lumma | 5874bb1804c8f9d1f3225eebc849f8ca

Sharing

Copy URL Twitter E-mail

General

Target

5874bb1804c8f9d1f3225eebc849f8ca
Size

5.0MB
MD5

5874bb1804c8f9d1f3225eebc849f8ca
SHA1

5712ee89188a6a2d65890ee5534b773b135726b9
SHA256

e79c3dbd9b7db02103c4701f56ed7eb3cad228f266249c72d012509aaf06e5a3
SHA512

5765dea7169ca4d378a2814a3d97920ccd63518cb5e739a20fc186e1564d4f2facb30c06e67505844f04c1a0ef10b13be28266a6f24423fc0ba5dba9fa460685
SSDEEP

98304:QiSozLi7ouNoPOGeNp/AwtaoXhoMEnmnJSxvkYytkMvmZFZLcZyKHrh:QiSovigLeNp/A14hoMVM9cvmLmXLh

Score

10^/10

aspackv2 lumma

Malware Config

Signatures

Detect Lumma Stealer payload V4 1 IoCs

resource	yara_rule
static1/unpack001/ppmate.exe	family_lumma_v4

Lumma family
lumma

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/$COMMONFILES/Synacast/SynaLive/FWUpnp.dll	aspack_v212_v242

Unsigned PE 26 IoCs

Checks for missing Authenticode signature.

resource
5874bb1804c8f9d1f3225eebc849f8ca
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/PPMPlayer.dll
unpack001/RecordPlan.exe
unpack001/Recorder.dll
unpack001/SopCore.ocx
unpack001/TVUAx.dll
unpack001/dllcheck.exe
unpack001/kankansession.dll
unpack001/libeay32.dll
unpack001/libexpatw.dll
unpack001/msvcp71.dll
unpack001/msvcr71.dll
unpack001/network.dll
unpack001/plugin/CheckOS.dll
unpack001/ppamnet.exe
unpack001/pplivesession.dll
unpack001/ppmate.exe
unpack001/ppmlist.dll
unpack001/sopcastsession.dll
unpack001/ssleay32.dll
unpack001/tvuplayersession.dll
unpack001/uninst.exe
unpack002/$PLUGINSDIR/LangDLL.dll
unpack001/xpsp2tcppatch.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_1

Files

5874bb1804c8f9d1f3225eebc849f8ca
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$APPDATA/PPMate/PPMate/channels.xml
.xml
$COMMONFILES/Synacast/SynaLive/FWUpnp.dll
.dll windows:4 windows x86 arch:x86

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:d5:13:d1:17:51:9f:61:79:0d:16:19:1e:61:be:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

22/09/2006, 00:00

Not After

24/09/2007, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=technology department,O=Synacast Corp.,L=shanghai,ST=shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8d:11:4f:3c:6e:d2:11:a8:10:0c:bf:59:92:cf:89:b4:55:49:fa:ae
Signer

Actual PE Digest

8d:11:4f:3c:6e:d2:11:a8:10:0c:bf:59:92:cf:89:b4:55:49:fa:ae

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

FWAppAdd
FWAppIsEnable
FWExceptionSetAllowed
FWExcptionAllowed
FWFree
FWInit
FWOff
FWOn
FWPortAdd
FWison
GetExIP
GetMapPort
GetSessionState
GetUPnPVersion
SetCallBack
SetQuitFlag
SetSessionState
SetUPnPWaitTime
UPNPGetExIp
UPNPaddPort
UPNPdelPort
UPnPGetMapPort
addPortmap
delPortmap

Sections

.text
Size: 32KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$COMMONFILES/Synacast/SynaLive/Har.dll
.dll windows:4 windows x86 arch:x86

78121377f3efa9be51d158a709dccd50

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c5:29:38:96:c8:31:e0:df:16:07:97:15:bb:89:8e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27/09/2007, 00:00

Not After

26/09/2008, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D Department,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a4:14:9e:41:4b:76:06:ed:9b:1a:04:64:fc:a2:a4:55:44:a7:0d:f2
Signer

Actual PE Digest

a4:14:9e:41:4b:76:06:ed:9b:1a:04:64:fc:a2:a4:55:44:a7:0d:f2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
PeekMessageA
MsgWaitForMultipleObjects
MessageBoxA
LoadStringA
GetSystemMetrics
CharNextA
CharToOemA

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
WriteFile
WaitForSingleObject
VirtualQuery
VirtualProtect
Sleep
SetLastError
SetFilePointer
SetEvent
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
OutputDebugStringA
LoadLibraryA
LeaveCriticalSection
IsBadReadPtr
InitializeCriticalSection
GetVersionExA
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetExitCodeThread
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCPInfo
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateFileA
CreateEventA
CompareStringA
CloseHandle
Sleep

wsock32

WSAStartup
socket
sendto
send
recvfrom
recv
inet_addr
htons
connect
closesocket

Exports

Exports

CloseFileSession
CloseFileSessionSW
GetSessionState
SetPlayMode
Start

Sections

.text
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1024B - Virtual size: 724B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 82KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$COMMONFILES/Synacast/SynaLive/Live.dll
.dll windows:4 windows x86 arch:x86

448e135b6a3bfbd60504d98ce84fff6a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c5:29:38:96:c8:31:e0:df:16:07:97:15:bb:89:8e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27/09/2007, 00:00

Not After

26/09/2008, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D Department,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4b:98:fc:fd:86:31:18:04:27:13:a4:60:74:39:d1:29:ea:22:a9:8c
Signer

Actual PE Digest

4b:98:fc:fd:86:31:18:04:27:13:a4:60:74:39:d1:29:ea:22:a9:8c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord1182
ord823
ord920
ord936
ord834
ord1116
ord1176
ord1575
ord1168
ord1577
ord825
ord342
ord1243
ord1197
ord1570
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253

msvcrt

fputc
__CxxFrameHandler
fclose
_ftol
_vsnprintf
_snprintf
atoi
sscanf
memmove
strncpy
_purecall
_beginthreadex
tolower
memchr
fopen
atof
fprintf
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
strchr
strncmp
isspace
isalnum
isalpha
_strnicmp
fseek
ftell
fread

kernel32

LocalAlloc
LocalFree
SetEvent
GetVersionExA
Sleep
GetStdHandle
WaitForMultipleObjects
PeekNamedPipe
ReadFile
ResetEvent
WaitForSingleObject
TerminateThread
CreateEventA
OpenProcess
GetExitCodeThread
LoadLibraryA
GetModuleFileNameA
GetProcAddress
VirtualQuery
GetACP
GetModuleHandleA
GetCurrentProcessId
OpenFileMappingA
MapViewOfFile
GetLastError
FreeLibrary
UnmapViewOfFile
CloseHandle
GetSystemTime
GetSystemDirectoryA

user32

FindWindowA
MessageBoxA
PostMessageA
IsWindow
DefWindowProcA
PostQuitMessage
DestroyWindow
CreateWindowExA
RegisterClassExA
GetDesktopWindow
DispatchMessageA
TranslateMessage
GetMessageA
SendMessageA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA

msvcp60

?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??_8?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B@
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??_7?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_7?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
?_Tidy@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXXZ
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??_8?$basic_ofstream@DU?$char_traits@D@std@@@std@@7B@
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??1ios_base@std@@UAE@XZ
??1locale@std@@QAE@XZ
??0ios_base@std@@IAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Xlen@std@@YAXXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_filebuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ifstream@DU?$char_traits@D@std@@@std@@UAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?close@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
??_7?$basic_ifstream@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??_8?$basic_ifstream@DU?$char_traits@D@std@@@std@@7B@
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?_Init@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXPAU_iobuf@@W4_Initfl@12@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??_7?$basic_ofstream@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z

wininet

InternetTimeFromSystemTime
InternetTimeToSystemTimeA

ws2_32

inet_ntoa
gethostbyname
inet_addr

shlwapi

PathAppendA

Exports

Exports

RD_XXXX

Sections

.text
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/Synacast/SynaLive/MngModule.dll
.dll windows:4 windows x86 arch:x86

d5ba88d191fa4bb4a0de210b22e6ac81

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c5:29:38:96:c8:31:e0:df:16:07:97:15:bb:89:8e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27/09/2007, 00:00

Not After

26/09/2008, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D Department,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

43:e3:ac:b4:b6:39:56:da:a8:92:29:7e:5c:57:8b:a9:9b:d0:81:5d
Signer

Actual PE Digest

43:e3:ac:b4:b6:39:56:da:a8:92:29:7e:5c:57:8b:a9:9b:d0:81:5d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord1132
ord1131
ord6354
ord2725
ord1168
ord3584
ord543
ord3831
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord825
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord2614
ord823
ord860
ord537
ord2764
ord4129
ord5710
ord939
ord2818
ord535
ord6778
ord940
ord6467
ord539
ord924
ord922
ord2915
ord5572
ord5500
ord540
ord926
ord858
ord800
ord803
ord1116

msvcrt

_initterm
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
_mbsnicmp
_mbsspn
memcmp
_strdup
isalnum
free
memcpy
realloc
malloc
isspace
_purecall
strcpy
_mbscmp
_itoa
memset
__CxxFrameHandler
strlen
_adjust_fdiv
??1type_info@@UAE@XZ
_mbscspn

kernel32

InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
LoadLibraryA
GetProcAddress
CreateEventA
CreateThread
InterlockedDecrement
SetEvent
InterlockedIncrement
GetModuleHandleA
GetShortPathNameA
GetTickCount
GetCurrentProcessId
WriteFile
DeleteCriticalSection
lstrlenW
WideCharToMultiByte
CreatePipe
GetModuleFileNameA
lstrlenA
MultiByteToWideChar
TerminateProcess
CreateProcessA
GetExitCodeProcess
CloseHandle
GetCurrentThreadId
Sleep
OutputDebugStringA
LocalFree
LocalAlloc
HeapDestroy
FreeLibrary
lstrcpyA
lstrcatA
SystemTimeToFileTime
GetSystemTime
GetPrivateProfileIntA
GetPrivateProfileStringA
WaitForSingleObject
OpenProcess

user32

CharNextA
GetMessageA
PostMessageA
IsWindow
FindWindowA
PostThreadMessageA
DispatchMessageA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

ole32

CoInitialize
CoRegisterClassObject
CoCreateInstance
CoUninitialize
CoDisconnectObject
CoRevokeClassObject

oleaut32

SysAllocString
SysFreeString
LoadTypeLi
RegisterTypeLi
SysStringLen
LoadRegTypeLi

shlwapi

PathRemoveFileSpecA
PathAppendA

msvcp60

?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z

rpcrt4

UuidFromStringA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
ExecCommand

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/Synacast/SynaLive/NetTools.dll
.dll windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c5:29:38:96:c8:31:e0:df:16:07:97:15:bb:89:8e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27/09/2007, 00:00

Not After

26/09/2008, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D Department,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a2:c7:7b:14:f6:e1:03:0e:63:1a:c3:d7:25:9b:4a:67:78:b0:c4:ef
Signer

Actual PE Digest

a2:c7:7b:14:f6:e1:03:0e:63:1a:c3:d7:25:9b:4a:67:78:b0:c4:ef

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

Etadpu
GetTickCountInt64
GetUTC_SystemTime
GetUTC_TDateTime
HTTP_Get_To_File
HTTP_Get_To_Mem
HTTP_Post_To_File
HTTP_Post_To_Mem
InitUTCTimeByHTTP
InitUTCTimeBySNTP
SetHTTPFuncTimeOut
SetTimeFuncTimeOut
Tools_Start
Tools_stop

Sections

CODE
Size: 245KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 7KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 418B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$COMMONFILES/Synacast/SynaLive/PP/1012/KOM.dll
.dll windows:4 windows x86 arch:x86

7cecd1ab25c0b666f51ef269e00504e2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c5:29:38:96:c8:31:e0:df:16:07:97:15:bb:89:8e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27/09/2007, 00:00

Not After

26/09/2008, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D Department,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

23:c0:06:29:fa:9e:a8:07:3b:40:77:ad:66:dc:26:96:c6:10:16:9b
Signer

Actual PE Digest

23:c0:06:29:fa:9e:a8:07:3b:40:77:ad:66:dc:26:96:c6:10:16:9b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetModuleFileNameA
VirtualQuery
GetProcAddress
GetTickCount
SetCurrentDirectoryA
GetCurrentDirectoryA
GetVersion
GetCurrentProcessId
GetCommandLineA
CreateEventA
CloseHandle
SetEvent
ResetEvent
GetLocalTime
lstrcpyA
OutputDebugStringA
CreateThread
TerminateThread
WaitForSingleObject
CompareStringW
CompareStringA
GetTimeZoneInformation
ReadFile
SetEndOfFile
GetLocaleInfoW
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetCurrentThreadId
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetLastError
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
EnterCriticalSection
LeaveCriticalSection
Sleep
HeapSize
ExitProcess
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DeleteCriticalSection
FatalAppExitA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
InitializeCriticalSection
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
CreateFileA
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
SetEnvironmentVariableA

ole32

CoCreateGuid

iphlpapi

GetIpAddrTable

ws2_32

gethostbyname
gethostname

shlwapi

PathAppendA
PathRemoveFileSpecA
StrStrIA
PathIsRelativeA

Exports

Exports

TS_0001
TS_0002
TS_0003
TS_0004
TS_0005
TS_0006
TS_0007
TS_0008
TS_0009

Sections

.text
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/Synacast/SynaLive/PP/1012/TEN.dll
.dll windows:4 windows x86 arch:x86

8d8548662be50c279e5c6801a280d58d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c5:29:38:96:c8:31:e0:df:16:07:97:15:bb:89:8e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27/09/2007, 00:00

Not After

26/09/2008, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D Department,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f1:62:ae:a5:84:50:44:d1:c8:32:a2:83:57:a0:17:40:bf:57:8f:ea
Signer

Actual PE Digest

f1:62:ae:a5:84:50:44:d1:c8:32:a2:83:57:a0:17:40:bf:57:8f:ea

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualQuery
GetModuleFileNameW
lstrcatW
LoadLibraryW
GetProcAddress
LeaveCriticalSection
InterlockedIncrement
TlsFree
DeleteCriticalSection
EnterCriticalSection
WaitForSingleObject
InterlockedExchangeAdd
PostQueuedCompletionStatus
CloseHandle
CreateIoCompletionPort
GetModuleHandleA
InterlockedExchange
Sleep
GetSystemTimeAsFileTime
TlsAlloc
LocalFree
GetLastError
GetQueuedCompletionStatus
TlsGetValue
FormatMessageA
InterlockedDecrement
InitializeCriticalSection
SetLastError
TlsSetValue
OutputDebugStringW
InterlockedCompareExchange
CreateThread
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
ExitProcess
IsValidCodePage
WideCharToMultiByte
MultiByteToWideChar
GetUserDefaultLCID
GetStringTypeExA
FreeLibrary
LCMapStringA
LCMapStringW
LoadLibraryA
GetVersionExA
ReleaseMutex
GetCurrentProcessId
HeapFree
ExitThread
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
HeapAlloc
GetProcessHeap
GetCPInfo
RtlUnwind
RaiseException
GetStringTypeA
GetStringTypeW
WriteFile
GetStdHandle
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetACP
GetOEMCP

ws2_32

WSASendTo
gethostbyname
WSASocketW
bind
getsockname
WSASend
listen
WSACleanup
WSARecv
htons
__WSAFDIsSet
WSARecvFrom
ntohl
getservbyname
select
setsockopt
htonl
getsockopt
WSASetLastError
WSAStartup
connect
ioctlsocket
WSAStringToAddressA
WSAGetLastError
inet_addr
closesocket
ntohs
accept

mswsock

AcceptEx
GetAcceptExSockaddrs

user32

LoadStringA

Exports

Exports

TS_XXXX

Sections

.text
Size: 413KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/Synacast/SynaLive/PP/1012/eroc.dll
.dll windows:4 windows x86 arch:x86

337fb24d346a57a9b9ada0390d9fbc99

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c5:29:38:96:c8:31:e0:df:16:07:97:15:bb:89:8e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27/09/2007, 00:00

Not After

26/09/2008, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D Department,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:b6:a6:97:95:6e:b6:f4:91:d8:db:7f:95:4f:00:26:ca:94:53:d6
Signer

Actual PE Digest

52:b6:a6:97:95:6e:b6:f4:91:d8:db:7f:95:4f:00:26:ca:94:53:d6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
FreeLibrary
CloseHandle
Thread32Next
SetUnhandledExceptionFilter
GetLastError
MapViewOfFile
UnmapViewOfFile
OutputDebugStringA
VirtualQuery
Module32Next
Thread32First
CreateToolhelp32Snapshot
FindFirstFileA
CreateFileMappingA
Module32First
GetModuleFileNameA
GetLongPathNameA
GetCurrentProcessId
GetCurrentThread
GetCurrentProcess
GetCommandLineA
GetLocalTime
SuspendThread
GetCurrentThreadId
GetModuleHandleA
AllocConsole
GetConsoleTitleA
FreeConsole
GetTickCount
lstrcpyA
TlsGetValue
TlsSetValue
CreateThread
TlsAlloc
WaitForMultipleObjects
OpenFileMappingA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventA
SetEvent
ResetEvent
CompareStringW
CompareStringA
GetTimeZoneInformation
ReadFile
SetEndOfFile
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
RaiseException
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
HeapAlloc
HeapFree
GetVersionExA
GetProcessHeap
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
FatalAppExitA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
HeapSize
ExitProcess
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
SetFilePointer
SetStdHandle
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetConsoleCtrlHandler
InterlockedExchange
CreateFileA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
SetEnvironmentVariableA

user32

MessageBoxA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

shlwapi

PathRemoveFileSpecA
PathAppendA

Exports

Exports

SetCrashHandlerMode
TS_XXXX

Sections

.text
Size: 164KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/Synacast/SynaLive/PP/1012/mir.dll
.dll windows:4 windows x86 arch:x86

972c1fd934b3d084589974cb3bf2ec22

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c5:29:38:96:c8:31:e0:df:16:07:97:15:bb:89:8e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27/09/2007, 00:00

Not After

26/09/2008, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D Department,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

17:f6:ef:c5:33:58:75:85:41:8b:60:99:ed:b3:f4:d0:f4:04:bb:48
Signer

Actual PE Digest

17:f6:ef:c5:33:58:75:85:41:8b:60:99:ed:b3:f4:d0:f4:04:bb:48

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
VirtualQuery
GetTickCount
GetLocalTime
GetLastError
MapViewOfFile
CreateFileMappingW
GetCurrentProcessId
GetModuleFileNameW
LoadLibraryW
GetProcAddress
GetSystemDefaultLangID
UnmapViewOfFile
CloseHandle
GetPrivateProfileIntW
GetVersionExW
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetCPInfo
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualAlloc
HeapReAlloc
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
LoadLibraryA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileW
CreateFileA
SetEndOfFile

ole32

CoUninitialize
CoInitialize

ws2_32

WSAGetLastError
ntohs
inet_ntoa
htons
htonl

shlwapi

PathAppendW

user32

PostMessageW

advapi32

CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptHashData
CryptDestroyHash
CryptGetHashParam

shell32

SHGetFolderPathW

Exports

Exports

TS_XXXX

Sections

.text
Size: 412KB - Virtual size: 411KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/Synacast/SynaLive/PP/1012/tpi.dll
.dll windows:4 windows x86 arch:x86

90547e4eb5ec31263ac362ca3152bc21

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c5:29:38:96:c8:31:e0:df:16:07:97:15:bb:89:8e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27/09/2007, 00:00

Not After

26/09/2008, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D Department,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8b:04:8b:b8:cd:d1:1c:ba:1e:0b:24:c7:db:5d:0a:6b:23:6a:8d:fb
Signer

Actual PE Digest

8b:04:8b:b8:cd:d1:1c:ba:1e:0b:24:c7:db:5d:0a:6b:23:6a:8d:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

ntohl

kernel32

GetEnvironmentVariableA
EnterCriticalSection
Sleep
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
RtlUnwind
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Exports

Exports

Locate

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 824KB - Virtual size: 822KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/Synacast/SynaLive/PP/GAL.dll
.dll windows:4 windows x86 arch:x86

34cdb0d333236a9df55e2e9e73b8b4c5

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c9:83:68:62:49:9c:49:6b:a8:b5:36:8c:4f:21:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

23/09/2005, 00:00

Not After

23/09/2006, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

57:8d:17:93:40:1a:34:8a:16:51:df:fe:e7:7c:1f:57:d4:14:fe:a7
Signer

Actual PE Digest

57:8d:17:93:40:1a:34:8a:16:51:df:fe:e7:7c:1f:57:d4:14:fe:a7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rpcrt4

UuidToStringA

ws2_32

gethostbyname
htons
closesocket
socket
bind
ioctlsocket
WSAGetLastError
sendto
recvfrom
connect
send
inet_addr

shlwapi

PathRemoveFileSpecA
PathAppendA

ole32

CoCreateGuid

kernel32

TlsFree
InterlockedExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
LCMapStringW
LCMapStringA
SetEndOfFile
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
CloseHandle
DeviceIoControl
CreateFileA
GetVersionExA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryA
VirtualQuery
CreateThread
CreateEventA
GetCurrentProcessId
InitializeCriticalSection
DeleteCriticalSection
TerminateThread
WaitForSingleObject
SetEvent
LeaveCriticalSection
EnterCriticalSection
WaitForMultipleObjects
GetTickCount
GetLocalTime
GetVersion
Sleep
WritePrivateProfileStructA
GetPrivateProfileStructA
GetSystemDirectoryA
RtlUnwind
HeapAlloc
GetTimeZoneInformation
GetSystemTime
GetCommandLineA
HeapFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
RaiseException
SetLastError
TlsGetValue
GetLastError
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
WriteFile
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetFilePointer
InterlockedDecrement
InterlockedIncrement
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
MultiByteToWideChar
SetStdHandle
FlushFileBuffers
GetCPInfo

Exports

Exports

TS_XXXX

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/Synacast/SynaLive/PP/KOM.dll
.dll windows:4 windows x86 arch:x86

b858d9f1031821341292c006a74a943c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c5:29:38:96:c8:31:e0:df:16:07:97:15:bb:89:8e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27/09/2007, 00:00

Not After

26/09/2008, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D Department,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e2:29:4b:e2:1f:9a:1e:0a:4e:65:87:1f:ad:c9:79:1b:95:98:41:ae
Signer

Actual PE Digest

e2:29:4b:e2:1f:9a:1e:0a:4e:65:87:1f:ad:c9:79:1b:95:98:41:ae

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetModuleFileNameA
VirtualQuery
GetProcAddress
GetTickCount
SetCurrentDirectoryA
GetCurrentDirectoryA
GetVersion
GetCurrentProcessId
GetCommandLineA
CreateEventA
CloseHandle
SetEvent
ResetEvent
GetLocalTime
lstrcpyA
OutputDebugStringA
CreateThread
TerminateThread
WaitForSingleObject
CompareStringW
CompareStringA
GetTimeZoneInformation
ReadFile
SetEndOfFile
GetLocaleInfoW
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetCurrentThreadId
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetLastError
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
Sleep
HeapSize
ExitProcess
EnterCriticalSection
LeaveCriticalSection
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DeleteCriticalSection
FatalAppExitA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
InitializeCriticalSection
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
CreateFileA
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetEnvironmentVariableA

ole32

CoCreateGuid

ws2_32

gethostbyname
gethostname

shlwapi

PathAppendA
PathRemoveFileSpecA
StrStrIA
PathIsRelativeA

Exports

Exports

TS_0001
TS_0002
TS_0003
TS_0004
TS_0005
TS_0006
TS_0007
TS_0008
TS_0009

Sections

.text
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/Synacast/SynaLive/PP/MUL.DLL
.dll windows:4 windows x86 arch:x86

9aaeceb8f6d61aa7caf74c2a192e81c3

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c9:83:68:62:49:9c:49:6b:a8:b5:36:8c:4f:21:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

23/09/2005, 00:00

Not After

23/09/2006, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

36:45:c6:83:f2:29:83:54:f1:d4:e1:44:fc:97:47:37:78:d7:6b:3c
Signer

Actual PE Digest

36:45:c6:83:f2:29:83:54:f1:d4:e1:44:fc:97:47:37:78:d7:6b:3c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
GetModuleFileNameA
VirtualQuery
GetCurrentProcessId
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringA
InterlockedExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetFilePointer
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
Sleep
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
CloseHandle
HeapSize

ws2_32

htons
inet_addr

rpcrt4

UuidToStringA

Exports

Exports

TS_XXXX

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/Synacast/SynaLive/PP/PCP.dll
.dll windows:4 windows x86 arch:x86

f7da0542502914a50a6e3fc6a88c6309

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:d5:13:d1:17:51:9f:61:79:0d:16:19:1e:61:be:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

22/09/2006, 00:00

Not After

24/09/2007, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=technology department,O=Synacast Corp.,L=shanghai,ST=shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c8:c2:4e:46:5d:85:a6:08:09:31:e0:19:34:f4:6a:cb:6a:89:d8:6b
Signer

Actual PE Digest

c8:c2:4e:46:5d:85:a6:08:09:31:e0:19:34:f4:6a:cb:6a:89:d8:6b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord815
ord561
ord825
ord1199
ord1247
ord6467
ord823
ord5810
ord5481
ord2031
ord4863
ord5796
ord5478
ord1971
ord966
ord3570
ord278
ord605
ord2077
ord6055
ord4078
ord1776
ord4407
ord5241
ord2385
ord5163
ord6374
ord2985
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord3742
ord818
ord6442
ord567
ord4275
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord1116
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4353
ord4274

msvcrt

malloc
free
srand
_snprintf
fclose
_errno
memmove
sprintf
_vsnprintf
_purecall
vfprintf
vprintf
fflush
__CxxFrameHandler
_fsopen
fgets
fwrite
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??0exception@@QAE@XZ
_beginthreadex
_except_handler3
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
rand
??1exception@@UAE@XZ

kernel32

WriteFile
GetLastError
ReadFile
CreateFileA
CloseHandle
FreeLibrary
GetModuleFileNameA
GetProcAddress
VirtualQuery
OutputDebugStringA
GetLocalTime
FlushFileBuffers
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
GetTickCount
WaitForSingleObject
CreateEventA
SetEvent
GetExitCodeThread
TerminateThread
LocalFree
LocalAlloc
SetFilePointer

user32

PostMessageA
EnableWindow
SetTimer
KillTimer

wsock32

connect
closesocket
ntohs
ioctlsocket
inet_addr
gethostname
gethostbyname
htons
getsockname
WSAGetLastError
socket
recv
send
setsockopt

msvcp60

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?_Xlen@std@@YAXXZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z

shlwapi

PathFindFileNameA
PathRemoveFileSpecA
PathAppendA
PathRenameExtensionA

rpcrt4

UuidCreate
UuidFromStringA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Exports

Exports

PCP_CleanUp
PCP_Detect
PCP_Join
PCP_Leave
PCP_List
PCP_Set
PCP_StartUp
PCP_Stats

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/Synacast/SynaLive/PP/PPF.dll
.dll windows:4 windows x86 arch:x86

28627a1cd852e3ddb1a05a6fad212cdc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c5:29:38:96:c8:31:e0:df:16:07:97:15:bb:89:8e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27/09/2007, 00:00

Not After

26/09/2008, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D Department,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3f:8e:73:7a:04:c3:55:5d:bf:2c:88:21:b9:62:e2:56:d5:83:bd:d1
Signer

