5c0f3ab7db633ea2722c5adf14c4ca54

Sharing

Copy URL Twitter E-mail

General

Target

5c0f3ab7db633ea2722c5adf14c4ca54
Size

1.6MB
MD5

5c0f3ab7db633ea2722c5adf14c4ca54
SHA1

0970636670e4022d1131bda58f2052025733360c
SHA256

36203341924d31274f5231188fe43563680509d2bb04b4804bbbb6322a98afb5
SHA512

584d1ede3aada3c46a5bd9a777a6b8a1b878c29e0d0ecde72bffe637ef64c9b1a456c552f01a6e448220f981088a93e839c1ee1b76133f8c401dd9315df1a79a
SSDEEP

49152:buQMLtst+9UMMr4fsW3CnzRvLCmiBLcnsMQDCAU/7foYGahG77:bVM39HMgspC1LNDxS7xA77

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 2 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/Manager.dll	aspack_v212_v242
static1/unpack001/Manager.exe	aspack_v212_v242

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/EXPSRV.DLL
unpack001/MSCC2CHS.DLL
unpack001/MSHFGCHS.DLL
unpack001/MSSTDFMT.DLL
unpack001/MSVBVM60.DLL
unpack001/Manager.dll
unpack001/Manager.exe
unpack001/OLEPRO32.DLL
unpack001/VB6CHS.DLL
unpack001/VBAJET32.DLL

Files

5c0f3ab7db633ea2722c5adf14c4ca54
.rar
COMDLG32.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

988f29c1eb8054253091352741683c76

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:7d:a7:00:00:00:00:00:48
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/10/2003, 05:59

Not After

25/01/2005, 06:09

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:04:be:c7:7e:04:0a:8e:9c:44:86:a8:95:a7:50:5e:ca:0f:22:ec
Signer

Actual PE Digest

30:04:be:c7:7e:04:0a:8e:9c:44:86:a8:95:a7:50:5e:ca:0f:22:ec

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
GetLastError
LockResource
GetWindowsDirectoryA
InterlockedDecrement
InterlockedIncrement
IsDBCSLeadByte
CompareStringA
CompareStringW
lstrcmpA
GetLocaleInfoA
GetVersion
GetModuleFileNameA
GetFileAttributesA
IsBadWritePtr
DisableThreadLibraryCalls
GlobalAlloc
lstrcmpiA
LoadLibraryA
GetProcAddress
lstrcatA
lstrlenA
lstrcpyA
WriteProfileStringA
GlobalLock
GlobalUnlock
LoadResource
FindResourceA
lstrcpynA
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
HeapAlloc
GetProfileStringA
EnterCriticalSection
GetProcessHeap
GetCurrentThreadId
MultiByteToWideChar
InitializeCriticalSection
GlobalFree

user32

SetWindowRgn
IntersectRect
EqualRect
PtInRect
IsDialogMessageA
IsChild
GetKeyState
CreateDialogIndirectParamA
MessageBeep
PostMessageA
ClientToScreen
wsprintfA
SendMessageTimeoutA
CharNextA
GetActiveWindow
GetWindowThreadProcessId
LoadCursorA
MessageBoxA
GetWindowLongA
GetWindowRect
CreateWindowExA
SetWindowLongA
ShowWindow
DialogBoxParamA
EnableWindow
GetDesktopWindow
GetWindow
IsWindowEnabled
OffsetRect
GetParent
GetDlgItem
SendMessageA
SetFocus
SetParent
SetDlgItemInt
EndPaint
SetActiveWindow
IsWindowVisible
WinHelpA
GetDlgItemInt
EndDialog
GetDlgItemTextA
DestroyWindow
SetDlgItemTextA
GetWindowTextA
GetNextDlgTabItem
SendDlgItemMessageA
RegisterClassA
GetDC
ReleaseDC
LoadIconA
DrawIcon
DestroyIcon
GetSystemMetrics
RegisterWindowMessageA
LoadStringA
DefWindowProcA
UnregisterClassA
GetClientRect
BeginPaint
RegisterClipboardFormatA
SetWindowPos
MoveWindow

ole32

CreateOleAdviseHolder
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
ReleaseStgMedium

advapi32

RegEnumKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

LoadRegTypeLi
OleCreatePropertyFrame
SetErrorInfo
UnRegisterTypeLi
LoadTypeLi
LoadTypeLibEx
OleLoadPicture
VariantChangeType
RegisterTypeLi
VariantInit
GetErrorInfo
VariantClear
SysStringLen
SysAllocStringLen
OleTranslateColor
SysFreeString
SysAllocString
CreateErrorInfo

comdlg32

CommDlgExtendedError
PrintDlgA
ChooseFontA
ChooseColorA
GetOpenFileNameA
GetSaveFileNameA

gdi32

GetDIBits
CreateCompatibleDC
CreateBitmap
GetSystemPaletteEntries
StretchDIBits
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
SetMapMode
LPtoDP
SetViewportExtEx
GetViewportExtEx
CreateRectRgnIndirect
GetWindowExtEx
CreateDCA
GetObjectA
EnumFontFamiliesA
DeleteDC
DeleteObject
GetDeviceCaps
SelectObject

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EXPSRV.DLL
.dll windows:4 windows x86 arch:x86

548d9bb3cc3953486c58d739eb336b48

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

CreateBindCtx
CoDisconnectObject
CoGetClassObject
CoCreateInstance
MkParseDisplayName
BindMoniker
CoGetMalloc

oleaut32

RevokeActiveObject
LHashValOfNameSysA
SafeArrayGetUBound
LoadRegTypeLi
SafeArrayGetLBound
VariantInit
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
VariantChangeType
SafeArrayGetDim
VarCyFromStr
SysReAllocString
VarR4FromStr
VarDateFromStr
VarR8FromStr
VarI2FromStr
VarI4FromR8
VarI4FromStr
VarBstrFromDate
SysReAllocStringLen
VarBstrFromCy
VarBstrFromI4
VarBstrFromR8
VarBstrFromR4
VarCyFromI4
VarBstrFromI2
SafeArrayLock
VariantCopyInd
GetActiveObject
SafeArrayAllocData
SysAllocString
SafeArrayRedim
SafeArrayDestroyDescriptor
SafeArrayCopy
SafeArrayUnlock
LoadTypeLi
SafeArrayPutElement
VariantChangeTypeEx
SetErrorInfo
SafeArrayCreate
SafeArrayAllocDescriptor
VariantCopy
SafeArrayDestroy
SafeArrayDestroyData
SysFreeString
SysStringByteLen
SysAllocStringLen
SysAllocStringByteLen
GetErrorInfo
CreateErrorInfo
SysStringLen
VariantClear

user32

GetWindow
GetDesktopWindow
GetWindowTextA
IsWindowEnabled
IsWindowVisible
GetWindowThreadProcessId
GetFocus
AttachThreadInput
SetForegroundWindow
WaitForInputIdle
OemToCharA
GetKeyboardLayout
SendMessageA
FindWindowA
FindWindowW
CharLowerBuffA
CharToOemA
CharUpperBuffA
CharUpperBuffW
GetSystemMetrics
LoadStringA
keybd_event
GetForegroundWindow
SetKeyboardState
VkKeyScanA
GetKeyboardState
VkKeyScanW
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowsHookExA
CallNextHookEx
GetAsyncKeyState
SetFocus
MessageBeep
CharLowerBuffW

kernel32

CompareStringW
FormatMessageW
GetModuleFileNameA
MoveFileA
VirtualQuery
RemoveDirectoryA
CreateDirectoryA
DeleteFileA
SetCurrentDirectoryA
GetCurrentDirectoryA
SetEnvironmentVariableA
HeapReAlloc
HeapAlloc
FlushFileBuffers
FindNextFileA
GetFullPathNameA
HeapFree
RtlUnwind
GetUserDefaultLCID
GetCommandLineA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateProcessA
CreateProcessW
DeleteCriticalSection
SetLocalTime
GetLocalTime
GetCurrentProcess
GetFileAttributesA
FindFirstFileA
GetDriveTypeA
SetFileAttributesA
FileTimeToLocalFileTime
FindClose
CloseHandle
GetFileTime
FileTimeToSystemTime
GetVolumeInformationA
IsValidCodePage
SetFileTime
GetTimeZoneInformation
GetStringTypeW
SetEndOfFile
SetStdHandle
HeapSize
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
GetStdHandle
SetHandleCount
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
TerminateProcess
ExitProcess
UnlockFile
LockFile
SetFilePointer
WriteFile
ReadFile
CompareStringA
WideCharToMultiByte
MultiByteToWideChar
GetLastError
GetLocaleInfoA
GetLocaleInfoW
VirtualAlloc
VirtualFree
GetProcAddress
GetModuleHandleA
GetVersion
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
GetSystemDefaultLangID
GetUserDefaultLangID
IsDBCSLeadByte
lstrcmpiA
LCMapStringA
GetStringTypeA
GetFileType
SetLastError
LCMapStringW
VirtualProtect
RaiseException
LoadLibraryA
CreateFileA
FreeLibrary
GetModuleFileNameW
GlobalUnlock
SetErrorMode
GlobalFree
Sleep
GetTickCount
GlobalLock
GlobalAlloc
GetComputerNameA
IsBadReadPtr

advapi32

RegEnumValueA
RegQueryInfoKeyA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegCreateKeyW
RegQueryValueExA
RegQueryValueExW
RegEnumValueW
RegEnumKeyA
RegEnumKeyW
RegDeleteValueA
RegDeleteValueW
RegDeleteKeyA
RegDeleteKeyW
RegOpenKeyA
RegOpenKeyW
RegSetValueExA
RegSetValueExW

