PTSH_TREE_KEY_UPDATE_DELAY
@Uptshellcontrols@PTShIsFolder$qqruio
@Uptshellcontrols@PtShCreateNewFolder$qqr17System@WideStringr17System@WideString
@Uptshellcontrols@TPTCustomShellCombo@
@Uptshellcontrols@TPTCustomShellCombo@$bctr$qqrp18Classes@TComponent
@Uptshellcontrols@TPTCustomShellCombo@$bdtr$qqrv
@Uptshellcontrols@TPTCustomShellCombo@CMDesignHitTest$qqrr17Messages@TWMMouse
@Uptshellcontrols@TPTCustomShellCombo@CanAdd$qqr40System@%DelphiInterface$t12IShellFolder%p11_ITEMIDLISTt2uii
@Uptshellcontrols@TPTCustomShellCombo@CreateWnd$qqrv
@Uptshellcontrols@TPTCustomShellCombo@DeleteItem$qqrpv
@Uptshellcontrols@TPTCustomShellCombo@DestroyWnd$qqrv
@Uptshellcontrols@TPTCustomShellCombo@DropDown$qqrv
@Uptshellcontrols@TPTCustomShellCombo@FillCombo$qqrx40System@%DelphiInterface$t12IShellFolder%p11_ITEMIDLISTip28Uptshellutils@TPTIdListArray
@Uptshellcontrols@TPTCustomShellCombo@FillComboOneItemOnly$qqrp11_ITEMIDLIST
@Uptshellcontrols@TPTCustomShellCombo@FillItems$qqrv
@Uptshellcontrols@TPTCustomShellCombo@GetItemData$qqrp31Uptimagecombo@TPTImageComboItem
@Uptshellcontrols@TPTCustomShellCombo@GetSelectedFolder$qqrv
@Uptshellcontrols@TPTCustomShellCombo@GetShComboData$qqri
@Uptshellcontrols@TPTCustomShellCombo@GoUp$qqri
@Uptshellcontrols@TPTCustomShellCombo@Loaded$qqrv
@Uptshellcontrols@TPTCustomShellCombo@SelEndOk$qqrv
@Uptshellcontrols@TPTCustomShellCombo@SelectedFolderChanged$qqrp14System@TObject
@Uptshellcontrols@TPTCustomShellCombo@SetSelectedFolder$qqrp32Uptshellcontrols@TPTShellLocator
@Uptshellcontrols@TPTCustomShellCombo@SetShellList$qqrp35Uptshellcontrols@TPTCustomShellList
@Uptshellcontrols@TPTCustomShellCombo@SetShellTree$qqrp35Uptshellcontrols@TPTCustomShellTree
@Uptshellcontrols@TPTCustomShellCombo@Synchronize$qqro
@Uptshellcontrols@TPTCustomShellCombo@TreeChanged$qqrp18Comctrls@TTreeNode
@Uptshellcontrols@TPTCustomShellCombo@WMPaint$qqrr17Messages@TWMPaint
@Uptshellcontrols@TPTCustomShellList@
@Uptshellcontrols@TPTCustomShellList@$bctr$qqrp18Classes@TComponent
@Uptshellcontrols@TPTCustomShellList@$bdtr$qqrv
@Uptshellcontrols@TPTCustomShellList@AMChangeNotify$qqrr17Messages@TMessage
@Uptshellcontrols@TPTCustomShellList@AMDeferredEdit$qqrr17Messages@TMessage
@Uptshellcontrols@TPTCustomShellList@AMDeferredFill$qqrr17Messages@TMessage
@Uptshellcontrols@TPTCustomShellList@AddNewShellItem$qqrp11_ITEMIDLISTt1
@Uptshellcontrols@TPTCustomShellList@AfterShellMenuSelection$qqrp18Comctrls@TListItemi
@Uptshellcontrols@TPTCustomShellList@BeforeShellMenuPopup$qqrrp7HMENU__p18Comctrls@TListItemi
@Uptshellcontrols@TPTCustomShellList@CMDesignHitTest$qqrr17Messages@TWMMouse
@Uptshellcontrols@TPTCustomShellList@CMWantSpecialKey$qqrr15Messages@TWMKey
@Uptshellcontrols@TPTCustomShellList@CNNotify$qqrr18Messages@TWMNotify