Actual PE Digest

3f:8e:73:7a:04:c3:55:5d:bf:2c:88:21:b9:62:e2:56:d5:83:bd:d1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pcp

ord3
ord1
ord5
ord7
ord8
ord6
ord2

rpcrt4

UuidFromStringA

ws2_32

gethostname
inet_ntoa
inet_addr
gethostbyname
recv
connect
closesocket
setsockopt
socket
htons
send

shlwapi

PathFindFileNameA

mfc42

ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord4407
ord818
ord1270
ord2152
ord1233
ord567
ord4204
ord2379
ord665
ord858
ord922
ord353
ord535
ord1187
ord939
ord2818
ord540
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord4622
ord3738
ord561
ord815
ord1776
ord4078
ord6055
ord4275
ord823
ord834
ord537
ord4278
ord800
ord825
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord3742

msvcrt

_adjust_fdiv
malloc
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
_iob
tolower
strchr
strncmp
isspace
isalnum
fputs
memchr
fputc
fprintf
atof
_purecall
_snprintf
_mbsnicmp
_itoa
_mbscspn
_CxxThrowException
memmove
isalpha
localtime
vprintf
_beginthreadex
_strdup
free
fread
strncpy
fwrite
_mkdir
_mbscmp
printf
exit
atoi
time
srand
isdigit
_findfirst
_findnext
_findclose
_i64toa
sscanf
_ftol
fopen
fseek
ftell
fclose
__CxxFrameHandler
sprintf
_unlink
rand
_mbsspn

kernel32

LocalAlloc
GetProcAddress
LoadLibraryA
GetCurrentProcess
GetSystemTime
Sleep
CloseHandle
RemoveDirectoryA
SetEndOfFile
SetFilePointer
CreateFileA
LocalFree
CreateMutexA
GetLastError
OutputDebugStringA
TerminateThread
GetPrivateProfileStringA
WritePrivateProfileStringA
GetExitCodeThread
DeleteFileA
GetTickCount
GetPrivateProfileIntA
lstrlenA
WaitForSingleObject
CreateEventA
SetEvent

user32

GetMessageA
SetTimer
EnableWindow
PostMessageA
DispatchMessageA
CharNextA
wsprintfA
SendMessageA
TranslateMessage

advapi32

RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ole32

CoCreateGuid

msvcp60

??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXXZ
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??_7?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
?_Init@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXPBDIH@Z
?_Mode@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEHH@Z
??_7?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0ios_base@std@@IAE@XZ
??_8?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B@
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Xlen@std@@YAXXZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1ios_base@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ

psapi

GetModuleFileNameExA

Exports

Exports

RD_XXXX

Sections

.text
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/Synacast/SynaLive/PP/eroc.dll
.dll windows:4 windows x86 arch:x86

337fb24d346a57a9b9ada0390d9fbc99

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c5:29:38:96:c8:31:e0:df:16:07:97:15:bb:89:8e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27/09/2007, 00:00

Not After

26/09/2008, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D Department,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:b6:a6:97:95:6e:b6:f4:91:d8:db:7f:95:4f:00:26:ca:94:53:d6
Signer

Actual PE Digest

52:b6:a6:97:95:6e:b6:f4:91:d8:db:7f:95:4f:00:26:ca:94:53:d6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
FreeLibrary
CloseHandle
Thread32Next
SetUnhandledExceptionFilter
GetLastError
MapViewOfFile
UnmapViewOfFile
OutputDebugStringA
VirtualQuery
Module32Next
Thread32First
CreateToolhelp32Snapshot
FindFirstFileA
CreateFileMappingA
Module32First
GetModuleFileNameA
GetLongPathNameA
GetCurrentProcessId
GetCurrentThread
GetCurrentProcess
GetCommandLineA
GetLocalTime
SuspendThread
GetCurrentThreadId
GetModuleHandleA
AllocConsole
GetConsoleTitleA
FreeConsole
GetTickCount
lstrcpyA
TlsGetValue
TlsSetValue
CreateThread
TlsAlloc
WaitForMultipleObjects
OpenFileMappingA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventA
SetEvent
ResetEvent
CompareStringW
CompareStringA
GetTimeZoneInformation
ReadFile
SetEndOfFile
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
RaiseException
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
HeapAlloc
HeapFree
GetVersionExA
GetProcessHeap
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
FatalAppExitA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
HeapSize
ExitProcess
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
SetFilePointer
SetStdHandle
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetConsoleCtrlHandler
InterlockedExchange
CreateFileA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
SetEnvironmentVariableA

user32

MessageBoxA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

shlwapi

PathRemoveFileSpecA
PathAppendA

Exports

Exports

SetCrashHandlerMode
TS_XXXX

Sections

.text
Size: 164KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/Synacast/SynaLive/PP/mir.dll
.dll windows:4 windows x86 arch:x86

7f6c25d2e4eab005f0216cd14ea5f428

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c5:29:38:96:c8:31:e0:df:16:07:97:15:bb:89:8e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27/09/2007, 00:00

Not After

26/09/2008, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D Department,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:35:09:19:ee:43:68:3b:ae:8f:df:0d:cf:bb:10:36:7e:ed:5e:00
Signer

Actual PE Digest

71:35:09:19:ee:43:68:3b:ae:8f:df:0d:cf:bb:10:36:7e:ed:5e:00

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcp60

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??0runtime_error@std@@QAE@ABV01@@Z
??0overflow_error@std@@QAE@ABV01@@Z
??1overflow_error@std@@UAE@XZ
??_7overflow_error@std@@6B@
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0Init@ios_base@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADPAD0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?xalloc@ios_base@std@@SAHXZ
?_Findarr@ios_base@std@@AAEAAU_Iosarray@12@H@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?_Xlen@std@@YAXXZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@F@Z
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1Init@ios_base@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z

ole32

CoInitialize
CoUninitialize

ws2_32

WSAGetLastError
htons
inet_ntoa
ntohs

msvcrt

??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
strstr
free
__dllonexit
_onexit
_initterm
malloc
_adjust_fdiv
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
rand
srand
_ftol
_CxxThrowException
_snprintf
sprintf
_vsnprintf
_purecall
??2@YAPAXI@Z
memmove
strncpy
__CxxFrameHandler

kernel32

VirtualQuery
GetLastError
MapViewOfFile
CreateFileMappingA
GetCurrentProcessId
GetProcAddress
LoadLibraryA
GetModuleFileNameA
FreeLibrary
CloseHandle
GetPrivateProfileIntA
UnmapViewOfFile
GetVersionExA
WritePrivateProfileStringA
GetTickCount

user32

wsprintfA
PostMessageA

Exports

Exports

TS_XXXX

Sections

.text
Size: 428KB - Virtual size: 426KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/Synacast/SynaLive/PP/ten.dll
.dll windows:4 windows x86 arch:x86

8d8548662be50c279e5c6801a280d58d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c5:29:38:96:c8:31:e0:df:16:07:97:15:bb:89:8e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27/09/2007, 00:00

Not After

26/09/2008, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D Department,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f1:62:ae:a5:84:50:44:d1:c8:32:a2:83:57:a0:17:40:bf:57:8f:ea
Signer

Actual PE Digest

f1:62:ae:a5:84:50:44:d1:c8:32:a2:83:57:a0:17:40:bf:57:8f:ea

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualQuery
GetModuleFileNameW
lstrcatW
LoadLibraryW
GetProcAddress
LeaveCriticalSection
InterlockedIncrement
TlsFree
DeleteCriticalSection
EnterCriticalSection
WaitForSingleObject
InterlockedExchangeAdd
PostQueuedCompletionStatus
CloseHandle
CreateIoCompletionPort
GetModuleHandleA
InterlockedExchange
Sleep
GetSystemTimeAsFileTime
TlsAlloc
LocalFree
GetLastError
GetQueuedCompletionStatus
TlsGetValue
FormatMessageA
InterlockedDecrement
InitializeCriticalSection
SetLastError
TlsSetValue
OutputDebugStringW
InterlockedCompareExchange
CreateThread
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
ExitProcess
IsValidCodePage
WideCharToMultiByte
MultiByteToWideChar
GetUserDefaultLCID
GetStringTypeExA
FreeLibrary
LCMapStringA
LCMapStringW
LoadLibraryA
GetVersionExA
ReleaseMutex
GetCurrentProcessId
HeapFree
ExitThread
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
HeapAlloc
GetProcessHeap
GetCPInfo
RtlUnwind
RaiseException
GetStringTypeA
GetStringTypeW
WriteFile
GetStdHandle
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetACP
GetOEMCP

ws2_32

WSASendTo
gethostbyname
WSASocketW
bind
getsockname
WSASend
listen
WSACleanup
WSARecv
htons
__WSAFDIsSet
WSARecvFrom
ntohl
getservbyname
select
setsockopt
htonl
getsockopt
WSASetLastError
WSAStartup
connect
ioctlsocket
WSAStringToAddressA
WSAGetLastError
inet_addr
closesocket
ntohs
accept

mswsock

AcceptEx
GetAcceptExSockaddrs

user32

LoadStringA

Exports

Exports

TS_XXXX

Sections

.text
Size: 413KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/Synacast/SynaLive/PP/tpi.dll
.dll windows:4 windows x86 arch:x86

90547e4eb5ec31263ac362ca3152bc21

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:d5:13:d1:17:51:9f:61:79:0d:16:19:1e:61:be:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

22/09/2006, 00:00

Not After

24/09/2007, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=technology department,O=Synacast Corp.,L=shanghai,ST=shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8b:04:8b:b8:cd:d1:1c:ba:1e:0b:24:c7:db:5d:0a:6b:23:6a:8d:fb
Signer

Actual PE Digest

8b:04:8b:b8:cd:d1:1c:ba:1e:0b:24:c7:db:5d:0a:6b:23:6a:8d:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

ntohl

kernel32

GetEnvironmentVariableA
EnterCriticalSection
Sleep
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
RtlUnwind
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Exports

Exports

Locate

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 824KB - Virtual size: 822KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/Synacast/SynaLive/PPLive.exe
.exe windows:4 windows x86 arch:x86

7ee8f291c029c1eab354b299ecd0d2d5

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:d5:13:d1:17:51:9f:61:79:0d:16:19:1e:61:be:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

22/09/2006, 00:00

Not After

24/09/2007, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=technology department,O=Synacast Corp.,L=shanghai,ST=shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

55:35:be:77:00:f4:c4:32:16:7f:74:a3:cf:79:70:c8:83:9f:bc:4c
Signer

Actual PE Digest

55:35:be:77:00:f4:c4:32:16:7f:74:a3:cf:79:70:c8:83:9f:bc:4c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiA
GetCurrentThreadId
GetCurrentThread
GetCommandLineA
GetProcAddress
LoadLibraryA
FreeLibrary
SetUnhandledExceptionFilter
OutputDebugStringA
GetLocalTime
GetCurrentProcess
lstrcatA
lstrcpyA
GetModuleFileNameA
GetLastError
CloseHandle
Module32Next
GetLongPathNameA
GetCurrentProcessId
Module32First
CreateToolhelp32Snapshot
FindFirstFileA
VirtualQuery
GetModuleHandleA
GetStartupInfoA

user32

MessageBoxA
GetDesktopWindow

msvcp60

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ

msvcrt

_controlfp
__CxxFrameHandler
strlen
??2@YAPAXI@Z
memset
_snprintf
_except_handler3
fflush
vfprintf
fopen
strncpy
fclose
__p___argv
__p___argc
free
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

shlwapi

PathRemoveFileSpecA
PathFindFileNameA
PathAppendA

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$COMMONFILES/Synacast/SynaLive/ProductUpdate.dll
.dll windows:4 windows x86 arch:x86

6a51de90992d98bb2ea89287f1173722

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c5:29:38:96:c8:31:e0:df:16:07:97:15:bb:89:8e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27/09/2007, 00:00

Not After

26/09/2008, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D Department,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e0:93:f5:42:99:59:e6:d6:78:b3:31:b1:57:2e:6c:f4:6d:1e:8f:68
Signer

Actual PE Digest

e0:93:f5:42:99:59:e6:d6:78:b3:31:b1:57:2e:6c:f4:6d:1e:8f:68

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord800
ord567
ord540
ord825
ord641
ord765
ord2302
ord5953
ord2818
ord537
ord823
ord1133
ord1168
ord4710
ord4160
ord860
ord6467
ord535
ord1200
ord941
ord858
ord924
ord926
ord6874
ord5572
ord2915
ord2370
ord324
ord4234
ord4809
ord5981
ord2379
ord1816
ord4853
ord1146
ord4299
ord6215
ord2086
ord755
ord470
ord4376
ord3092
ord2642
ord6453
ord2645
ord5232
ord1567
ord2393
ord6197
ord5718
ord3797
ord2147
ord2864
ord1180
ord268
ord1568
ord5268
ord5277
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord3953
ord6778
ord5710
ord5683
ord668
ord3181
ord4058
ord2781
ord2770
ord356
ord3521
ord3522
ord1988
ord3638
ord690
ord389
ord1154
ord1105
ord665
ord1979
ord6385
ord4129
ord2763
ord4277
ord2764
ord5353
ord5356
ord5808
ord1075
ord5204
ord3229
ord1263
ord1228
ord5186
ord354
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord5265
ord3698
ord4424
ord3402
ord5290
ord1776
ord1175
ord6055
ord1116

msvcrt

_mbscspn
_mbsspn
_mbsnicmp
strlen
_mbscmp
memcpy
atoi
strcpy
strcat
_access
malloc
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
atol
strtoul
_strdup
__CxxFrameHandler
rand
memset
free
_adjust_fdiv

kernel32

LoadResource
LockResource
LoadLibraryA
GetProcAddress
FreeLibrary
FindResourceA
CopyFileA
CreateProcessA
CloseHandle
GetTempPathA
GetModuleFileNameA
CreateMutexA
GetLastError
GetPrivateProfileStringA
DeleteFileA
GetPrivateProfileIntA
WritePrivateProfileStringA
lstrlenA
LocalFree
CreateDirectoryA
LocalAlloc

user32

wsprintfA
CharNextA
IsWindowEnabled
GetActiveWindow
SetActiveWindow
GetCursorPos
IsWindowVisible
PostMessageA
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
LoadIconA
EnableWindow
IsWindow
SendMessageA

advapi32

RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegDeleteKeyA

shlwapi

PathMatchSpecA
PathIsDirectoryA
PathRemoveFileSpecA
PathAppendA
PathFileExistsA

msvcp60

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z

Exports

Exports

RD_XXXX

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/Synacast/SynaLive/SynacastEWA.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

a08e4ff5c5a86ec51821580993867180

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c5:29:38:96:c8:31:e0:df:16:07:97:15:bb:89:8e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27/09/2007, 00:00

Not After

26/09/2008, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D Department,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4a:ad:86:6c:7e:c6:10:9a:42:fc:2f:7f:05:0f:cf:fb:94:03:52:9e
Signer

Actual PE Digest

4a:ad:86:6c:7e:c6:10:9a:42:fc:2f:7f:05:0f:cf:fb:94:03:52:9e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord1131
ord5857
ord4124
ord5706
ord6278
ord5571
ord433
ord4199
ord4279
ord3491
ord2756
ord6638
ord5142
ord816
ord6213
ord6237
ord562
ord2706
ord6868
ord6376
ord1941
ord4029
ord5679
ord556
ord809
ord1088
ord2114
ord3701
ord2444
ord4282
ord3792
ord956
ord4390
ord3567
ord2566
ord6354
ord609
ord2567
ord3569
ord2397
ord5047
ord5977
ord3871
ord4155
ord3711
ord790
ord5330
ord3716
ord5777
ord465
ord1921
ord942
ord5568
ord2910
ord4028
ord1594
ord668
ord3176
ord3180
ord2773
ord2762
ord356
ord665
ord1971
ord5180
ord354
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord2716
ord4074
ord4692
ord5303
ord5285
ord5710
ord3947
ord3396
ord3665
ord561
ord815
ord6350
ord1213
ord1224
ord927
ord6865
ord1128
ord1129
ord3452
ord6038
ord1869
ord4244
ord2679
ord6360
ord3321
ord6361
ord4466
ord5494
ord3273
ord3676
ord446
ord743
ord1174
ord4001
ord3253
ord1223
ord1207
ord2431
ord1686
ord5614
ord994
ord4336
ord4681
ord4633
ord5670
ord2148
ord4850
ord4914
ord5998
ord2129
ord1955
ord5207
ord2948
ord2606
ord5144
ord4699
ord4701
ord2871
ord2993
ord5645
ord4108
ord4655
ord4654
ord4762
ord4644
ord4897
ord4542
ord4515
ord4588
ord4982
ord4919
ord4924
ord4929
ord4653
ord4903
ord4902
ord4662
ord4661
ord4660
ord4642
ord4683
ord5017
ord4648
ord4637
ord4348
ord4774
ord4643
ord4631
ord4630
ord5054
ord4578
ord4365
ord4355
ord4350
ord4733
ord4735
ord4732
ord4403
ord4597
ord5002
ord4409
ord4986
ord4973
ord2480
ord3399
ord4533
ord4528
ord2949
ord2376
ord6366
ord2978
ord3143
ord3255
ord4460
ord2981
ord3075
ord4076
ord4618
ord5821
ord723
ord3941
ord423
ord2533
ord4943
ord6026
ord4453
ord5027
ord4496
ord4779
ord2787
ord6374
ord4215
ord2576
ord3649
ord2430
ord6266
ord1637
ord5020
ord1884
ord4247
ord1209
ord4564
ord4666
ord4837
ord5005
ord4707
ord6367
ord5282
ord4432
ord3274
ord4619
ord449
ord746
ord2270
ord3523
ord6090
ord6279
ord1863
ord4524
ord5681
ord3269
ord439
ord736
ord3231
ord4517
ord4078
ord1937
ord4522
ord4536
ord4538
ord4519
ord6770
ord6921
ord6919
ord834
ord5852
ord4272
ord6655
ord6918
ord941
ord3706
ord783
ord4688
ord6664
ord3000
ord2680
ord2127
ord3397
ord6017
ord6190
ord3591
ord5860
ord6057
ord5567
ord5575
ord5732
ord5674
ord5790
ord5869
ord6185
ord4324
ord6182
ord5752
ord6188
ord5755
ord2966
ord6597
ord2372
ord2070
ord835
ord3805
ord920
ord2721
ord6466
ord2719
ord1105
ord3998
ord268
ord1560
ord823
ord290
ord2615
ord3232
ord614
ord3574
ord4616
ord3348
ord4142
ord2478
ord2722
ord4118
ord2634
ord3084
ord3541
ord6107
ord6874
ord6139
ord2057
ord2078
ord537
ord922
ord860
ord535
ord925
ord940
ord6375
ord6193
ord2559
ord5871
ord6168
ord801
ord541
ord269
ord2858
ord6195
ord3087
ord6330
ord2294
ord2293
ord795
ord6654
ord4273
ord858
ord3211
ord4037
ord4704
ord5491
ord4229
ord324
ord641
ord3592
ord4419
ord5276
ord1767
ord6048
ord2506
ord4992
ord4847
ord4370
ord5261
ord2854
ord1143
ord1230
ord2144
ord861
ord4197
ord323
ord1633
ord5781
ord640
ord3566
ord6871
ord6437
ord289
ord2855
ord1634
ord5785
ord613
ord470
ord540
ord538
ord800
ord2810
ord2746
ord755
ord6451
ord1165
ord1229
ord5257
ord2371
ord2859
ord4294
ord6211
ord4270
ord2406
ord818
ord3658
ord3621
ord825
ord567
ord3737
ord4418
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5286
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1768
ord4073
ord6051
ord3863
ord826
ord1115
ord1173
ord1568
ord1570
ord1179
ord342
ord1240
ord1194
ord1563
ord1248
ord1250
ord1571
ord600
ord3614

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_findfirst
_findnext
_findclose
fwrite
islower
toupper
wcsncmp
_wsplitpath
wcstok
??0exception@@QAE@ABV0@@Z
_CxxThrowException
strcmp
wcsstr
strrchr
strcat
malloc
strcpy
_i64tow
atol
sscanf
_wtoi
sprintf
wcscat
fabs
strncpy
_snprintf
fopen
vfprintf
fflush
_except_handler3
_wcsicmp
swprintf
atoi
memmove
_wcslwr
_wcsdup
iswspace
wcstoul
free
wcsncpy
_wfopen
fgetws
fclose
_wcsnicmp
time
_purecall
memcmp
memcpy
srand
rand
wcscpy
strlen
wcslen
_wtol
_ftol
wcscmp
abs
memset
__CxxFrameHandler
_strcmpi

kernel32

CreateThread
GetProcAddress
GetWindowsDirectoryW
FreeLibrary
lstrcpynW
GlobalReAlloc
GlobalFree
OutputDebugStringW
GetCurrentProcess
FlushInstructionCache
lstrcmpW
GlobalAlloc
GetTempPathW
GetModuleFileNameW
LoadLibraryW
GetPrivateProfileIntW
WritePrivateProfileStringW
EnterCriticalSection
LeaveCriticalSection
SystemTimeToFileTime
lstrlenW
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
GetTickCount
WaitForSingleObject
TerminateThread
DeleteCriticalSection
InitializeCriticalSection
OpenFileMappingW
MapViewOfFile
CloseHandle
GlobalLock
lstrlenA
MultiByteToWideChar
GlobalUnlock
GetACP
MulDiv
DeleteFileW
SetFileTime
CompareFileTime
GetFileTime
OpenThread
GetLastError
CreateEventW
GetVersionExW
SetUnhandledExceptionFilter
GetModuleHandleW
OutputDebugStringA
GetLocalTime
lstrcatA
lstrcpyA
GetModuleFileNameA
LoadLibraryA
Module32NextW
GetLongPathNameA
GetCurrentProcessId
Module32FirstW
CreateToolhelp32Snapshot
FindClose
FindFirstFileA
GetCurrentThread
VirtualQuery
CreateProcessW
Sleep
HeapDestroy
lstrcpyW
lstrcatW
ExpandEnvironmentStringsW
FileTimeToSystemTime
SetEvent
CreateEventA
ResetEvent
TerminateProcess
OpenProcess
GetExitCodeProcess
GetPrivateProfileStringW
CreateDirectoryW
DeviceIoControl
CreateMutexW
ReleaseMutex
FlushViewOfFile
UnmapViewOfFile
CreateFileA
GetVersionExA
GetModuleHandleA
LoadLibraryExW
WinExec
DeleteFileA
GetTempPathA
GetSystemDirectoryA
CreateDirectoryA
GetSystemInfo
FileTimeToLocalFileTime
LockResource
LoadResource
SizeofResource
FindResourceW
LocalFree
LocalAlloc
GetSystemTime

user32

KillTimer
InflateRect
CopyRect
GetClientRect
GetParent
BringWindowToTop
IsWindowVisible
ShowWindow
InvalidateRect
DefWindowProcW
EnableWindow
SetTimer
IsWindow
ClientToScreen
TrackPopupMenuEx
GetSubMenu
DrawFocusRect
DrawStateW
CreateIconIndirect
GetIconInfo
LoadImageW
LoadMenuW
MessageBeep
GetMessagePos
CopyIcon
RegisterClipboardFormatW
CharNextW
SetParent
PtInRect
GetCursorPos
GetActiveWindow
GetNextDlgTabItem
DestroyIcon
DestroyCursor
DestroyMenu
OffsetRect
GetKeyState
GetAncestor
MonitorFromWindow
GetMonitorInfoW
GetDoubleClickTime
SetRectEmpty
GetWindowThreadProcessId
PeekMessageW
TranslateMessage
DispatchMessageW
ScreenToClient
GetDlgItem
InvalidateRgn
SetCapture
ReleaseCapture
wsprintfW
CreateAcceleratorTableW
GetDesktopWindow
GetClassNameW
SetWindowPos
BeginPaint
FillRect
EndPaint
GetFocus
SetFocus
GetSysColor
CallWindowProcW
GetWindowLongW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
SetWindowLongW
GetWindow
GetClassInfoExW
RegisterClassExW
GrayStringW
DrawTextW
TabbedTextOutW
DestroyWindow
CreateWindowExW
LoadBitmapW
IsChild
PostMessageW
MoveWindow
RedrawWindow
UpdateWindow
WindowFromPoint
GetSystemMenu
DeleteMenu
LoadIconW
SendMessageW
SetCursor
GetDC
SetWindowRgn
ReleaseDC
LoadCursorW
RegisterWindowMessageW
SetRect
GetWindowRect
SetCursorPos
RemoveMenu
GetMenuItemID
InsertMenuW
CheckMenuItem
ModifyMenuW
EnableMenuItem
GetMenuItemCount
FindWindowW
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
WaitForInputIdle
MessageBoxW
SystemParametersInfoW
FrameRect
EqualRect
GetSystemMetrics

gdi32

GetWindowExtEx
GetViewportExtEx
DPtoLP
GetBkColor
GetTextExtentPoint32W
CreateCompatibleBitmap
CreateRectRgn
CreateCompatibleDC
BitBlt
StretchBlt
SelectObject
GetStockObject
GetObjectW
GetDeviceCaps
CreateFontW
GetMapMode
CreateFontIndirectW
CreateRectRgnIndirect
LineTo
MoveToEx
CreatePen
GetTextMetricsW
SetBkMode
SetTextJustification
CreateRoundRectRgn
FrameRgn
SelectClipRgn
LPtoDP
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
DeleteDC
DeleteObject
CreateSolidBrush
CombineRgn
ExtCreateRegion
CreateDIBSection
MaskBlt
CreateBitmap
SetBkColor
SetMapMode
SetPixel
GetPixel
SetTextColor

advapi32

RegDeleteValueW
InitializeSecurityDescriptor
RegDeleteKeyW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegQueryValueW
SetSecurityDescriptorDacl
RegSetValueExW
RegCreateKeyExW

shell32

ShellExecuteW
ShellExecuteExW

comctl32

ImageList_GetIcon
ImageList_GetImageCount
ord17
_TrackMouseEvent

ole32

CoCreateInstance
CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
CLSIDFromString
CoCreateGuid
CoUninitialize
CoInitialize
StringFromGUID2
OleUninitialize
OleInitialize
OleLockRunning
CreateStreamOnHGlobal
CLSIDFromProgID

olepro32

ord253

oleaut32

GetErrorInfo
SysFreeString
SysAllocString
VariantClear
LoadRegTypeLi
SysStringLen
SysAllocStringLen
VariantCopy
LoadTypeLi
RegisterTypeLi
VariantInit
SysAllocStringByteLen
SysStringByteLen

urlmon

URLDownloadToFileA
URLDownloadToFileW

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??_7out_of_range@std@@6B@
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAK@Z
?clear@ios_base@std@@QAEXH_N@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADPADD@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?resize@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??1?$basic_ifstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

rpcrt4

UuidFromStringW
UuidToStringW
UuidToStringA
UuidFromStringA
RpcStringFreeA

winmm

PlaySoundW

shlwapi

PathFindExtensionW
PathFileExistsW
PathAppendW
PathRemoveFileSpecW
StrStrIW
PathStripPathW
PathRemoveExtensionW
PathAppendA
PathRemoveFileSpecA
PathFindFileNameA
StrStrIA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

gethostname
gethostbyname
inet_ntoa
inet_addr

wininet

InternetTimeToSystemTimeA
InternetTimeFromSystemTimeA
DeleteUrlCacheEntryW

uilib

ord374
ord323
ord329
ord325
ord326
ord191
ord234
ord269
ord213
ord270
ord391
ord360
ord376
ord203
ord192
ord284
ord378
ord387
ord365
ord386
ord328
ord392

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 364KB - Virtual size: 360KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 868KB - Virtual size: 865KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/Synacast/SynaLive/TaskDownload.dll
.dll regsvr32 windows:4 windows x86 arch:x86