Exports

Exports

BASIC_CLASS_AddRef
BASIC_CLASS_GetIDsOfNames
BASIC_CLASS_Invoke
BASIC_CLASS_QueryInterface
BASIC_CLASS_Release
BASIC_DISPINTERFACE_GetTICount
BASIC_DISPINTERFACE_GetTypeInfo
CopyRecord
CreateIExprSrvObj
DllFunctionCall
EVENT_SINK2_AddRef
EVENT_SINK2_Release
EVENT_SINK_AddRef
EVENT_SINK_GetIDsOfNames
EVENT_SINK_Invoke
EVENT_SINK_QueryInterface
EVENT_SINK_Release
EbCreateContext
EbDestroyContext
EbGetErrorInfo
EbGetHandleOfExecutingProject
EbGetObjConnectionCounts
EbGetVBAObject
EbIsProjectOnStack
EbLibraryLoad
EbLibraryUnload
EbLoadRunTime
EbResetProject
EbResetProjectNormal
EbSetContextWorkerThread
GetMem1
GetMem2
GetMem4
GetMem8
GetMemEvent
GetMemNewObj
GetMemObj
GetMemStr
GetMemVar
IID_IVbaHost
MethCallEngine
ProcCallEngine
PutMem1
PutMem2
PutMem4
PutMem8
PutMemEvent
PutMemNewObj
PutMemObj
PutMemStr
PutMemVar
SetMemEvent
SetMemNewObj
SetMemObj
SetMemVar
TipCreateInstanceEx
TipCreateInstanceProject2
TipGetAddressOfPredeclaredInstance
TipInvokeMethod
TipInvokeMethod2
TipSetOption
TipUnloadInstance
TipUnloadProject
VarPtr
Zombie_AddRef
Zombie_GetIDsOfNames
Zombie_GetTypeInfo
Zombie_GetTypeInfoCount
Zombie_Invoke
Zombie_QueryInterface
Zombie_Release
_CIatan
_CIcos
_CIexp
_CIlog
_CIsin
_CIsqrt
_CItan
__vbaAryConstruct
__vbaAryConstruct2
__vbaAryCopy
__vbaAryDestruct
__vbaAryLock
__vbaAryMove
__vbaAryRebase1Var
__vbaAryRecCopy
__vbaAryRecMove
__vbaAryUnlock
__vbaAryVar
__vbaAryVarVarg
__vbaBoolErrVar
__vbaBoolStr
__vbaBoolVar
__vbaBoolVarNull
__vbaCVarAryUdt
__vbaCastObj
__vbaCastObjVar
__vbaCheckType
__vbaCheckTypeVar
__vbaChkstk
__vbaCopyBytes
__vbaCopyBytesZero
__vbaCyAbs
__vbaCyAdd
__vbaCyErrVar
__vbaCyFix
__vbaCyForInit
__vbaCyForNext
__vbaCyI2
__vbaCyI4
__vbaCyInt
__vbaCyMul
__vbaCyMulI2
__vbaCySgn
__vbaCyStr
__vbaCySub
__vbaCyUI1
__vbaCyVar
__vbaDateR4
__vbaDateR8
__vbaDateStr
__vbaDateVar
__vbaDerefAry
__vbaDerefAry1
__vbaEnd
__vbaErase
__vbaEraseKeepData
__vbaEraseNoPop
__vbaError
__vbaErrorOverflow
__vbaExceptHandler
__vbaExitEachAry
__vbaExitEachColl
__vbaExitEachVar
__vbaExitProc
__vbaFPException
__vbaFPFix
__vbaFPInt
__vbaFailedFriend
__vbaFileClose
__vbaFileCloseAll
__vbaFileLock
__vbaFileOpen
__vbaFileSeek
__vbaFixstrConstruct
__vbaForEachAry
__vbaForEachCollAd
__vbaForEachCollObj
__vbaForEachCollVar
__vbaForEachVar
__vbaFpCDblR4
__vbaFpCDblR8
__vbaFpCSngR4
__vbaFpCSngR8
__vbaFpCmpCy
__vbaFpCy
__vbaFpI2
__vbaFpI4
__vbaFpR4
__vbaFpR8
__vbaFpUI1
__vbaFreeObj
__vbaFreeObjList
__vbaFreeStr
__vbaFreeStrList
__vbaFreeVar
__vbaFreeVarList
__vbaFreeVarg
__vbaGenerateBoundsError
__vbaGet3
__vbaGet4
__vbaGetFxStr3
__vbaGetFxStr4
__vbaGetOwner3
__vbaGetOwner4
__vbaGosub
__vbaGosubFree
__vbaGosubReturn
__vbaHresultCheck
__vbaHresultCheckNonvirt
__vbaHresultCheckObj
__vbaI2Abs
__vbaI2Cy
__vbaI2ErrVar
__vbaI2ForNextCheck
__vbaI2I4
__vbaI2Sgn
__vbaI2Str
__vbaI2Var
__vbaI4Abs
__vbaI4Cy
__vbaI4ErrVar
__vbaI4ForNextCheck
__vbaI4Sgn
__vbaI4Str
__vbaI4Var
__vbaInStr
__vbaInStrB
__vbaInStrVar
__vbaInStrVarB
__vbaInputFile
__vbaLateIdCall
__vbaLateIdCallLd
__vbaLateIdCallSt
__vbaLateIdNamedCall
__vbaLateIdNamedCallLd
__vbaLateIdNamedCallSt
__vbaLateIdNamedStAd
__vbaLateIdSt
__vbaLateIdStAd
__vbaLateMemCall
__vbaLateMemCallLd
__vbaLateMemCallSt
__vbaLateMemNamedCall
__vbaLateMemNamedCallLd
__vbaLateMemNamedCallSt
__vbaLateMemNamedStAd
__vbaLateMemSt
__vbaLateMemStAd
__vbaLbound
__vbaLdZeroAry
__vbaLenBstr
__vbaLenBstrB
__vbaLenVar
__vbaLenVarB
__vbaLineInputStr
__vbaLineInputVar
__vbaLsetFixstr
__vbaLsetFixstrFree
__vbaMidStmtBstr
__vbaMidStmtBstrB
__vbaMidStmtVar
__vbaMidStmtVarB
__vbaNameFile
__vbaNew
__vbaNew2
__vbaNextEachAry
__vbaNextEachCollAd
__vbaNextEachCollObj
__vbaNextEachCollVar
__vbaNextEachVar
__vbaObjAddref
__vbaObjIs
__vbaObjSet
__vbaObjSetAddref
__vbaObjVar
__vbaOnError
__vbaOnGoCheck
__vbaPowerR8
__vbaPrintFile
__vbaPrintObj
__vbaPut3
__vbaPut4
__vbaPutFxStr3
__vbaPutFxStr4
__vbaPutOwner3
__vbaPutOwner4
__vbaR4Cy
__vbaR4ErrVar
__vbaR4ForNextCheck
__vbaR4Sgn
__vbaR4Str
__vbaR4Var
__vbaR8Cy
__vbaR8ErrVar
__vbaR8FixI2
__vbaR8FixI4
__vbaR8ForNextCheck
__vbaR8IntI2
__vbaR8IntI4
__vbaR8Sgn
__vbaR8Str
__vbaR8Var
__vbaRaiseEvent
__vbaRecAnsiToUni
__vbaRecAssign
__vbaRecDestruct
__vbaRecDestructAnsi
__vbaRecUniToAnsi
__vbaRedim
__vbaRedimPreserve
__vbaRedimPreserveVar
__vbaRedimPreserveVar2
__vbaRedimVar
__vbaRedimVar2
__vbaRefVarAry
__vbaResume
__vbaRsetFixstr
__vbaRsetFixstrFree
__vbaSetSystemError
__vbaStopExe
__vbaStr2Vec
__vbaStrAryToAnsi
__vbaStrAryToUnicode
__vbaStrBool
__vbaStrCat
__vbaStrCmp
__vbaStrComp
__vbaStrCompVar
__vbaStrCopy
__vbaStrCy
__vbaStrDate
__vbaStrErrVarCopy
__vbaStrFixstr
__vbaStrI2
__vbaStrI4
__vbaStrLike
__vbaStrMove
__vbaStrR4
__vbaStrR8
__vbaStrTextCmp
__vbaStrTextLike
__vbaStrToAnsi
__vbaStrToUnicode
__vbaStrUI1
__vbaStrVarCopy
__vbaStrVarMove
__vbaStrVarVal
__vbaUI1Cy
__vbaUI1ErrVar
__vbaUI1I2
__vbaUI1I4
__vbaUI1Sgn
__vbaUI1Str
__vbaUI1Var
__vbaUbound
__vbaUdtVar
__vbaUnkVar
__vbaVar2Vec
__vbaVarAbs
__vbaVarAdd
__vbaVarAnd
__vbaVarCat
__vbaVarCmpEq
__vbaVarCmpGe
__vbaVarCmpGt
__vbaVarCmpLe
__vbaVarCmpLt
__vbaVarCmpNe
__vbaVarCopy
__vbaVarDateVar
__vbaVarDiv
__vbaVarDup
__vbaVarEqv
__vbaVarErrI4
__vbaVarFix
__vbaVarForInit
__vbaVarForNext
__vbaVarIdiv
__vbaVarImp
__vbaVarIndexLoad
__vbaVarIndexLoadRef
__vbaVarIndexLoadRefLock
__vbaVarIndexStore
__vbaVarIndexStoreObj
__vbaVarInt
__vbaVarLateMemCallLd
__vbaVarLateMemCallLdRf
__vbaVarLateMemCallSt
__vbaVarLateMemSt
__vbaVarLateMemStAd
__vbaVarLike
__vbaVarLikeVar
__vbaVarMod
__vbaVarMove
__vbaVarMul
__vbaVarNeg
__vbaVarNot
__vbaVarOr
__vbaVarPow
__vbaVarSetObj
__vbaVarSetObjAddref
__vbaVarSetUnk
__vbaVarSetUnkAddref
__vbaVarSetVar
__vbaVarSetVarAddref
__vbaVarSub
__vbaVarTextCmpEq
__vbaVarTextCmpGe
__vbaVarTextCmpGt
__vbaVarTextCmpLe
__vbaVarTextCmpLt
__vbaVarTextCmpNe
__vbaVarTextLike
__vbaVarTextLikeVar
__vbaVarTextTstEq
__vbaVarTextTstGe
__vbaVarTextTstGt
__vbaVarTextTstLe
__vbaVarTextTstLt
__vbaVarTextTstNe
__vbaVarTstEq
__vbaVarTstGe
__vbaVarTstGt
__vbaVarTstLe
__vbaVarTstLt
__vbaVarTstNe
__vbaVarVargNofree
__vbaVarXor
__vbaVarZero
__vbaVargObj
__vbaVargObjAddref
__vbaVargParmRef
__vbaVargUnk
__vbaVargUnkAddref
__vbaVargVar
__vbaVargVarCopy
__vbaVargVarMove
__vbaVargVarRef
__vbaVerifyVarObj
__vbaWriteFile
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_allmul
rtBoolFromErrVar
rtBstrFromErrVar
rtCyFromErrVar
rtDecFromVar
rtI2FromErrVar
rtI4FromErrVar
rtR4FromErrVar
rtR8FromErrVar
rtUI1FromErrVar
rtcAbsVar
rtcAnsiValueBstr
rtcAppActivate
rtcAppleScript
rtcArray
rtcAtn
rtcBeep
rtcBstrFromAnsi
rtcBstrFromByte
rtcBstrFromChar
rtcBstrFromError
rtcBstrFromFormatVar
rtcByteValueBstr
rtcCVErrFromVar
rtcCallByName
rtcChangeDir
rtcChangeDrive
rtcCharValueBstr
rtcChoose
rtcCommandBstr
rtcCommandVar
rtcCompareBstr
rtcCos
rtcCreateObject
rtcCreateObject2
rtcCurrentDir
rtcCurrentDirBstr
rtcDDB
rtcDateAdd
rtcDateDiff
rtcDateFromVar
rtcDatePart
rtcDeleteSetting
rtcDir
rtcDoEvents
rtcEndOfFile
rtcEnvironBstr
rtcEnvironVar
rtcErrObj
rtcExp
rtcFV
rtcFileAttributes
rtcFileCopy
rtcFileDateTime
rtcFileLen
rtcFileLength
rtcFileLocation
rtcFileReset
rtcFileSeek
rtcFileWidth
rtcFilter
rtcFixVar
rtcFormatCurrency
rtcFormatDateTime
rtcFormatNumber
rtcFormatPercent
rtcFreeFile
rtcGetAllSettings
rtcGetCurrentCalendar
rtcGetDateBstr
rtcGetDateValue
rtcGetDateVar
rtcGetDayOfMonth
rtcGetDayOfWeek
rtcGetErl
rtcGetFileAttr