@Uptshellcontrols@TPTCustomShellList@CanAdd$qqr40System@%DelphiInterface$t12IShellFolder%p11_ITEMIDLISTt2ui
@Uptshellcontrols@TPTCustomShellList@CanEdit$qqrp18Comctrls@TListItem
@Uptshellcontrols@TPTCustomShellList@ColClick$qqrp20Comctrls@TListColumn
@Uptshellcontrols@TPTCustomShellList@CreateIDropSource$qqr21Controls@TMouseButton39System@%DelphiInterface$t11IDataObject%
@Uptshellcontrols@TPTCustomShellList@CreateListItem$qqrv
@Uptshellcontrols@TPTCustomShellList@CreateListItems$qqrv
@Uptshellcontrols@TPTCustomShellList@CreateNewFolder$qqro
@Uptshellcontrols@TPTCustomShellList@CreateWindowHandle$qqrrx22Controls@TCreateParams
@Uptshellcontrols@TPTCustomShellList@CreateWnd$qqrv
@Uptshellcontrols@TPTCustomShellList@CustomDrawItem$qqrp18Comctrls@TListItem48System@%Set$t20Comctrls@Comctrls__9$iuc$0$iuc$8%25Comctrls@TCustomDrawStage
@Uptshellcontrols@TPTCustomShellList@DblClickOpen$qqrv
@Uptshellcontrols@TPTCustomShellList@DefineProperties$qqrp14Classes@TFiler
@Uptshellcontrols@TPTCustomShellList@Delete$qqrp18Comctrls@TListItem
@Uptshellcontrols@TPTCustomShellList@DestroyWnd$qqrv
@Uptshellcontrols@TPTCustomShellList@DeviceChangeDetected$qqrp14System@TObjectr17Messages@TMessage
@Uptshellcontrols@TPTCustomShellList@DoCommandForAllSelected$qqrpc
@Uptshellcontrols@TPTCustomShellList@DoCommandForFolder$qqrpc
@Uptshellcontrols@TPTCustomShellList@DoCommandForItem$qqrp18Comctrls@TListItempc
@Uptshellcontrols@TPTCustomShellList@DoMouseWheelDown$qqr46System@%Set$t18Classes@Classes__1$iuc$0$iuc$6%rx12Types@TPoint
@Uptshellcontrols@TPTCustomShellList@DoMouseWheelUp$qqr46System@%Set$t18Classes@Classes__1$iuc$0$iuc$6%rx12Types@TPoint
@Uptshellcontrols@TPTCustomShellList@DragComplete$qqrli
@Uptshellcontrols@TPTCustomShellList@DragStart$qqr21Controls@TMouseButton39System@%DelphiInterface$t11IDataObject%ri
@Uptshellcontrols@TPTCustomShellList@Edit$qqrrx10tagLVITEMW
@Uptshellcontrols@TPTCustomShellList@FillComplete$qqrv
@Uptshellcontrols@TPTCustomShellList@FillItems$qqrv
@Uptshellcontrols@TPTCustomShellList@FillList$qqr40System@%DelphiInterface$t12IShellFolder%p11_ITEMIDLIST
@Uptshellcontrols@TPTCustomShellList@FillStart$qqrv
@Uptshellcontrols@TPTCustomShellList@FilterApply$qqrx17System@WideStringui
@Uptshellcontrols@TPTCustomShellList@FilterPostApply$qqrv
@Uptshellcontrols@TPTCustomShellList@FilterPreApply$qqrv
@Uptshellcontrols@TPTCustomShellList@FolderChanged$qqrv
@Uptshellcontrols@TPTCustomShellList@GetCurrentFolderIShellDetails$qqrv
@Uptshellcontrols@TPTCustomShellList@GetDataFromItem$qqrp18Comctrls@TListItem
@Uptshellcontrols@TPTCustomShellList@GetDragDropAttributesForAllSelected$qqrv
@Uptshellcontrols@TPTCustomShellList@GetDragDropAttributesForItem$qqrp18Comctrls@TListItem
@Uptshellcontrols@TPTCustomShellList@GetSelectedItem$qqrv
@Uptshellcontrols@TPTCustomShellList@GetShListData$qqri