30248e8496f224640d3234b24b5caa46

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:d5:13:d1:17:51:9f:61:79:0d:16:19:1e:61:be:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

22/09/2006, 00:00

Not After

24/09/2007, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=technology department,O=Synacast Corp.,L=shanghai,ST=shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3f:32:f4:58:52:81:2a:65:50:4e:d6:88:79:45:e8:20:9d:3a:61:72
Signer

Actual PE Digest

3f:32:f4:58:52:81:2a:65:50:4e:d6:88:79:45:e8:20:9d:3a:61:72

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord561
ord825
ord815
ord540
ord800
ord5500
ord858
ord860
ord1132
ord6467
ord1131
ord6354
ord665
ord1979
ord5186
ord354
ord941
ord4129
ord537
ord932
ord834
ord823
ord668
ord3738
ord936
ord3311
ord3181
ord4058
ord2781
ord2770
ord356
ord6663
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord4424
ord4622
ord4080
ord3079
ord1116
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord1980
ord4274

msvcrt

tolower
strchr
strncmp
isspace
isalnum
__CxxFrameHandler
_mbsnbcpy
isalpha
fputs
free
fseek
ftell
fclose
fread
_access
_mbsicmp
atoi
strcpy
sprintf
fopen
strlen
_strdup
__dllonexit
_onexit
_initterm
malloc
_adjust_fdiv
??1type_info@@UAE@XZ
_snprintf
memcpy
fprintf
strcmp
_purecall
memmove

kernel32

CompareFileTime
SetFileTime
FreeLibrary
GetModuleFileNameA
CreateDirectoryA
GetLastError
CreateMutexA
WideCharToMultiByte
MultiByteToWideChar
GetFileTime
FileTimeToSystemTime
GetSystemTime
WritePrivateProfileStringA
lstrlenA
LocalFree
LocalAlloc
SystemTimeToFileTime
GetPrivateProfileStringA
GetPrivateProfileIntA
SetFileAttributesA
Sleep
GetProcAddress
DeleteFileA
SetCurrentDirectoryA
LoadLibraryA

user32

wsprintfA

advapi32

RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegDeleteKeyA

shlwapi

PathRemoveFileSpecA
PathIsDirectoryA
StrStrIA
PathFindExtensionA
PathStripPathA
PathAppendA

wininet

InternetTimeToSystemTimeA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RD_XXXX

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/Synacast/SynaLive/TrustUpload.dll
.dll regsvr32 windows:4 windows x86 arch:x86

0d1acbda0f20379d5b2765332ec4aec0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c5:29:38:96:c8:31:e0:df:16:07:97:15:bb:89:8e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27/09/2007, 00:00

Not After

26/09/2008, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D Department,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:8c:dd:0a:a4:a1:63:af:b9:8f:47:1a:61:9b:18:af:95:ef:1e:9d
Signer

Actual PE Digest

65:8c:dd:0a:a4:a1:63:af:b9:8f:47:1a:61:9b:18:af:95:ef:1e:9d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord540
ord665
ord5572
ord2915
ord1979
ord858
ord5186
ord354
ord2818
ord5500
ord860
ord1132
ord6467
ord1131
ord6354
ord941
ord4486
ord2976
ord535
ord6877
ord668
ord547
ord3185
ord3181
ord2781
ord2770
ord356
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1116
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord6375
ord4274
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord3811
ord2554
ord537
ord825
ord2820
ord800

msvcrt

free
__CxxFrameHandler
_mbsnbcpy
malloc
strtol
_mbscspn
_mbsspn
_mbsnicmp
??1type_info@@UAE@XZ
wcslen
_access
_itoa
_adjust_fdiv
_initterm
_onexit
__dllonexit
??2@YAPAXI@Z

kernel32

LocalFree
CreateMutexA
GetPrivateProfileStringA
GetPrivateProfileIntA
CreateFileA
GetFileTime
CreateEventA
GetLastError
LoadLibraryA
GetProcAddress
WritePrivateProfileStringA
CloseHandle
FreeLibrary
GetModuleFileNameA
GetCurrentProcessId
DeleteFileA
GetTempPathA
CreateDirectoryA
GetACP
lstrlenA
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
LocalAlloc

user32

CharNextA

advapi32

RegCloseKey
RegOpenKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExA

ole32

CoInitialize
CoUninitialize

urlmon

URLDownloadToCacheFileA

shlwapi

PathRemoveFileSpecA
PathIsDirectoryA
PathAppendA

msvcp60

?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RD_XXXX

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/Synacast/SynaLive/am.dll
.dll windows:4 windows x86 arch:x86

7851a7479772b0671c92d4c8ee0217fc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c5:29:38:96:c8:31:e0:df:16:07:97:15:bb:89:8e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27/09/2007, 00:00

Not After

26/09/2008, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D Department,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:d8:69:31:3e:47:ec:45:83:f4:ac:b3:1f:20:82:ac:38:0e:9d:59
Signer

Actual PE Digest

30:d8:69:31:3e:47:ec:45:83:f4:ac:b3:1f:20:82:ac:38:0e:9d:59

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord3953
ord2725
ord861
ord922
ord919
ord5933
ord5934
ord3228
ord4204
ord353
ord2614
ord5572
ord2915
ord538
ord4278
ord924
ord939
ord941
ord4202
ord3081
ord1979
ord5186
ord354
ord833
ord668
ord1980
ord3181
ord4058
ord2781
ord2770
ord356
ord2985
ord1116
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord6467
ord1578
ord600
ord826
ord269
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord823
ord926
ord6877
ord268
ord1567
ord4129
ord6928
ord6930
ord860
ord825
ord834
ord936
ord920
ord837
ord932
ord858
ord535
ord537
ord803
ord540
ord543
ord2818
ord3584
ord800
ord665

msvcrt

fclose
_strdup
fread
strlen
free
strtok
ftell
fseek
_stricmp
memset
_ftol
_splitpath
strncmp
strcat
malloc
memcpy
srand
rand
strcmp
sprintf
__CxxFrameHandler
strcpy
fopen
fwrite
strncpy
strchr
strtol
strerror
_errno
_strnicmp
_CxxThrowException
toupper
??0exception@@QAE@ABV0@@Z
_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
atoi

kernel32

GetTickCount
GetACP
lstrlenA
MultiByteToWideChar
DeleteFileA
SetEvent
TerminateThread
CloseHandle
DeleteCriticalSection
GetLastError
FormatMessageA
CreateEventA
CreateThread
GetModuleFileNameA
VirtualQuery
CreateDirectoryA
GetSystemTime
CreateProcessA
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetPrivateProfileIntA
GetPrivateProfileStringA
CopyFileA
CompareFileTime
GetFileTime
LockResource
LoadResource
SizeofResource
FindResourceA
WritePrivateProfileStringA
LocalFree
LocalAlloc
EnterCriticalSection
WaitForSingleObject
GetTempPathA
LeaveCriticalSection
WideCharToMultiByte
InitializeCriticalSection
InterlockedDecrement

user32

RegisterClassExA
SetTimer
DefWindowProcA
SetWindowLongA
GetWindowLongA
CreateWindowExA
GetDesktopWindow
KillTimer
wsprintfA
WaitForInputIdle
PostMessageA
SendMessageA
DestroyWindow

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysAllocString
SysStringByteLen
SysAllocStringByteLen
VariantClear
SysFreeString
VariantInit

urlmon

URLDownloadToFileA

wininet

DeleteUrlCacheEntry
InternetTimeToSystemTimeA

shlwapi

PathFindFileNameA
PathStripPathA
StrStrIA
PathRemoveFileSpecA
PathAppendA
PathFileExistsA
PathFindExtensionA

msvcp60

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADHD@Z
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??_D?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@II@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV01@@Z
??1out_of_range@std@@UAE@XZ
??_7out_of_range@std@@6B@
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
?ignore@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@HH@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADHD@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z

Exports

Exports

PA_1
PA_2
PA_3

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/Synacast/SynaLive/common.dll
.dll windows:4 windows x86 arch:x86

4af413a6eee4fec07c0985b05516f3f9

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:d5:13:d1:17:51:9f:61:79:0d:16:19:1e:61:be:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

22/09/2006, 00:00

Not After

24/09/2007, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=technology department,O=Synacast Corp.,L=shanghai,ST=shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b7:9d:e9:fe:26:0a:b0:a9:e6:7a:19:85:83:0e:ae:f0:35:41:c2:ef
Signer

Actual PE Digest

b7:9d:e9:fe:26:0a:b0:a9:e6:7a:19:85:83:0e:ae:f0:35:41:c2:ef

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord3948
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4616
ord4418
ord3733
ord561
ord825
ord815
ord823
ord3579
ord543
ord803
ord698
ord800
ord861
ord2388
ord540
ord668
ord3176
ord2773
ord2762
ord356
ord858
ord925
ord1165
ord6466
ord911
ord398
ord913
ord4182
ord6279
ord6278
ord4273
ord2755
ord5461
ord798
ord5444
ord532
ord3432
ord4184
ord5588
ord6868
ord1173
ord1568
ord1570
ord1179
ord342
ord1240
ord1194
ord1563
ord1248
ord1250
ord1571
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord396
ord4269
ord600
ord826
ord269
ord1115

msvcrt

__CxxFrameHandler
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
_wtol
wcscmp

kernel32

LocalFree
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
LocalAlloc

shlwapi

PathRemoveFileSpecW

Exports

Exports

GetLanguageResW

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 798B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/Synacast/SynaLive/ets.dll
.dll regsvr32 windows:4 windows x86 arch:x86

9fcff45561cdb369433d22c4865e1cc1

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:d5:13:d1:17:51:9f:61:79:0d:16:19:1e:61:be:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

22/09/2006, 00:00

Not After

24/09/2007, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=technology department,O=Synacast Corp.,L=shanghai,ST=shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:9f:cb:6d:d2:65:86:df:bf:4b:72:ec:ac:72:e0:bf:a9:33:cf:58
Signer

Actual PE Digest

0c:9f:cb:6d:d2:65:86:df:bf:4b:72:ec:ac:72:e0:bf:a9:33:cf:58

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
lstrlenA
lstrlenW
WideCharToMultiByte
HeapDestroy
DeleteCriticalSection
DisableThreadLibraryCalls
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetShortPathNameA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
InterlockedDecrement
InterlockedIncrement

user32

CharNextA

ole32

CoCreateInstance

oleaut32

LoadRegTypeLi
LoadTypeLi
SysStringLen
SysFreeString
SysAllocString
RegisterTypeLi

msvcp60

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xlen@std@@YAXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z

msvcrt

_purecall
??2@YAPAXI@Z
free
_except_handler3
?terminate@@YAXXZ
_initterm
malloc
_adjust_fdiv
isalnum
__CxxFrameHandler

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/Synacast/SynaLive/uilib.dll
.dll regsvr32 windows:4 windows x86 arch:x86

cc8cbe427c7a531ca3131be4170331b7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c5:29:38:96:c8:31:e0:df:16:07:97:15:bb:89:8e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27/09/2007, 00:00

Not After

26/09/2008, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D Department,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ca:a6:e1:40:70:06:72:20:ee:02:99:c6:89:fb:e4:48:b9:26:df:73
Signer

Actual PE Digest

ca:a6:e1:40:70:06:72:20:ee:02:99:c6:89:fb:e4:48:b9:26:df:73

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1575
ord1176
ord1116
ord1168
ord1132
ord6467
ord1131
ord2725
ord5500
ord815
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord825
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord540
ord535
ord800
ord537
ord941
ord823
ord269

msvcrt

tolower
strchr
strncmp
isspace
isalnum
isalpha
fputs
sscanf
fputc
fopen
fseek
ftell
fclose
fread
atol
atof
atoi
strcmp
strcpy
_snprintf
free
strstr
malloc
wcscmp
_purecall
_mbsnbcpy
_strdup
memmove
_mbstok
strcat
strtod
wcslen
memcmp
_ltoa
strncpy
floor
_ftol
_CxxThrowException
fwrite
fflush
getc
printf
exp
log
strlen
strtok
memset
strtol
strspn
__CxxFrameHandler
memcpy
_wcsnicmp
_strcmpi
exit
_iob
getenv
abort
_CIpow
isprint
realloc
abs
fmod
fabs
sin
cos
sqrt
longjmp
_setjmp3
__CxxLongjmpUnwind
div
calloc
_mbslen
sprintf
_EH_prolog
_except_handler3
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
fprintf

kernel32

LocalFree
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
SizeofResource
LoadResource
LockResource
lstrcpyA
LoadLibraryA
GetProcAddress
FreeLibrary
GetShortPathNameA
HeapDestroy
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateProcessA
CloseHandle
CreateMutexA
lstrlenA
GetACP
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
GetSystemTime
GetPrivateProfileStringA
GetLastError
GetModuleFileNameA
GetPrivateProfileIntA
WritePrivateProfileStringA
lstrcatA
ReleaseMutex
GetLocalTime
LocalAlloc
WaitForSingleObject

user32

RegisterWindowMessageA
PostMessageA
SetTimer
InvalidateRect
CharNextA
wsprintfA
DrawTextA
GetIconInfo
GetDC
ReleaseDC
SetRect
KillTimer
IsRectEmpty

gdi32

CreateFontIndirectA
GetStockObject
SetTextColor
SetBkMode
StretchDIBits
RectVisible
CreateCompatibleBitmap
CreateBitmap
SetBkColor
StretchBlt
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
SetStretchBltMode
SetDIBitsToDevice
BitBlt
GetObjectA
SelectObject
RealizePalette
GetDIBits
CreateCompatibleDC
CreateDIBSection
DeleteDC
CreateDIBitmap
ExtCreateRegion
CombineRgn
DeleteObject

advapi32

RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA

ole32

CLSIDFromString
StringFromGUID2
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemFree

oleaut32

RegisterTypeLi
SysAllocStringLen
SysFreeString
LoadTypeLi
SysAllocString

msvcp60

?good@ios_base@std@@QBE_NXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDH@Z
?fail@ios_base@std@@QBE_NXZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ

shlwapi

PathRemoveFileSpecA
PathAppendA

rpcrt4

UuidFromStringA

Exports

Exports

CreatePlayLink
DllCanUnloadNow
DllGetClassObject
DllGetInstance
DllGetInstanceEx
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 308KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

946eb0a1e85c9ade4acaf634eb5a64f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetACP
GlobalFree
lstrcpynA
lstrcmpA
lstrlenA
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc

user32

SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
PPMPlayer.dll
.dll regsvr32 windows:4 windows x86 arch:x86

2f5d82ada90bd0a629da13b3d9011756

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
FindClose
FindFirstFileA
CreateDirectoryA
GetDiskFreeSpaceA
DeviceIoControl
SetConsoleTitleA
AllocConsole
FreeConsole
GetStdHandle
LocalFree
FormatMessageA
DeleteFileA
GetTempFileNameA
GetTempPathA
VirtualQuery
IsBadWritePtr
IsBadReadPtr
CreateMutexA
TlsAlloc
TlsSetValue
UnmapViewOfFile
ReleaseMutex
ResumeThread
SetThreadContext
GetThreadContext
SuspendThread
RaiseException
TlsGetValue
MapViewOfFile
GetCurrentProcessId
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
SetEndOfFile
SetConsoleCtrlHandler
ReadFile
CreateFileA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
IsBadCodePtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FlushFileBuffers
SetFilePointer
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
UnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
HeapCreate
GetEnvironmentVariableA
FatalAppExitA
GetStartupInfoA
GetFileType
SetHandleCount
GetOEMCP
GetCPInfo
HeapSize
TerminateProcess
ExitProcess
SetLastError
TlsFree
GetVersion
GetCommandLineA
ExitThread
HeapReAlloc
HeapFree
HeapAlloc
RtlUnwind
WriteFile
GetCurrentThread
GetThreadPriority
CreateFileMappingA
MulDiv
InterlockedExchange
CreateThread
SetThreadPriority
SetErrorMode
GetLastError
VirtualFree
VirtualAlloc
GetSystemInfo
ReleaseSemaphore
CreateSemaphoreA
WaitForMultipleObjects
DuplicateHandle
ResetEvent
VirtualProtect
GlobalReAlloc
GlobalFree
CreateProcessA
SetEvent
GetExitCodeThread
TerminateThread
CreateEventA
WaitForSingleObject
CloseHandle
Sleep
LoadLibraryA
GetProcAddress
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
DisableThreadLibraryCalls
GetModuleHandleA
GetShortPathNameA
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
lstrcmpA
InterlockedIncrement
OutputDebugStringA
DebugBreak
InterlockedDecrement
GlobalAlloc
GlobalLock
GlobalUnlock
GetTickCount
lstrcpyA
EnterCriticalSection
LeaveCriticalSection
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
lstrcatA
SetEnvironmentVariableA
WinExec
FreeLibrary
lstrcmpiA
GetPrivateProfileStringA
lstrlenA
lstrcpynA
GetModuleFileNameA
GetACP
SetStdHandle
GetVersionExA

user32

LoadStringW
PeekMessageA
GetQueueStatus
PostThreadMessageA
CreateDialogParamA
GetSystemMetrics
SetWindowPlacement
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetActiveWindow
SetForegroundWindow
MoveWindow
UnregisterClassA
FindWindowExA
LoadImageA
DrawTextA
SetCursor
PostMessageA
SetRect
GetSubMenu
LoadMenuA
GetAsyncKeyState
CheckMenuItem
CheckMenuRadioItem
EnableMenuItem
IsMenu
TrackPopupMenuEx
DestroyMenu
IntersectRect
EqualRect
OffsetRect
IsZoomed
PtInRect
CreateWindowExA
GetDlgItem
InvalidateRgn
CreateAcceleratorTableA
InSendMessage
MessageBeep
MapWindowPoints
wsprintfA
DefWindowProcA
DestroyWindow
SendMessageA
IsWindow
LoadCursorA
GetClientRect
SetTimer
KillTimer
SetWindowRgn
SetCapture
ReleaseCapture
EndPaint
BeginPaint
ScreenToClient
GetCursorPos
ReleaseDC
GetDC
SetWindowLongA
GetWindowLongA
CallWindowProcA
ShowWindow
SetWindowPos
SetParent
SetClassLongA
DestroyCursor
IsIconic
SystemParametersInfoA
GetWindowPlacement
AdjustWindowRectEx
RegisterClassA
GetClassInfoA
SetRectEmpty
MsgWaitForMultipleObjects
MessageBoxA
SetLastErrorEx
CharLowerBuffA
TranslateMessage
GetMessageA
LoadIconA
UnionRect
FillRect
ClientToScreen
RegisterClassExA
GetClassInfoExA
InvalidateRect
GetWindowRect
GetActiveWindow
IsWindowVisible
TranslateAcceleratorA
LoadAcceleratorsA
RegisterWindowMessageA
GetWindow
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
GetDesktopWindow
GetParent
GetClassNameA
RedrawWindow
GetFocus
IsChild
wvsprintfA
CharNextA
LoadStringA
GetSysColor
SetFocus
DispatchMessageA

gdi32

SetMapMode
SaveDC
LPtoDP
CreateDCA
CreateRectRgnIndirect
DeleteMetaFile
CloseMetaFile
SetWindowExtEx
CreateMetaFileA
CombineRgn
CreateRectRgn
OffsetRgn
PtInRegion
SelectClipRgn
GetRgnBox
SetBkMode
SetTextColor
GetTextExtentPoint32A
LineTo
MoveToEx
SetWindowOrgEx
CreatePen
ExtCreateRegion
CreateDIBSection
SelectPalette
GdiFlush
RealizePalette
SetStretchBltMode
TextOutA
SetDIBColorTable
StretchBlt
StretchDIBits
SetDIBitsToDevice
CreatePalette
GetSystemPaletteEntries
GetDIBits
ExtTextOutA
SetBkColor
CreatePatternBrush
CreateBitmap
SetViewportOrgEx
RestoreDC
GetStockObject
GetObjectA
GetDeviceCaps
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteObject
SetROP2
SelectObject
DeleteDC

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ole32

GetHGlobalFromStream
StringFromGUID2
CoFreeUnusedLibraries
CoUninitialize
CoCreateGuid
StringFromIID
OleLoadFromStream
CreateDataAdviseHolder
OleRegGetMiscStatus
CreateOleAdviseHolder
OleRegGetUserType
OleRegEnumVerbs
OleSaveToStream
WriteClassStm
OleLockRunning
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoInitialize

oleaut32

VariantChangeType
OleCreatePictureIndirect
DispCallFunc
SysAllocStringByteLen
OleCreatePropertyFrame
SysStringByteLen
LoadTypeLi
RegisterTypeLi
OleCreateFontIndirect
LoadRegTypeLi
SysAllocString
SysStringLen
SysAllocStringLen
VariantClear
SysFreeString

ws2_32

WSAStartup
WSACleanup
inet_addr
gethostbyname
htons
inet_ntoa
ioctlsocket
connect
closesocket
socket
WSAGetLastError
recv
send
select

comctl32

ImageList_Draw
ImageList_GetImageCount
ImageList_LoadImageA
ImageList_Destroy
ord17

wininet

InternetCloseHandle
InternetReadFile
InternetConnectA
HttpSendRequestA
HttpOpenRequestA
InternetOpenA
InternetAttemptConnect
HttpQueryInfoA

winmm

timeSetEvent
timeKillEvent
timeGetDevCaps
timeBeginPeriod
timeGetTime
timeEndPeriod

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 444KB - Virtual size: 441KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 312KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PSNetwork.dll
.dll windows:4 windows x86 arch:x86

89ff9c38f56cbc4f6f5a8ed740aab1f1

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:6a:7c:3d:37:aa:20:67:3c:5e:27:ee:72:d8:f3:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12/07/2007, 00:00

Not After

11/07/2008, 23:59

Subject

CN=SHANGHAI ZHONGYUAN NETWORKS LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Department,O=SHANGHAI ZHONGYUAN NETWORKS LIMITED,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord1228
ord6283
ord3721
ord3619
ord809
ord795
ord2614
ord556
ord3663
ord3626
ord2414
ord4275
ord5875
ord2864
ord1088
ord2122
ord1641
ord3797
ord6358
ord6197
ord2859
ord6880
ord926
ord2860
ord4129
ord5683
ord6663
ord4774
ord4402
ord3640
ord693
ord4243
ord3301
ord3910
ord6605
ord2754
ord6696
ord3293
ord6282
ord538
ord6569
ord1085
ord5601
ord802
ord542
ord922
ord6905
ord6007
ord4220
ord2584
ord3654
ord2438
ord6270
ord2863
ord1644
ord2546
ord291
ord5710
ord2824
ord6874
ord539
ord1175
ord4274
ord2763
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord815
ord561
ord3953
ord2725
ord771
ord2528
ord1008
ord497
ord1948
ord5303
ord4699
ord5715
ord817
ord565
ord2726
ord4226
ord6215
ord2086
ord5450
ord6394
ord5440
ord6383
ord283
ord5678
ord5789
ord5787
ord5873
ord6172
ord5736
ord2814
ord834
ord3573
ord3089
ord1116
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord4278
ord4277
ord5572
ord2915
ord2642
ord1669
ord5681
ord4224
ord2652
ord6334
ord3874
ord3092
ord858
ord1768
ord5280
ord470
ord755
ord4234
ord2301
ord324
ord567
ord6467
ord1168
ord1146
ord641
ord656
ord3610
ord4424
ord3402
ord4837
ord5290
ord1776
ord6055
ord3597
ord4853
ord4376
ord6199
ord2370
ord4202
ord6877
ord3337
ord4171
ord6311
ord2764
ord3097
ord6453
ord3998
ord6907
ord939
ord5953
ord2379
ord4710
ord3996
ord4258
ord2302
ord489
ord768
ord4425
ord825
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4835
ord3798
ord5287
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4854
ord4377
ord5265
ord4358
ord4948
ord4976
ord4742
ord4905
ord5160
ord5162
ord5161
ord1907
ord940
ord356
ord535
ord941
ord2770
ord2781
ord4058
ord3181
ord3178
ord3310
ord668
ord2818
ord540
ord3811
ord2820
ord537
ord800
ord860
ord823
ord6375

msvcrt

strcpy
exit
_endthreadex
strstr
_beginthreadex
_mbscmp
memset
memcmp
memcpy
atoi
sprintf
strlen
time
srand
rand
__CxxFrameHandler
_purecall
_stricmp
_strcmpi
_strnicmp
pow
atof
memmove
_mbccpy
_mbsnbcmp
_mbsstr
_mbclen
_mbsncmp
_mbschr
strncpy
fopen
fwrite
fflush
fclose
free
calloc
_mbsicmp
sscanf
_mbsrchr
??8type_info@@QBEHABV0@@Z
_CxxThrowException
_ftol
toupper
_mkdir
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_vsnprintf
_except_handler3
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_initterm
malloc
_adjust_fdiv
vsprintf

kernel32

UnlockFile
ReadFile
MoveFileA
FindFirstFileA
FindNextFileA
FindClose
GetFileSize
SetFilePointer
SetEndOfFile
GetFileAttributesA
GlobalFree
GetModuleFileNameA
GlobalAlloc
GlobalLock
GlobalUnlock
LocalAlloc
lstrcpyA
ResetEvent
SetEvent
WaitForSingleObject
TerminateThread
GetExitCodeThread
CreateFileA
CloseHandle
WideCharToMultiByte
LocalFree
InterlockedDecrement
WriteFile
CreateDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
SetLastError
GetLastError
InterlockedExchange
Sleep
EnterCriticalSection
GetTickCount
DeleteCriticalSection
InitializeCriticalSection
lstrlenA
GetPrivateProfileIntA
DeleteFileA
GetModuleHandleA
OpenFile
GetACP
CopyFileA
SetFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
lstrlenW
GetTempFileNameA
GetTempPathA
SetUnhandledExceptionFilter
VirtualQuery
GetFileTime
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
MultiByteToWideChar
LockFile
GetProcAddress
LoadLibraryA
lstrcmpA
DeviceIoControl
GetVersionExA
FreeLibrary
LoadLibraryExA
InterlockedIncrement
IsBadReadPtr
GetWindowsDirectoryA
CreateProcessA
GlobalMemoryStatus
SystemTimeToFileTime
GetSystemTime
GetCurrentThreadId
lstrcpynA
lstrcmpiA
CreateEventA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
TerminateProcess
LeaveCriticalSection
GetSystemInfo

user32

EnableWindow
GetMessagePos
RegisterWindowMessageA
FillRect
MessageBeep
GetMenuItemCount
GetMenuItemID
LoadMenuA
GetSubMenu
PostMessageA
SetWindowPos
GetCursorPos
ScreenToClient
UpdateWindow
SendDlgItemMessageA
SetDlgItemTextA
ShowWindow
SetForegroundWindow
LoadCursorA
CopyIcon
GetWindowRect
GetDC
ReleaseDC
InflateRect
InvalidateRect
IsWindow
SetCursor
PtInRect
ReleaseCapture
RedrawWindow
SetCapture
DestroyCursor
GetSysColor
wsprintfA
GetMessageA
TranslateMessage
PostThreadMessageA
GetParent
SendMessageA
SetWindowLongA
GetWindowLongA
IsWindowVisible
IsIconic
KillTimer
DispatchMessageA
MessageBoxA
CloseClipboard
SetClipboardData
EmptyClipboard
SetTimer
OpenClipboard
LoadIconA
DrawIcon
GetClientRect
GetSystemMetrics

gdi32

GetTextExtentPoint32A
GetObjectA
CreateFontIndirectA
GetStockObject

advapi32

RegEnumKeyExA
GetUserNameA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextA
RegEnumValueA
RegQueryInfoKeyA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