Sections

.text
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

ENGINE
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
License.TXT
MSCC2CHS.DLL
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MSCOMCT2.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

71e4dc10f7cc0c7bb2b43714bb9f46c1

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:7d:a7:00:00:00:00:00:48
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/10/2003, 05:59

Not After

25/01/2005, 06:09

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f3:8a:eb:ca:d3:84:50:9f:6f:92:6a:b6:cb:f7:e6:bb:9c:34:2a:93
Signer

Actual PE Digest

f3:8a:eb:ca:d3:84:50:9f:6f:92:6a:b6:cb:f7:e6:bb:9c:34:2a:93

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
VirtualFree
GetCPInfo
GetOEMCP
VirtualAlloc
FlushFileBuffers
SetStdHandle
SetFilePointer
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentProcess
TerminateProcess
ExitProcess
RtlUnwind
GetCommandLineA
IsBadReadPtr
GlobalReAlloc
UnmapViewOfFile
GetFileSize
CreateFileMappingA
MapViewOfFile
GetSystemDefaultLCID
GetCurrentThreadId
GetCurrentProcessId
HeapCreate
HeapDestroy
FreeResource
LocalSize
RtlMoveMemory
CreateThread
Sleep
WaitForSingleObject
GetTimeFormatA
GlobalHandle
lstrcmpA
GetThreadLocale
MulDiv
LocalAlloc
GetProfileIntA
LocalReAlloc
LocalFree
GetTickCount
GetModuleHandleA
GlobalAddAtomA
GetACP
CompareStringW
CompareStringA
GlobalSize
GetVersionExA
IsDBCSLeadByte
lstrcpynA
GetFileAttributesA
GetVersion
DisableThreadLibraryCalls
FindResourceA
LoadResource
LockResource
GetLastError
lstrcmpiA
HeapReAlloc
InterlockedDecrement
InterlockedIncrement
GetProcAddress
LoadLibraryA
GetWindowsDirectoryA
lstrcatA
GetModuleFileNameA
MultiByteToWideChar
IsBadWritePtr
GetDateFormatA
lstrcpyA
GetLocaleInfoA
GetLocalTime
CreateFileA
CloseHandle
GlobalAlloc
WriteFile
GlobalLock
HeapAlloc
DeleteCriticalSection
WideCharToMultiByte
lstrlenW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
HeapFree
FreeLibrary
lstrlenA
GetProcessHeap
GlobalFree
GlobalUnlock

user32

GrayStringA
HideCaret
DestroyCaret
CreateCaret
GetAsyncKeyState
SetCaretPos
DrawTextExA
SetRectEmpty
GetShellWindow
SetKeyboardState
GetKeyboardState
MapVirtualKeyA
ShowCaret
GetUpdateRgn
DestroyCursor
GetWindowRgn
ValidateRect
GetDCEx
LockWindowUpdate
CharNextExA
GetIconInfo
GetCursor
GetForegroundWindow
InvalidateRgn
GetKeyboardLayout
GetUpdateRect
DeferWindowPos
BeginDeferWindowPos
FindWindowA
TrackPopupMenu
GetKeyNameTextA
RemovePropA
SendNotifyMessageA
FrameRect
ChildWindowFromPoint
DrawIcon
TranslateMessage
DispatchMessageA
MessageBeep
UnregisterClassA
CreateDialogIndirectParamA
IsChild
GetNextDlgTabItem
IsDialogMessageA
WinHelpA
ScrollWindowEx
InvalidateRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetClipboardFormatNameA
RegisterClipboardFormatA
RegisterWindowMessageA
PeekMessageA
ScreenToClient
PostMessageW
PeekMessageW
RedrawWindow
InflateRect
AdjustWindowRectEx
CreatePopupMenu
DestroyMenu
DrawTextA
DrawFocusRect
AppendMenuA
AdjustWindowRect
IsZoomed
EnumChildWindows
GetDesktopWindow
ShowScrollBar
SetScrollRange
SetScrollPos
GetMessageA
GetScrollPos
IsRectEmpty
CallMsgFilterA
GetMessagePos
GetDoubleClickTime
InvertRect
GetSysColorBrush
SetCursor
GetWindowDC
UnionRect
SetTimer
SetScrollInfo
EnableScrollBar
UpdateWindow
KillTimer
LoadCursorA
GetMessageTime
GetDlgCtrlID
GetWindowThreadProcessId
WindowFromPoint
EndDeferWindowPos
EndDialog
ReleaseCapture
PtInRect
SetWindowRgn
IntersectRect
EqualRect
OffsetRect
GetParent
ClientToScreen
GetWindowRect
GetActiveWindow
GetWindow
MoveWindow
BeginPaint
EndPaint
SetParent
IsWindowVisible
CreateWindowExA
DestroyWindow
CharNextA
GetPropA
GetCursorPos
SetCursorPos
MapWindowPoints
DefWindowProcA
SetPropA
IsWindow
SetDlgItemTextA
CheckDlgButton
IsWindowEnabled
GetDlgItemTextA
GetDC
ReleaseDC
SetWindowPos
SetWindowLongA
GetWindowLongA
SendDlgItemMessageA
IsDlgButtonChecked
GetClientRect
GetFocus
LoadIconA
FillRect
DrawIconEx
ShowWindow
DestroyIcon
SetDlgItemInt
GetDlgItemInt
MessageBoxA
SetFocus
GetWindowTextLengthA
SetWindowTextA
GetWindowTextA
EnableWindow
SendMessageA
DialogBoxParamA
GetKeyState
SetCapture
GetCapture
CallWindowProcA
PostMessageA
GetSysColor
SetRect
DrawEdge
GetSystemMetrics
GetClassInfoA
RegisterClassA
GetDlgItem
LoadStringA
wsprintfA
GetScrollInfo
GetClassNameA
DrawFrameControl
CopyRect

ole32

OleLoadFromStream
ReleaseStgMedium
DoDragDrop
RegisterDragDrop
RevokeDragDrop
OleSaveToStream
CreateOleAdviseHolder
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

advapi32

RegEnumKeyExA
RegCreateKeyA
RegOpenKeyA
RegQueryValueA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

SafeArrayCopy
SafeArrayGetElement
SafeArrayCreate
SafeArrayPutElement
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayGetLBound
VariantCopy
SafeArrayUnaccessData
OleCreateFontIndirect
GetErrorInfo
OleCreatePictureIndirect
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLibEx
SetErrorInfo
LoadTypeLi
CreateErrorInfo
VariantCopyInd
SafeArrayCreateVector
OleCreatePropertyFrame
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
OleTranslateColor
VariantChangeTypeEx
VariantChangeType
SysAllocStringLen
VariantInit
SysStringLen
SysAllocString
LoadRegTypeLi
VariantClear
SafeArrayRedim
SysFreeString

gdi32

ExcludeClipRect
SetBrushOrgEx
GetClipRgn
OffsetRgn
GetDIBColorTable
SetDIBColorTable
CreateDIBSection
OffsetWindowOrgEx
ExtTextOutW
GetTextExtentPointW
CreateHalftonePalette
GetTextAlign
SetTextAlign
DeleteObject
GetDeviceCaps
SelectObject
CreateSolidBrush
PatBlt
Polyline
CreatePen
StretchDIBits
GetDIBits
GetSystemPaletteEntries
GetObjectA
CreateBitmap
DeleteDC
CreateCompatibleDC
CreateDCA
SetBkColor
GetStockObject
GetTextExtentPoint32A
CreateFontIndirectA
GetCurrentObject
GetTextMetricsA
SetViewportOrgEx
SetWindowOrgEx
CreateRectRgnIndirect
GetViewportExtEx
GetWindowExtEx
LPtoDP
SetMapMode
SetViewportExtEx
SetWindowExtEx
SetTextColor
SelectClipRgn
CreateRectRgn
Rectangle
StretchBlt
CreateICA
CopyMetaFileA
CopyEnhMetaFileA
GetPaletteEntries
RealizePalette
SelectPalette
CreateDIBitmap
GetBitmapBits
CreatePalette
GetNearestColor
GetClipBox
TextOutA
SetBkMode
CreateFontA
CreatePatternBrush
ExtTextOutA
RestoreDC
IntersectClipRect
SaveDC
GetBkColor
GetCharWidthA
GetTextExtentPointA
Arc
RectVisible
Ellipse
LineTo
MoveToEx
GetPixel
CreateCompatibleBitmap
BitBlt
CombineRgn
GetTextColor

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 468KB - Virtual size: 466KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MSCOMCTL.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

ce21923007044b1701a0b2dc4ac9396b

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:7d:a7:00:00:00:00:00:48
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/10/2003, 05:59

Not After

25/01/2005, 06:09

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c7:c4:89:65:e3:9c:c5:cd:87:45:a0:f0:e3:45:44:66:2e:8c:1e:27
Signer