@Uptshellcontrols@TPTCustomShellList@GetUIObjectForAllSelected$qqrrx5_GUIDpv
@Uptshellcontrols@TPTCustomShellList@GetUIObjectForItem$qqrp18Comctrls@TListItemrx5_GUIDpv
@Uptshellcontrols@TPTCustomShellList@GoUp$qqri
@Uptshellcontrols@TPTCustomShellList@HandleOnFolderChanged$qqrp14System@TObject
@Uptshellcontrols@TPTCustomShellList@IDropTarget_DragEnter$qqsx39System@%DelphiInterface$t11IDataObject%ix12Types@TPointri
@Uptshellcontrols@TPTCustomShellList@IDropTarget_DragLeave$qqsv
@Uptshellcontrols@TPTCustomShellList@IDropTarget_DragOver$qqsix12Types@TPointri
@Uptshellcontrols@TPTCustomShellList@IDropTarget_Drop$qqsx39System@%DelphiInterface$t11IDataObject%ix12Types@TPointri
@Uptshellcontrols@TPTCustomShellList@InitColumns$qqr48System@%DelphiInterface$t20Shlobj@IShellDetails%
@Uptshellcontrols@TPTCustomShellList@InitImageLists$qqrv
@Uptshellcontrols@TPTCustomShellList@InsertItem$qqrp18Comctrls@TListItem
@Uptshellcontrols@TPTCustomShellList@InstallChangeHandler$qqrv
@Uptshellcontrols@TPTCustomShellList@IsCustomDrawn$qqr26Comctrls@TCustomDrawTarget25Comctrls@TCustomDrawStage
@Uptshellcontrols@TPTCustomShellList@IsFolderNetworkShare$qqrv
@Uptshellcontrols@TPTCustomShellList@IsFolderStored$qqrv
@Uptshellcontrols@TPTCustomShellList@ItemContextMenu$qqrp18Comctrls@TListItemr12Types@TPointrp16Menus@TPopupMenu
@Uptshellcontrols@TPTCustomShellList@ItemHasData$qqrp18Comctrls@TListItem
@Uptshellcontrols@TPTCustomShellList@KeyDown$qqrrus46System@%Set$t18Classes@Classes__1$iuc$0$iuc$6%
@Uptshellcontrols@TPTCustomShellList@KeyPress$qqrrb
@Uptshellcontrols@TPTCustomShellList@Loaded$qqrv
@Uptshellcontrols@TPTCustomShellList@MouseDown$qqr21Controls@TMouseButton46System@%Set$t18Classes@Classes__1$iuc$0$iuc$6%ii
@Uptshellcontrols@TPTCustomShellList@Notification$qqrp18Classes@TComponent18Classes@TOperation
@Uptshellcontrols@TPTCustomShellList@OleBeginDrag$qqr21Controls@TMouseButton
@Uptshellcontrols@TPTCustomShellList@OleDrag$qqrx39System@%DelphiInterface$t11IDataObject%irx12Types@TPointrirl
@Uptshellcontrols@TPTCustomShellList@OleDrop$qqrx39System@%DelphiInterface$t11IDataObject%irx12Types@TPointrirl
@Uptshellcontrols@TPTCustomShellList@OpenItem$qqrp18Comctrls@TListItem
@Uptshellcontrols@TPTCustomShellList@OpenSelectedItems$qqrv
@Uptshellcontrols@TPTCustomShellList@ProcessMenu$qqrp18Comctrls@TListItemrx12Types@TPoint
@Uptshellcontrols@TPTCustomShellList@ProcessMenuForAllSelected$qqrrx12Types@TPoint
@Uptshellcontrols@TPTCustomShellList@ProcessSendTo$qqri
@Uptshellcontrols@TPTCustomShellList@RefreshItems$qqrv
@Uptshellcontrols@TPTCustomShellList@SelectAll$qqrv
@Uptshellcontrols@TPTCustomShellList@SetFileFilter$qqrx17System@WideString
@Uptshellcontrols@TPTCustomShellList@SetFolder$qqrp32Uptshellcontrols@TPTShellLocator
@Uptshellcontrols@TPTCustomShellList@SetOptions$qqr64System@%Set$t35Uptshellcontrols@TPTShellListOption$iuc$0$iuc$14%