ExtractIconA
ShellExecuteExA
ShellExecuteA

ole32

OleRun
CoCreateInstance
CoTaskMemFree
StringFromCLSID
CoCreateGuid
CoUninitialize
CoInitialize

oleaut32

SysFreeString
VariantClear
GetErrorInfo
SysAllocString

msvcp60

?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?_Xran@std@@YAXXZ
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??9std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z

ws2_32

recvfrom
WSACleanup
sendto
send
recv
inet_addr
WSAStartup
setsockopt
shutdown
WSAEventSelect
WSACreateEvent
WSACloseEvent
WSASocketA
getsockname
getpeername
gethostbyname
gethostname
socket
htons
bind
ntohs
listen
WSASetEvent
WSAWaitForMultipleEvents
WSAGetLastError
WSASetLastError
WSARecv
WSAResetEvent
WSAEnumNetworkEvents
accept
closesocket
WSASend
inet_ntoa
connect

wininet

InternetGetConnectedState
InternetOpenA
InternetCloseHandle
InternetOpenUrlA
HttpQueryInfoA
InternetReadFile
InternetSetCookieA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

imagehlp

ImageNtHeader
CheckSumMappedFile

Exports

Exports

??0CPSNetwork@@QAE@ABV0@@Z
??0CPSNetwork@@QAE@XZ
??1CPSNetwork@@UAE@XZ
??4CPSNetwork@@QAEAAV0@ABV0@@Z
??_7CPSNetwork@@6B@
?Connect@CPSNetwork@@QAEHXZ
?Disconnect@CPSNetwork@@QAEXXZ
?GetCacheTime@CPSNetwork@@QAEHXZ
?GetChannelName@CPSNetwork@@QAEPBDXZ
?GetChannelOnlineCount@CPSNetwork@@QAEKXZ
?GetComment@CPSNetwork@@QAEPBDH@Z
?GetHttpURL@CPSNetwork@@QAEPBDH@Z
?GetMsg@CPSNetwork@@QAEHAAKPAD@Z
?GetPercent@CPSNetwork@@QAEHAAK0@Z
?GetStatus@CPSNetwork@@QAE?AW4PLAY_STATUS@@XZ
?GetStreamingType@CPSNetwork@@QAE?AW4STREAMING_TYPE@@XZ
?Save@CPSNetwork@@QAEHPBD@Z
?SetLogLevel@CPSNetwork@@QAEHH@Z
?SetParam@CPSNetwork@@QAEXPBD0@Z
?ShowPropertyDlg@CPSNetwork@@QAEXH@Z
FIO_Create

Sections

.text
Size: 496KB - Virtual size: 496KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PowerPlayer.dll
.dll regsvr32 windows:4 windows x86 arch:x86

4d3ffa65ed362b8a091aad83f8b30fbf

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:6a:7c:3d:37:aa:20:67:3c:5e:27:ee:72:d8:f3:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12/07/2007, 00:00

Not After

11/07/2008, 23:59

Subject

CN=SHANGHAI ZHONGYUAN NETWORKS LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Department,O=SHANGHAI ZHONGYUAN NETWORKS LIMITED,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord6199
ord4476
ord6143
ord539
ord613
ord289
ord6111
ord1175
ord2393
ord1567
ord268
ord3619
ord809
ord556
ord1088
ord2122
ord3797
ord6358
ord1200
ord2860
ord6385
ord6876
ord6930
ord5450
ord6394
ord5440
ord6383
ord6379
ord772
ord6142
ord500
ord5860
ord3986
ord5606
ord939
ord4284
ord5873
ord5834
ord2841
ord2448
ord2044
ord2107
ord5861
ord6883
ord6663
ord703
ord404
ord603
ord273
ord275
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord3571
ord640
ord5785
ord1640
ord323
ord816
ord3908
ord562
ord940
ord1233
ord5575
ord6194
ord6378
ord3815
ord6442
ord4204
ord6928
ord5981
ord2652
ord4224
ord1669
ord5710
ord2763
ord3716
ord790
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2724
ord4079
ord4698
ord5307
ord5289
ord5714
ord3401
ord4622
ord3670
ord561
ord1134
ord1205
ord3952
ord6354
ord1216
ord1227
ord6010
ord1877
ord4249
ord2486
ord2687
ord6364
ord3326
ord6365
ord4472
ord5498
ord3278
ord3353
ord3681
ord446
ord743
ord1177
ord4006
ord2727
ord2730
ord2729
ord1226
ord1210
ord2439
ord5572
ord5618
ord994
ord4342
ord4687
ord4639
ord5674
ord2156
ord4856
ord4920
ord6002
ord2137
ord1963
ord5213
ord2953
ord3868
ord5150
ord4705
ord4707
ord2876
ord5649
ord4287
ord4661
ord4660
ord4768
ord4650
ord4903
ord4548
ord4521
ord4594
ord4988
ord4925
ord4930
ord4935
ord4659
ord4909
ord4908
ord4668
ord4667
ord4666
ord4648
ord4689
ord5023
ord4654
ord4643
ord4354
ord4780
ord4649
ord4637
ord4636
ord5060
ord4584
ord4371
ord4361
ord4356
ord4739
ord4741
ord4738
ord4409
ord4603
ord4415
ord4992
ord4979
ord2488
ord3404
ord4539
ord4534
ord2954
ord2384
ord6370
ord2983
ord3148
ord3260
ord4466
ord2986
ord3080
ord4081
ord4624
ord5825
ord723
ord3946
ord423
ord5332
ord5328
ord5331
ord5314
ord5333
ord2541
ord4949
ord2998
ord4459
ord5033
ord4502
ord6030
ord2956
ord1601
ord3474
ord1892
ord4252
ord1212
ord4570
ord4672
ord4843
ord5011
ord4713
ord6371
ord5286
ord4438
ord3279
ord4625
ord449
ord746
ord2278
ord6311
ord4171
ord2753
ord3546
ord4317
ord2243
ord5788
ord472
ord5787
ord6646
ord6334
ord2450
ord4133
ord4297
ord3005
ord4033
ord433
ord1132
ord1116
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord1979
ord665
ord924
ord922
ord1641
ord641
ord795
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord2688
ord801
ord541
ord283
ord2795
ord6215
ord2086
ord2642
ord6648
ord3092
ord2116
ord2614
ord6778
ord1168
ord2567
ord3874
ord2380
ord765
ord4299
ord6453
ord6605
ord6880
ord609
ord2108
ord2078
ord3574
ord4396
ord2575
ord3698
ord6467
ord4275
ord3742
ord926
ord4160
ord4202
ord2764
ord533
ord5194
ord1997
ord5448
ord798
ord2915
ord941
ord4278
ord4023
ord6282
ord6283
ord5683
ord4277
ord4129
ord5875
ord5789
ord2754
ord6172
ord2859
ord5768
ord2864
ord4034
ord535
ord1949
ord818
ord2135
ord823
ord1146
ord1644
ord2863
ord6270
ord2379
ord2438
ord3654
ord2584
ord4220
ord470
ord755
ord4710
ord6380
ord6197
ord4234
ord2302
ord2370
ord2414
ord3663
ord3626
ord825
ord324
ord567
ord540
ord860
ord858
ord800
ord537
ord6877
ord2818
ord354
ord5186
ord3318
ord2919
ord4113
ord5442
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265
ord3573
ord3721
ord4424
ord3402
ord5290
ord1776
ord1693
ord6055
ord1131

msvcrt

strstr
_mbsicmp
abs
fopen
fwrite
fflush
fclose
sprintf
time
strcmp
memset
atoi
_ftol
__CxxFrameHandler
_stricmp
strlen
_mbsstr
??0exception@@QAE@ABV0@@Z
_CxxThrowException
_beginthreadex
_endthreadex
exit
memcpy
strcpy
_access
_mbscmp
ftell
fseek
toupper
memcmp
wcsncpy
pow
atol
strcat
strchr
_mbsrchr
strncpy
strncmp
memmove
strrchr
wcstol
wcscmp
wcslen
rand
srand
strtoul
calloc
free
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ
_onexit
__dllonexit
malloc

kernel32

UnmapViewOfFile
lstrlenW
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
OpenFile
GetCurrentProcess
GetCurrentProcessId
GetSystemTime
OpenProcess
GetExitCodeProcess
TerminateProcess
WinExec
lstrcpynA
CreateWaitableTimerA
SetWaitableTimer
WaitForMultipleObjects
ResumeThread
MulDiv
GlobalFree
CreateEventA
FindResourceA
LoadResource
SizeofResource
LockResource
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetVersionExA
DeviceIoControl
InterlockedDecrement
WriteFile
ReadFile
GetLastError
SetFilePointer
CreateFileA
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
FreeLibrary
LoadLibraryA
GetProcAddress
MoveFileA
CopyFileA
GetWindowsDirectoryA
GetModuleFileNameA
CreateDirectoryA
GlobalAlloc
GlobalLock
GlobalUnlock
LeaveCriticalSection
LocalFree
LocalAlloc
ResetEvent
SetEvent
WaitForSingleObject
TerminateThread
EnterCriticalSection
GetExitCodeThread
DeleteCriticalSection
InitializeCriticalSection
CreateProcessA
CloseHandle
lstrcpyA
GetPrivateProfileStringA
GetTickCount
Sleep
DeleteFileA
GetPrivateProfileIntA
WritePrivateProfileStringA
lstrlenA
lstrcatA

user32

InsertMenuItemA
GetMessageA
TranslateMessage
GetMenuState
GetMenuStringA
RegisterClassA
DefWindowProcA
GetClassInfoA
CharLowerA
IntersectRect
IsRectEmpty
MoveWindow
OffsetRect
mouse_event
IsWindow
GetDC
ReleaseDC
GetCapture
CreatePopupMenu
AppendMenuA
CheckMenuItem
EnableMenuItem
DeleteMenu
InsertMenuA
GetPropA
RemoveMenu
MonitorFromWindow
GetMonitorInfoA
GetDesktopWindow
SetParent
SetRectEmpty
ShowCursor
GrayStringA
TabbedTextOutA
wsprintfA
ShowWindow
SetForegroundWindow
LoadCursorA
CopyIcon
SetWindowLongA
ReleaseCapture
RedrawWindow
DestroyCursor
GetMenuItemCount
GetMenuItemInfoA
GetMenuStringW
GetMenuItemID
ModifyMenuA
UpdateWindow
CopyRect
GetSystemMetrics
SystemParametersInfoA
GetWindowLongA
IsWindowVisible
SetCapture
GetParent
ClientToScreen
KillTimer
SetTimer
PostMessageA
SetRect
ScreenToClient
PtInRect
SetCursor
LoadMenuA
GetSubMenu
GetCursorPos
GetClientRect
PostThreadMessageA
EnableWindow
DispatchMessageA
MessageBoxA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
SendMessageA
SetPropA
InflateRect
FrameRect
GetWindowRect
GetSysColor
FillRect
DrawTextA
InvalidateRect

gdi32

SetBkColor
GetViewportExtEx
GetWindowExtEx
SetMapMode
GetMapMode
PtVisible
RectVisible
CreateBitmap
ExtTextOutA
Escape
GetNearestColor
Rectangle
GetTextMetricsA
GetObjectA
CreateFontIndirectA
StretchBlt
CreateRectRgnIndirect
CombineRgn
FillRgn
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteDC
GetDeviceCaps
GetStockObject
PatBlt
DeleteObject
SetTextColor
SetBkMode
GetTextExtentPoint32A
SelectObject
LPtoDP
TextOutA
CreateSolidBrush
DPtoLP

advapi32

RegSetValueA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextA
RegCloseKey
RegEnumValueA
RegQueryInfoKeyA
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA

shell32

ShellExecuteA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteExA

comctl32

_TrackMouseEvent

ole32

CoInitialize
CoUninitialize
CreateStreamOnHGlobal
CoCreateInstance

olepro32

ord251

oleaut32

SafeArrayDestroy
SafeArrayAccessData
SafeArrayCreateVector
SysFreeString
VariantClear
SysAllocStringLen
SysAllocString
LoadRegTypeLi

msvcp60

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV01@@Z
??1out_of_range@std@@UAE@XZ
??_7out_of_range@std@@6B@
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?_Xran@std@@YAXXZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

psnetwork

?SetParam@CPSNetwork@@QAEXPBD0@Z
??1CPSNetwork@@UAE@XZ
??0CPSNetwork@@QAE@XZ
?GetHttpURL@CPSNetwork@@QAEPBDH@Z
?GetStatus@CPSNetwork@@QAE?AW4PLAY_STATUS@@XZ
?ShowPropertyDlg@CPSNetwork@@QAEXH@Z
?Save@CPSNetwork@@QAEHPBD@Z
?GetPercent@CPSNetwork@@QAEHAAK0@Z
?GetComment@CPSNetwork@@QAEPBDH@Z
?GetStreamingType@CPSNetwork@@QAE?AW4STREAMING_TYPE@@XZ
?Connect@CPSNetwork@@QAEHXZ
?Disconnect@CPSNetwork@@QAEXXZ
?GetChannelName@CPSNetwork@@QAEPBDXZ

ws2_32

WSACleanup
inet_ntoa
WSAStartup

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RecordPlan.exe
.exe windows:4 windows x86 arch:x86

0c002c2c1c5729e7133e586d5b77fd73

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
DeleteFileA
Sleep
TerminateThread
GetCommandLineA
FileTimeToSystemTime
FileTimeToLocalFileTime
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
SetConsoleCtrlHandler
LoadLibraryA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
SetFilePointer
CreateFileA
ReadFile
FlushFileBuffers
SetStdHandle
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
CreateFileMappingA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WriteFile
GetProcAddress
HeapCreate
GetVersionExA
GetEnvironmentVariableA
IsBadWritePtr
VirtualAlloc
VirtualFree
FatalAppExitA
GetOEMCP
GetCPInfo
GetStringTypeW
GetStringTypeA
HeapSize
TerminateProcess
GetCurrentThread
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
ExitProcess
GetVersion
GetStartupInfoA
RaiseException
GetLocalTime
GetSystemTime
GetTimeZoneInformation
HeapFree
HeapAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
GetLastError
CloseHandle
CreateEventA
CreateThread
GetModuleHandleA
FreeLibrary
WaitForSingleObject
GetCurrentProcess
FlushInstructionCache
CompareStringA
lstrcpyA
lstrcmpiA
EnterCriticalSection
LeaveCriticalSection
lstrcpynA
GetLocaleInfoW
MapViewOfFile
SetEvent
UnmapViewOfFile
GetCurrentThreadId
lstrlenW
MultiByteToWideChar
GetACP
WideCharToMultiByte
InterlockedIncrement
OutputDebugStringA
DebugBreak
lstrlenA
InterlockedDecrement
FreeEnvironmentStringsA
GetModuleFileNameA

user32

EndPaint
BeginPaint
CreateDialogParamA
SetCursor
GetCursorPos
SetMenuDefaultItem
GetSubMenu
IsMenu
GetDlgCtrlID
FillRect
SetWindowTextA
GetDlgItem
EndDialog
SetWindowLongA
DrawFocusRect
GetFocus
CallWindowProcA
SetTimer
PostMessageA
wvsprintfA
CharNextA
ChildWindowFromPoint
RegisterWindowMessageA
InvalidateRect
PtInRect
SetFocus
SetCapture
GetCapture
ReleaseCapture
UpdateWindow
SetRectEmpty
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
ReleaseDC
GetDC
DrawTextA
OffsetRect
IsWindow
CreateWindowExA
GetClassNameA
GetWindowTextLengthA
GetWindowTextA
GetClassInfoExA
LoadCursorA
wsprintfA
RegisterClassExA
GetWindowLongA
GetParent
GetWindow
SystemParametersInfoA
GetClientRect
MapWindowPoints
DestroyIcon
DestroyMenu
EnableWindow
IsWindowVisible
MessageBoxA
LoadMenuA
IsWindowEnabled
TrackPopupMenu
SetForegroundWindow
BringWindowToTop
GetActiveWindow
DialogBoxParamA
DestroyWindow
PostQuitMessage
ShowWindow
GetWindowRect
ScreenToClient
GetSystemMetrics
LoadImageA
SendMessageA
SetWindowPos
IsDialogMessageA
LoadStringA
GetSysColor

gdi32

CreateFontIndirectA
SetBkColor
RestoreDC
CreateSolidBrush
GetObjectA
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetStockObject
SelectObject
DeleteDC
DeleteObject
SetTextColor
SetBkMode
LineTo
MoveToEx
SaveDC
ExtTextOutA
CreatePen

advapi32

RegCreateKeyExA
RegQueryValueExA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegOpenKeyExA

shell32

ShellExecuteA
SHGetSpecialFolderPathA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
Shell_NotifyIconA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysFreeString
SysAllocStringLen

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

recorder

CreateRecorder

comctl32

InitCommonControlsEx
_TrackMouseEvent

Sections

.text
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 208KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Recorder.dll
.dll regsvr32 windows:4 windows x86 arch:x86

4316aaef3652b911b4a625e3bab765b1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
CreateThread
FlushInstructionCache
GetCurrentProcess
FreeLibrary
OutputDebugStringA
GetProcAddress
LoadLibraryA
HeapDestroy
DisableThreadLibraryCalls
MultiByteToWideChar
lstrcpyA
lstrlenA
lstrcatA
lstrlenW
GetModuleFileNameA
WideCharToMultiByte
WaitForSingleObject
SetEvent
Sleep
CreateEventA
GetDiskFreeSpaceExA
IsBadWritePtr
TerminateThread
GetExitCodeThread
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetThreadLocale
SetThreadLocale
SetProcessWorkingSetSize
GetVersionExA
CreateProcessA
LocalFree
FormatMessageA
DeleteFileA
GetDriveTypeA
GetLogicalDrives
GetFileType
ReadFile
GetFileSize
SetFilePointer
GetTempFileNameA
GetTempPathA
CreateDirectoryA
GetPrivateProfileStringA
GetPrivateProfileIntA
InterlockedExchange
GetLocaleInfoW
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
SetConsoleCtrlHandler
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
SetStdHandle
UnhandledExceptionFilter
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetEnvironmentStringsW
CreateFileA
WriteFile
CloseHandle
GetLastError
GetCurrentThreadId
EnterCriticalSection
GetModuleHandleA
LeaveCriticalSection
DeleteCriticalSection
GetVersion
InitializeCriticalSection
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
VirtualAlloc
VirtualFree
HeapCreate
RaiseException
GetEnvironmentVariableA
GetStartupInfoA
GetStdHandle
SetHandleCount
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
FatalAppExitA
GetCurrentThread
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
HeapSize
HeapReAlloc
TerminateProcess
ExitProcess
GetCommandLineA
HeapFree
HeapAlloc
GetLocalTime
GetSystemTime
InterlockedIncrement
InterlockedDecrement
RtlUnwind

user32

SendMessageA
FindWindowExA
SystemParametersInfoA
ScreenToClient
CharNextA
PostMessageA
SetWindowTextA
GetWindowRect
SetWindowPos
GetClassInfoExA
LoadCursorA
wsprintfA
MoveWindow
CallWindowProcA
CreateWindowExA
SetWindowLongA
DestroyWindow
GetWindowLongA
DefWindowProcA
SetDlgItemTextA
RegisterClassExA

advapi32

RegQueryValueExA
RegCreateKeyA
RegDeleteValueA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegSetValueExA
RegQueryInfoKeyA
RegCloseKey
RegOpenKeyExA

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderPathA
SHBrowseForFolderA

ole32

CoCreateGuid
CoCreateInstance

oleaut32

LoadTypeLi
SysAllocString
SysFreeString
RegisterTypeLi

wininet

InternetReadFile
InternetOpenA
InternetOpenUrlA
InternetCloseHandle

ws2_32

htonl
bind
WSACancelAsyncRequest
closesocket
WSAGetLastError
recv
send
WSAAsyncGetHostByName
htons
getpeername
getsockname
shutdown
inet_addr
WSASetLastError
socket
WSAAsyncSelect
gethostname
gethostbyname
select
setsockopt
getsockopt
ioctlsocket
accept
listen
connect

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

CreateRecorder
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 212KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SopCore.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

74cde3a886ed38bb98935593d4cc654a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

gethostbyaddr
WSACleanup
shutdown
accept
setsockopt
getpeername
getsockname
WSASendTo
ioctlsocket
gethostbyname
__WSAFDIsSet
ntohs
select
sendto
WSARecvFrom
getsockopt
WSASetLastError
inet_addr
htonl
bind
WSAStartup
socket
htons
connect
ntohl
WSAGetLastError
closesocket
send
listen
recv

kernel32

CompareStringW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetStringTypeExA
GetFileType
GetStdHandle
FindNextFileA
FindFirstFileA
GetCurrentProcessId
GlobalMemoryStatus
QueryPerformanceCounter
FlushConsoleInputBuffer
RtlUnwind
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
HeapReAlloc
ExitProcess
TerminateProcess
GetCommandLineA
ExitThread
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
GetTimeZoneInformation
SetConsoleCtrlHandler
CompareStringA
FatalAppExitA
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetHandleCount
GetStartupInfoA
LCMapStringA
LCMapStringW
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
GetOEMCP
GetCPInfo
SetStdHandle
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
CreateFileA
GetTimeFormatA
GetDateFormatA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetEnvironmentVariableA
SetEnvironmentVariableW
CreateMutexA
CreateThread
GetDiskFreeSpaceW
GetTempFileNameW
GlobalGetAtomNameW
lstrcpyA
GetProfileIntW
GetTickCount
GetFileTime
GetFileAttributesW
SetFileAttributesW
SetFileTime
LocalFileTimeToFileTime
LocalLock
LocalUnlock
FindResourceExW
FileTimeToLocalFileTime
GetShortPathNameW
CreateFileW
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetStringTypeExW
GetCurrentDirectoryW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFlags
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
GetUserDefaultLCID
IsDBCSLeadByte
lstrcmpiW
InterlockedIncrement
GetCurrentThread
lstrcmpiA
GetModuleFileNameW
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
lstrcmpA
DeleteCriticalSection
InitializeCriticalSection
RaiseException
WaitForMultipleObjects
ReleaseMutex
CreateMutexW
ReleaseSemaphore
CreateSemaphoreW
CreateEventW
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
CloseHandle
GlobalFree
CopyFileW
GlobalSize
GlobalAlloc
FormatMessageW
LocalFree
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrlenA
LoadLibraryA
lstrcmpW
GetModuleHandleW
GetVersionExA
GlobalLock
GlobalUnlock
MulDiv
GetModuleHandleA
GetProcAddress
InterlockedDecrement
SetLastError
lstrcpynW
GetWindowsDirectoryW
LoadLibraryW
GetLastError
FreeLibrary
FindFirstFileW
FindClose
CreateDirectoryW
WaitForSingleObject
Sleep
MoveFileW
lstrcatW
WinExec
DeleteFileW
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
lstrcpyW
FindResourceW
LoadResource
LockResource
SizeofResource
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetDriveTypeA
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GetFullPathNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
WriteConsoleA
SetUnhandledExceptionFilter

user32

GetProcessWindowStation
MessageBoxA
TranslateAcceleratorW
PostThreadMessageW
GetDCEx
GetTabbedTextExtentW
IsClipboardFormatAvailable
GetTabbedTextExtentA
MessageBeep
GetNextDlgGroupItem
CopyAcceleratorTableW
CharUpperW
DeleteMenu
CharNextW
GetDialogBaseUnits
GetSysColorBrush
SystemParametersInfoW
GetMenuItemInfoW
LockWindowUpdate
EnumChildWindows
SetRect
SetRectEmpty
SetCapture
InvalidateRgn
ReleaseCapture
RegisterClipboardFormatW
IsRectEmpty
CreateMenu
DrawEdge
SetParent
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
PostQuitMessage
UnregisterClassA
GetMessageW
TranslateMessage
ValidateRect
GetDesktopWindow
CreateDialogIndirectParamW
EndDialog
GetCursorPos
MapVirtualKeyW
GetKeyNameTextW
GetMenuStringW
AppendMenuW
InsertMenuW
RemoveMenu
SetMenuItemBitmaps
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
ScrollWindowEx
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
RegisterWindowMessageW
WinHelpW
GetCapture
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
GetClassInfoExW
GetClassLongW
GetClassNameW
SetPropW
GetUserObjectInformationW
RemovePropW
SendDlgItemMessageW
SendDlgItemMessageA
GetFocus
SetFocus
IsChild
GetWindowTextLengthW
GetLastActivePopup
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconW
PeekMessageW
MapWindowPoints
ScrollWindow
MessageBoxW
TrackPopupMenu
GetKeyState
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
IsWindowVisible
UpdateWindow
GetMenu
GetMenuItemID
GetMenuItemCount
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetClassInfoW
RegisterClassW
UnregisterClassW
SetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
EndPaint
BeginPaint
GetWindowDC
UnhookWindowsHookEx
FindWindowExW
CopyIcon
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetForegroundWindow
GetWindow
CharUpperA
CharLowerW
CharLowerA
GetSystemMenu
UnionRect
UnpackDDElParam
ReuseDDElParam
GetWindowTextW
wsprintfW
RedrawWindow
KillTimer
SetTimer
LoadMenuW
LoadImageW
GetSubMenu
TrackPopupMenuEx
DestroyMenu
GetWindowLongW
WindowFromPoint
GetNextDlgTabItem
LoadAcceleratorsW
InsertMenuItemW
CreatePopupMenu
BringWindowToTop
GetPropW
SetMenu
GetActiveWindow
GetWindowRect
DrawFocusRect
FrameRect
OffsetRect
InflateRect
CopyRect
GetIconInfo
CreateIconIndirect
DrawStateW
DestroyIcon
SendMessageW
GetClientRect
LoadBitmapW
PtInRect
GetSysColor
SetCursor
EnableWindow
IsWindow
LoadCursorW
GetParent
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
PostMessageW
FillRect
DestroyCursor
DispatchMessageW
MsgWaitForMultipleObjects

gdi32

ExtCreatePen
CreateHatchBrush
GetDCOrgEx
CopyMetaFileW
CreateDCW
PatBlt
SetRectRgn
CombineRgn
SetArcDirection
GetMapMode
CreateMetaFileW
CloseMetaFile
DeleteMetaFile
OffsetRgn
GetViewportOrgEx
GetBkColor
GetTextColor
GetRgnBox
GetTextAlign
EnumFontFamiliesExW
GetCharWidthW
UnrealizeObject
CreatePen
EndPage
SetAbortProc
AbortDoc
EndDoc
StretchDIBits
GetBitmapBits
GetObjectA
CreateDCA
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
GetDeviceCaps
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
CreatePatternBrush
CreateDIBPatternBrushPt
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
LPtoDP
GetTextMetricsW
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
StartDocW
GetWindowExtEx
GetViewportExtEx
SelectClipPath
GetClipRgn
SelectClipRgn
StartPage
DPtoLP
SetBkMode
RestoreDC
SaveDC
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateRectRgn
CreateFontW
CreateRectRgnIndirect
Rectangle
CreateFontIndirectW
CreateSolidBrush
CreateCompatibleBitmap
GetPixel
SetPixel
CreateBitmap
SelectObject
SetBkColor
SetTextColor
DeleteDC
DeleteObject
GetStockObject
StretchBlt
BitBlt
CreateCompatibleDC
GetObjectW
GetTextExtentPoint32W
SetColorAdjustment

comdlg32

GetFileTitleW
GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
PrintDlgW
PageSetupDlgW
FindTextW
ReplaceTextW

winspool.drv

OpenPrinterW
GetJobW
ClosePrinter
DocumentPropertiesW

advapi32

DeregisterEventSource
RegQueryValueExW
RegOpenKeyExW
RegQueryValueW
IsTextUnicode
RegSetValueW
RegOpenKeyW
RegDeleteKeyW
RegEnumKeyW
RegCreateKeyW
RegCreateKeyExW
RegSetValueExW
RegisterEventSourceA
ReportEventA
RegCloseKey
GetFileSecurityW
SetFileSecurityW
RegDeleteValueW

shell32

DragQueryFileW
ShellExecuteW
ExtractIconW
SHGetFileInfoW
DragFinish
ShellExecuteExW

comctl32

_TrackMouseEvent
ord17
ord13
ImageList_Read
ImageList_Write
ord14
ImageList_Destroy
ImageList_Create
ImageList_LoadImageW
ImageList_Merge
ImageList_Draw
ImageList_GetImageInfo

shlwapi

PathRemoveExtensionW
PathFindFileNameW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoRegisterClassObject
CreateILockBytesOnHGlobal
CoCreateInstance
CoTaskMemFree
SetConvertStg
CreateStreamOnHGlobal
ReadClassStm
OleSetClipboard
OleIsCurrentClipboard
OleFlushClipboard
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
CreateBindCtx
CoTaskMemAlloc
ReleaseStgMedium
OleDuplicateData
StringFromCLSID
CoTreatAsClass
OleRun
CLSIDFromProgID
CLSIDFromString
StgCreateDocfileOnILockBytes
CoRevokeClassObject
StringFromGUID2
CreateDataCache
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
CreateDataAdviseHolder
OleSaveToStream
CreateOleAdviseHolder
CoDisconnectObject
CoGetClassObject
StgOpenStorageOnILockBytes
CoRegisterMessageFilter
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
OleLoadFromStream

oleaut32

LoadRegTypeLi
OleLoadPicture
OleCreateFontIndirect
VarBstrFromDate
VarBstrFromCy
VarCyFromStr
VarDecFromStr
VarBstrFromDec
SysReAllocStringLen
VarDateFromStr
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
OleCreatePropertyFrame
OleTranslateColor
LoadTypeLi
RegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SysFreeString
VariantInit
VariantChangeType
VariantClear
SysAllocString
OleCreatePictureIndirect
SysAllocStringLen

urlmon

CreateURLMoniker
IsAsyncMoniker
CreateAsyncBindCtx
RegisterBindStatusCallback

winmm

timeSetEvent
timeKillEvent
PlaySoundW

wininet

InternetOpenW
InternetOpenUrlW
HttpQueryInfoW
InternetCloseHandle
InternetReadFile