Actual PE Digest

c7:c4:89:65:e3:9c:c5:cd:87:45:a0:f0:e3:45:44:66:2e:8c:1e:27

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
LocalReAlloc
GetProfileIntA
RtlMoveMemory
LocalSize
FreeResource
GetCurrentProcessId
MulDiv
GetTickCount
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GlobalReAlloc
IsBadReadPtr
Sleep
WaitForSingleObject
GlobalHandle
GetThreadLocale
LocalFree
LocalAlloc
GlobalAddAtomA
SetFilePointer
SetStdHandle
FlushFileBuffers
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentProcess
TerminateProcess
ExitProcess
RtlUnwind
GetCommandLineA
CompareStringW
GlobalSize
CreateFileA
GetFileSize
GlobalUnlock
GlobalLock
ReadFile
CloseHandle
IsDBCSLeadByte
GetModuleHandleA
FindResourceA
LoadResource
LockResource
GetLastError
GetFileAttributesA
GetVersion
DisableThreadLibraryCalls
GetProcAddress
GetLocaleInfoA
LoadLibraryA
GetWindowsDirectoryA
lstrcatA
GetModuleFileNameA
IsBadWritePtr
lstrcmpiA
GetLocalTime
GetTimeFormatA
GetDateFormatA
lstrcmpA
GlobalAlloc
GlobalFree
GetVersionExA
GetCurrentThreadId
MultiByteToWideChar
CompareStringA
lstrcpyA
InterlockedExchange
lstrlenA
GetSystemDefaultLCID
lstrcpynA
HeapAlloc
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
HeapReAlloc

user32

DrawFocusRect
AdjustWindowRect
DrawFrameControl
TrackPopupMenu
GetMessageA
AdjustWindowRectEx
CopyRect
GetKeyNameTextA
ShowCaret
SetCaretPos
GrayStringA
HideCaret
DestroyCaret
CreateCaret
SetWindowTextA
SetScrollInfo
DrawTextExA
InvertRect
SetRectEmpty
GetShellWindow
SetKeyboardState
GetKeyboardState
GetScrollInfo
GetKeyboardLayout
DestroyCursor
GetUpdateRgn
GetUpdateRect
GetWindowRgn
ValidateRect
CallMsgFilterA
LockWindowUpdate
IsZoomed
GetDesktopWindow
GetIconInfo
GetCursor
GetForegroundWindow
InvalidateRgn
EndDeferWindowPos
EnumChildWindows
GetDoubleClickTime
FindWindowA
GetMessageTime
GetWindowThreadProcessId
RemovePropA
SendNotifyMessageA
SetScrollPos
SetScrollRange
GetWindowTextLengthA
EnableScrollBar
ChildWindowFromPoint
EndDialog
GetWindow
GetPropA
GetCursorPos
WindowFromPoint
GetClassNameA
GetDlgCtrlID
IsWindow
SetPropA
SetTimer
KillTimer
SendDlgItemMessageA
IsWindowVisible
UnregisterClassA
CharNextA
SetActiveWindow
CheckRadioButton
SetFocus
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
CheckDlgButton
GetDlgItem
IsWindowEnabled
GetDCEx
DrawIconEx
CreateIconIndirect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetClipboardFormatNameA
SetCursorPos
RegisterClipboardFormatA
MessageBeep
RegisterWindowMessageA
PeekMessageA
PostMessageW
PeekMessageW
VkKeyScanA
SetParent
CharUpperA
GetDlgItemInt
SetCursor
CreateDialogIndirectParamA
GetNextDlgTabItem
IsDialogMessageA
ScrollWindowEx
GetDlgItemTextA
SetWindowRgn
IntersectRect
EqualRect
MoveWindow
BeginPaint
EndPaint
DeferWindowPos
BeginDeferWindowPos
CharNextExA
DrawIcon
DestroyIcon
MapWindowPoints
CreatePopupMenu
AppendMenuA
TrackPopupMenuEx
DestroyMenu
GetActiveWindow
MessageBoxA
WinHelpA
PtInRect
DefWindowProcA
GetWindowDC
SetRect
LoadCursorA
IsRectEmpty
ClientToScreen
GetWindowRect
MapVirtualKeyA
DestroyWindow
CreateWindowExA
GetSysColorBrush
GetAsyncKeyState
EnableWindow
PostMessageA
TranslateMessage
DispatchMessageA
wsprintfA
DialogBoxParamA
UpdateWindow
GetWindowLongA
SetWindowLongA
GetDC
ReleaseDC
GetParent
OffsetRect
UnionRect
GetFocus
IsChild
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetMessagePos
ScreenToClient
SetWindowPos
SetCapture
GetWindowTextA
WindowFromDC
GetClientRect
CallWindowProcA
DrawEdge
GetSysColor
FrameRect
InflateRect
FillRect
DrawTextA
GetKeyState
GetCapture
ReleaseCapture
GetClassInfoA
RegisterClassA
InvalidateRect
LoadIconA
GetSystemMetrics
CopyImage
SendMessageA
LoadStringA
RedrawWindow
ShowWindow
CreateAcceleratorTableA

ole32

ReleaseStgMedium
DoDragDrop
RegisterDragDrop
RevokeDragDrop
CreateStreamOnHGlobal
OleLoadFromStream
OleSaveToStream
CreateOleAdviseHolder
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

advapi32

RegDeleteKeyA
RegOpenKeyA
RegQueryValueA
RegQueryValueExA
RegEnumKeyExA
RegCreateKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegDeleteValueA

oleaut32

SafeArrayRedim
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
GetErrorInfo
OleCreateFontIndirect
OleCreatePropertyFrame
LoadTypeLibEx
UnRegisterTypeLi
RegisterTypeLi
CreateErrorInfo
SetErrorInfo
LoadRegTypeLi
LoadTypeLi
VariantChangeTypeEx
SysStringByteLen
SysAllocStringByteLen
OleLoadPicture
SysAllocStringLen
VariantCopy
OleTranslateColor
VariantChangeType
OleCreatePictureIndirect
VariantCopyInd
SysStringLen
SysFreeString
VariantInit
VariantClear
SysAllocString
SafeArrayCopy

comdlg32

GetOpenFileNameA

gdi32

Arc
GetTextExtentPointA
GetCharWidthA
OffsetWindowOrgEx
ExtTextOutW
GetTextExtentPointW
Polyline
GetTextAlign
SetTextAlign
OffsetRgn
GetTextColor
CombineRgn
GetTextMetricsA
MoveToEx
LineTo
Ellipse
DeleteObject
SelectObject
CreateSolidBrush
SetViewportOrgEx
SetWindowOrgEx
SetViewportExtEx
SetWindowExtEx
SetMapMode
GetDeviceCaps
CreateFontIndirectA
GetObjectA
SelectClipRgn
ExcludeClipRect
RectVisible
GetClipBox
IntersectClipRect
GetClipRgn
CreateRectRgnIndirect
RealizePalette
SelectPalette
PatBlt
CreateCompatibleBitmap
CreateBitmap
CreateCompatibleDC
GetTextExtentPoint32A
TextOutA
SetBkColor
SetTextColor
SetBkMode
Rectangle
CreatePen
GetStockObject
GetViewportExtEx
GetWindowExtEx
LPtoDP
DeleteDC
CreateDCA
CreateRectRgn
StretchBlt
CreateICA
CopyMetaFileA
CopyEnhMetaFileA
GetPaletteEntries
GetDIBits
CreateDIBitmap
GetBitmapBits
CreatePalette
GetNearestColor
CreatePatternBrush
CreateDIBSection
CreateHalftonePalette
BitBlt
SetDIBColorTable
GetDIBColorTable
GetPixel
StretchDIBits
SetBrushOrgEx
GetBkColor
ExtTextOutA
RestoreDC
SaveDC
CreateFontA

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 692KB - Virtual size: 690KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MSHFGCHS.DLL
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MSHFLXGD.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

56ac46dcc88f67428b0149d3d554a99b

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:7d:a7:00:00:00:00:00:48
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/10/2003, 05:59

Not After

25/01/2005, 06:09

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7b:6c:40:51:56:47:c3:52:ef:72:d1:11:f8:9e:5b:e4:32:bd:de:0b
Signer

Actual PE Digest

7b:6c:40:51:56:47:c3:52:ef:72:d1:11:f8:9e:5b:e4:32:bd:de:0b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

olepro32

ord253
ord254
ord252
ord250

comctl32

ImageList_Destroy
ImageList_LoadImageA

kernel32

Sleep
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
HeapSize
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
SetLastError
GetCurrentThread
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
TlsGetValue
VirtualAlloc
IsBadCodePtr
GetStdHandle
GetFileType
WriteFile
IsValidLocale
IsValidCodePage
GetUserDefaultLCID
SetConsoleCtrlHandler
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
FlushFileBuffers
GetTimeZoneInformation
CloseHandle
SetStdHandle
SetFilePointer
CompareStringA
CompareStringW
SetEnvironmentVariableA
IsDBCSLeadByte
GetVersionExA
GlobalFree
TlsSetValue
GlobalUnlock
GlobalLock
GlobalSize
lstrcmpA
TlsFree
TlsAlloc
ExitProcess
GetCurrentThreadId
FatalAppExitA
RaiseException
GetModuleHandleA
GetCommandLineA
GetVersion
RtlUnwind
GetFileAttributesA
LoadResource
DisableThreadLibraryCalls
FindResourceA
lstrcmpiA
LockResource
GetLastError
GetLocaleInfoA
HeapReAlloc
GetProcAddress
GetModuleFileNameA
LoadLibraryA
GetWindowsDirectoryA
lstrcmpiW
IsBadReadPtr
GetProfileStringA
MulDiv
lstrcpynA
FormatMessageA
FreeLibrary
lstrcpyA
MultiByteToWideChar
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
LeaveCriticalSection
InterlockedIncrement
UnhandledExceptionFilter
lstrlenA
lstrlenW
lstrcmpW
lstrcatA
LCMapStringA
LCMapStringW
GlobalAlloc
WideCharToMultiByte
GetProcessHeap
HeapAlloc
HeapFree
InterlockedDecrement
LocalFree
IsBadWritePtr