@Uptshellcontrols@TPTCustomShellList@SetShellCombo$qqrp36Uptshellcontrols@TPTCustomShellCombo
@Uptshellcontrols@TPTCustomShellList@SetShellTree$qqrp35Uptshellcontrols@TPTCustomShellTree
@Uptshellcontrols@TPTCustomShellList@SetSortColumn$qqri
@Uptshellcontrols@TPTCustomShellList@SetThumbnails$qqrp32Uptthumbnails@TPTShellThumbnails
@Uptshellcontrols@TPTCustomShellList@SetViewStyle$qqr34Uptshellcontrols@TPTShellViewStyle
@Uptshellcontrols@TPTCustomShellList@ShellSelCount$qqrv
@Uptshellcontrols@TPTCustomShellList@ShouldInclude$qqrp11_ITEMIDLISTt1rui
@Uptshellcontrols@TPTCustomShellList@SortList$qqrv
@Uptshellcontrols@TPTCustomShellList@Synchronize$qqro
@Uptshellcontrols@TPTCustomShellList@ThumbnailsChange$qqrp14System@TObject
@Uptshellcontrols@TPTCustomShellList@ThumbnailsImagelistCreate$qqrv
@Uptshellcontrols@TPTCustomShellList@TimerElapsed$qqrp14System@TObject
@Uptshellcontrols@TPTCustomShellList@TreeChanged$qqrp18Comctrls@TTreeNode
@Uptshellcontrols@TPTCustomShellList@ViewStyleReadData$qqrp15Classes@TReader
@Uptshellcontrols@TPTCustomShellList@ViewStyleWriteData$qqrp15Classes@TWriter
@Uptshellcontrols@TPTCustomShellList@WMDestroy$qqrr20Messages@TWMNoParams
@Uptshellcontrols@TPTCustomShellList@WMGetIShellBrowser$qqrr17Messages@TMessage
@Uptshellcontrols@TPTCustomShellList@WMMenuSelect$qqrr22Messages@TWMMenuSelect
@Uptshellcontrols@TPTCustomShellList@WMNCHitTest$qqrr21Messages@TWMNCHitTest
@Uptshellcontrols@TPTCustomShellList@WMRButtonUp$qqrr17Messages@TWMMouse
@Uptshellcontrols@TPTCustomShellList@WMWindowPosChanged$qqrr24Messages@TWMWindowPosMsg
@Uptshellcontrols@TPTCustomShellList@WndProc$qqrr17Messages@TMessage
@Uptshellcontrols@TPTCustomShellTree@
@Uptshellcontrols@TPTCustomShellTree@$bctr$qqrp18Classes@TComponent
@Uptshellcontrols@TPTCustomShellTree@$bdtr$qqrv
@Uptshellcontrols@TPTCustomShellTree@AMChangeNotify$qqrr17Messages@TMessage
@Uptshellcontrols@TPTCustomShellTree@AMDeferredFill$qqrr17Messages@TMessage
@Uptshellcontrols@TPTCustomShellTree@AddNewShellNode$qqrx40System@%DelphiInterface$t12IShellFolder%p11_ITEMIDLISTp18Comctrls@TTreeNodet2
@Uptshellcontrols@TPTCustomShellTree@AfterShellMenuSelection$qqrp18Comctrls@TTreeNodei
@Uptshellcontrols@TPTCustomShellTree@BaseFolderChanged$qqrp14System@TObject
@Uptshellcontrols@TPTCustomShellTree@BeforeShellMenuPopup$qqrrp7HMENU__p18Comctrls@TTreeNodei
@Uptshellcontrols@TPTCustomShellTree@CMDesignHitTest$qqrr17Messages@TWMMouse
@Uptshellcontrols@TPTCustomShellTree@CMWantSpecialKey$qqrr15Messages@TWMKey
@Uptshellcontrols@TPTCustomShellTree@CNNotify$qqrr18Messages@TWMNotify
@Uptshellcontrols@TPTCustomShellTree@CanAdd$qqr40System@%DelphiInterface$t12IShellFolder%p11_ITEMIDLISTt2ui
@Uptshellcontrols@TPTCustomShellTree@CanEdit$qqrp18Comctrls@TTreeNode