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 316KB - Virtual size: 313KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TVUAx.dll
.dll regsvr32 windows:4 windows x86 arch:x86

865d2257a426cf79da02ecf1476deed3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSARecvFrom
WSASendTo
__WSAFDIsSet
getsockname
getpeername
WSAGetLastError
accept
listen
gethostname
ntohs
send
recv
sendto
recvfrom
shutdown
inet_addr
ntohl
closesocket
bind
htons
htonl
socket
WSACleanup
setsockopt
gethostbyname
WSAStartup
select
connect
ioctlsocket
inet_ntoa

kernel32

lstrcpyA
GetModuleFileNameA
lstrcatA
InterlockedIncrement
InterlockedDecrement
HeapFree
GetProcessHeap
GetModuleHandleA
lstrcpynA
IsDBCSLeadByte
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
FlushInstructionCache
GetCurrentProcess
HeapAlloc
GetCurrentThreadId
FindResourceExA
SizeofResource
LockResource
LoadResource
FindResourceA
lstrcmpA
LocalFree
TlsSetValue
TlsAlloc
TlsGetValue
CreateThread
CreateMutexA
ReleaseMutex
OutputDebugStringA
GetTickCount
LoadLibraryA
IsBadCodePtr
IsBadReadPtr
CompareStringW
WriteFile
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
GetCurrentProcessId
QueryPerformanceCounter
UnhandledExceptionFilter
TerminateProcess
GetProcAddress
TlsFree
SetLastError
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualFree
HeapCreate
GetTimeZoneInformation
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetSystemTimeAsFileTime
ExitProcess
ResumeThread
ExitThread
RtlUnwind
HeapSize
HeapReAlloc
HeapDestroy
CompareStringA
lstrlenA
lstrlenW
lstrcmpiA
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
CreateEventA
Sleep
SetEvent
CloseHandle
TerminateThread
WaitForSingleObject
RaiseException
SetEnvironmentVariableA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LCMapStringA
LCMapStringW
SetFilePointer
FlushFileBuffers
SetStdHandle

user32

GetDC
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
UnionRect
PtInRect
SendMessageA
CharNextA
DefWindowProcA
DestroyWindow
MessageBoxA
IsWindow
PostMessageA
UnregisterClassA
DestroyCursor
SetRectEmpty
UpdateWindow
ScreenToClient
GetCursorPos
ReleaseCapture
GetCapture
SetCapture
SetCursor
GetDlgCtrlID
DrawFocusRect
GetSysColor
IsWindowEnabled
GetWindowTextA
GetWindowTextLengthA
CreateCursor
GetClassNameA
SetWindowTextA
GetDlgItem
MapWindowPoints
GetWindowRect
GetWindow
EndDialog
GetDlgItemTextA
RegisterWindowMessageA
InvalidateRgn
GetDesktopWindow
DestroyAcceleratorTable
RedrawWindow
CreateAcceleratorTableA
FindWindowA
BringWindowToTop
IsWindowVisible
IsZoomed
PostQuitMessage
ReleaseDC
GetActiveWindow
DialogBoxParamA
SetWindowLongA
GetWindowLongA
CallWindowProcA
DrawTextA
InflateRect
FillRect
CopyRect
GetKeyState
InvalidateRect
ShowWindow
SetFocus
IsChild
GetFocus
GetParent
CreateWindowExA
RegisterClassExA
wsprintfA
LoadCursorA
GetClassInfoExA
LoadBitmapA
SystemParametersInfoA
BeginPaint
GetClientRect
EndPaint
MoveWindow

gdi32

SetMapMode
LPtoDP
CreateDCA
DeleteObject
BitBlt
CreateCompatibleDC
SetTextColor
GetStockObject
SetViewportOrgEx
GetObjectA
SelectClipRgn
CreateRectRgn
GetClipRgn
CreateFontIndirectA
CreateSolidBrush
CreateCompatibleBitmap
DeleteDC
GetDeviceCaps
CreateMetaFileA
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
CloseMetaFile
CreateRectRgnIndirect
SelectObject
SetBkMode
DeleteMetaFile

advapi32

RegCreateKeyExA
RegQueryValueExA
RegEnumKeyExA
RegSetValueExA
RegDeleteKeyA
RegQueryInfoKeyA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA
SHGetFileInfoA

ole32

OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
StringFromCLSID
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CreateDataAdviseHolder
CreateOleAdviseHolder
OleLoadFromStream
WriteClassStm
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
OleSaveToStream

oleaut32

SysAllocStringLen
OleCreateFontIndirect
SysStringLen
LoadRegTypeLi
OleCreatePropertyFrame
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
VariantClear
VariantInit
VarUI4FromStr
RegisterTypeLi
SysFreeString
UnRegisterTypeLi
LoadTypeLi
SysAllocString

libexpatw

ord52
ord31
ord53
ord18
ord25
ord21
ord16

libeay32

ord2254

ssleay32

ord21
ord141
ord12
ord110
ord74
ord183
ord6
ord43
ord86
ord87
ord75
ord58
ord78
ord108
ord96
ord77
ord48
ord8
ord142

shlwapi

PathFindExtensionA

comctl32

_TrackMouseEvent

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dllcheck.exe
.exe windows:4 windows x86 arch:x86

7bc47012256ec9788e27c7c27c1ce1c1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
GetProcAddress
LoadLibraryA
FreeLibrary
GetACP
DebugBreak
OutputDebugStringA
CloseHandle
GetLongPathNameA
InterlockedIncrement
DuplicateHandle
GetLastError
LocalFree
GetWindowsDirectoryA
InterlockedDecrement
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
TerminateProcess
GetCurrentThreadId
GetOEMCP
GetCPInfo
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
OpenProcess
WaitForSingleObject
WriteFile
HeapFree
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapCreate
VirtualFree
HeapAlloc
VirtualAlloc
HeapReAlloc

user32

GetWindowThreadProcessId
SendMessageA
IsWindow
EndDialog
CharNextA
wvsprintfA
LoadStringA
GetWindowLongA
GetParent
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
GetSystemMetrics
LoadImageA
GetDlgItem
SetWindowTextA
SetDlgItemTextA
EnumWindows
IsWindowVisible
GetWindowTextA
SetWindowLongA
DefWindowProcA
MessageBoxA
GetActiveWindow
DialogBoxParamA
DestroyWindow
FindWindowA

advapi32

SetEntriesInAclA
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
SetSecurityInfo

shell32

SHGetFileInfoA

ole32

CoInitialize
CoUninitialize

comctl32

ImageList_ReplaceIcon
ImageList_Remove
ImageList_Create
InitCommonControlsEx

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
kankansession.dll
.dll regsvr32 windows:4 windows x86 arch:x86

79a70bd459052bd14ed6ea8b542750cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapDestroy
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
GetModuleFileNameA
WaitForSingleObject
SetEvent
DeleteFileA
Sleep
CreateEventA
CloseHandle
GetDiskFreeSpaceExA
IsBadWritePtr
GetFileType
CreateFileA
ReadFile
WriteFile
GetFileSize
SetFilePointer
CreateThread
TerminateThread
GetExitCodeThread
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetVersionExA
GetVersion
CreateDirectoryA
VirtualProtect
InterlockedExchange
RaiseException
DisableThreadLibraryCalls
CompareStringW
CompareStringA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetStdHandle
SetHandleCount
GetOEMCP
GetACP
GetCPInfo
VirtualAlloc
VirtualFree
HeapCreate
GetEnvironmentVariableA
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
HeapSize
HeapAlloc
HeapReAlloc
TerminateProcess
ExitProcess
GetCommandLineA
HeapFree
GlobalAlloc
GlobalLock
GlobalUnlock
lstrlenA
GetCurrentProcess
FlushInstructionCache
lstrcmpA
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
lstrlenW
OutputDebugStringA
MultiByteToWideChar
GetPrivateProfileStringA
InitializeCriticalSection
GetLastError
GetModuleHandleA
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEnvironmentVariableA
GetLocalTime
GetSystemTime
RtlUnwind

user32

SetWindowLongA
CreateWindowExA
RegisterClassExA
DefWindowProcA
GetWindowLongA
DestroyWindow
PostMessageA
MessageBoxA
CallWindowProcA
GetSysColor
SetFocus
GetWindow
IsChild
GetFocus
ReleaseDC
GetDC
EndPaint
FillRect
GetClientRect
BeginPaint
IsWindow
RedrawWindow
GetClassNameA
GetParent
GetDesktopWindow
CreateAcceleratorTableA
wsprintfA
LoadCursorA
GetClassInfoExA
ReleaseCapture
SetCapture
InvalidateRect
InvalidateRgn
SendMessageA
GetDlgItem
RegisterWindowMessageA
SetWindowTextA
GetWindowTextLengthA
CharNextA
ShowWindow
SetTimer
GetWindowTextA
SetWindowPos
KillTimer

gdi32

GetObjectA
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetDeviceCaps
GetStockObject

shell32

Shell_NotifyIconA

ole32

CoCreateInstance
CoGetClassObject
CoTaskMemFree
StringFromCLSID
CLSIDFromProgID
CLSIDFromString
CoTaskMemAlloc
OleLockRunning
CreateStreamOnHGlobal
OleInitialize
OleUninitialize

oleaut32

SysAllocString
SysAllocStringLen
LoadRegTypeLi
SysStringLen
VariantClear
OleCreateFontIndirect
RegisterTypeLi
LoadTypeLi
SysFreeString

ws2_32

WSAStartup
ioctlsocket
accept
WSAAsyncSelect
shutdown
sendto
connect
WSAAsyncGetHostByName
send
recv
WSAGetLastError
closesocket
WSACancelAsyncRequest
bind
htonl
htons
inet_addr
WSASetLastError
socket
inet_ntoa
gethostbyname
gethostname
select

Exports

Exports

CreateKankanSession
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ReleaseKankanSession

Sections

.text
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libeay32.dll
.dll windows:4 windows x86 arch:x86

9a8fb143a010f07506356c42d6154f05

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

recvfrom
sendto
bind
listen
accept
ntohl
inet_ntoa
WSACancelBlockingCall
WSACleanup
WSAStartup
gethostbyname
getsockopt
getservbyname
ntohs
htons
htonl
socket
setsockopt
connect
send
WSASetLastError
recv
WSAGetLastError
shutdown
closesocket

gdi32

CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
GetObjectA
BitBlt
GetBitmapBits
DeleteObject
DeleteDC
CreateDCA

advapi32

ReportEventA
DeregisterEventSource
RegisterEventSourceA

user32

MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW

msvcr71

_write
_fileno
_stat
_chmod
_getch
strstr
_read
sprintf
wcsstr
_vsnprintf
vfprintf
_iob
abort
free
realloc
malloc
memchr
time
localtime
gmtime
strncpy
_errno
memmove
isxdigit
isdigit
fprintf
_getpid
fputs
fclose
fread
fwrite
fflush
fopen
_setmode
ftell
fseek
fgets
atoi
perror
qsort
strcmp
getenv
strerror
strchr
isalnum
isspace
strncmp
strtoul
strrchr
tolower
isupper
sscanf
exit
strtol
signal
printf
_initterm
_adjust_fdiv
__CppXcptFilter
_except_handler3
__dllonexit
_onexit

kernel32

SetLastError
LoadLibraryA
FreeLibrary
FindClose
GetProcAddress
GetTickCount
GetThreadTimes
GetCurrentThread
ExitProcess
GetFileType
GetVersion
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
CloseHandle
GetVersionExA
FlushConsoleInputBuffer
GetModuleHandleA
GetCurrentThreadId
FindNextFileA
GetLastError
FindFirstFileA
GetStdHandle

Exports

Exports

ACCESS_DESCRIPTION_free
ACCESS_DESCRIPTION_it
ACCESS_DESCRIPTION_new
AES_cbc_encrypt
AES_cfb128_encrypt
AES_cfb1_encrypt
AES_cfb8_encrypt
AES_cfbr_encrypt_block
AES_ctr128_encrypt
AES_decrypt
AES_ecb_encrypt
AES_encrypt
AES_ofb128_encrypt
AES_options
AES_set_decrypt_key
AES_set_encrypt_key
ASN1_ANY_it
ASN1_BIT_STRING_asn1_meth
ASN1_BIT_STRING_free
ASN1_BIT_STRING_get_bit
ASN1_BIT_STRING_it
ASN1_BIT_STRING_name_print
ASN1_BIT_STRING_new
ASN1_BIT_STRING_num_asc
ASN1_BIT_STRING_set
ASN1_BIT_STRING_set_asc
ASN1_BIT_STRING_set_bit
ASN1_BMPSTRING_free
ASN1_BMPSTRING_it
ASN1_BMPSTRING_new
ASN1_BOOLEAN_it
ASN1_ENUMERATED_free
ASN1_ENUMERATED_get
ASN1_ENUMERATED_it
ASN1_ENUMERATED_new
ASN1_ENUMERATED_set
ASN1_ENUMERATED_to_BN
ASN1_FBOOLEAN_it
ASN1_GENERALIZEDTIME_check
ASN1_GENERALIZEDTIME_free
ASN1_GENERALIZEDTIME_it
ASN1_GENERALIZEDTIME_new
ASN1_GENERALIZEDTIME_print
ASN1_GENERALIZEDTIME_set
ASN1_GENERALIZEDTIME_set_string
ASN1_GENERALSTRING_free
ASN1_GENERALSTRING_it
ASN1_GENERALSTRING_new
ASN1_HEADER_free
ASN1_HEADER_new
ASN1_IA5STRING_asn1_meth
ASN1_IA5STRING_free
ASN1_IA5STRING_it
ASN1_IA5STRING_new
ASN1_INTEGER_cmp
ASN1_INTEGER_dup
ASN1_INTEGER_free
ASN1_INTEGER_get
ASN1_INTEGER_it
ASN1_INTEGER_new
ASN1_INTEGER_set
ASN1_INTEGER_to_BN
ASN1_NULL_free
ASN1_NULL_it
ASN1_NULL_new
ASN1_OBJECT_create
ASN1_OBJECT_free
ASN1_OBJECT_it
ASN1_OBJECT_new
ASN1_OCTET_STRING_NDEF_it
ASN1_OCTET_STRING_cmp
ASN1_OCTET_STRING_dup
ASN1_OCTET_STRING_free
ASN1_OCTET_STRING_it
ASN1_OCTET_STRING_new
ASN1_OCTET_STRING_set
ASN1_PRINTABLESTRING_free
ASN1_PRINTABLESTRING_it
ASN1_PRINTABLESTRING_new
ASN1_PRINTABLE_free
ASN1_PRINTABLE_it
ASN1_PRINTABLE_new
ASN1_PRINTABLE_type
ASN1_SEQUENCE_it
ASN1_STRING_TABLE_add
ASN1_STRING_TABLE_cleanup
ASN1_STRING_TABLE_get
ASN1_STRING_cmp
ASN1_STRING_data
ASN1_STRING_dup
ASN1_STRING_encode
ASN1_STRING_free
ASN1_STRING_get_default_mask
ASN1_STRING_length
ASN1_STRING_length_set
ASN1_STRING_new
ASN1_STRING_print
ASN1_STRING_print_ex
ASN1_STRING_print_ex_fp
ASN1_STRING_set
ASN1_STRING_set_by_NID
ASN1_STRING_set_default_mask
ASN1_STRING_set_default_mask_asc
ASN1_STRING_to_UTF8
ASN1_STRING_type
ASN1_STRING_type_new
ASN1_T61STRING_free
ASN1_T61STRING_it
ASN1_T61STRING_new
ASN1_TBOOLEAN_it
ASN1_TIME_check
ASN1_TIME_free
ASN1_TIME_it
ASN1_TIME_new
ASN1_TIME_print
ASN1_TIME_set
ASN1_TIME_to_generalizedtime
ASN1_TYPE_free
ASN1_TYPE_get
ASN1_TYPE_get_int_octetstring
ASN1_TYPE_get_octetstring
ASN1_TYPE_new
ASN1_TYPE_set
ASN1_TYPE_set_int_octetstring
ASN1_TYPE_set_octetstring
ASN1_UNIVERSALSTRING_free
ASN1_UNIVERSALSTRING_it
ASN1_UNIVERSALSTRING_new
ASN1_UNIVERSALSTRING_to_string
ASN1_UTCTIME_check
ASN1_UTCTIME_cmp_time_t
ASN1_UTCTIME_free
ASN1_UTCTIME_it
ASN1_UTCTIME_new
ASN1_UTCTIME_print
ASN1_UTCTIME_set
ASN1_UTCTIME_set_string
ASN1_UTF8STRING_free
ASN1_UTF8STRING_it
ASN1_UTF8STRING_new
ASN1_VISIBLESTRING_free
ASN1_VISIBLESTRING_it
ASN1_VISIBLESTRING_new
ASN1_add_oid_module
ASN1_check_infinite_end
ASN1_const_check_infinite_end
ASN1_d2i_bio
ASN1_d2i_fp
ASN1_digest
ASN1_dup
ASN1_generate_nconf
ASN1_generate_v3
ASN1_get_object
ASN1_i2d_bio
ASN1_i2d_fp
ASN1_item_d2i
ASN1_item_d2i_bio
ASN1_item_d2i_fp
ASN1_item_digest
ASN1_item_dup
ASN1_item_ex_d2i
ASN1_item_ex_free
ASN1_item_ex_i2d
ASN1_item_ex_new
ASN1_item_free
ASN1_item_i2d
ASN1_item_i2d_bio
ASN1_item_i2d_fp
ASN1_item_ndef_i2d
ASN1_item_new
ASN1_item_pack
ASN1_item_sign
ASN1_item_unpack
ASN1_item_verify
ASN1_mbstring_copy
ASN1_mbstring_ncopy
ASN1_object_size
ASN1_pack_string
ASN1_parse
ASN1_parse_dump
ASN1_primitive_free
ASN1_primitive_new
ASN1_put_eoc
ASN1_put_object
ASN1_seq_pack
ASN1_seq_unpack
ASN1_sign
ASN1_tag2bit
ASN1_tag2str
ASN1_template_d2i
ASN1_template_free
ASN1_template_i2d
ASN1_template_new
ASN1_unpack_string
ASN1_verify
AUTHORITY_INFO_ACCESS_free
AUTHORITY_INFO_ACCESS_it
AUTHORITY_INFO_ACCESS_new
AUTHORITY_KEYID_free
AUTHORITY_KEYID_it
AUTHORITY_KEYID_new
BASIC_CONSTRAINTS_free
BASIC_CONSTRAINTS_it
BASIC_CONSTRAINTS_new
BF_cbc_encrypt
BF_cfb64_encrypt
BF_decrypt
BF_ecb_encrypt
BF_encrypt
BF_ofb64_encrypt
BF_options
BF_set_key
BIGNUM_it
BIO_accept
BIO_callback_ctrl
BIO_copy_next_retry
BIO_ctrl
BIO_ctrl_get_read_request
BIO_ctrl_get_write_guarantee
BIO_ctrl_pending
BIO_ctrl_reset_read_request
BIO_ctrl_wpending
BIO_debug_callback
BIO_dgram_non_fatal_error
BIO_dump
BIO_dump_cb
BIO_dump_fp
BIO_dump_indent
BIO_dump_indent_cb
BIO_dump_indent_fp
BIO_dup_chain
BIO_f_base64
BIO_f_buffer
BIO_f_cipher
BIO_f_md
BIO_f_nbio_test
BIO_f_null
BIO_f_reliable
BIO_fd_non_fatal_error
BIO_fd_should_retry
BIO_find_type
BIO_free
BIO_free_all
BIO_get_accept_socket
BIO_get_ex_data
BIO_get_ex_new_index
BIO_get_host_ip
BIO_get_port
BIO_get_retry_BIO
BIO_get_retry_reason
BIO_gethostbyname
BIO_gets
BIO_indent
BIO_int_ctrl
BIO_new
BIO_new_accept
BIO_new_bio_pair
BIO_new_connect
BIO_new_dgram
BIO_new_fd
BIO_new_file
BIO_new_fp
BIO_new_mem_buf
BIO_new_socket
BIO_next
BIO_nread
BIO_nread0
BIO_number_read
BIO_number_written
BIO_nwrite
BIO_nwrite0
BIO_pop
BIO_printf
BIO_ptr_ctrl
BIO_push
BIO_puts
BIO_read
BIO_s_accept
BIO_s_bio
BIO_s_connect
BIO_s_datagram
BIO_s_fd
BIO_s_file
BIO_s_mem
BIO_s_null
BIO_s_socket
BIO_set
BIO_set_cipher
BIO_set_ex_data
BIO_set_tcp_ndelay
BIO_snprintf
BIO_sock_cleanup
BIO_sock_error
BIO_sock_init
BIO_sock_non_fatal_error
BIO_sock_should_retry
BIO_socket_ioctl
BIO_socket_nbio
BIO_vfree
BIO_vprintf
BIO_vsnprintf
BIO_write
BN_BLINDING_convert
BN_BLINDING_convert_ex
BN_BLINDING_create_param
BN_BLINDING_free
BN_BLINDING_get_flags
BN_BLINDING_get_thread_id
BN_BLINDING_invert
BN_BLINDING_invert_ex
BN_BLINDING_new
BN_BLINDING_set_flags
BN_BLINDING_set_thread_id
BN_BLINDING_update
BN_CTX_end
BN_CTX_free
BN_CTX_get
BN_CTX_init
BN_CTX_new
BN_CTX_start
BN_GENCB_call
BN_GF2m_add
BN_GF2m_arr2poly
BN_GF2m_mod
BN_GF2m_mod_arr
BN_GF2m_mod_div
BN_GF2m_mod_div_arr
BN_GF2m_mod_exp
BN_GF2m_mod_exp_arr
BN_GF2m_mod_inv
BN_GF2m_mod_inv_arr
BN_GF2m_mod_mul
BN_GF2m_mod_mul_arr
BN_GF2m_mod_solve_quad
BN_GF2m_mod_solve_quad_arr
BN_GF2m_mod_sqr
BN_GF2m_mod_sqr_arr
BN_GF2m_mod_sqrt
BN_GF2m_mod_sqrt_arr
BN_GF2m_poly2arr
BN_MONT_CTX_copy
BN_MONT_CTX_free
BN_MONT_CTX_init
BN_MONT_CTX_new
BN_MONT_CTX_set
BN_MONT_CTX_set_locked
BN_RECP_CTX_free
BN_RECP_CTX_init
BN_RECP_CTX_new
BN_RECP_CTX_set
BN_add
BN_add_word
BN_bin2bn
BN_bn2bin
BN_bn2dec
BN_bn2hex
BN_bn2mpi
BN_bntest_rand
BN_clear
BN_clear_bit
BN_clear_free
BN_cmp
BN_copy
BN_dec2bn
BN_div
BN_div_recp
BN_div_word
BN_dup
BN_exp
BN_free
BN_from_montgomery
BN_gcd
BN_generate_prime
BN_generate_prime_ex
BN_get0_nist_prime_192
BN_get0_nist_prime_224
BN_get0_nist_prime_256
BN_get0_nist_prime_384
BN_get0_nist_prime_521
BN_get_params
BN_get_word
BN_hex2bn
BN_init
BN_is_bit_set
BN_is_prime
BN_is_prime_ex
BN_is_prime_fasttest
BN_is_prime_fasttest_ex
BN_kronecker
BN_lshift
BN_lshift1
BN_mask_bits
BN_mod_add
BN_mod_add_quick
BN_mod_exp
BN_mod_exp2_mont
BN_mod_exp_mont
BN_mod_exp_mont_consttime
BN_mod_exp_mont_word
BN_mod_exp_recp
BN_mod_exp_simple
BN_mod_inverse
BN_mod_lshift
BN_mod_lshift1
BN_mod_lshift1_quick
BN_mod_lshift_quick
BN_mod_mul
BN_mod_mul_montgomery
BN_mod_mul_reciprocal
BN_mod_sqr
BN_mod_sqrt
BN_mod_sub
BN_mod_sub_quick
BN_mod_word
BN_mpi2bn
BN_mul
BN_mul_word
BN_new
BN_nist_mod_192
BN_nist_mod_224
BN_nist_mod_256
BN_nist_mod_384
BN_nist_mod_521
BN_nnmod
BN_num_bits
BN_num_bits_word
BN_options
BN_print
BN_print_fp
BN_pseudo_rand
BN_pseudo_rand_range
BN_rand
BN_rand_range
BN_reciprocal
BN_rshift
BN_rshift1
BN_set_bit
BN_set_negative
BN_set_params
BN_set_word
BN_sqr
BN_sub
BN_sub_word
BN_swap
BN_to_ASN1_ENUMERATED
BN_to_ASN1_INTEGER
BN_uadd
BN_ucmp
BN_usub
BN_value_one
BUF_MEM_free
BUF_MEM_grow
BUF_MEM_grow_clean
BUF_MEM_new
BUF_memdup
BUF_strdup
BUF_strlcat
BUF_strlcpy
BUF_strndup
CAST_cbc_encrypt
CAST_cfb64_encrypt
CAST_decrypt
CAST_ecb_encrypt
CAST_encrypt
CAST_ofb64_encrypt
CAST_set_key
CBIGNUM_it
CERTIFICATEPOLICIES_free
CERTIFICATEPOLICIES_it
CERTIFICATEPOLICIES_new
COMP_CTX_free
COMP_CTX_new
COMP_compress_block
COMP_expand_block
COMP_rle
COMP_zlib
CONF_dump_bio
CONF_dump_fp
CONF_free
CONF_get1_default_config_file
CONF_get_number
CONF_get_section
CONF_get_string
CONF_imodule_get_flags
CONF_imodule_get_module
CONF_imodule_get_name
CONF_imodule_get_usr_data
CONF_imodule_get_value
CONF_imodule_set_flags
CONF_imodule_set_usr_data
CONF_load
CONF_load_bio
CONF_load_fp
CONF_module_add
CONF_module_get_usr_data
CONF_module_set_usr_data
CONF_modules_finish
CONF_modules_free
CONF_modules_load
CONF_modules_load_file