user32

SetCursorPos
GetSysColor
PostMessageW
PeekMessageW
UnregisterClassA
CreateDialogIndirectParamA
IsChild
IsWindowEnabled
GetNextDlgTabItem
MapWindowPoints
GetClipboardFormatNameA
ScrollWindowEx
GetCapture
CallWindowProcA
ShowWindow
SetWindowRgn
IntersectRect
EqualRect
ClientToScreen
CharNextA
GetWindow
RegisterClipboardFormatA
WinHelpA
IsDialogMessageA
EndDialog
BeginPaint
EndPaint
SetParent
IsWindowVisible
CreateWindowExA
DestroyWindow
LoadBitmapA
SetDlgItemInt
CheckDlgButton
GetDlgItem
GetDlgItemInt
IsDlgButtonChecked
SetFocus
InvalidateRect
GetActiveWindow
DialogBoxParamA
PeekMessageA
GetWindowRect
MoveWindow
SendMessageA
MessageBeep
SendDlgItemMessageA
DrawTextExW
DrawTextExA
GetParent
GetSystemMetrics
FillRect
GetWindowLongA
SetWindowPos
DrawFocusRect
SetTimer
ReleaseCapture
SetCapture
SetCursor
DefWindowProcA
EnableWindow
GetCursorPos
ScreenToClient
PtInRect
PostMessageA
DrawEdge
FrameRect
InflateRect
SetWindowLongA
LoadCursorA
RegisterClassA
RegisterWindowMessageA
SetRect
UpdateWindow
GetKeyState
IsWindow
GetScrollRange
ScrollWindow
OffsetRect
SetScrollRange
GetClientRect
SetScrollPos
ShowScrollBar
LoadStringA
MessageBoxA
GetDC
ReleaseDC
KillTimer
wsprintfA
GetFocus

ole32

CoCreateInstance
ReleaseStgMedium
DoDragDrop
RegisterDragDrop
RevokeDragDrop
CreateOleAdviseHolder
OleLoadFromStream
OleSaveToStream
CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc

advapi32

RegCloseKey
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA

oleaut32

LoadTypeLi
SysStringByteLen
GetErrorInfo
VariantChangeType
LoadRegTypeLi
CreateErrorInfo
SetErrorInfo
VariantInit
SysStringLen
SysFreeString
SysAllocString
VariantCopyInd
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLibEx
VariantCopy
SysAllocStringLen
SysAllocStringByteLen
VariantClear
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetElement
SafeArrayPutElement
SafeArrayRedim
SafeArrayCopy

gdi32

GetWindowExtEx
SetWindowOrgEx
CreateDCA
SetViewportOrgEx
GetPaletteEntries
GetDIBits
CopyEnhMetaFileA
GetBitmapBits
CreatePalette
CreateDIBitmap
GetViewportExtEx
GetNearestColor
LPtoDP
DeleteObject
CreatePen
GetTextMetricsA
GetTextExtentPoint32W
CreateFontIndirectA
CreateSolidBrush
GetStockObject
SelectObject
StretchBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
ExcludeClipRect
SaveDC
RestoreDC
LineTo
MoveToEx
GetObjectA
Rectangle
SetBkMode
SetTextColor
SelectPalette
GetCurrentPositionEx
RealizePalette
SetWindowExtEx
DPtoLP
SetViewportExtEx
GetTextColor
CreateBitmap
SetMapMode
GetDeviceCaps
CreateRectRgnIndirect
CopyMetaFileA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MSSTDFMT.DLL
.dll regsvr32 windows:4 windows x86 arch:x86

813db3b6c9a1b45c2a363924917c26d9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetLocaleInfoW
FreeLibrary
DeleteCriticalSection
DisableThreadLibraryCalls
InitializeCriticalSection
GetVersion
GetProcAddress
GetFileAttributesA
lstrcatA
IsDBCSLeadByte
MultiByteToWideChar
InterlockedDecrement
GetWindowsDirectoryA
LoadLibraryA
GetLastError
LockResource
LoadResource
FindResourceA
GetModuleHandleA
CompareStringW
LeaveCriticalSection
EnterCriticalSection
EnumSystemLocalesA
lstrcpynA
EnumDateFormatsA
CompareStringA
lstrcmpA
EnumTimeFormatsA
lstrlenA
GetModuleFileNameA
InterlockedIncrement
HeapAlloc
GetLocaleInfoA
GetProcessHeap
GetThreadLocale
HeapFree
HeapReAlloc
lstrcpyA
GetSystemTime
lstrcmpiA
WideCharToMultiByte
lstrlenW

user32

ReleaseCapture
SetCapture
CallWindowProcA
PtInRect
GetFocus
InvalidateRect
MessageBoxA
GetDlgItemTextA
GetCapture
EqualRect
ShowWindow
SetDlgItemTextA
GetWindowRect
SetParent
SetWindowLongA
CharNextA
GetDC
ReleaseDC
UnregisterClassA
DestroyWindow
GetSystemMetrics
SetWindowRgn
IntersectRect
GetActiveWindow
OffsetRect
ClientToScreen
BeginPaint
MoveWindow
SetFocus
SetWindowPos
GetClientRect
EndPaint
CreateWindowExA
GetDlgItemInt
RegisterClassA
GetWindowLongA
CreateDialogIndirectParamA
IsDlgButtonChecked
IsWindowEnabled
GetKeyState
IsChild
IsDialogMessageA
GetNextDlgTabItem
GetWindow
LoadStringA
WinHelpA
SetDlgItemInt
ScrollWindowEx
wsprintfA
SendMessageA
SendDlgItemMessageA
GetDlgItem
EnableWindow
IsWindowVisible
GetParent
DefWindowProcA

ole32

CreateOleAdviseHolder
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc

advapi32

RegDeleteKeyA
RegQueryValueExA
RegEnumKeyExA
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

SetErrorInfo
LoadRegTypeLi
CreateErrorInfo
UnRegisterTypeLi
LoadTypeLi
LoadTypeLibEx
SystemTimeToVariantTime
OleLoadPicture
RegisterTypeLi
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetDim
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreateVector
VariantChangeType
VariantChangeTypeEx
SafeArrayDestroy
SysAllocStringLen
VariantInit
SysReAllocStringLen
SysAllocString
SysStringLen
VariantCopy
SysFreeString
VariantClear
OleCreatePropertyFrame

gdi32

SetMapMode
LPtoDP
DeleteDC
SetWindowOrgEx
SetViewportOrgEx
CreateDCA
SetViewportExtEx
GetDeviceCaps
SetWindowExtEx
GetViewportExtEx
GetWindowExtEx
CreateRectRgnIndirect

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MSVBVM60.DLL
.dll regsvr32 windows:4 windows x86 arch:x86

52aa5ee856953e49635e554af5207319

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
ExitThread
FlushFileBuffers
CreateDirectoryA
GetTimeZoneInformation
RemoveDirectoryA
MoveFileA
LockFile
UnlockFile
TerminateProcess
RaiseException
SetEnvironmentVariableA
lstrlenA
GetACP
GetOEMCP
SetHandleCount
GetStdHandle
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
GetStringTypeW
lstrcpynA
FreeLibrary
GetLocaleInfoA
lstrcmpiA
GetLastError
GetModuleHandleA
GetSystemDefaultLangID
FormatMessageA
HeapCreate
GetWindowsDirectoryA
GetPrivateProfileStringA
lstrcatA
CreateFileA
ReadFile
CloseHandle
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
IsBadReadPtr
TlsGetValue
lstrcpyA
DeleteFileA
lstrcmpA
GetCurrentThreadId
GetVersionExA
HeapAlloc
HeapFree
LCMapStringW
GetStringTypeA
GetModuleFileNameW
GetUserDefaultLangID
GetComputerNameA
SetFileAttributesA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileTime
SetFileTime
GetLocalTime
SetLocalTime
RtlUnwind
CreateProcessW
IsValidCodePage
FormatMessageW
GetStartupInfoA
UnhandledExceptionFilter
ExitProcess
SetCurrentDirectoryA
GetStringTypeExA
GetVolumeInformationA
FindFirstFileA
FindNextFileA
FindClose
VirtualFree
GetSystemInfo
VirtualAlloc
VirtualProtect
FlushInstructionCache
FindResourceExA
GetShortPathNameA
WinExec
lstrlenW
lstrcpyW
WriteFile
SetEndOfFile
SetFilePointer
GetSystemTime
SystemTimeToFileTime
WaitForMultipleObjects
ReleaseMutex
CreateMutexA
GetCurrentProcess
DuplicateHandle
ResumeThread
GetCommandLineA
TlsSetValue
TlsFree
TlsAlloc
GetVersion
CompareStringW
lstrcmpiW
MulDiv
CreateProcessA
GetExitCodeProcess
LoadLibraryExA
WaitForSingleObject
ResetEvent
SetEvent
CreateEventA
GetCurrentProcessId
GetTickCount
GetEnvironmentVariableA
FreeResource
GetSystemDefaultLCID
GetPrivateProfileIntA
IsBadCodePtr
GetUserDefaultLCID
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
Sleep
GlobalDeleteAtom
HeapDestroy
SetErrorMode
GlobalAddAtomA
ReleaseSemaphore
LCMapStringA
CreateSemaphoreA
VirtualQuery
MultiByteToWideChar
GetProfileStringA
WideCharToMultiByte
HeapReAlloc
GetDriveTypeA
CompareStringA
GetFileAttributesA
GetCurrentDirectoryA
GetModuleFileNameA
SetLastError
GetFullPathNameA
SearchPathA
GetFileType
GlobalUnlock
GlobalFree
FindResourceA
LoadResource
SizeofResource
GlobalAlloc
GlobalSize
GlobalHandle
GlobalReAlloc
GlobalLock
_lwrite
_lread
LockResource
GetTempPathA
GetTempFileNameA
_lclose
_llseek
HeapSize
GetCPInfo

