66294203ec1c43d4172867d70c5b88cd

Sharing

Copy URL

Twitter E-mail

General

Target

66294203ec1c43d4172867d70c5b88cd
Size

2.9MB
MD5

66294203ec1c43d4172867d70c5b88cd
SHA1

f7c46dac302bcf0668cf1d0e6443aa612f28cc48
SHA256

e0c875b2cb4762bb16896413eb5635615f7a98d68b3998491a0b4fa8da8f655f
SHA512

b0092a85663cdfd659fbc0d35f72e34fab4907b69cc21a38e22e737d70313d106e9226247e0c52c5dd96b5dfacc9e65513fdd1416ad1c422b3ba03f5787d182d
SSDEEP

49152:0HeOU49i5aiwO7z6Pn+5Fuk9KCQ/weJmnRS8AbM3Q6bnDb6cBxVt6qIhiKztM4ri:IeOU49jI6PO4m9Q/weJmnZkOQ6bnDbJ1

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
66294203ec1c43d4172867d70c5b88cd
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/pnsis.dll
unpack001/$PLUGINSDIR/time.dll
unpack001/$PLUGINSDIR/tpi.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

66294203ec1c43d4172867d70c5b88cd
.exe windows:5 windows x86 arch:x86

ff8d8dbb96b7ab762c0ce51911e4d104

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
GetTempPathA
SetFileTime
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
LocalFree
WideCharToMultiByte
OutputDebugStringA
GetCommandLineW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryA
CreateProcessA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
RemoveDirectoryA
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
MulDiv
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetCommandLineA

user32

GetMessagePos
CallWindowProcA
IsWindowVisible
LoadBitmapA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuA
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
ScreenToClient
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
FindWindowExA
CheckDlgButton
LoadCursorA
SetCursor
GetWindowLongA
GetSysColor
CharNextA
DialogBoxParamA
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SendMessageTimeoutA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

CommandLineToArgvW
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegEnumKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumValueA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FWUpnp.dll
.dll windows:5 windows x86 arch:x86

0f59a417be517814d6255c7c7ab35c48

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19-11-2009 00:00

Not After

18-11-2012 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

86:5b:4d:43:95:47:7d:ce:88:a1:25:24:03:5c:e1:33:65:f4:9f:f7
Signer

Actual PE Digest

86:5b:4d:43:95:47:7d:ce:88:a1:25:24:03:5c:e1:33:65:f4:9f:f7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadResource
FindResourceA
FindResourceExA
WideCharToMultiByte
IsBadWritePtr
MultiByteToWideChar
CreateThread
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventA
CloseHandle
SetEvent
ResetEvent
WaitForSingleObject
WaitForMultipleObjects
CreateFileA
WriteConsoleW
GetConsoleOutputCP
LockResource
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleA
SizeofResource
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
RtlUnwind
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetStringTypeA
GetStringTypeW
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx
CoInitialize

oleaut32

SysStringLen
SysAllocString
SysFreeString

ws2_32

WSACleanup
WSAGetLastError
socket
connect
ioctlsocket
send
WSACreateEvent
WSAStartup
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
recv
WSACloseEvent
closesocket
htons
sendto
inet_addr
inet_ntoa
gethostbyname
gethostname
WSAEventSelect

iphlpapi

GetAdaptersInfo

Exports

Exports

FWAppAdd
FWAppIsEnable
FWExceptionSetAllowed
FWExcptionAllowed
FWFree
FWInit
FWOff
FWOn
FWPortAdd
FWison
GetExIP
GetMapPort
GetSessionState
GetUPnPVersion
SetCallBack
SetQuitFlag
SetSessionState
SetUPnPWaitTime
UPNPGetExIp
UPNPaddPort
UPNPdelPort
UPnPGetMapPort
addPortmap
delPortmap

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Hookkernel.dll
.dll windows:5 windows x86 arch:x86

39a0c6105a00746b436b64ffd0d840f1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19-11-2009 00:00

Not After

18-11-2012 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:af:64:62:6c:5c:9e:1c:47:f7:b9:57:70:4d:bd:83:0e:d0:73:85
Signer