@Uptshellcontrols@TPTCustomShellTree@CanExpand$qqrp18Comctrls@TTreeNode
@Uptshellcontrols@TPTCustomShellTree@Change$qqrp18Comctrls@TTreeNode
@Uptshellcontrols@TPTCustomShellTree@CreateIDropSource$qqr21Controls@TMouseButton39System@%DelphiInterface$t11IDataObject%
@Uptshellcontrols@TPTCustomShellTree@CreateNewFolder$qqro
@Uptshellcontrols@TPTCustomShellTree@CreateParams$qqrr22Controls@TCreateParams
@Uptshellcontrols@TPTCustomShellTree@CreateWindowHandle$qqrrx22Controls@TCreateParams
@Uptshellcontrols@TPTCustomShellTree@CreateWnd$qqrv
@Uptshellcontrols@TPTCustomShellTree@CustomDrawItem$qqrp18Comctrls@TTreeNode48System@%Set$t20Comctrls@Comctrls__9$iuc$0$iuc$8%25Comctrls@TCustomDrawStagero
@Uptshellcontrols@TPTCustomShellTree@Delete$qqrp18Comctrls@TTreeNode
@Uptshellcontrols@TPTCustomShellTree@DestroyWnd$qqrv
@Uptshellcontrols@TPTCustomShellTree@DeviceChangeDetected$qqrp14System@TObjectr17Messages@TMessage
@Uptshellcontrols@TPTCustomShellTree@DoCommandForNode$qqrp18Comctrls@TTreeNodepc
@Uptshellcontrols@TPTCustomShellTree@DoDropTargetAutoscroll$qqrrx12Types@TPoint
@Uptshellcontrols@TPTCustomShellTree@DoMouseWheelDown$qqr46System@%Set$t18Classes@Classes__1$iuc$0$iuc$6%rx12Types@TPoint
@Uptshellcontrols@TPTCustomShellTree@DoMouseWheelUp$qqr46System@%Set$t18Classes@Classes__1$iuc$0$iuc$6%rx12Types@TPoint
@Uptshellcontrols@TPTCustomShellTree@DoOnInsertItem$qqrp18Comctrls@TTreeNode
@Uptshellcontrols@TPTCustomShellTree@DoSetSelectedIdList$qqrp11_ITEMIDLIST
@Uptshellcontrols@TPTCustomShellTree@DragComplete$qqrli
@Uptshellcontrols@TPTCustomShellTree@DragStart$qqr21Controls@TMouseButtonx39System@%DelphiInterface$t11IDataObject%ri
@Uptshellcontrols@TPTCustomShellTree@Edit$qqrrx10tagTVITEMW
@Uptshellcontrols@TPTCustomShellTree@ExpandNode$qqrp18Comctrls@TTreeNode
@Uptshellcontrols@TPTCustomShellTree@FillComplete$qqrv
@Uptshellcontrols@TPTCustomShellTree@FillItems$qqrv
@Uptshellcontrols@TPTCustomShellTree@FillStart$qqrv
@Uptshellcontrols@TPTCustomShellTree@FillTree$qqr40System@%DelphiInterface$t12IShellFolder%p18Comctrls@TTreeNode
@Uptshellcontrols@TPTCustomShellTree@FindNodeWithIdList$qqrp18Comctrls@TTreeNodep11_ITEMIDLIST
@Uptshellcontrols@TPTCustomShellTree@GetDataFromNode$qqrp18Comctrls@TTreeNode
@Uptshellcontrols@TPTCustomShellTree@GetDragDropAttributesForNode$qqrp18Comctrls@TTreeNode
@Uptshellcontrols@TPTCustomShellTree@GetFirstRootLevelShellNode$qqrv
@Uptshellcontrols@TPTCustomShellTree@GetImageIndex$qqrp18Comctrls@TTreeNode
@Uptshellcontrols@TPTCustomShellTree@GetParentHWND$qqrv
@Uptshellcontrols@TPTCustomShellTree@GetSelectedIndex$qqrp18Comctrls@TTreeNode
@Uptshellcontrols@TPTCustomShellTree@GetSelectedItem$qqrv
@Uptshellcontrols@TPTCustomShellTree@GetSelectedPathName$qqrv
@Uptshellcontrols@TPTCustomShellTree@GetShTreeData$qqri
@Uptshellcontrols@TPTCustomShellTree@GoUp$qqri