user32

DdeGetLastError
DdeCreateDataHandle
DdeCmpStringHandles
DdeGetData
SetCursorPos
EnumClipboardFormats
DestroyCursor
GetAsyncKeyState
WaitForInputIdle
GetForegroundWindow
VkKeyScanW
SetWindowsHookExW
keybd_event
CharUpperBuffW
CharUpperBuffA
CharLowerBuffW
FindWindowW
FindWindowA
MessageBoxIndirectA
DialogBoxParamA
EnumThreadWindows
GetLastActivePopup
SetActiveWindow
GetClassInfoExA
LoadIconA
LoadImageA
FrameRect
CreateDialogParamA
IsDialogMessageA
EnableMenuItem
ShowCursor
OemToCharA
CharToOemBuffA
GetWindowTextA
EndDialog
DrawTextA
SendDlgItemMessageA
SetDlgItemTextA
GetWindowPlacement
GetSystemMetrics
LoadBitmapA
TranslateMessage
DispatchMessageA
MsgWaitForMultipleObjects
WaitMessage
PostQuitMessage
UnhookWindowsHookEx
RegisterClipboardFormatA
CreateCursor
CreateIcon
PostMessageW
PeekMessageW
GetPropA
RemovePropA
SetPropA
SetForegroundWindow
ClipCursor
CallWindowProcA
DefFrameProcA
GetKeyState
GetDlgItem
IsWindow
UnregisterClassA
RegisterClassA
AdjustWindowRect
GetTabbedTextExtentA
TabbedTextOutA
FillRect
CharToOemA
MessageBoxA
wsprintfA
WinHelpA
GetDesktopWindow
SetRect
GetWindowDC
DestroyIcon
GetClassInfoA
AdjustWindowRectEx
GetMenuItemCount
RemoveMenu
GetMenuStringA
GetMenuState
DdePostAdvise
DdeAbandonTransaction
CharPrevA
CharNextA
GetUpdateRgn
GetUpdateRect
PtInRect
ChildWindowFromPointEx
ReleaseCapture
SetCapture
InflateRect
GetWindowRect
ClientToScreen
MoveWindow
IsWindowEnabled
IsChild
SetParent
IsIconic
IsZoomed
DefMDIChildProcA
MessageBeep
PeekMessageA
PostMessageA
LoadStringA
AppendMenuA
DestroyMenu
CreatePopupMenu
GetMessageTime
GetMessagePos
DrawFocusRect
CopyAcceleratorTableA
GetWindowRgn
CharUpperA
TranslateMDISysAccel
SubtractRect
IsRectEmpty
InvalidateRgn
InvalidateRect
CopyRect
GetDCEx
IntersectRect
LoadAcceleratorsA
BringWindowToTop
GetWindowThreadProcessId
AttachThreadInput
EqualRect
EnableWindow
SetFocus
SendMessageA
SetWindowsHookExA
GetClassNameA
LoadCursorA
SetCursor
SetWindowLongA
GetWindow
GetFocus
GetKeyboardLayout
GetSystemMenu
CallNextHookEx
GetParent
DestroyWindow
SetWindowTextA
SetWindowPos
UpdateWindow
CreateWindowExA
SystemParametersInfoA
GetCapture
WindowFromPoint
ScreenToClient
SetTimer
IsWindowVisible
ShowWindow
KillTimer
GetDC
ReleaseDC
MapWindowPoints
GetCursorPos
GetCursor
OffsetRect
GetIconInfo
DefWindowProcA
BeginPaint
GetClientRect
EndPaint
GetSysColor
GetActiveWindow
GetWindowLongA
DdeClientTransaction
DdeSetUserHandle
DdeDisconnect
DdeConnect
DdeUninitialize
DdeNameService
DdeCreateStringHandleA
DdeQueryConvInfo
DdeInitializeA
DdeFreeStringHandle
SetScrollRange
DdeQueryStringA
DdeFreeDataHandle
LockWindowUpdate
SetScrollPos
DrawFrameControl
SetClipboardData
CharLowerBuffA
IsClipboardFormatAvailable
EmptyClipboard
GetClipboardData
OpenClipboard
SetCaretPos
CloseClipboard
GetCaretBlinkTime
ShowCaret
GetWindowTextLengthA
CreateCaret
GetScrollPos
HideCaret
DestroyCaret
SetWindowRgn
GetClipboardFormatNameA
DrawTextExA
DestroyAcceleratorTable
ToAscii
CreateAcceleratorTableA
SetScrollInfo
ShowScrollBar
SetKeyboardState
GetMenuItemInfoA
SetMenuItemInfoA
GetDoubleClickTime
GetKeyboardState
GetQueueStatus
SetMenuDefaultItem
SetWindowContextHelpId
TrackPopupMenu
InsertMenuA
DrawMenuBar
DeleteMenu
GetMenu
GetSubMenu
GetMenuItemID
ModifyMenuA
SetMenu
CreateMenu
EndDeferWindowPos
CheckMenuItem
BeginDeferWindowPos
VkKeyScanA
DeferWindowPos
PostThreadMessageA
DrawIcon
CharLowerA
IsCharAlphaA
GetCaretPos
RegisterClassExA
GetScrollInfo

gdi32

UnrealizeObject
CreatePen
SetBkColor
SetTextColor
CreatePatternBrush
DeleteObject
CreateBitmap
ExtTextOutA
SelectObject
SetBkMode
GetBitmapBits
GetObjectA
GetTextExtentPointA
CreateFontIndirectA
CombineRgn
SetRectRgn
CreateRectRgn
CreateRectRgnIndirect
ExtSelectClipRgn
OffsetRgn
PtInRegion
CreatePalette
SelectPalette
SelectClipRgn
OffsetWindowOrgEx
IntersectClipRect
DeleteDC
BitBlt
SetViewportOrgEx
CreateCompatibleDC
CreateCompatibleBitmap
RestoreDC
RealizePalette
SetROP2
SaveDC
GetClipBox
SetWindowOrgEx
ExcludeClipRect
CreateHalftonePalette
GetTextMetricsA
PatBlt
EnumFontsA
TranslateCharsetInfo
GetROP2
SetBrushOrgEx
GetDeviceCaps
GetObjectType
CreatePenIndirect
CreateBrushIndirect
Rectangle
GetStockObject
Arc
LineTo
MoveToEx
Pie
Ellipse
SetStretchBltMode
GetPixel
GetTextExtentPoint32A
SetPixelV
StretchDIBits
GetCurrentObject
TextOutA
GetBkColor
StretchBlt
CreateDIBitmap
CloseMetaFile
SetWindowExtEx
CreateMetaFileA
EndDoc
AbortDoc
StartPage
EndPage
StartDocA
CreateDCA
ResetDCA
Escape
ScaleViewportExtEx
SetViewportExtEx
SetMapMode
DeleteMetaFile
PlayMetaFile
SetAbortProc
DeleteEnhMetaFile
PlayEnhMetaFile
CreateICA
GetEnhMetaFileHeader
ScaleWindowExtEx
GetWindowOrgEx
GetPaletteEntries
CreateDIBSection
CloseEnhMetaFile
CreateEnhMetaFileA
LPtoDP
EqualRgn
ExtCreateRegion
GetDIBits
SetTextAlign
GetWindowExtEx
GetViewportExtEx
CopyMetaFileA
CopyEnhMetaFileA
PathToRegion
EndPath
BeginPath
WidenPath
GetTextColor
GetMapMode
SetDIBColorTable
RoundRect
CreateEllipticRgnIndirect
CreateRoundRectRgn
GetSystemPaletteEntries
GetNearestColor
CreateHatchBrush
CreateSolidBrush

advapi32

ReportEventA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegOpenKeyA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueA
RegDeleteKeyA
RegEnumKeyA
RegSetValueExA
RegCreateKeyA
RegSetValueA
RegDeleteValueA
RegisterEventSourceA
DeregisterEventSource
RegQueryInfoKeyA
RegEnumKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSetValueExW
RegOpenKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegEnumValueA
RegQueryValueExW
RegCreateKeyW

ole32

OleCreateLinkToFile
CoTaskMemFree
BindMoniker
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
DoDragDrop
CreateILockBytesOnHGlobal
OleFlushClipboard
OleIsCurrentClipboard
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
CreateDataAdviseHolder
CreateOleAdviseHolder
CoRegisterClassObject
CoRevokeClassObject
CLSIDFromString
OleDoAutoConvert
OleRegGetUserType
OleSaveToStream
ReadClassStg
ReadClassStm
OleConvertIStorageToOLESTREAM
OleConvertOLESTREAMToIStorage
StgIsStorageILockBytes
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
OleCreateFromData
OleCreateLinkFromData
OleGetIconOfClass
OleGetClipboard
OleSetClipboard
OleCreateLink
CoTaskMemAlloc
OleGetAutoConvert
OleCreateFromFile
CoMarshalInterface
CoUnmarshalInterface
CreateStreamOnHGlobal
StringFromCLSID
StringFromGUID2
CLSIDFromProgID
ProgIDFromCLSID
CoGetClassObject
CoCreateInstance
MkParseDisplayName
CoIsOle1Class
OleQueryLinkFromData
OleQueryCreateFromData
GetClassFile
CreateBindCtx
OleDuplicateData
ReleaseStgMedium
OleSetMenuDescriptor
CoRegisterMessageFilter
OleUninitialize
OleInitialize
CoGetMalloc
OleRegGetMiscStatus
CoCreateGuid
IIDFromString
CoFreeUnusedLibraries
CoDisconnectObject
IsAccelerator
OleIsRunning
OleRun
OleLockRunning
StgCreateDocfile
WriteClassStg
OleSave
StgOpenStorage
OleLoad

oleaut32

SysStringLen
OleTranslateColor
VariantInit
VariantClear
OleCreatePropertyFrame
SysFreeString
OleCreateFontIndirect
SysAllocString
SysAllocStringByteLen
OaBuildVersion
OleCreatePictureIndirect
VariantChangeType
SetErrorInfo
SysAllocStringLen
GetErrorInfo
DispGetParam
CreateErrorInfo
SysStringByteLen
LoadRegTypeLi
LoadTypeLi
LoadTypeLibEx
UnRegisterTypeLi
RegisterTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
LHashValOfNameSys
SafeArrayGetDim
SafeArrayCreate
SafeArrayGetElemsize
SafeArrayDestroy
VariantCopy
OleLoadPicture
SafeArrayDestroyData
VariantChangeTypeEx
VariantCopyInd
DispGetIDsOfNames
DispInvoke
CreateDispTypeInfo
SafeArrayGetLBound
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayRedim
SafeArrayCopy
SafeArrayPutElement
RevokeActiveObject
SafeArrayAllocDescriptor
OleIconToCursor
SafeArrayAllocData
SafeArrayLock
SafeArrayDestroyDescriptor
VarDateFromStr
SysReAllocStringLen
SafeArrayUnlock
VarR8FromStr
VarCyFromI4
GetActiveObject
VarBstrFromI2
VarBstrFromI4
VarBstrFromR8
VarBstrFromDate
VarBstrFromR4
VarI2FromStr
VarI4FromStr
VarBstrFromCy
VarR4FromStr
VarCyFromStr
VarI4FromR8
SysReAllocString
LHashValOfNameSysA