Sections

.text
Size: 644KB - Virtual size: 643KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libexpatw.dll
.dll windows:4 windows x86 arch:x86

16adaa296932ee15ea6dacef0485a6a3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
HeapReAlloc
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
InitializeCriticalSection
RtlUnwind
InterlockedExchange
VirtualQuery
GetACP
GetOEMCP
GetCPInfo
LoadLibraryA
HeapSize
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualProtect
GetSystemInfo

Exports

Exports

XML_DefaultCurrent
XML_ErrorString
XML_ExpatVersion
XML_ExpatVersionInfo
XML_ExternalEntityParserCreate
XML_FreeContentModel
XML_GetBase
XML_GetBuffer
XML_GetCurrentByteCount
XML_GetCurrentByteIndex
XML_GetCurrentColumnNumber
XML_GetCurrentLineNumber
XML_GetErrorCode
XML_GetFeatureList
XML_GetIdAttributeIndex
XML_GetInputContext
XML_GetParsingStatus
XML_GetSpecifiedAttributeCount
XML_MemFree
XML_MemMalloc
XML_MemRealloc
XML_Parse
XML_ParseBuffer
XML_ParserCreate
XML_ParserCreateNS
XML_ParserCreate_MM
XML_ParserFree
XML_ParserReset
XML_ResumeParser
XML_SetAttlistDeclHandler
XML_SetBase
XML_SetCdataSectionHandler
XML_SetCharacterDataHandler
XML_SetCommentHandler
XML_SetDefaultHandler
XML_SetDefaultHandlerExpand
XML_SetDoctypeDeclHandler
XML_SetElementDeclHandler
XML_SetElementHandler
XML_SetEncoding
XML_SetEndCdataSectionHandler
XML_SetEndDoctypeDeclHandler
XML_SetEndElementHandler
XML_SetEndNamespaceDeclHandler
XML_SetEntityDeclHandler
XML_SetExternalEntityRefHandler
XML_SetExternalEntityRefHandlerArg
XML_SetNamespaceDeclHandler
XML_SetNotStandaloneHandler
XML_SetNotationDeclHandler
XML_SetParamEntityParsing
XML_SetProcessingInstructionHandler
XML_SetReturnNSTriplet
XML_SetSkippedEntityHandler
XML_SetStartCdataSectionHandler
XML_SetStartDoctypeDeclHandler
XML_SetStartElementHandler
XML_SetStartNamespaceDeclHandler
XML_SetUnknownEncodingHandler
XML_SetUnparsedEntityDeclHandler
XML_SetUserData
XML_SetXmlDeclHandler
XML_StopParser
XML_UseForeignDTD
XML_UseParserAsHandlerArg

Sections

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msvcp71.dll
.dll windows:4 windows x86 arch:x86

5e2398adb60a70c7ab04e7cba75a7983

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr71

setvbuf
fflush
ungetc
fgetc
fwrite
fputc
_Getdays
_Getmonths
fgetpos
fseek
fsetpos
fclose
__iob_func
fopen
atan2
cos
exp
ldexp
log
pow
sin
sqrt
tan
fgetwc
fputwc
ungetwc
strtol
_errno
_Strftime
strcspn
strtoul
_strtoi64
_strtoui64
sprintf
abort
realloc
setlocale
_CxxThrowException
??0exception@@QAE@XZ
malloc
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
__uncaught_exception
towlower
towupper
strcmp
__pctype_func
___lc_codepage_func
___lc_handle_func
_unlock
_lock
___setlc_active_func
___unguarded_readlc_active_add_func
_except_handler3
_local_unwind2
__crtCompareStringA
___lc_collate_cp_func
__crtLCMapStringA
isupper
islower
__crtGetStringTypeW
__crtLCMapStringW
_callnewh
__crtCompareStringW
strtod
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__security_error_handler
__dllonexit
_onexit
_initterm
_adjust_fdiv
__CppXcptFilter
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler
___mb_cur_max_func
??_V@YAXPAX@Z
??3@YAXPAX@Z
_Gettnames
localeconv
free
memset
memchr
strlen
memcmp
wcslen
memmove
??1exception@@UAE@XZ
memcpy

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLocaleInfoA
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
DisableThreadLibraryCalls

Exports

Exports

??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAC@Z
??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAD@Z
??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAE@Z
??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAC@Z
??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAD@Z
??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAE@Z
??$?5DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?5GU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAG@Z
??$?5GU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@PAG@Z
??$?5GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?5MDU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@M@0@@Z
??$?5MGU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@M@0@@Z
??$?5M_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$complex@M@0@@Z
??$?5NDU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@N@0@@Z
??$?5NGU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@N@0@@Z
??$?5N_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$complex@N@0@@Z
??$?5ODU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@O@0@@Z
??$?5OGU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@O@0@@Z
??$?5O_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$complex@O@0@@Z
??$?5_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AA_W@Z
??$?5_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@PA_W@Z
??$?5_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?6GU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@G@Z
??$?6GU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@PBG@Z
??$?6GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?6MDU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@M@0@@Z
??$?6MGU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@M@0@@Z
??$?6M_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$complex@M@0@@Z
??$?6NDU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@N@0@@Z
??$?6NGU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@N@0@@Z
??$?6N_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$complex@N@0@@Z
??$?6ODU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@O@0@@Z
??$?6OGU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@O@0@@Z
??$?6O_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$complex@O@0@@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@C@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@E@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBC@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBE@Z
??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z
??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@_W@Z
??$?6_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?8M@std@@YA_NABMABV?$complex@M@0@@Z
??$?8M@std@@YA_NABV?$complex@M@0@0@Z
??$?8M@std@@YA_NABV?$complex@M@0@ABM@Z
??$?8N@std@@YA_NABNABV?$complex@N@0@@Z
??$?8N@std@@YA_NABV?$complex@N@0@0@Z
??$?8N@std@@YA_NABV?$complex@N@0@ABN@Z
??$?8O@std@@YA_NABOABV?$complex@O@0@@Z
??$?8O@std@@YA_NABV?$complex@O@0@0@Z
??$?8O@std@@YA_NABV?$complex@O@0@ABO@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?9M@std@@YA_NABMABV?$complex@M@0@@Z
??$?9M@std@@YA_NABV?$complex@M@0@0@Z
??$?9M@std@@YA_NABV?$complex@M@0@ABM@Z
??$?9N@std@@YA_NABNABV?$complex@N@0@@Z
??$?9N@std@@YA_NABV?$complex@N@0@0@Z
??$?9N@std@@YA_NABV?$complex@N@0@ABN@Z
??$?9O@std@@YA_NABOABV?$complex@O@0@@Z
??$?9O@std@@YA_NABV?$complex@O@0@0@Z
??$?9O@std@@YA_NABV?$complex@O@0@ABO@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?DM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?DM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?DM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?DN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?DN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?DN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?DO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?DO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?DO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?GM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?GM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?GM@std@@YA?AV?$complex@M@0@ABV10@@Z
??$?GM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?GN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?GN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?GN@std@@YA?AV?$complex@N@0@ABV10@@Z
??$?GN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?GO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?GO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?GO@std@@YA?AV?$complex@O@0@ABV10@@Z
??$?GO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@DABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@GABV10@@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
??$?HM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?HM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?HM@std@@YA?AV?$complex@M@0@ABV10@@Z
??$?HM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?HN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?HN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?HN@std@@YA?AV?$complex@N@0@ABV10@@Z
??$?HN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?HO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?HO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?HO@std@@YA?AV?$complex@O@0@ABV10@@Z
??$?HO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@_WABV10@@Z
??$?KM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?KM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?KM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?KN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?KN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?KN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?KO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?KO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?KO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?NGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?NGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?NGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?N_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?N_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?N_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?OGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?OGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?OGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?O_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?O_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?O_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?PDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?PDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?PDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?PGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?PGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?PGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?P_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?P_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?P_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$_Fabs@M@std@@YAMABV?$complex@M@0@PAH@Z
??$_Fabs@N@std@@YANABV?$complex@N@0@PAH@Z
??$_Fabs@O@std@@YAOABV?$complex@O@0@PAH@Z
??$abs@M@std@@YAMABV?$complex@M@0@@Z
??$abs@N@std@@YANABV?$complex@N@0@@Z
??$abs@O@std@@YAOABV?$complex@O@0@@Z
??$arg@M@std@@YAMABV?$complex@M@0@@Z
??$arg@N@std@@YANABV?$complex@N@0@@Z
??$arg@O@std@@YAOABV?$complex@O@0@@Z
??$conj@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$conj@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$conj@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$cos@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$cos@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$cos@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$cosh@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$cosh@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$cosh@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$exp@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$exp@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$exp@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@D@Z
??$getline@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$getline@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@G@Z
??$getline@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$getline@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@_W@Z
??$imag@M@std@@YAMABV?$complex@M@0@@Z
??$imag@N@std@@YANABV?$complex@N@0@@Z
??$imag@O@std@@YAOABV?$complex@O@0@@Z
??$log10@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$log10@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$log10@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$log@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$log@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$log@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$norm@M@std@@YAMABV?$complex@M@0@@Z
??$norm@N@std@@YANABV?$complex@N@0@@Z
??$norm@O@std@@YAOABV?$complex@O@0@@Z
??$polar@M@std@@YA?AV?$complex@M@0@ABM0@Z
??$polar@M@std@@YA?AV?$complex@M@0@ABM@Z
??$polar@N@std@@YA?AV?$complex@N@0@ABN0@Z
??$polar@N@std@@YA?AV?$complex@N@0@ABN@Z
??$polar@O@std@@YA?AV?$complex@O@0@ABO0@Z
??$polar@O@std@@YA?AV?$complex@O@0@ABO@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABV10@H@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABV10@H@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABV10@H@Z
??$real@M@std@@YAMABV?$complex@M@0@@Z
??$real@N@std@@YANABV?$complex@N@0@@Z
??$real@O@std@@YAOABV?$complex@O@0@@Z
??$sin@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$sin@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$sin@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$sinh@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$sinh@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$sinh@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$sqrt@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$sqrt@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$sqrt@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$tan@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$tan@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$tan@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$tanh@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$tanh@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$tanh@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??0?$_Complex_base@MU_C_float_complex@@@std@@QAE@ABM0@Z
??0?$_Complex_base@NU_C_double_complex@@@std@@QAE@ABN0@Z
??0?$_Complex_base@OU_C_ldouble_complex@@@std@@QAE@ABO0@Z
??0?$_Mpunct@D@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$_Mpunct@D@std@@QAE@I_N@Z
??0?$_Mpunct@G@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$_Mpunct@G@std@@QAE@I_N@Z
??0?$_Mpunct@_W@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$_Mpunct@_W@std@@QAE@I_N@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@QAE@ABV01@@Z
??0?$_String_val@GV?$allocator@G@std@@@std@@IAE@V?$allocator@G@1@@Z
??0?$_String_val@GV?$allocator@G@std@@@std@@QAE@ABV01@@Z
??0?$_String_val@_WV?$allocator@_W@std@@@std@@IAE@V?$allocator@_W@1@@Z
??0?$_String_val@_WV?$allocator@_W@std@@@std@@QAE@ABV01@@Z
??0?$allocator@X@std@@QAE@ABV01@@Z
??0?$allocator@X@std@@QAE@XZ
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_filebuf@_WU?$char_traits@_W@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_filebuf@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PBDHH@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@PBDHH@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PBDHH@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@PBDHH@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N1@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_istringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_istringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PBDHH@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@PBDHH@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@Vconst_iterator@01@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@II@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@IIABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGIABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@Vconst_iterator@01@0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@II@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@IIABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@I_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@I_WABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WIABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@Vconst_iterator@01@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_stringbuf@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_stringbuf@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??0?$codecvt@DDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@DDH@std@@QAE@I@Z
??0?$codecvt@GDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@GDH@std@@QAE@I@Z
??0?$codecvt@_WDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@_WDH@std@@QAE@I@Z
??0?$collate@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$collate@D@std@@QAE@I@Z
??0?$collate@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$collate@G@std@@QAE@I@Z
??0?$collate@_W@std@@QAE@ABV_Locinfo@1@I@Z
??0?$collate@_W@std@@QAE@I@Z
??0?$complex@M@std@@QAE@ABM0@Z
??0?$complex@M@std@@QAE@ABU_C_float_complex@@@Z
??0?$complex@M@std@@QAE@ABV?$complex@N@1@@Z
??0?$complex@M@std@@QAE@ABV?$complex@O@1@@Z
??0?$complex@N@std@@QAE@ABN0@Z
??0?$complex@N@std@@QAE@ABU_C_double_complex@@@Z
??0?$complex@N@std@@QAE@ABV?$complex@M@1@@Z
??0?$complex@N@std@@QAE@ABV?$complex@O@1@@Z
??0?$complex@O@std@@QAE@ABO0@Z
??0?$complex@O@std@@QAE@ABU_C_ldouble_complex@@@Z
??0?$complex@O@std@@QAE@ABV?$complex@M@1@@Z
??0?$complex@O@std@@QAE@ABV?$complex@N@1@@Z
??0?$ctype@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@D@std@@QAE@PBF_NI@Z
??0?$ctype@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@G@std@@QAE@I@Z
??0?$ctype@_W@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@_W@std@@QAE@I@Z
??0?$messages@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$messages@D@std@@QAE@I@Z
??0?$messages@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$messages@G@std@@QAE@I@Z
??0?$messages@_W@std@@QAE@ABV_Locinfo@1@I@Z
??0?$messages@_W@std@@QAE@I@Z
??0?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$money_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$money_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$moneypunct@D$00@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@D$00@std@@QAE@I@Z
??0?$moneypunct@D$0A@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@D$0A@@std@@QAE@I@Z
??0?$moneypunct@G$00@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@G$00@std@@QAE@I@Z
??0?$moneypunct@G$0A@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@G$0A@@std@@QAE@I@Z
??0?$moneypunct@_W$00@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@_W$00@std@@QAE@I@Z
??0?$moneypunct@_W$0A@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@_W$0A@@std@@QAE@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$numpunct@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$numpunct@D@std@@QAE@I@Z
??0?$numpunct@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$numpunct@G@std@@QAE@I@Z
??0?$numpunct@_W@std@@QAE@ABV_Locinfo@1@I@Z
??0?$numpunct@_W@std@@QAE@I@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0Init@ios_base@std@@QAE@XZ
??0_Locimp@locale@std@@AAE@ABV012@@Z
??0_Locinfo@std@@QAE@HPBD@Z
??0_Locinfo@std@@QAE@PBD@Z
??0_Lockit@std@@QAE@H@Z
??0_Lockit@std@@QAE@XZ
??0_Mutex@std@@QAE@XZ
??0_Timevec@std@@QAE@ABV01@@Z
??0_Timevec@std@@QAE@PAX@Z
??0_UShinit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??0codecvt_base@std@@QAE@I@Z
??0ctype_base@std@@QAE@I@Z
??0facet@locale@std@@IAE@I@Z
??0id@locale@std@@QAE@I@Z
??0ios_base@std@@IAE@XZ
??0ios_base@std@@QAE@ABV01@@Z
??0locale@std@@AAE@PAV_Locimp@01@@Z
??0locale@std@@QAE@ABV01@0H@Z
??0locale@std@@QAE@ABV01@@Z
??0locale@std@@QAE@ABV01@PBDH@Z
??0locale@std@@QAE@PBDH@Z

Sections

.text
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 268KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msvcr71.dll
.dll windows:4 windows x86 arch:x86

7acc8c379c768a1ecd81ec502ff5f33e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
GetModuleFileNameW
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetCurrentThreadId
GetCommandLineA
GetVersionExA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitThread
CloseHandle
GetLastError
ResumeThread
CreateThread
TlsAlloc
SetLastError
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
HeapAlloc
HeapFree
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetHandleCount
GetFileType
GetStartupInfoA
GetACP
GetOEMCP
GetCPInfo
LoadLibraryA
MultiByteToWideChar
GetCommandLineW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
InitializeCriticalSection
RtlUnwind
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
InterlockedExchange
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetEnvironmentVariableA
SetEnvironmentVariableW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
HeapSize
VirtualProtect
GetSystemInfo
FlushFileBuffers
SetFilePointer
SetStdHandle
CompareStringA
CompareStringW
Sleep
Beep
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDiskFreeSpaceA
GetLogicalDrives
SetErrorMode
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetDriveTypeA
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
DeleteFileW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
MoveFileA
RaiseException
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadCodePtr
GetExitCodeProcess
WaitForSingleObject
FreeLibrary
CreateProcessA
CreateProcessW
HeapValidate
HeapCompact
HeapWalk
ReadConsoleA
SetConsoleMode
GetConsoleMode
IsDBCSLeadByteEx
GetConsoleCP
ReadConsoleW
SetEndOfFile
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
DuplicateHandle
GetFileInformationByHandle
PeekNamedPipe
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ReadConsoleInputW
LockFile
UnlockFile
CreateFileA
CreatePipe
ReadFile
CreateFileW
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetLocalTime
SetLocalTime

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@@QAE@ABV0@@Z
??0__non_rtti_object@@QAE@PBD@Z
??0bad_cast@@AAE@PBQBD@Z
??0bad_cast@@QAE@ABQBD@Z
??0bad_cast@@QAE@ABV0@@Z
??0bad_cast@@QAE@PBD@Z
??0bad_typeid@@QAE@ABV0@@Z
??0bad_typeid@@QAE@PBD@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1__non_rtti_object@@UAE@XZ
??1bad_cast@@UAE@XZ
??1bad_typeid@@UAE@XZ
??1exception@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??3@YAXPAX@Z
??4__non_rtti_object@@QAEAAV0@ABV0@@Z
??4bad_cast@@QAEAAV0@ABV0@@Z
??4bad_typeid@@QAEAAV0@ABV0@@Z
??4exception@@QAEAAV0@ABV0@@Z
??8type_info@@QBEHABV0@@Z
??9type_info@@QBEHABV0@@Z
??_7__non_rtti_object@@6B@
??_7bad_cast@@6B@
??_7bad_typeid@@6B@
??_7exception@@6B@
??_Fbad_cast@@QAEXXZ
??_Fbad_typeid@@QAEXXZ
??_U@YAPAXI@Z
??_V@YAXPAX@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?before@type_info@@QBEHABV1@@Z
?name@type_info@@QBEPBDXZ
?raw_name@type_info@@QBEPBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?swprintf@@YAHPAGIPBGZZ
?swprintf@@YAHPA_WIPB_WZZ
?terminate@@YAXXZ
?unexpected@@YAXXZ
?vswprintf@@YAHPAGIPBGPAD@Z
?vswprintf@@YAHPA_WIPB_WPAD@Z
?what@exception@@UBEPBDXZ
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CRT_RTC_INIT
_CxxThrowException
_EH_prolog
_Getdays
_Getmonths
_Gettnames
_HUGE
_Strftime
_XcptFilter
__CppXcptFilter
__CxxCallUnwindDtor
__CxxCallUnwindVecDtor
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
___lc_codepage_func
___lc_collate_cp_func
___lc_handle_func
___mb_cur_max_func
___setlc_active_func
___unguarded_readlc_active_add_func
__argc
__argv
__badioinfo
__buffer_overrun
__crtCompareStringA
__crtCompareStringW
__crtGetLocaleInfoW
__crtGetStringTypeW
__crtLCMapStringA
__crtLCMapStringW
__dllonexit
__doserrno
__fpecode
__getmainargs
__initenv
__iob_func
__isascii
__iscsym
__iscsymf
__lc_clike
__lc_codepage
__lc_collate_cp
__lc_handle
__lconv_init
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fileinfo
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__osver
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__winmajor
__p__winminor
__p__winver
__p__wpgmptr
__pctype_func
__pioinfo
__pwctype_func
__pxcptinfoptrs
__security_error_handler
__set_app_type
__set_buffer_overrun_handler
__setlc_active
__setusermatherr
__threadhandle
__threadid
__toascii
__unDName
__unDNameEx
__uncaught_exception
__unguarded_readlc_active
__wargv
__wcserror
__wgetmainargs
__winitenv
_abnormal_termination
_access
_acmdln
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_adjust_fdiv
_aexit_rtn
_aligned_free
_aligned_malloc
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_realloc
_amsg_exit
_assert
_atodbl
_atoi64
_atoldbl
_beep
_beginthread
_beginthreadex
_c_exit
_cabs
_callnewh
_cexit
_cgets
_cgetws
_chdir
_chdrive
_chgsign
_chkesp
_chmod
_chsize
_clearfp
_close
_commit
_commode
_control87
_controlfp
_copysign
_cprintf
_cputs
_cputws
_creat
_cscanf
_ctime64
_cwait
_cwprintf
_cwscanf
_daylight
_dstbias
_dup
_dup2
_ecvt
_endthread
_endthreadex
_environ
_eof
_errno
_except_handler2
_except_handler3
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fcloseall
_fcvt
_fdopen
_fgetchar
_fgetwchar
_filbuf
_fileinfo
_filelength
_filelengthi64
_fileno
_findclose
_findfirst
_findfirst64
_findfirsti64
_findnext
_findnext64
_findnexti64
_finite
_flsbuf
_flushall
_fmode
_fpclass
_fpieee_flt
_fpreset
_fputchar
_fputwchar
_fsopen
_fstat
_fstat64
_fstati64
_ftime
_ftime64
_ftol
_fullpath
_futime
_futime64
_gcvt
_get_heap_handle
_get_osfhandle
_get_sbh_threshold
_getch
_getche
_getcwd
_getdcwd
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getwch
_getwche
_getws
_global_unwind2
_gmtime64
_heapadd
_heapchk
_heapmin
_heapset
_heapused
_heapwalk
_hypot
_i64toa
_i64tow
_initterm
_inp
_inpd
_inpw
_iob
_isatty
_isctype
_ismbbalnum
_ismbbalpha
_ismbbgraph
_ismbbkalnum
_ismbbkana
_ismbbkprint
_ismbbkpunct
_ismbblead
_ismbbprint
_ismbbpunct
_ismbbtrail
_ismbcalnum
_ismbcalpha
_ismbcdigit
_ismbcgraph
_ismbchira
_ismbckata
_ismbcl0
_ismbcl1
_ismbcl2
_ismbclegal
_ismbclower
_ismbcprint
_ismbcpunct
_ismbcspace
_ismbcsymbol
_ismbcupper
_ismbslead
_ismbstrail
_isnan
_itoa
_itow
_j0
_j1
_jn
_kbhit
_lfind
_loaddll
_local_unwind2
_localtime64
_lock
_locking
_logb
_longjmpex
_lrotl
_lrotr
_lsearch
_lseek
_lseeki64
_ltoa
_ltow
_makepath
_mbbtombc
_mbbtype
_mbcasemap
_mbccpy
_mbcjistojms
_mbcjmstojis
_mbclen
_mbctohira
_mbctokata
_mbctolower
_mbctombb
_mbctoupper
_mbctype
_mbsbtype
_mbscat
_mbschr
_mbscmp
_mbscoll
_mbscpy
_mbscspn
_mbsdec
_mbsdup
_mbsicmp
_mbsicoll
_mbsinc
_mbslen
_mbslwr
_mbsnbcat
_mbsnbcmp
_mbsnbcnt
_mbsnbcoll
_mbsnbcpy
_mbsnbicmp
_mbsnbicoll
_mbsnbset
_mbsncat
_mbsnccnt
_mbsncmp
_mbsncoll
_mbsncpy
_mbsnextc
_mbsnicmp
_mbsnicoll
_mbsninc
_mbsnset
_mbspbrk
_mbsrchr
_mbsrev
_mbsset
_mbsspn
_mbsspnp
_mbsstr
_mbstok
_mbstrlen
_mbsupr
_memccpy
_memicmp
_mkdir
_mktemp
_mktime64
_msize
_nextafter
_onexit
_open
_open_osfhandle
_osplatform
_osver
_outp
_outpd
_outpw
_pclose
_pctype
_pgmptr
_pipe
_popen
_purecall
_putch
_putenv
_putw
_putwch
_putws
_pwctype
_read
_resetstkoflw
_rmdir
_rmtmp
_rotl
_rotr
_safe_fdiv
_safe_fdivr
_safe_fprem
_safe_fprem1
_scalb
_scprintf
_scwprintf
_searchenv
_seh_longjmp_unwind
_set_SSE2_enable
_set_error_mode
_set_purecall_handler
_set_sbh_threshold
_set_security_error_handler
_seterrormode
_setjmp
_setjmp3
_setmaxstdio
_setmbcp
_setmode
_setsystime
_sleep
_snprintf
_snscanf
_snwprintf
_snwscanf
_sopen
_spawnl
_spawnle
_spawnlp
_spawnlpe
_spawnv
_spawnve
_spawnvp

Sections

.text
Size: 228KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
network.dll
.dll windows:4 windows x86 arch:x86

0a55738351378fa22250e32dbc64565b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
ResetEvent
WaitForSingleObject
CreateThread
GetTickCount
OpenFileMappingA
CreateFileMappingA
OpenEventA
GetLastError
CreateEventA
CloseHandle
MapViewOfFile
SetLastError
VirtualProtect
FlushInstructionCache
GetCurrentProcess
GetProcAddress
LoadLibraryA
GetModuleHandleA
RtlUnwind
GetCommandLineA
GetVersion
HeapFree
RaiseException
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
ExitProcess
TerminateProcess
HeapReAlloc
HeapAlloc
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadWritePtr
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

ws2_32

WSARecvFrom
recvfrom
WSARecv
recv
closesocket
getpeername

Exports

Exports

GetLocalDownloadSpeed
GetRemoteDownloadSpeed
Reset
StartMeasure
StopMeasure

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/CheckOS.dll
.dll windows:4 windows x86 arch:x86

0bd51211f1803ff41ceed9ab8c00dbdd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenW
Sleep
SetThreadAffinityMask
GetCurrentThread
GetProcessAffinityMask
GetCurrentProcess
LoadLibraryA
CloseHandle
FreeLibrary
OpenProcess
GetPrivateProfileStringA
SetLastError
lstrcpyA
GetSystemDirectoryA
GetFileAttributesA
GetFileSize
CreateFileA
ReadFile
SetFilePointer
DeleteFileA
WideCharToMultiByte
FindClose
FindFirstFileA
CreateDirectoryA
MultiByteToWideChar
GetStdHandle
WriteFile
OutputDebugStringA
GetTempFileNameA
GetTempPathA
CompareStringW
CompareStringA
SetEndOfFile
SetThreadLocale
GetVersionExA
GetModuleHandleA
GetProcAddress
GetSystemInfo
lstrcatA
lstrcmpiA
lstrlenA
QueryPerformanceCounter
QueryPerformanceFrequency
LocalAlloc
GetLastError
LocalFree
GetTickCount
lstrcpynA
GetModuleFileNameA
GetThreadLocale
SetStdHandle
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FlushFileBuffers
GetStartupInfoA
GetFileType
SetHandleCount
SetEnvironmentVariableA
LCMapStringW
LCMapStringA
SetUnhandledExceptionFilter
GetOEMCP
GetACP
GetCPInfo
HeapSize
TerminateProcess
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
IsBadWritePtr
VirtualAlloc
ExitProcess
VirtualFree
HeapCreate
HeapDestroy
GetVersion
GetCommandLineA
HeapReAlloc
InterlockedIncrement
InterlockedDecrement
RaiseException
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RtlUnwind
HeapAlloc
HeapFree
LeaveCriticalSection
DeleteCriticalSection
InterlockedExchange
InitializeCriticalSection
EnterCriticalSection

user32

GetSystemMetrics
wsprintfA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegEnumKeyExA

ole32

IIDFromString
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear

ws2_32

closesocket
recv
shutdown
getsockname
ntohs
WSACleanup
gethostbyname
gethostbyaddr
connect
inet_addr
htons
socket
WSAStartup
send
select
ioctlsocket
WSAGetLastError
inet_ntoa