@Uptshellcontrols@TPTCustomShellTree@IDropTarget_DragEnter$qqsx39System@%DelphiInterface$t11IDataObject%ix12Types@TPointri
@Uptshellcontrols@TPTCustomShellTree@IDropTarget_DragLeave$qqsv
@Uptshellcontrols@TPTCustomShellTree@IDropTarget_DragOver$qqsix12Types@TPointri
@Uptshellcontrols@TPTCustomShellTree@IDropTarget_Drop$qqsx39System@%DelphiInterface$t11IDataObject%ix12Types@TPointri
@Uptshellcontrols@TPTCustomShellTree@InitImageList$qqrv
@Uptshellcontrols@TPTCustomShellTree@InstallChangeHandler$qqrx17System@WideString
@Uptshellcontrols@TPTCustomShellTree@InstallChangeHandlersForAllLocalDrives$qqrv
@Uptshellcontrols@TPTCustomShellTree@IsCustomDrawn$qqr26Comctrls@TCustomDrawTarget25Comctrls@TCustomDrawStage
@Uptshellcontrols@TPTCustomShellTree@KeyDown$qqrrus46System@%Set$t18Classes@Classes__1$iuc$0$iuc$6%
@Uptshellcontrols@TPTCustomShellTree@Loaded$qqrv
@Uptshellcontrols@TPTCustomShellTree@NodeContextMenu$qqrp18Comctrls@TTreeNoder12Types@TPointrp16Menus@TPopupMenu
@Uptshellcontrols@TPTCustomShellTree@NodeHasData$qqrp18Comctrls@TTreeNode
@Uptshellcontrols@TPTCustomShellTree@Notification$qqrp18Classes@TComponent18Classes@TOperation
@Uptshellcontrols@TPTCustomShellTree@OleBeginDrag$qqr21Controls@TMouseButton
@Uptshellcontrols@TPTCustomShellTree@OleDrag$qqrx39System@%DelphiInterface$t11IDataObject%irx12Types@TPointrirl
@Uptshellcontrols@TPTCustomShellTree@OleDrop$qqrx39System@%DelphiInterface$t11IDataObject%irx12Types@TPointrirl
@Uptshellcontrols@TPTCustomShellTree@ProcessMenu$qqrp18Comctrls@TTreeNoderx12Types@TPoint
@Uptshellcontrols@TPTCustomShellTree@ProcessSendTo$qqrp18Comctrls@TTreeNodei
@Uptshellcontrols@TPTCustomShellTree@RefreshNodes$qqrv
@Uptshellcontrols@TPTCustomShellTree@SelectedFolderChanged$qqrp14System@TObject
@Uptshellcontrols@TPTCustomShellTree@SetBaseFolder$qqrp32Uptshellcontrols@TPTShellLocator
@Uptshellcontrols@TPTCustomShellTree@SetOptions$qqr64System@%Set$t35Uptshellcontrols@TPTShellTreeOption$iuc$0$iuc$10%
@Uptshellcontrols@TPTCustomShellTree@SetSelectedFolder$qqrp32Uptshellcontrols@TPTShellLocator
@Uptshellcontrols@TPTCustomShellTree@SetSelectedPathName$qqrx17System@WideString
@Uptshellcontrols@TPTCustomShellTree@SetShellCombo$qqrp36Uptshellcontrols@TPTCustomShellCombo
@Uptshellcontrols@TPTCustomShellTree@SetShellList$qqrp35Uptshellcontrols@TPTCustomShellList
@Uptshellcontrols@TPTCustomShellTree@SortNode$qqrp18Comctrls@TTreeNode
@Uptshellcontrols@TPTCustomShellTree@Synchronize$qqro
@Uptshellcontrols@TPTCustomShellTree@TVMDeleteItem$qqrr17Messages@TMessage
@Uptshellcontrols@TPTCustomShellTree@TimerElapsed$qqrp14System@TObject
@Uptshellcontrols@TPTCustomShellTree@WMNCDestroy$qqrr20Messages@TWMNoParams
@Uptshellcontrols@TPTCustomShellTree@WMNCHitTest$qqrr21Messages@TWMNCHitTest
@Uptshellcontrols@TPTCustomShellTree@WMPaint$qqrr17Messages@TWMPaint