Exports

Exports

BASIC_CLASS_AddRef
BASIC_CLASS_GetIDsOfNames
BASIC_CLASS_Invoke
BASIC_CLASS_QueryInterface
BASIC_CLASS_Release
BASIC_DISPINTERFACE_GetTICount
BASIC_DISPINTERFACE_GetTypeInfo
CopyRecord
CreateIExprSrvObj
DLLGetDocumentation
DllCanUnloadNow
DllFunctionCall
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EVENT_SINK2_AddRef
EVENT_SINK2_Release
EVENT_SINK_AddRef
EVENT_SINK_GetIDsOfNames
EVENT_SINK_Invoke
EVENT_SINK_QueryInterface
EVENT_SINK_Release
EbCreateContext
EbDestroyContext
EbGetErrorInfo
EbGetHandleOfExecutingProject
EbGetObjConnectionCounts
EbGetVBAObject
EbIsProjectOnStack
EbLibraryLoad
EbLibraryUnload
EbLoadRunTime
EbResetProject
EbResetProjectNormal
EbSetContextWorkerThread
GetMem1
GetMem2
GetMem4
GetMem8
GetMemEvent
GetMemNewObj
GetMemObj
GetMemStr
GetMemVar
IID_IVbaHost
MethCallEngine
ProcCallEngine
PutMem1
PutMem2
PutMem4
PutMem8
PutMemEvent
PutMemNewObj
PutMemObj
PutMemStr
PutMemVar
SetMemEvent
SetMemNewObj
SetMemObj
SetMemVar
ThunRTMain
TipCreateInstanceEx
TipCreateInstanceProject2
TipGetAddressOfPredeclaredInstance
TipInvokeMethod
TipInvokeMethod2
TipSetOption
TipUnloadInstance
TipUnloadProject
UserDllMain
VBDllCanUnloadNow
VBDllGetClassObject
VBDllRegisterServer
VBDllUnRegisterServer
VarPtr
Zombie_AddRef
Zombie_GetIDsOfNames
Zombie_GetTypeInfo
Zombie_GetTypeInfoCount
Zombie_Invoke
Zombie_QueryInterface
Zombie_Release
_CIatan
_CIcos
_CIexp
_CIlog
_CIsin
_CIsqrt
_CItan
__vbaAptOffset
__vbaAryConstruct
__vbaAryConstruct2
__vbaAryCopy
__vbaAryDestruct
__vbaAryLock
__vbaAryMove
__vbaAryRebase1Var
__vbaAryRecCopy
__vbaAryRecMove
__vbaAryUnlock
__vbaAryVar
__vbaAryVarVarg
__vbaBoolErrVar
__vbaBoolStr
__vbaBoolVar
__vbaBoolVarNull
__vbaCVarAryUdt
__vbaCastObj
__vbaCastObjVar
__vbaCheckType
__vbaCheckTypeVar
__vbaChkstk
__vbaCopyBytes
__vbaCopyBytesZero
__vbaCyAbs
__vbaCyAdd
__vbaCyErrVar
__vbaCyFix
__vbaCyForInit
__vbaCyForNext
__vbaCyI2
__vbaCyI4
__vbaCyInt
__vbaCyMul
__vbaCyMulI2
__vbaCySgn
__vbaCyStr
__vbaCySub
__vbaCyUI1
__vbaCyVar
__vbaDateR4
__vbaDateR8
__vbaDateStr
__vbaDateVar
__vbaDerefAry
__vbaDerefAry1
__vbaEnd
__vbaErase
__vbaEraseKeepData
__vbaEraseNoPop
__vbaError
__vbaErrorOverflow
__vbaExceptHandler
__vbaExitEachAry
__vbaExitEachColl
__vbaExitEachVar
__vbaExitProc
__vbaFPException
__vbaFPFix
__vbaFPInt
__vbaFailedFriend
__vbaFileClose
__vbaFileCloseAll
__vbaFileLock
__vbaFileOpen
__vbaFileSeek
__vbaFixstrConstruct
__vbaForEachAry
__vbaForEachCollAd
__vbaForEachCollObj
__vbaForEachCollVar
__vbaForEachVar
__vbaFpCDblR4
__vbaFpCDblR8
__vbaFpCSngR4
__vbaFpCSngR8
__vbaFpCmpCy
__vbaFpCy
__vbaFpI2
__vbaFpI4
__vbaFpR4
__vbaFpR8
__vbaFpUI1
__vbaFreeObj
__vbaFreeObjList
__vbaFreeStr
__vbaFreeStrList
__vbaFreeVar
__vbaFreeVarList
__vbaFreeVarg
__vbaGenerateBoundsError
__vbaGet3
__vbaGet4
__vbaGetFxStr3
__vbaGetFxStr4
__vbaGetOwner3
__vbaGetOwner4
__vbaGosub
__vbaGosubFree
__vbaGosubReturn
__vbaHresultCheck
__vbaHresultCheckNonvirt
__vbaHresultCheckObj
__vbaI2Abs
__vbaI2Cy
__vbaI2ErrVar
__vbaI2ForNextCheck
__vbaI2I4
__vbaI2Sgn
__vbaI2Str
__vbaI2Var
__vbaI4Abs
__vbaI4Cy
__vbaI4ErrVar
__vbaI4ForNextCheck
__vbaI4Sgn
__vbaI4Str
__vbaI4Var
__vbaInStr
__vbaInStrB
__vbaInStrVar
__vbaInStrVarB
__vbaInputFile
__vbaLateIdCall
__vbaLateIdCallLd
__vbaLateIdCallSt
__vbaLateIdNamedCall
__vbaLateIdNamedCallLd
__vbaLateIdNamedCallSt
__vbaLateIdNamedStAd
__vbaLateIdSt
__vbaLateIdStAd
__vbaLateMemCall
__vbaLateMemCallLd
__vbaLateMemCallSt
__vbaLateMemNamedCall
__vbaLateMemNamedCallLd
__vbaLateMemNamedCallSt
__vbaLateMemNamedStAd
__vbaLateMemSt
__vbaLateMemStAd
__vbaLbound
__vbaLdZeroAry
__vbaLenBstr
__vbaLenBstrB
__vbaLenVar
__vbaLenVarB
__vbaLineInputStr
__vbaLineInputVar
__vbaLsetFixstr
__vbaLsetFixstrFree
__vbaMidStmtBstr
__vbaMidStmtBstrB
__vbaMidStmtVar
__vbaMidStmtVarB
__vbaNameFile
__vbaNew
__vbaNew2
__vbaNextEachAry
__vbaNextEachCollAd
__vbaNextEachCollObj
__vbaNextEachCollVar
__vbaNextEachVar
__vbaObjAddref
__vbaObjIs
__vbaObjSet
__vbaObjSetAddref
__vbaObjVar
__vbaOnError
__vbaOnGoCheck
__vbaPowerR8
__vbaPrintFile
__vbaPrintObj
__vbaPut3
__vbaPut4
__vbaPutFxStr3
__vbaPutFxStr4
__vbaPutOwner3
__vbaPutOwner4
__vbaR4Cy
__vbaR4ErrVar
__vbaR4ForNextCheck
__vbaR4Sgn
__vbaR4Str
__vbaR4Var
__vbaR8Cy
__vbaR8ErrVar
__vbaR8FixI2
__vbaR8FixI4
__vbaR8ForNextCheck
__vbaR8IntI2
__vbaR8IntI4
__vbaR8Sgn
__vbaR8Str
__vbaR8Var
__vbaRaiseEvent
__vbaRecAnsiToUni
__vbaRecAssign
__vbaRecDestruct
__vbaRecDestructAnsi
__vbaRecUniToAnsi
__vbaRedim
__vbaRedimPreserve
__vbaRedimPreserveVar
__vbaRedimPreserveVar2
__vbaRedimVar
__vbaRedimVar2
__vbaRefVarAry
__vbaResume
__vbaRsetFixstr
__vbaRsetFixstrFree
__vbaSetSystemError
__vbaStopExe
__vbaStr2Vec
__vbaStrAryToAnsi
__vbaStrAryToUnicode
__vbaStrBool
__vbaStrCat
__vbaStrCmp
__vbaStrComp
__vbaStrCompVar
__vbaStrCopy
__vbaStrCy
__vbaStrDate
__vbaStrErrVarCopy
__vbaStrFixstr
__vbaStrI2
__vbaStrI4
__vbaStrLike
__vbaStrMove
__vbaStrR4
__vbaStrR8
__vbaStrTextCmp
__vbaStrTextLike
__vbaStrToAnsi
__vbaStrToUnicode
__vbaStrUI1
__vbaStrVarCopy
__vbaStrVarMove
__vbaStrVarVal
__vbaUI1Cy
__vbaUI1ErrVar
__vbaUI1I2
__vbaUI1I4
__vbaUI1Sgn
__vbaUI1Str
__vbaUI1Var
__vbaUbound
__vbaUdtVar
__vbaUnkVar
__vbaVar2Vec
__vbaVarAbs
__vbaVarAdd
__vbaVarAnd
__vbaVarCat
__vbaVarCmpEq
__vbaVarCmpGe
__vbaVarCmpGt
__vbaVarCmpLe
__vbaVarCmpLt
__vbaVarCmpNe
__vbaVarCopy
__vbaVarDateVar
__vbaVarDiv
__vbaVarDup
__vbaVarEqv
__vbaVarErrI4
__vbaVarFix
__vbaVarForInit
__vbaVarForNext
__vbaVarIdiv
__vbaVarImp
__vbaVarIndexLoad
__vbaVarIndexLoadRef
__vbaVarIndexLoadRefLock
__vbaVarIndexStore
__vbaVarIndexStoreObj
__vbaVarInt
__vbaVarLateMemCallLd
__vbaVarLateMemCallLdRf
__vbaVarLateMemCallSt
__vbaVarLateMemSt
__vbaVarLateMemStAd
__vbaVarLike
__vbaVarLikeVar
__vbaVarMod
__vbaVarMove
__vbaVarMul
__vbaVarNeg
__vbaVarNot
__vbaVarOr
__vbaVarPow
__vbaVarSetObj
__vbaVarSetObjAddref
__vbaVarSetUnk
__vbaVarSetUnkAddref
__vbaVarSetVar
__vbaVarSetVarAddref
__vbaVarSub
__vbaVarTextCmpEq
__vbaVarTextCmpGe
__vbaVarTextCmpGt
__vbaVarTextCmpLe
__vbaVarTextCmpLt
__vbaVarTextCmpNe
__vbaVarTextLike
__vbaVarTextLikeVar
__vbaVarTextTstEq
__vbaVarTextTstGe
__vbaVarTextTstGt
__vbaVarTextTstLe
__vbaVarTextTstLt
__vbaVarTextTstNe
__vbaVarTstEq
__vbaVarTstGe
__vbaVarTstGt
__vbaVarTstLe
__vbaVarTstLt
__vbaVarTstNe
__vbaVarVargNofree
__vbaVarXor
__vbaVarZero
__vbaVargObj
__vbaVargObjAddref
__vbaVargParmRef
__vbaVargUnk
__vbaVargUnkAddref
__vbaVargVar
__vbaVargVarCopy
__vbaVargVarMove
__vbaVargVarRef
__vbaVerifyVarObj
__vbaWriteFile
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_allmul
rtBoolFromErrVar
rtBstrFromErrVar
rtCyFromErrVar
rtDecFromVar
rtI2FromErrVar
rtI4FromErrVar
rtR4FromErrVar
rtR8FromErrVar
rtUI1FromErrVar
rtcAbsVar
rtcAnsiValueBstr
rtcAppActivate
rtcAppleScript
rtcArray
rtcAtn
rtcBeep
rtcBstrFromAnsi
rtcBstrFromByte
rtcBstrFromChar
rtcBstrFromError
rtcBstrFromFormatVar
rtcByteValueBstr
rtcCVErrFromVar
rtcCallByName
rtcChangeDir
rtcChangeDrive
rtcCharValueBstr
rtcChoose
rtcCommandBstr
rtcCommandVar
rtcCompareBstr
rtcCos
rtcCreateObject
rtcCreateObject2
rtcCurrentDir
rtcCurrentDirBstr
rtcDDB
rtcDateAdd
rtcDateDiff
rtcDateFromVar
rtcDatePart
rtcDeleteSetting
rtcDir
rtcDoEvents
rtcEndOfFile
rtcEnvironBstr
rtcEnvironVar
rtcErrObj
rtcExp
rtcFV
rtcFileAttributes
rtcFileCopy
rtcFileDateTime
rtcFileLen
rtcFileLength
rtcFileLocation
rtcFileReset
rtcFileSeek
rtcFileWidth
rtcFilter
rtcFixVar
rtcFormatCurrency
rtcFormatDateTime