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

iphlpapi

GetAdaptersInfo

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA

Exports

Exports

CreatePlugin

Sections

.text
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ppamnet.exe
.exe windows:4 windows x86 arch:x86

d0cdedceec699f9cb64fa91302c86a22

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
SetLastError
CloseHandle
IsBadCodePtr
OpenProcess
GetLastError
GetModuleHandleA
GetVersionExA
IsBadWritePtr
GetModuleFileNameA
CreateFileA
GetCurrentProcessId
ReadProcessMemory
GetCurrentProcess
lstrlenA
GetCurrentThread
IsBadReadPtr
HeapFree
GetProcessHeap
SetUnhandledExceptionFilter
RaiseException
DeleteFileA
GetPrivateProfileStringA
GetFileAttributesA
CreateThread
WriteFile
SetProcessWorkingSetSize
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
CreateProcessA
FindNextFileA
FindFirstFileA
GetCommandLineA
GetTickCount
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
FlushInstructionCache
ReadFile
GetThreadLocale
GetVersion
Sleep
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetFileType
SetFilePointer
lstrcatA
GetPrivateProfileIntA
SetEnvironmentVariableA
SetEndOfFile
SetStdHandle
GetStringTypeW
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
SetHandleCount
GetOEMCP
GetACP
VirtualAlloc
VirtualFree
HeapCreate
GetEnvironmentVariableA
FlushFileBuffers
HeapSize
TerminateProcess
TlsGetValue
TlsAlloc
TlsSetValue
CompareStringW
CompareStringA
GetCPInfo
LCMapStringW
LCMapStringA
GetLocaleInfoW
ExitProcess
OutputDebugStringA
GetTempPathA
GetTempFileNameA
FreeLibrary
lstrcpynA
LoadLibraryA
GetStartupInfoA
HeapAlloc
HeapReAlloc
GetLocalTime
GetSystemTime
RtlUnwind
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
CreateDirectoryA
GetProcAddress

user32

PostMessageA
SendMessageA
IsWindow
PostQuitMessage
DestroyWindow
IsDialogMessageA
SetTimer
LoadImageA
GetSystemMetrics
SetWindowPos
MapWindowPoints
GetClientRect
SystemParametersInfoA
GetWindowRect
GetWindow
GetParent
GetWindowLongA
KillTimer
CreateDialogParamA
DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
SetLastErrorEx
wsprintfA
SetWindowLongA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegCreateKeyA
RegSetValueExA
RegCloseKey

shell32

SHGetSpecialFolderPathA

ole32

CoInitialize
CoUninitialize

wininet

InternetOpenUrlA
InternetCloseHandle
InternetReadFile
InternetOpenA

comctl32

InitCommonControlsEx

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Sections

.text
Size: 228KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ppdoctor.exe
.exe windows:4 windows x86 arch:x86

462eabe3a4afd28bcef939ab08a6b8b4

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7f:34:08:e0:c7:05:f6:b7:53:b1:c8:71:d0:d6:81:db
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30/01/2007, 00:00

Not After

31/01/2008, 23:59

Subject

CN=Beijing Tianchuang Shijie Technologies Co.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Department of Broadband,O=Beijing Tianchuang Shijie Technologies Co.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d5:ca:c0:6a:61:eb:ff:25:1d:e6:be:50:55:39:5f:5c:a4:0f:04:7c
Signer

Actual PE Digest

d5:ca:c0:6a:61:eb:ff:25:1d:e6:be:50:55:39:5f:5c:a4:0f:04:7c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
LockResource
LoadResource
FindResourceA
MulDiv
GetModuleFileNameA
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleA
GetVersionExA
GetStdHandle
WriteFile
GetLastError
DuplicateHandle
CreateMutexA
TlsAlloc
TlsSetValue
UnmapViewOfFile
ResumeThread
SetThreadContext
GetThreadContext
SuspendThread
ReleaseMutex
RaiseException
TlsGetValue
MapViewOfFile
CreateFileMappingA
HeapDestroy
SetStdHandle
FlushFileBuffers
LCMapStringW
LCMapStringA
SetFilePointer
InterlockedIncrement
InterlockedDecrement
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetOEMCP
GetACP
GetCPInfo
HeapSize
TerminateProcess
SetLastError
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
ExitThread
CreateThread
RtlUnwind
HeapFree
HeapAlloc
InitializeCriticalSection
SetThreadLocale
FreeLibrary
LoadLibraryA
GetProcAddress
FindFirstFileA
FindNextFileA
FindClose
SetEvent
GetThreadLocale
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
lstrcatA
WaitForSingleObject
CloseHandle
GetExitCodeThread
TerminateThread
CreateEventA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalAddAtomA
CompareStringA
lstrcmpiA
lstrlenA
lstrcpyA
GetCurrentProcess
FlushInstructionCache

user32

BeginDeferWindowPos
EndDeferWindowPos
GetClassLongA
SetPropA
GetDialogBaseUnits
SetRect
GetClassInfoA
CallWindowProcA
DeferWindowPos
SetWindowPos
MapWindowPoints
GetClientRect
CopyRect
IsWindowEnabled
GetSysColor
GetFocus
DrawFocusRect
FillRect
GetDlgCtrlID
BeginPaint
EndPaint
DestroyWindow
InvalidateRect
PtInRect
UpdateWindow
SetFocus
SetCapture
GetCapture
ReleaseCapture
GetCursorPos
ScreenToClient
DefWindowProcA
SetRectEmpty
SetDlgItemTextA
GetActiveWindow
DialogBoxParamA
DestroyCursor
EnableWindow
wsprintfA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
LoadIconA
DrawTextA
CreateWindowExA
ReleaseDC
GetClassNameA
CreateCursor
SendMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
IsWindow
GetDC
OffsetRect
CharNextA
EndDialog
GetDlgItem
SetWindowLongA
GetWindowLongA
GetParent
GetWindow
GetWindowRect
SystemParametersInfoA
SetCursor

gdi32

GetObjectA
CreateFontIndirectA
SelectObject
GetStockObject
DeleteDC
DeleteObject
SetTextColor
SetBkMode
GetTextExtentPoint32A
GetTextMetricsA
CreateFontIndirectW
GetDeviceCaps
DPtoLP

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA

ole32

CoUninitialize
CoInitialize

comctl32

_TrackMouseEvent
InitCommonControlsEx

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pplivesession.dll
.dll windows:4 windows x86 arch:x86

b39315c466bdeb9be81d5261407f8140

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetEvent
Sleep
CreateEventA
CloseHandle
GetDiskFreeSpaceExA
IsBadWritePtr
DeleteFileA
GetFileType
GetLastError
CreateFileA
ReadFile
WriteFile
GetFileSize
SetFilePointer
CreateThread
TerminateThread
GetExitCodeThread
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetThreadLocale
SetThreadLocale
SetProcessWorkingSetSize
GetVersionExA
CreateProcessA
LocalFree
FormatMessageA
GetVersion
GetDriveTypeA
GetLogicalDrives
GetFileAttributesA
GetTempFileNameA
GetTempPathA
GetModuleFileNameA
CreateDirectoryA
GetPrivateProfileStringA
GetPrivateProfileIntA
CreateMutexA
TlsAlloc
TlsFree
ReleaseMutex
TlsSetValue
TlsGetValue
QueryPerformanceCounter
QueryPerformanceFrequency
SetLastError
ResetEvent
UnmapViewOfFile
OpenEventA
InterlockedExchange
MapViewOfFile
WaitForSingleObject
OutputDebugStringA
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
GetLocaleInfoW
SetEnvironmentVariableA
SetEndOfFile
SetConsoleCtrlHandler
SetStdHandle
UnhandledExceptionFilter
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetStdHandle
SetHandleCount
FlushFileBuffers
SetUnhandledExceptionFilter
GetOEMCP
GetACP
VirtualAlloc
VirtualFree
HeapCreate
GetEnvironmentVariableA
GetCurrentThread
HeapSize
TerminateProcess
CompareStringW
CompareStringA
GetCPInfo
LCMapStringW
LCMapStringA
FatalAppExitA
ExitProcess
HeapReAlloc
GetCommandLineA
HeapAlloc
RaiseException
HeapFree
GetLocalTime
WideCharToMultiByte
GetPrivateProfileStringW
GetCurrentThreadId
InterlockedDecrement
GetCurrentProcess
FlushInstructionCache
lstrlenW
lstrcmpA
InterlockedIncrement
CreateFileMappingA
GetModuleHandleA
GlobalAlloc
GlobalLock
GlobalUnlock
lstrlenA
MultiByteToWideChar
InitializeCriticalSection
EnterCriticalSection
HeapDestroy
LeaveCriticalSection
DeleteCriticalSection
OpenFileMappingA
GetSystemTime
RtlUnwind
VirtualQuery
LoadLibraryA
GetProcAddress
FreeLibrary
VirtualProtect
PeekNamedPipe

user32

SetWindowTextA
SetWindowLongA
GetWindowLongA
GetSysColor
SendMessageA
GetDlgItem
CallWindowProcA
EndPaint
FillRect
GetClientRect
BeginPaint
ReleaseDC
GetDC
SetFocus
GetWindow
GetFocus
SetWindowPos
GetClassNameA
GetParent
IsWindow
DestroyWindow
RedrawWindow
GetDesktopWindow
CreateAcceleratorTableA
ReleaseCapture
SetCapture
InvalidateRect
InvalidateRgn
CreateWindowExA
wsprintfA
MessageBoxW
KillTimer
SetTimer
PostMessageA
FindWindowExA
SystemParametersInfoA
ScreenToClient
MoveWindow
GetWindowTextLengthA
SetDlgItemTextA
GetWindowRect
DefWindowProcA
RegisterWindowMessageA
GetClassInfoExA
LoadCursorA
RegisterClassExA
IsChild
GetWindowTextA

gdi32

GetObjectA
GetDeviceCaps
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetStockObject

advapi32

RegCreateKeyA
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegSetValueExA
RegQueryInfoKeyA
RegCloseKey

shell32

SHGetSpecialFolderPathA
SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
Shell_NotifyIconA

ole32

CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoCreateGuid
CoGetClassObject
OleLockRunning
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleUninitialize
OleInitialize

oleaut32

SysStringLen
SysAllocStringLen
VariantClear
VariantInit
CreateErrorInfo
VariantChangeType
SetErrorInfo
GetErrorInfo
SysAllocString
OleCreateFontIndirect
SysFreeString
LoadRegTypeLi

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

ws2_32

WSACleanup
setsockopt
getsockopt
ioctlsocket
accept
listen
WSAAsyncSelect
shutdown
getsockname
getpeername
connect
WSAAsyncGetHostByName
send
ntohs
closesocket
WSACancelAsyncRequest
bind
htonl
WSASetLastError
socket
gethostname
gethostbyname
inet_ntoa
inet_addr
htons
sendto
select
recv
getservbyname
gethostbyaddr
getprotobyname
recvfrom
ntohl
WSARecv
WSASend
WSAGetLastError
WSAStartup

Exports

Exports

CreatePPLiveSession
ReleasePPLiveSession

Sections

.text
Size: 572KB - Virtual size: 569KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ppmate.dll
.dll regsvr32 windows:4 windows x86 arch:x86

a0944c2fb20de2459834c2cabd2598a1

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7f:34:08:e0:c7:05:f6:b7:53:b1:c8:71:d0:d6:81:db
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30/01/2007, 00:00

Not After

31/01/2008, 23:59

Subject

CN=Beijing Tianchuang Shijie Technologies Co.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Department of Broadband,O=Beijing Tianchuang Shijie Technologies Co.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c8:55:50:a5:90:ed:02:63:2f:33:ce:6e:79:6f:1e:34:dd:55:77:0a
Signer

Actual PE Digest

c8:55:50:a5:90:ed:02:63:2f:33:ce:6e:79:6f:1e:34:dd:55:77:0a

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalUnlock
GlobalLock
GlobalAlloc
Sleep
WaitForSingleObject
CreateThread
CreateEventA
TerminateThread
CloseHandle
SetEvent
OutputDebugStringA
GetVersionExA
GetTickCount
GetFileAttributesA
GetFileType
CreateFileA
ReadFile
WriteFile
GetFileSize
SetFilePointer
QueryPerformanceFrequency
QueryPerformanceCounter
GlobalFree
DeviceIoControl
GetCurrentProcessId
LocalFree
FormatMessageA
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetDiskFreeSpaceExA
GetTempFileNameA
GetTempPathA
CreateDirectoryA
GetPrivateProfileStringA
GetSystemDirectoryA
CreateMutexA
TlsAlloc
TlsFree
GetCurrentProcess
TlsSetValue
TlsGetValue
SetLastError
InterlockedExchange
GetLocaleInfoW
SetEnvironmentVariableA
SetEndOfFile
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetStdHandle
SetHandleCount
FlushFileBuffers
GetOEMCP
GetACP
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetEnvironmentVariableA
HeapSize
TerminateProcess
CompareStringW
CompareStringA
GetCPInfo
LCMapStringW
LCMapStringA
ExitProcess
GetCommandLineA
FlushInstructionCache
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
lstrcatA
lstrcpyA
LoadLibraryA
GetProcAddress
DeleteCriticalSection
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
GetLastError
LoadLibraryExA
GetModuleFileNameA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
WideCharToMultiByte
GetModuleHandleA
GetShortPathNameA
lstrlenA
MultiByteToWideChar
lstrlenW
GetVersion
DisableThreadLibraryCalls
DeleteFileA
ReleaseMutex
GetLocalTime
GetSystemTime
RaiseException
HeapReAlloc
HeapAlloc
HeapFree
RtlUnwind

user32

RegisterClassExA
CreateWindowExA
CallWindowProcA
GetWindowLongA
SetWindowLongA
GetFocus
SetFocus
GetParent
ShowWindow
SetWindowPos
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
ReleaseDC
GetDC
InvalidateRect
EndPaint
GetClientRect
BeginPaint
PeekMessageA
PostMessageA
PostThreadMessageA
FindWindowA
SendMessageA
IsChild
UnionRect
PtInRect
GetKeyState
DefWindowProcA
CharNextA
IsWindow
DestroyWindow
GetClassInfoExA
LoadCursorA
wsprintfA

gdi32

LPtoDP
SetMapMode
SetViewportOrgEx
DeleteDC
GetDeviceCaps
CreateMetaFileA
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
Rectangle
SetTextAlign
TextOutA
CreateDCA

advapi32

RegDeleteKeyA
RegOpenKeyA
RegCreateKeyA
RegQueryValueExA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA

ole32

CoCreateGuid
CoUninitialize
CoInitialize
CreateOleAdviseHolder
OleLoadFromStream
CreateDataAdviseHolder
OleSaveToStream
WriteClassStm
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysAllocStringByteLen
SysStringByteLen
VariantChangeType
VariantClear
RegisterTypeLi
LoadTypeLi
VariantInit
SysAllocStringLen
OleCreatePropertyFrame
SysStringLen
SysFreeString
VarUI4FromStr
SysAllocString
LoadRegTypeLi

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

wininet

InternetCloseHandle
InternetOpenA
InternetReadFile
InternetOpenUrlA

ws2_32

shutdown
sendto
send
recvfrom
recv
accept
listen
bind
closesocket
socket
setsockopt
getsockname
inet_addr
gethostbyname
ntohs
htons
htonl
ioctlsocket
select
__WSAFDIsSet
WSAGetLastError
inet_ntoa
WSAStartup
WSACleanup
WSASend
WSARecv
ntohl
getpeername
WSASetLastError
connect

Exports

Exports

CreatePPMate
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ReleasePPMate

Sections

.text
Size: 512KB - Virtual size: 508KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ppmate.exe
.exe windows:4 windows x86 arch:x86

93dfe6a28611c7ae00a6530619585981

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

kernel32

IsBadReadPtr
HeapFree
GetProcessHeap
SetUnhandledExceptionFilter
RaiseException
lstrcpynW
TerminateProcess
GetSystemDefaultLCID
SetProcessWorkingSetSize
SetThreadLocale
DebugBreak
MulDiv
FindNextFileA
FindFirstFileA
HeapDestroy
WideCharToMultiByte
GetDriveTypeA
CreateSemaphoreA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
CreateFileMappingA
TerminateThread
GetPrivateProfileStringA
GlobalFree
DeviceIoControl
CreateDirectoryA
WriteFile
GetFileAttributesA
CreateProcessA
GetSystemTimeAsFileTime
ReadFile
GetFileType
GetStdHandle
GetCurrentThread
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
FlushFileBuffers
SetFilePointer
TlsGetValue
TlsAlloc
TlsSetValue
VirtualAlloc
VirtualFree
HeapCreate
GetEnvironmentVariableA
HeapSize
CompareStringW
GetCPInfo
LCMapStringW
LCMapStringA
GetVersion
GetCommandLineA
GetStartupInfoA
HeapReAlloc
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RtlUnwind
HeapAlloc
InterlockedExchange
Sleep
ReadProcessMemory
GetCurrentProcessId
CreateFileA
IsBadWritePtr
GetVersionExA
GetModuleHandleA
GetLastError
OpenProcess
IsBadCodePtr
SetLastError
lstrcatA
ExitProcess
OutputDebugStringA
GetTempPathA
GetTempFileNameA
FreeLibrary
lstrcpynA
LoadLibraryA
GetProcAddress
GlobalAlloc
GlobalLock
GlobalUnlock
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
lstrcmpA
lstrlenW
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
FlushInstructionCache
CompareStringA
lstrcmpiA
CreateThread
CloseHandle
GetTickCount
DeleteFileA
lstrcpyA
GetModuleFileNameA
lstrlenA
InterlockedIncrement
InterlockedDecrement
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetStdHandle
SetEnvironmentVariableA
SetEndOfFile
SetHandleCount
GetLocaleInfoW

user32

ModifyMenuA
InflateRect
DrawEdge
CallNextHookEx
PeekMessageA
IsRectEmpty
DrawFrameControl
DispatchMessageA
TranslateMessage
GetMessageA
ClientToScreen
CheckDlgButton
IsDlgButtonChecked
SetDlgItemInt
GetDlgItemInt
SetDlgItemTextA
GetDlgItemTextA
ExitWindowsEx
SetWindowRgn
GetMessagePos
WindowFromPoint
GetSysColorBrush
FrameRect
TrackPopupMenuEx
GetKeyState
wvsprintfA
SetWindowsHookExA
UnhookWindowsHookEx
CharLowerA
MessageBeep
GetWindowThreadProcessId
GetMenuItemCount
UnionRect
GetWindowDC
GetActiveWindow
DialogBoxParamA
OpenIcon
EnumChildWindows
UnregisterHotKey
MoveWindow
DestroyAcceleratorTable
KillTimer
SetMenu
RegisterHotKey
LoadAcceleratorsA
SetTimer
MessageBoxA
DestroyIcon
DestroyMenu
IsZoomed
DrawAnimatedRects
SetWindowTextA
GetDlgItem
SetWindowPos
BringWindowToTop
IsWindowVisible
IsIconic
FlashWindow
SetParent
SetActiveWindow
CheckMenuItem
TrackPopupMenu
LoadMenuA
LoadImageA
ShowWindow
TranslateAcceleratorA
SetRect
GetSystemMetrics
SetMenuDefaultItem
GetMenuItemInfoA
SetMenuItemInfoA
IsMenu
MapWindowPoints
GetClientRect
SystemParametersInfoA
GetWindowRect
GetWindow
GetWindowLongA
GetParent
EndDialog
SetRectEmpty
FindWindowA
DefWindowProcA
DestroyCursor
IsWindow
SendMessageA
PostMessageA
PostQuitMessage
LoadStringW
GetSubMenu
SetForegroundWindow
SetLastErrorEx
InvalidateRgn
wsprintfA
CreateAcceleratorTableA
GetDesktopWindow
RedrawWindow
IsChild
RegisterWindowMessageA
GetClassInfoExA
LoadCursorA
RegisterClassExA
CallWindowProcA
LoadStringA
IsWindowEnabled
GetSysColor
GetFocus
DrawFocusRect
FillRect
GetDlgCtrlID
CreateWindowExA
DrawTextA
ReleaseDC
EnableWindow
ScreenToClient
GetClassNameA
SetWindowLongA
CreateCursor
GetWindowTextLengthA
GetWindowTextA
GetDC
OffsetRect
CharNextA
EndPaint
DestroyWindow
BeginPaint
InvalidateRect
PtInRect
SetCursor
UpdateWindow
SetFocus
SetCapture
GetCapture
ReleaseCapture
GetCursorPos

gdi32

SetBrushOrgEx
PatBlt
LPtoDP
CreatePatternBrush
SetMapMode
SetWindowOrgEx
StretchBlt
GetDeviceCaps
CreateSolidBrush
SetBkColor
ExtTextOutA
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SetBkMode
SetTextColor
DeleteDC
GetStockObject
CreateBitmap
CreatePen
MoveToEx
LineTo
DPtoLP
CreateDIBSection
CreateICA
GetDIBits
SelectObject
GetMapMode
DeleteObject
GetObjectA
CreateFontIndirectA
ExtCreateRegion

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegQueryValueExA

shell32

SHGetSpecialFolderLocation
SHBrowseForFolderA
Shell_NotifyIconA
SHGetPathFromIDListA
SHGetSpecialFolderPathA
SHAppBarMessage
ShellExecuteA

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemFree
OleLockRunning
CoTaskMemAlloc
OleUninitialize
CLSIDFromString
OleInitialize
CoUninitialize
CoInitialize
CoCreateGuid
StringFromGUID2
CLSIDFromProgID
StringFromCLSID

oleaut32

SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
OleCreateFontIndirect
SysAllocStringLen
SysFreeString
SysAllocString
VariantClear
DispCallFunc
SysStringLen
LoadRegTypeLi

comctl32

DestroyPropertySheetPage
CreatePropertySheetPageA
ImageList_Destroy
ImageList_GetImageCount
InitCommonControlsEx
PropertySheetA
ImageList_Draw
ImageList_LoadImageA
ord17
_TrackMouseEvent
ImageList_GetIconSize

urlmon

URLDownloadToFileA

Sections

.text
Size: 360KB - Virtual size: 358KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 200KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ppmlist.dll
.dll regsvr32 windows:4 windows x86 arch:x86

dab1638e2fb9d59f861c41d1c15a1016

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OpenProcess
GetCurrentProcessId
SetThreadPriority
GetTempPathW
LocalFree
GetLocaleInfoW
SetEnvironmentVariableA
SetEndOfFile
SetConsoleCtrlHandler
LoadLibraryA
SetStdHandle
UnhandledExceptionFilter
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
VirtualQueryEx
VirtualAlloc
VirtualFree
HeapCreate
GetEnvironmentVariableA
SetUnhandledExceptionFilter
FlushFileBuffers
SetFilePointer
GetModuleHandleA
HeapSize
TerminateProcess
GetCurrentThread
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
CompareStringW
CompareStringA
GetCPInfo
LCMapStringW
LCMapStringA
FatalAppExitA
ExitProcess
GetCommandLineA
HeapAlloc
HeapReAlloc
HeapFree
GetLocalTime
GetSystemTime
RaiseException
RtlUnwind
InterlockedExchange
VirtualProtectEx
lstrcmpiW
DebugBreak
GetVersionExA
SizeofResource
GetLastError
GetWindowsDirectoryW
WinExec
LoadLibraryExW
GetPrivateProfileIntA
CreateFileA
GetPrivateProfileStringA
CreateDirectoryA
GetModuleFileNameA
GetTempPathA
GetTempFileNameA
GetFileAttributesA
DeleteFileA
GetSystemTimeAsFileTime
GetExitCodeThread
TerminateThread
GlobalReAlloc
GetFileSize
WriteFile
GetFileAttributesW
GetVersionExW
SetThreadLocale
FindFirstFileW
FindNextFileW
CopyFileW
DeleteFileW
GetTickCount
CreateThread
CreateProcessW
GetVersion
GetThreadLocale
CreateFileW
ReadFile
CloseHandle
OutputDebugStringW
lstrcmpW
GlobalHandle
GlobalFree
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
FindResourceW
LoadResource
LockResource
InterlockedIncrement
LoadLibraryW
GetProcAddress
FreeLibrary
lstrcatW
lstrcpyW
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
DisableThreadLibraryCalls
GetModuleFileNameW
GetModuleHandleW
GetShortPathNameW
GetPrivateProfileIntW
InterlockedDecrement
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
MulDiv
lstrcpynW
GetTimeZoneInformation
Sleep
lstrlenA
MultiByteToWideChar
GetPrivateProfileStringW
lstrlenW
WideCharToMultiByte
IsBadWritePtr

user32

ClientToScreen
DestroyCursor
GetSystemMetrics
LoadBitmapW
GetMenuItemCount
GetMessageW
TranslateMessage
EndDialog
KillTimer
SetTimer
PostMessageW
LoadMenuW
CheckMenuItem
TrackPopupMenu
DestroyMenu
GetActiveWindow
DialogBoxParamW
SetWindowsHookExW
MessageBoxW
UnhookWindowsHookEx
LoadIconW
CallNextHookEx
MessageBeep
GetSubMenu
PostMessageA
GetDlgItemInt
SendMessageW
SetDlgItemInt
GetDesktopWindow
EnableWindow
GetDlgItem
SetWindowPos
MapWindowPoints
GetClientRect
SystemParametersInfoW
GetWindowRect
GetWindow
GetParent
GetWindowLongW
DefWindowProcW
SetWindowTextW
GetWindowTextW
ReleaseDC
GetDC
SetWindowLongW
CallWindowProcW
InvalidateRect
CreateWindowExW
DrawIconEx
wsprintfA
GetIconInfo
CreateIconIndirect
DestroyIcon
CopyIcon
GetWindowPlacement
IsIconic
SystemParametersInfoA
SetRectEmpty
GetDlgCtrlID
wvsprintfW
IsWindowEnabled
ChildWindowFromPoint
WindowFromPoint
IsRectEmpty
CopyRect
GetMenuState
GetMenuItemID
GetMenuItemRect
EnumWindows
GetWindowDC
PostThreadMessageW
DispatchMessageW
DrawTextW
FillRect
BeginPaint
SetCursor
LoadCursorW
TrackMouseEvent
ScreenToClient
GetCursorPos
ShowWindow
MoveWindow
PtInRect
LoadStringW
InvalidateRgn
SetCapture
ReleaseCapture
CreateAcceleratorTableW
GetClassNameW
RedrawWindow
GetWindowTextLengthW
RegisterWindowMessageW
CreateDialogIndirectParamW
EndPaint
RegisterClassExW
wsprintfW
GetClassInfoExW
LoadImageW
SetRect
GetNextDlgTabItem
IsDialogMessageW
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
UnionRect
GetKeyState
SetFocus
IsWindow
GetFocus
IsChild
GetSysColor
GetDialogBaseUnits
EnumChildWindows
CharNextW
DestroyWindow
ShowScrollBar

gdi32

CreateRectRgnIndirect
DeleteMetaFile
CloseMetaFile
SetWindowExtEx
CreateMetaFileW
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
TextOutW
CombineRgn
CreateRectRgn
OffsetRgn
PtInRegion
SelectClipRgn
GetRgnBox
GetObjectW
CreateFontW
GetBkMode
ExtCreateRegion
CreateDIBSection
StretchBlt
CreateBitmap
SetTextJustification
GetDCOrgEx
GetClipBox
FrameRgn
FillRgn
CreatePolygonRgn
CreateRoundRectRgn
ExtTextOutW
SetBkColor
GetStockObject
DeleteObject
CreateFontIndirectW
DPtoLP
GetDeviceCaps
SelectObject
SetBkMode
CreateSolidBrush
LineTo
MoveToEx
CreatePen
RestoreDC
DeleteDC
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SaveDC
LPtoDP
CreateDCW
GetTextExtentPointW
GetTextMetricsW
GetTextExtentPoint32W
SetTextColor
Rectangle