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 487KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 59KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Alcohol 120% FE (2.0.3.9902) (Portable Edition)/Plugins/DPM.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

UPX0
Size: - Virtual size: 112KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Alcohol 120% FE (2.0.3.9902) (Portable Edition)/Plugins/DPMChart.dll
.dll windows:4 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

52:d5:8f:7c:3a:fa:aa:1b:8f:05:4c:2f:12:9e:1e:2b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/10/2013, 00:00

Not After

16/12/2014, 23:59

Subject

CN=Alcohol Soft,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Alcohol Soft,L=Belfast,ST=Antrim,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5b:22:3f:39:35:5c:ce:76:49:c9:fe:a8:07:50:82:be:c1:83:a4:6f
Signer

Actual PE Digest

5b:22:3f:39:35:5c:ce:76:49:c9:fe:a8:07:50:82:be:c1:83:a4:6f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

@@Tchartwindow@Finalize
@@Tchartwindow@Initialize
@Vclfixpack@Finalization$qqrv
@Vclfixpack@initialization$qqrv
MX_DoDPMChartWindow
_ChartWindow
___CPPdebugHook

Sections

UPX0
Size: - Virtual size: 868KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 386KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Alcohol 120% FE (2.0.3.9902) (Portable Edition)/imgengine.dll
.dll windows:5 windows x86 arch:x86

d503f319bb4b13f0c9c778febbe17bcd

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

03/02/2015, 00:00

Not After

03/03/2026, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

f6:e3:d0:09:8b:f4:e2:4d:22:bb:b9:55:0c:55:34:3e
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

26/05/2015, 00:00

Not After

09/03/2018, 23:59

Subject

CN=Disc Soft Ltd,O=Disc Soft Ltd,POSTALCODE=BZ,STREET=Belama Phase 1+STREET=16 Albert Hoy Avenue\,,L=Belize City,ST=Belize,C=BZ,2.5.4.18=#130d502e4f2e20426f782032323834

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f5:64:a6:71:5f:66:23:08:b7:90:e4:22:f6:8b:5e:e7:5d:c5:ff:e6
Signer

Actual PE Digest

f5:64:a6:71:5f:66:23:08:b7:90:e4:22:f6:8b:5e:e7:5d:c5:ff:e6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedCompareExchange
VirtualAlloc
VirtualFree
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
WaitForSingleObject
GetFileSize
WriteFile
ReadFile
SetFilePointer
CloseHandle
GetTickCount
CreateEventW
GetDiskFreeSpaceW
CreateFileW
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineA
GetCurrentThreadId
HeapFree
HeapAlloc
GetFullPathNameW
RaiseException
RtlUnwind
SetLastError
GetCurrentThread
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
GetProcAddress
GetProcessHeap
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
IsProcessorFeaturePresent
IsDebuggerPresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetModuleFileNameW
LoadLibraryExW
HeapReAlloc
GetStringTypeW
LCMapStringW
OutputDebugStringW
GetDriveTypeW
GetCurrentDirectoryW
HeapSize
GetConsoleMode
ReadConsoleW
FlushFileBuffers
GetConsoleCP
SetStdHandle
SetFilePointerEx
WriteConsoleW
GetThreadTimes

Sections

.text
Size: 382KB - Virtual size: 382KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Alcohol 120% FE (2.0.3.9902) (Portable Edition)/pfctoc.dll
.dll windows:4 windows x86 arch:x86

92dc1350050c1104b682cc5ee133e008

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RaiseException
GetModuleHandleA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
FreeLibrary
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
GetCommandLineA
HeapAlloc
WritePrivateProfileStringA
ExitProcess
TerminateProcess
HeapSize
GetTimeZoneInformation
GetACP
HeapReAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapFree
GlobalFlags
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
DuplicateHandle
GlobalFree
GlobalAlloc
GlobalReAlloc
FindFirstFileA
FindClose
UnlockFile
LockFile
FileTimeToLocalFileTime
FileTimeToSystemTime
GetVersion
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
LeaveCriticalSection
TlsFree
GlobalHandle
GlobalUnlock
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
SetLastError
GetEnvironmentStrings
GlobalLock
SetFilePointer
SetEndOfFile
GetCurrentThread
GlobalDeleteAtom
GetLastError
LocalFree
GetCurrentThreadId
lstrcmpA
GetFileTime
InterlockedDecrement
GetFileAttributesA
WideCharToMultiByte
InterlockedIncrement
GetModuleFileNameA
lstrcmpiA
GetVolumeInformationA
GetFullPathNameA
lstrcpynA
MultiByteToWideChar
lstrcpyA
lstrlenA
LoadLibraryA
GetProcAddress
FlushFileBuffers
CloseHandle
CreateFileA
WriteFile
ReadFile
GetEnvironmentStringsW
GetCurrentProcess
GetEnvironmentVariableA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetFileSize

user32

RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
DefWindowProcA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
DestroyMenu
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
IsIconic
SystemParametersInfoA
GetWindowPlacement
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
UnregisterClassA
UnhookWindowsHookEx
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
EnableWindow
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
GetSystemMetrics
CharUpperA
wsprintfA
LoadBitmapA
GetMenuCheckMarkDimensions
LoadStringA

gdi32

DeleteObject
SaveDC
RestoreDC
GetStockObject
SelectObject
SetBkColor
SetTextColor
SetViewportOrgEx
OffsetViewportOrgEx
SetMapMode
ScaleViewportExtEx
SetViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
CreateBitmap
DeleteDC

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA

comctl32

ord17

Exports

Exports

PfcFreeToc
PfcGetToc

Sections

.text
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Alcohol 120% FE (2.0.3.9902) (Portable Edition)/pidalc.dll
.dll windows:5 windows x86 arch:x86