Sections

.text
Size: 1008KB - Virtual size: 1004KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

ENGINE
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Manager.ck
Manager.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

IsWinNT
ReadDrivePortsInWin9X
ReadPhysicalDriveInNT
getHardDriveComputerID

Sections

.text
Size: 14KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Manager.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 41KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
OLEPRO32.DLL
.dll regsvr32 windows:4 windows x86 arch:x86

8f50e2228a97d0224410529663a78a82

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
GetModuleHandleA
InitializeCriticalSection
DeleteCriticalSection
lstrlenW
GlobalAddAtomA
GlobalDeleteAtom
GlobalReAlloc
GlobalHandle
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
FindResourceA
LoadResource
LockResource
FreeLibrary
MulDiv
IsDBCSLeadByte
LoadLibraryA
InterlockedDecrement
HeapDestroy
SetFilePointer
SetStdHandle
CloseHandle
FlushFileBuffers
RaiseException
GetLocaleInfoW
InterlockedIncrement
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetProcAddress
WideCharToMultiByte
VirtualAlloc
LCMapStringW
LCMapStringA
WriteFile
VirtualFree
HeapCreate
GetCommandLineA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
ExitProcess
HeapFree
HeapAlloc
GetVersion
GetLastError
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
RtlUnwind

user32

GetMessageA
SendMessageA
EnableWindow
CopyIcon
GetIconInfo
CopyImage
DrawIcon
CreateCursor
GetSystemMetrics
DestroyIcon
wsprintfA
GetSysColor
SetWindowLongA
GetWindowLongA
DestroyWindow
SetFocus
IsWindow
SetActiveWindow
GetActiveWindow
PostQuitMessage
PostMessageA
DispatchMessageA
DispatchMessageW
TranslateMessage
GetMessageW
RegisterClipboardFormatA
GetDlgItem
CreateIcon
GetParent
GetFocus
CharNextA
GetWindowTextA
CharLowerA
SendMessageW
GetDC
GetKeyState
ReleaseDC
GetDialogBaseUnits
GetClientRect
IsWindowUnicode
GetTopWindow
WinHelpA

gdi32

SetViewportExtEx
SetMapMode
SetTextColor
DeleteDC
CreateCompatibleBitmap
PatBlt
DeleteEnhMetaFile
DeleteMetaFile
GetTextExtentPointA
GetPaletteEntries
DeleteObject
CreateFontIndirectA
EnumFontFamiliesExA
GetTextFaceA
GetTextFaceW
GetTextMetricsA
GetTextMetricsW
SelectObject
GetDeviceCaps
CreateBitmap
SetMetaFileBitsEx
GetEnhMetaFileHeader
GetBitmapDimensionEx
GetObjectA
StretchDIBits
GetDIBits
StretchBlt
RealizePalette
SelectPalette
GetStockObject
GetObjectType
GetCurrentObject
CreateHalftonePalette
CreateDIBitmap
CreateDIBSection
Escape
SetBitmapBits
SetDIBits
PlayMetaFileRecord
CreatePalette
GetEnhMetaFileBits
GetMetaFileBitsEx
CreateCompatibleDC
BitBlt
SetViewportOrgEx
GetWinMetaFileBits
GetBitmapBits
SetEnhMetaFileBits
SaveDC
IntersectClipRect
GetWindowOrgEx
OffsetViewportOrgEx
PlayEnhMetaFile
EnumMetaFile
RestoreDC
SetStretchBltMode
SetBkColor
SetWindowOrgEx
SetWindowExtEx

ole32

ReleaseStgMedium
CreateStreamOnHGlobal
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
StgCreateDocfile
CoCreateInstance
StringFromGUID2
CoGetMalloc

advapi32

RegFlushKey
RegQueryValueA
RegSetValueA
RegCreateKeyA
RegOpenKeyA
RegCloseKey

oleaut32

SysAllocString
VariantClear
VariantChangeType
SysFreeString
VariantInit
LoadTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
OleCreateFontIndirect
OleCreatePictureIndirect
OleCreatePropertyFrame
OleCreatePropertyFrameIndirect
OleIconToCursor
OleLoadPicture
OleTranslateColor

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VB6CHS.DLL
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBAJET32.DLL
.dll windows:4 windows x86 arch:x86

8e4cca56f88f6d206aa5a20cdaf1a0c8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeEnvironmentStringsA
SetErrorMode
FreeLibrary
GetProcAddress
LoadLibraryA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
GetModuleHandleA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
HeapDestroy
HeapCreate
VirtualFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
HeapFree
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualAlloc
FlushFileBuffers
CloseHandle
SetStdHandle
SetFilePointer

Exports

Exports

LoadExprSrvDll
VBAGetExprSrv

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
下载说明.htm
.html .js polyglot
安装说明.txt

Sharing

General

Malware Config

Signatures

Files

988f29c1eb8054253091352741683c76

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6Certificate

Extended Key Usages

Key Usages

61:0e:7d:a7:00:00:00:00:00:48Certificate

Extended Key Usages

Key Usages

30:04:be:c7:7e:04:0a:8e:9c:44:86:a8:95:a7:50:5e:ca:0f:22:ecSigner

Headers

File Characteristics

Imports

kernel32

user32

ole32

advapi32

oleaut32

comdlg32

gdi32

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 69KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 52KB - Virtual size: 51KB

.reloc Size: 8KB - Virtual size: 5KB

548d9bb3cc3953486c58d739eb336b48

Headers

File Characteristics

Imports

ole32

oleaut32

user32

kernel32

advapi32

Exports

Exports

Sections

.text Size: 206KB - Virtual size: 206KB

ENGINE Size: 52KB - Virtual size: 51KB

.rdata Size: 37KB - Virtual size: 36KB

.data Size: 16KB - Virtual size: 23KB

.rsrc Size: 43KB - Virtual size: 44KB

.reloc Size: 16KB - Virtual size: 16KB

Headers

File Characteristics

Sections

.rsrc Size: 51KB - Virtual size: 50KB

.reloc Size: 512B - Virtual size: 12B

71e4dc10f7cc0c7bb2b43714bb9f46c1

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6Certificate

Extended Key Usages

Key Usages

61:0e:7d:a7:00:00:00:00:00:48Certificate

Extended Key Usages

Key Usages

f3:8a:eb:ca:d3:84:50:9f:6f:92:6a:b6:cb:f7:e6:bb:9c:34:2a:93Signer

Headers

File Characteristics

Imports

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:0e:7d:a7:00:00:00:00:00:48
Certificate

30:04:be:c7:7e:04:0a:8e:9c:44:86:a8:95:a7:50:5e:ca:0f:22:ec
Signer

.text
Size: 72KB - Virtual size: 69KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 52KB - Virtual size: 51KB

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 206KB - Virtual size: 206KB

ENGINE
Size: 52KB - Virtual size: 51KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 16KB - Virtual size: 23KB

.rsrc
Size: 43KB - Virtual size: 44KB

.reloc
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 51KB - Virtual size: 50KB

.reloc
Size: 512B - Virtual size: 12B

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:0e:7d:a7:00:00:00:00:00:48
Certificate

f3:8a:eb:ca:d3:84:50:9f:6f:92:6a:b6:cb:f7:e6:bb:9c:34:2a:93
Signer

.text
Size: 468KB - Virtual size: 466KB

.data
Size: 28KB - Virtual size: 25KB

.rsrc
Size: 112KB - Virtual size: 111KB

.reloc
Size: 24KB - Virtual size: 23KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:0e:7d:a7:00:00:00:00:00:48
Certificate

c7:c4:89:65:e3:9c:c5:cd:87:45:a0:f0:e3:45:44:66:2e:8c:1e:27
Signer

.text
Size: 692KB - Virtual size: 690KB

.data
Size: 32KB - Virtual size: 29KB

.rsrc
Size: 280KB - Virtual size: 279KB

.reloc
Size: 40KB - Virtual size: 38KB

.rsrc
Size: 41KB - Virtual size: 40KB

.reloc
Size: 512B - Virtual size: 12B

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:0e:7d:a7:00:00:00:00:00:48
Certificate

7b:6c:40:51:56:47:c3:52:ef:72:d1:11:f8:9e:5b:e4:32:bd:de:0b
Signer