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegCreateKeyW
RegSetValueExA
RegCreateKeyA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegQueryValueW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegCloseKey
RegSetValueExW
RegOpenKeyW

shell32

ShellExecuteW
SHGetSpecialFolderPathW

ole32

OleRun
StringFromGUID2
GetHGlobalFromStream
CoInitialize
StringFromCLSID
CLSIDFromString
CLSIDFromProgID
OleUninitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
OleLoadFromStream
CreateDataAdviseHolder
OleRegGetMiscStatus
CreateOleAdviseHolder
OleRegGetUserType
OleRegEnumVerbs
CoTaskMemFree
OleSaveToStream
WriteClassStm
CoCreateInstance
CoCreateGuid
OleInitialize
OleLockRunning

oleaut32

SafeArrayCreate
SetErrorInfo
GetErrorInfo
VariantCopy
VariantInit
DispCallFunc
CreateErrorInfo
SafeArrayAccessData
SafeArrayUnaccessData
OleLoadPicture
OleCreatePictureIndirect
OleCreateFontIndirect
SysAllocStringLen
SysAllocStringByteLen
SysStringLen
LoadRegTypeLi
OleCreatePropertyFrame
SysStringByteLen
VariantChangeType
OleTranslateColor
LoadTypeLi
SysAllocString
RegisterTypeLi
VariantClear
SysFreeString

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW

ws2_32

gethostname
gethostbyname

comctl32

ord17
ImageList_GetIcon
ImageList_GetImageCount
ImageList_AddMasked
ImageList_Create
ImageList_Destroy
ImageList_Draw
_TrackMouseEvent
ImageList_LoadImageW

urlmon

URLDownloadToFileW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 584KB - Virtual size: 582KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 252KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ppstreamsession.dll
.dll windows:4 windows x86 arch:x86

155389df29ac066fea2486418dc21303

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7f:34:08:e0:c7:05:f6:b7:53:b1:c8:71:d0:d6:81:db
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30/01/2007, 00:00

Not After

31/01/2008, 23:59

Subject

CN=Beijing Tianchuang Shijie Technologies Co.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Department of Broadband,O=Beijing Tianchuang Shijie Technologies Co.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1e:83:18:8a:59:39:ca:2b:c9:90:0f:43:a7:01:27:e8:d6:dd:5e:4b
Signer

Actual PE Digest

1e:83:18:8a:59:39:ca:2b:c9:90:0f:43:a7:01:27:e8:d6:dd:5e:4b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
SetEvent
DeleteFileA
CreateEventA
CloseHandle
GetDiskFreeSpaceExA
IsBadWritePtr
GetFileType
GetLastError
CreateFileA
ReadFile
WriteFile
GetFileSize
SetFilePointer
GetModuleHandleA
CreateThread
TerminateThread
GetExitCodeThread
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetThreadLocale
SetThreadLocale
SetProcessWorkingSetSize
GetVersionExA
CreateProcessA
LocalFree
FormatMessageA
GetVersion
GetDriveTypeA
GetLogicalDrives
GetFileAttributesA
GetTempFileNameA
GetTempPathA
GetModuleFileNameA
CreateDirectoryA
GetPrivateProfileIntA
GetLocaleInfoW
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetConsoleCtrlHandler
SetStdHandle
WideCharToMultiByte
GetStringTypeA
LCMapStringW
LCMapStringA
UnhandledExceptionFilter
IsBadCodePtr
IsBadReadPtr
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
FlushFileBuffers
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetStdHandle
SetHandleCount
GetOEMCP
GetACP
GetCPInfo
VirtualAlloc
VirtualFree
HeapCreate
GetEnvironmentVariableA
GetCurrentThread
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
HeapSize
HeapAlloc
HeapReAlloc
TerminateProcess
FatalAppExitA
ExitProcess
RaiseException
GetCommandLineA
HeapFree
GetLocalTime
GetSystemTime
RtlUnwind
OutputDebugStringA
Sleep
GetPrivateProfileStringA
SetUnhandledExceptionFilter
GetCurrentThreadId
InterlockedDecrement
GetCurrentProcess
FlushInstructionCache
lstrlenW
InterlockedIncrement
lstrcmpA
GlobalAlloc
GlobalLock
GlobalUnlock
lstrlenA
MultiByteToWideChar
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapDestroy
GetStringTypeW
InterlockedExchange
VirtualQuery
LoadLibraryA
GetProcAddress
FreeLibrary
VirtualProtect
SetLastError

user32

ScreenToClient
LoadCursorA
GetClassInfoExA
RegisterWindowMessageA
DefWindowProcA
GetWindow
SetWindowLongA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
GetWindowLongA
GetSysColor
SendMessageA
GetDlgItem
CallWindowProcA
EndPaint
FillRect
GetClientRect
BeginPaint
ReleaseDC
GetDC
SetFocus
IsChild
GetFocus
SetWindowPos
GetClassNameA
GetParent
IsWindow
DestroyWindow
RedrawWindow
GetDesktopWindow
CreateAcceleratorTableA
ReleaseCapture
SetCapture
InvalidateRect
InvalidateRgn
CreateWindowExA
wsprintfA
MessageBoxA
ShowWindow
KillTimer
SetTimer
PostMessageA
FindWindowExA
SystemParametersInfoA
MoveWindow
SetDlgItemTextA
GetWindowRect
RegisterClassExA

gdi32

GetObjectA
GetDeviceCaps
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetStockObject

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCreateKeyA
RegDeleteValueA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegSetValueExA
RegQueryInfoKeyA
RegCloseKey

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderPathA
Shell_NotifyIconA
SHBrowseForFolderA

ole32

CoCreateGuid
CoGetClassObject
OleLockRunning
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleUninitialize
OleInitialize

oleaut32

VariantInit
CreateErrorInfo
VariantChangeType
SetErrorInfo
GetErrorInfo
OleCreateFontIndirect
SysStringLen
SysAllocStringLen
VariantClear
LoadRegTypeLi
SysAllocString
SysFreeString

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

ws2_32

getsockopt
ioctlsocket
accept
listen
WSAAsyncSelect
shutdown
getsockname
connect
WSAAsyncGetHostByName
send
setsockopt
WSAGetLastError
WSACancelAsyncRequest
bind
htonl
WSASetLastError
socket
gethostname
gethostbyname
inet_addr
htons
sendto
select
getpeername
inet_ntoa
ntohs
WSARecv
closesocket
recv

Exports

Exports

CreatePPStreamSession
ReleasePPStreamSession

Sections

.text
Size: 264KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sopcastsession.dll
.dll regsvr32 windows:4 windows x86 arch:x86

fd93e48d9cf1ca335bcb8b2172de8bd0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetEvent
DeleteFileA
Sleep
CreateEventA
CloseHandle
GetDiskFreeSpaceExA
IsBadWritePtr
DisableThreadLibraryCalls
HeapDestroy
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
GetModuleFileNameA
GetFileType
CreateFileA
ReadFile
WriteFile
GetFileSize
SetFilePointer
CreateThread
TerminateThread
GetExitCodeThread
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetVersionExA
LocalFree
GetVersion
CreateDirectoryA
InterlockedExchange
RaiseException
SetEnvironmentVariableA
WaitForSingleObject
CompareStringA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetStdHandle
SetHandleCount
GetOEMCP
GetACP
GetCPInfo
VirtualAlloc
VirtualFree
HeapCreate
GetEnvironmentVariableA
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
HeapSize
HeapAlloc
HeapReAlloc
TerminateProcess
ExitProcess
GetCommandLineA
HeapFree
GetLocalTime
GetSystemTime
GlobalAlloc
GlobalLock
GlobalUnlock
lstrlenA
GetCurrentProcess
FlushInstructionCache
lstrcmpA
InterlockedIncrement
lstrlenW
OutputDebugStringA
WideCharToMultiByte
MultiByteToWideChar
InterlockedDecrement
GetPrivateProfileStringA
GetLastError
GetModuleHandleA
InitializeCriticalSection
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CompareStringW
RtlUnwind
VirtualProtect
SetLastError

user32

SetWindowLongA
CreateWindowExA
RegisterClassExA
GetWindowTextA
SetWindowPos
KillTimer
SetTimer
CallWindowProcA
GetSysColor
SetFocus
GetWindow
IsChild
GetFocus
ReleaseDC
GetDC
EndPaint
FillRect
GetClientRect
BeginPaint
IsWindow
RedrawWindow
GetClassNameA
GetParent
GetDesktopWindow
CreateAcceleratorTableA
wsprintfA
LoadCursorA
GetClassInfoExA
ReleaseCapture
SetCapture
InvalidateRect
InvalidateRgn
SendMessageA
GetDlgItem
RegisterWindowMessageA
SetWindowTextA
GetWindowTextLengthA
CharNextA
DefWindowProcA
GetWindowLongA
DestroyWindow
PostMessageA
MessageBoxA
ShowWindow

gdi32

GetObjectA
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetDeviceCaps
GetStockObject

shell32

Shell_NotifyIconA

ole32

CLSIDFromProgID
CLSIDFromString
CoTaskMemAlloc
OleLockRunning
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
StringFromCLSID
CoTaskMemFree
CoGetClassObject
CoCreateInstance

oleaut32

VariantInit
SysStringLen
CreateErrorInfo
VariantChangeType
LoadRegTypeLi
SysAllocStringLen
SysAllocString
SysFreeString
VariantClear
RegisterTypeLi
LoadTypeLi
OleCreateFontIndirect

ws2_32

WSAAsyncSelect
shutdown
connect
WSAAsyncGetHostByName
send
accept
WSAGetLastError
closesocket
WSACancelAsyncRequest
bind
htonl
htons
inet_addr
WSASetLastError
socket
ioctlsocket
sendto
inet_ntoa
gethostbyname
gethostname
select
recv

Exports

Exports

CreateSopCastSession
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ReleaseSopCastSession

Sections

.text
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ssleay32.dll
.dll windows:4 windows x86 arch:x86

ec3469e6569d715ba5e5e1375e9767e9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

libeay32

ord1654
ord903
ord252
ord2206
ord857
ord176
ord641
ord2821
ord281
ord290
ord654
ord181
ord188
ord269
ord3109
ord2630
ord910
ord2411
ord754
ord490
ord222
ord167
ord168
ord169
ord85
ord52
ord2201
ord289
ord493
ord911
ord464
ord3245
ord354
ord2936
ord3244
ord323
ord3067
ord2894
ord961
ord89
ord109
ord202
ord3239
ord866
ord110
ord3422
ord2929
ord3644
ord3570
ord2578
ord111
ord3010
ord3480
ord2924
ord3459
ord3512
ord3608
ord3575
ord3663
ord123
ord201
ord118
ord3666
ord219
ord498
ord285
ord635
ord912
ord909
ord3724
ord313
ord495
ord120
ord151
ord3178
ord3695
ord3550
ord3418
ord203
ord128
ord31
ord830
ord727
ord2760
ord282
ord572
ord3719
ord216
ord206
ord497
ord3682
ord2877
ord3711
ord205
ord486
ord484
ord763
ord577
ord907
ord87
ord481
ord3729
ord333
ord2915
ord256
ord1096
ord1097
ord2589
ord1145
ord1144
ord1081
ord2292
ord622
ord627
ord657
ord653
ord1653
ord2784
ord965
ord964
ord2572
ord2747
ord3704
ord3758
ord3767
ord3647
ord3766
ord3365
ord3460
ord3454
ord3754
ord3394
ord187
ord897
ord3414
ord3495
ord67
ord65
ord53
ord78
ord98
ord3559
ord3399
ord636
ord914
ord626
ord890
ord1004
ord3527
ord364
ord1010
ord2051
ord58
ord66
ord630
ord628
ord1041
ord1007
ord1005
ord1027
ord3378
ord3437
ord316
ord629
ord892
ord74
ord248
ord1655
ord575
ord1025
ord246
ord1100
ord679
ord2524
ord3595
ord1023
ord3505
ord401
ord93
ord3396
ord3657
ord887
ord889
ord891
ord315
ord1147
ord189
ord314
ord956
ord280
ord2181
ord399
ord748
ord279
ord283
ord400
ord751
ord750
ord774
ord3205
ord37
ord35
ord824
ord822
ord8
ord1091
ord3700
ord3623
ord32
ord718
ord7
ord716
ord703
ord680
ord86
ord88
ord1101
ord293
ord322
ord2996
ord3155
ord2927
ord325
ord329
ord318
ord304
ord292
ord299
ord955
ord2252
ord91
ord247
ord904
ord901
ord623
ord905

msvcr71

_iob
_errno
free
_initterm
malloc
_adjust_fdiv
__CppXcptFilter
_except_handler3
__dllonexit
_onexit
strncmp
memmove
time
fprintf

kernel32

GetLastError
DisableThreadLibraryCalls
SetLastError

Exports

Exports

BIO_f_ssl
BIO_new_buffer_ssl_connect
BIO_new_ssl
BIO_new_ssl_connect
BIO_ssl_copy_session_id
BIO_ssl_shutdown
DTLSv1_client_method
DTLSv1_method
DTLSv1_server_method
ERR_load_SSL_strings
SSL_CIPHER_description
SSL_CIPHER_get_bits
SSL_CIPHER_get_name
SSL_CIPHER_get_version
SSL_COMP_add_compression_method
SSL_COMP_get_compression_methods
SSL_COMP_get_name
SSL_CTX_add_client_CA
SSL_CTX_add_session
SSL_CTX_callback_ctrl
SSL_CTX_check_private_key
SSL_CTX_ctrl
SSL_CTX_flush_sessions
SSL_CTX_free
SSL_CTX_get_cert_store
SSL_CTX_get_client_CA_list
SSL_CTX_get_ex_data
SSL_CTX_get_ex_new_index
SSL_CTX_get_quiet_shutdown
SSL_CTX_get_timeout
SSL_CTX_get_verify_callback
SSL_CTX_get_verify_depth
SSL_CTX_get_verify_mode
SSL_CTX_load_verify_locations
SSL_CTX_new
SSL_CTX_remove_session
SSL_CTX_sessions
SSL_CTX_set_cert_store
SSL_CTX_set_cert_verify_callback
SSL_CTX_set_cipher_list
SSL_CTX_set_client_CA_list
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_set_default_verify_paths
SSL_CTX_set_ex_data
SSL_CTX_set_generate_session_id
SSL_CTX_set_msg_callback
SSL_CTX_set_purpose
SSL_CTX_set_quiet_shutdown
SSL_CTX_set_session_id_context
SSL_CTX_set_ssl_version
SSL_CTX_set_timeout
SSL_CTX_set_tmp_dh_callback
SSL_CTX_set_tmp_ecdh_callback
SSL_CTX_set_tmp_rsa_callback
SSL_CTX_set_trust
SSL_CTX_set_verify
SSL_CTX_set_verify_depth
SSL_CTX_use_PrivateKey
SSL_CTX_use_PrivateKey_ASN1
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_RSAPrivateKey
SSL_CTX_use_RSAPrivateKey_ASN1
SSL_CTX_use_RSAPrivateKey_file
SSL_CTX_use_certificate
SSL_CTX_use_certificate_ASN1
SSL_CTX_use_certificate_chain_file
SSL_CTX_use_certificate_file
SSL_SESSION_cmp
SSL_SESSION_free
SSL_SESSION_get_ex_data
SSL_SESSION_get_ex_new_index
SSL_SESSION_get_id
SSL_SESSION_get_time
SSL_SESSION_get_timeout
SSL_SESSION_hash
SSL_SESSION_new
SSL_SESSION_print
SSL_SESSION_print_fp
SSL_SESSION_set_ex_data
SSL_SESSION_set_time
SSL_SESSION_set_timeout
SSL_accept
SSL_add_client_CA
SSL_add_dir_cert_subjects_to_stack
SSL_add_file_cert_subjects_to_stack
SSL_alert_desc_string
SSL_alert_desc_string_long
SSL_alert_type_string
SSL_alert_type_string_long
SSL_callback_ctrl
SSL_check_private_key
SSL_clear
SSL_connect
SSL_copy_session_id
SSL_ctrl
SSL_do_handshake
SSL_dup
SSL_dup_CA_list
SSL_free
SSL_get1_session
SSL_get_SSL_CTX
SSL_get_certificate
SSL_get_cipher_list
SSL_get_ciphers
SSL_get_client_CA_list
SSL_get_current_cipher
SSL_get_current_compression
SSL_get_current_expansion
SSL_get_default_timeout
SSL_get_error
SSL_get_ex_data
SSL_get_ex_data_X509_STORE_CTX_idx
SSL_get_ex_new_index
SSL_get_fd
SSL_get_finished
SSL_get_info_callback
SSL_get_peer_cert_chain
SSL_get_peer_certificate
SSL_get_peer_finished
SSL_get_privatekey
SSL_get_quiet_shutdown
SSL_get_rbio
SSL_get_read_ahead
SSL_get_rfd
SSL_get_session
SSL_get_shared_ciphers
SSL_get_shutdown
SSL_get_ssl_method
SSL_get_verify_callback
SSL_get_verify_depth
SSL_get_verify_mode
SSL_get_verify_result
SSL_get_version
SSL_get_wbio
SSL_get_wfd
SSL_has_matching_session_id
SSL_library_init
SSL_load_client_CA_file
SSL_load_error_strings
SSL_new
SSL_peek
SSL_pending
SSL_read
SSL_renegotiate
SSL_renegotiate_pending
SSL_rstate_string
SSL_rstate_string_long
SSL_set_accept_state
SSL_set_bio
SSL_set_cipher_list
SSL_set_client_CA_list
SSL_set_connect_state
SSL_set_ex_data
SSL_set_fd
SSL_set_generate_session_id
SSL_set_info_callback
SSL_set_msg_callback
SSL_set_purpose
SSL_set_quiet_shutdown
SSL_set_read_ahead
SSL_set_rfd
SSL_set_session
SSL_set_session_id_context
SSL_set_shutdown
SSL_set_ssl_method
SSL_set_tmp_dh_callback
SSL_set_tmp_ecdh_callback
SSL_set_tmp_rsa_callback
SSL_set_trust
SSL_set_verify
SSL_set_verify_depth
SSL_set_verify_result
SSL_set_wfd
SSL_shutdown
SSL_state
SSL_state_string
SSL_state_string_long
SSL_use_PrivateKey
SSL_use_PrivateKey_ASN1
SSL_use_PrivateKey_file
SSL_use_RSAPrivateKey
SSL_use_RSAPrivateKey_ASN1
SSL_use_RSAPrivateKey_file
SSL_use_certificate
SSL_use_certificate_ASN1
SSL_use_certificate_file
SSL_version
SSL_want
SSL_write
SSLv23_client_method
SSLv23_method
SSLv23_server_method
SSLv2_client_method
SSLv2_method
SSLv2_server_method
SSLv3_client_method
SSLv3_method
SSLv3_server_method
TLSv1_client_method
TLSv1_method
TLSv1_server_method
d2i_SSL_SESSION
i2d_SSL_SESSION
ssl2_ciphers
ssl3_ciphers

Sections

.text
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tvuplayersession.dll
.dll regsvr32 windows:4 windows x86 arch:x86

cc8c4f99ec1bd6abad69c5c27a4c5ae6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetEvent
DeleteFileA
Sleep
CreateEventA
CloseHandle
GetDiskFreeSpaceExA
IsBadWritePtr
DisableThreadLibraryCalls
HeapDestroy
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
GetModuleFileNameA
GetFileType
CreateFileA
ReadFile
WriteFile
GetFileSize
SetFilePointer
CreateThread
TerminateThread
GetExitCodeThread
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetVersionExA
LocalFree
GetVersion
CreateDirectoryA
InterlockedExchange
RaiseException
SetEnvironmentVariableA
WaitForSingleObject
CompareStringA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetStdHandle
SetHandleCount
GetOEMCP
GetACP
GetCPInfo
VirtualAlloc
VirtualFree
HeapCreate
GetEnvironmentVariableA
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
HeapSize
HeapAlloc
HeapReAlloc
TerminateProcess
ExitProcess
GetCommandLineA
HeapFree
GetLocalTime
GetSystemTime
GlobalAlloc
GlobalLock
GlobalUnlock
lstrlenA
GetCurrentProcess
FlushInstructionCache
lstrcmpA
InterlockedIncrement
lstrlenW
OutputDebugStringA
WideCharToMultiByte
MultiByteToWideChar
InterlockedDecrement
GetPrivateProfileStringA
GetLastError
GetModuleHandleA
InitializeCriticalSection
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CompareStringW
RtlUnwind
VirtualProtect
SetLastError

user32

SetWindowLongA
CreateWindowExA
ShowWindow
GetWindowTextA
SetWindowPos
KillTimer
SetTimer
CallWindowProcA
GetSysColor
SetFocus
GetWindow
IsChild
GetFocus
ReleaseDC
GetDC
EndPaint
FillRect
GetClientRect
BeginPaint
IsWindow
RedrawWindow
GetClassNameA
GetParent
GetDesktopWindow
CreateAcceleratorTableA
wsprintfA
LoadCursorA
GetClassInfoExA
ReleaseCapture
SetCapture
InvalidateRect
InvalidateRgn
SendMessageA
GetDlgItem
RegisterWindowMessageA
SetWindowTextA
GetWindowTextLengthA
CharNextA
RegisterClassExA
DefWindowProcA
GetWindowLongA
DestroyWindow
PostMessageA
MessageBoxA

gdi32

GetObjectA
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetDeviceCaps
GetStockObject

shell32

Shell_NotifyIconA

ole32

CLSIDFromString
CoTaskMemAlloc
OleLockRunning
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CLSIDFromProgID
StringFromCLSID
CoTaskMemFree
CoCreateInstance

oleaut32

VariantClear
GetErrorInfo
SysStringLen
LoadRegTypeLi
SysAllocStringLen
SysAllocString
OleCreateFontIndirect
RegisterTypeLi
LoadTypeLi
SysFreeString

ws2_32

WSAAsyncSelect
shutdown
connect
WSAAsyncGetHostByName
send
accept
WSAGetLastError
closesocket
WSACancelAsyncRequest
bind
htonl
htons
inet_addr
WSASetLastError
socket
ioctlsocket
sendto
inet_ntoa
gethostbyname
gethostname
select
recv

Exports

Exports

CreateTvuPlayerSession
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ReleaseTvuPlayerSession

Sections

.text
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

946eb0a1e85c9ade4acaf634eb5a64f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetACP
GlobalFree
lstrcpynA
lstrcmpA
lstrlenA
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc

user32

SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
version.ini
xpsp2tcppatch.exe
.exe windows:4 windows x86 arch:x86

52208d004a89bc8f2b0dc87d13a97979

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryA
GetVersionExA
GetFileAttributesA
lstrlenA
CloseHandle
GetFileSize
CreateFileA
ReadFile
SetFilePointer
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
DeleteFileA
CopyFileA
GetThreadLocale
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
FlushInstructionCache
GetCurrentProcess
lstrcpyA
FlushFileBuffers
LCMapStringW
LCMapStringA
Sleep
SetStdHandle
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
lstrcpynA
IsBadCodePtr
IsBadReadPtr
WriteFile
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
RtlUnwind
RaiseException
HeapFree
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapAlloc
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
SetUnhandledExceptionFilter
TerminateProcess
HeapReAlloc
HeapSize
GetModuleFileNameA
GetEnvironmentVariableA
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
InterlockedExchange

user32

wsprintfA
DestroyWindow
DialogBoxParamA
GetActiveWindow
DefWindowProcA
EndDialog
GetDlgItem
SetWindowTextA
SendMessageA
SetWindowLongA
GetWindowTextA
MessageBoxA
GetWindowLongA
GetParent
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
GetSystemMetrics
LoadImageA

ole32

CoInitialize
CoUninitialize

comctl32

InitCommonControlsEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

imagehlp

ImageNtHeader
CheckSumMappedFile

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 29KB - Virtual size: 28KB

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

24:d5:13:d1:17:51:9f:61:79:0d:16:19:1e:61:be:e1Certificate

Extended Key Usages

Key Usages

8d:11:4f:3c:6e:d2:11:a8:10:0c:bf:59:92:cf:89:b4:55:49:fa:aeSigner

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 68KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 1024B - Virtual size: 12KB

.reloc Size: 3KB - Virtual size: 8KB

.aspack Size: 4KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

78121377f3efa9be51d158a709dccd50

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

6d:c5:29:38:96:c8:31:e0:df:16:07:97:15:bb:89:8eCertificate

Extended Key Usages

Key Usages

a4:14:9e:41:4b:76:06:ed:9b:1a:04:64:fc:a2:a4:55:44:a7:0d:f2Signer

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

wsock32

Exports

Exports

Sections

.text Size: 82KB - Virtual size: 81KB

.itext Size: 1024B - Virtual size: 724B

.data Size: 3KB - Virtual size: 3KB

.bss Size: - Virtual size: 82KB

.idata Size: 3KB - Virtual size: 3KB

.edata Size: 512B - Virtual size: 168B

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 29KB - Virtual size: 28KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

24:d5:13:d1:17:51:9f:61:79:0d:16:19:1e:61:be:e1
Certificate

8d:11:4f:3c:6e:d2:11:a8:10:0c:bf:59:92:cf:89:b4:55:49:fa:ae
Signer

.text
Size: 32KB - Virtual size: 68KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 1024B - Virtual size: 12KB

.reloc
Size: 3KB - Virtual size: 8KB

.aspack
Size: 4KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

6d:c5:29:38:96:c8:31:e0:df:16:07:97:15:bb:89:8e
Certificate

a4:14:9e:41:4b:76:06:ed:9b:1a:04:64:fc:a2:a4:55:44:a7:0d:f2
Signer

.text
Size: 82KB - Virtual size: 81KB

.itext
Size: 1024B - Virtual size: 724B

.data
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 82KB

.idata
Size: 3KB - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 168B

.reloc
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 6KB - Virtual size: 6KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

6d:c5:29:38:96:c8:31:e0:df:16:07:97:15:bb:89:8e
Certificate

4b:98:fc:fd:86:31:18:04:27:13:a4:60:74:39:d1:29:ea:22:a9:8c
Signer

.text
Size: 92KB - Virtual size: 90KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 832B

.reloc
Size: 8KB - Virtual size: 7KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

6d:c5:29:38:96:c8:31:e0:df:16:07:97:15:bb:89:8e
Certificate

43:e3:ac:b4:b6:39:56:da:a8:92:29:7e:5c:57:8b:a9:9b:d0:81:5d
Signer