867b0f77234da74fa017e86153dbb7bb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateFileA
DeviceIoControl
GetDriveTypeA
QueryDosDeviceA
ReadFile
SetErrorMode
SetFilePointer

Exports

Exports

pid_report_full_version
pid_report_quick_version
pid_scan_disc

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

43:85:0c:72:1a:bf:6c:93:70:d1:bc:92:32:86:8c:28Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

14:30:05:9d:83:02:f4:b7:d9:30:7a:67:6c:76:4b:e4:54:c7:98:61Signer

Headers

File Characteristics

Sections

SSE3 Size: - Virtual size: 5.2MB

SSE2 Size: 1.4MB - Virtual size: 1.4MB

.rsrc Size: 127KB - Virtual size: 128KB

CODEINIT Size: 512B - Virtual size: 32B

CODESIGN Size: 4KB - Virtual size: 4KB

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

60:8b:7c:5b:34:be:c5:ad:b2:4c:2d:3c:32:f6:2a:d5Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

4f:0d:ec:6c:11:41:57:9b:81:23:27:52:10:01:94:c1:b4:bf:b9:97Signer

Headers

File Characteristics

Sections

SSE3 Size: - Virtual size: 224KB

SSE2 Size: 48KB - Virtual size: 52KB

.rsrc Size: 1KB - Virtual size: 4KB

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

71:0b:89:28:5c:95:8b:2b:59:8f:a4:85:2b:c5:df:ffCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

b2:f3:c9:8f:61:e9:63:20:9e:cd:34:68:1e:b9:d3:52:e0:bf:a2:4eSigner

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 1.2MB

UPX1 Size: 487KB - Virtual size: 488KB

.rsrc Size: 59KB - Virtual size: 60KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 112KB

UPX1 Size: 73KB - Virtual size: 76KB

.rsrc Size: 1KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 124KB - Virtual size: 122KB

.rdata Size: 20KB - Virtual size: 17KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

43:85:0c:72:1a:bf:6c:93:70:d1:bc:92:32:86:8c:28
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

14:30:05:9d:83:02:f4:b7:d9:30:7a:67:6c:76:4b:e4:54:c7:98:61
Signer

SSE3
Size: - Virtual size: 5.2MB

SSE2
Size: 1.4MB - Virtual size: 1.4MB

.rsrc
Size: 127KB - Virtual size: 128KB

CODEINIT
Size: 512B - Virtual size: 32B

CODESIGN
Size: 4KB - Virtual size: 4KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

60:8b:7c:5b:34:be:c5:ad:b2:4c:2d:3c:32:f6:2a:d5
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

4f:0d:ec:6c:11:41:57:9b:81:23:27:52:10:01:94:c1:b4:bf:b9:97
Signer

SSE3
Size: - Virtual size: 224KB

SSE2
Size: 48KB - Virtual size: 52KB

.rsrc
Size: 1KB - Virtual size: 4KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

71:0b:89:28:5c:95:8b:2b:59:8f:a4:85:2b:c5:df:ff
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

b2:f3:c9:8f:61:e9:63:20:9e:cd:34:68:1e:b9:d3:52:e0:bf:a2:4e
Signer

UPX0
Size: - Virtual size: 1.2MB

UPX1
Size: 487KB - Virtual size: 488KB

.rsrc
Size: 59KB - Virtual size: 60KB

UPX0
Size: - Virtual size: 112KB

UPX1
Size: 73KB - Virtual size: 76KB

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 124KB - Virtual size: 122KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 824B

.reloc
Size: 12KB - Virtual size: 9KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

52:d5:8f:7c:3a:fa:aa:1b:8f:05:4c:2f:12:9e:1e:2b
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

5b:22:3f:39:35:5c:ce:76:49:c9:fe:a8:07:50:82:be:c1:83:a4:6f
Signer

UPX0
Size: - Virtual size: 868KB

UPX1
Size: 386KB - Virtual size: 388KB

.rsrc
Size: 5KB - Virtual size: 8KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

f6:e3:d0:09:8b:f4:e2:4d:22:bb:b9:55:0c:55:34:3e
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

f5:64:a6:71:5f:66:23:08:b7:90:e4:22:f6:8b:5e:e7:5d:c5:ff:e6
Signer

.text
Size: 382KB - Virtual size: 382KB

.rdata
Size: 72KB - Virtual size: 72KB

.data
Size: 27KB - Virtual size: 41KB

.rsrc
Size: 1024B - Virtual size: 856B

.reloc
Size: 12KB - Virtual size: 12KB