Actual PE Digest

62:af:64:62:6c:5c:9e:1c:47:f7:b9:57:70:4d:bd:83:0e:d0:73:85

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
CreateDirectoryW
GetCommandLineA
HeapAlloc
HeapFree
RtlUnwind
RaiseException
Sleep
ExitProcess
HeapReAlloc
HeapSize
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
VirtualAlloc
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
WritePrivateProfileStringW
InterlockedIncrement
GlobalFlags
GetModuleHandleA
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedDecrement
FormatMessageW
LocalFree
MulDiv
GetCurrentProcessId
ResumeThread
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
InterlockedExchange
GlobalAlloc
lstrlenW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
CompareStringW
LoadLibraryA
GetLastError
SetLastError
lstrcmpW
GetModuleHandleW
GetVersionExA
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
FreeLibrary
GetProcAddress
LoadLibraryW
GetEnvironmentVariableW
GetPrivateProfileStringW
Module32NextW
Module32FirstW
Process32NextW
Thread32Next
Thread32First
Process32FirstW
CreateToolhelp32Snapshot
GetModuleFileNameW
MultiByteToWideChar
GetACP
WideCharToMultiByte
CloseHandle
FindResourceW
LoadResource
LockResource
SizeofResource

user32

LoadCursorW
GetSysColorBrush
DestroyMenu
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
UnregisterClassW
GetWindowThreadProcessId
SetCursor
GetCursorPos
ValidateRect
PostQuitMessage
ShowWindow
SetWindowTextW
IsDialogMessageW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
GetMenuState
EnableMenuItem
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageA
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
GetClientRect
SetTimer
EnableWindow
UpdateWindow
GetMessageW
PostMessageW
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
CheckMenuItem
TranslateMessage
DispatchMessageW
EnumThreadWindows
EndDialog
SendMessageW
GetNextDlgTabItem
GetParent
IsWindowEnabled
GetDlgItem
GetWindowLongW
IsWindow
DestroyWindow
CreateDialogIndirectParamW
SetActiveWindow
GetActiveWindow
GetDesktopWindow
GetWindow
GetSystemMetrics
GetWindowRect
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
SendDlgItemMessageW

gdi32

DeleteDC
GetStockObject
ScaleWindowExtEx
RectVisible
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
PtVisible
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetDeviceCaps
CreateBitmap
GetObjectW
SetBkColor
SetTextColor
GetClipBox
TextOutW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHGetFolderPathW

shlwapi

PathFileExistsW
PathAppendW
PathFindExtensionW
PathFindFileNameW

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Live.dll
.dll windows:4 windows x86 arch:x86

97cd466186ada82f5db40728997a3c96

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19-11-2009 00:00

Not After

18-11-2012 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

81:47:0e:4c:76:59:e3:cd:73:0e:c8:d7:a5:8f:59:9c:4b:31:fd:2c
Signer

Actual PE Digest

81:47:0e:4c:76:59:e3:cd:73:0e:c8:d7:a5:8f:59:9c:4b:31:fd:2c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord823
ord920
ord936
ord269
ord826
ord600
ord825
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord1105
ord834

msvcrt

isspace
free
??8type_info@@QBEHABV0@@Z
fopen
atof
fprintf
tolower
_CxxThrowException
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
__CxxFrameHandler
_ftol
_vsnprintf
rand
wcslen
srand
_adjust_fdiv
malloc
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
strchr
strncmp
memchr
isalnum
isalpha
fputc
fseek
ftell
fread
fclose
_purecall
_snprintf
??0exception@@QAE@ABV0@@Z
atoi
sscanf
memmove

kernel32

LocalAlloc
UnmapViewOfFile
MapViewOfFile
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
lstrlenW
WaitForSingleObject
TerminateThread
GetExitCodeThread
GetCurrentProcess
DuplicateHandle
CloseHandle
GetLastError
GetCurrentProcessId
GetTickCount
OutputDebugStringA
GetSystemTime
GetSystemDirectoryA
VirtualQuery
GetModuleFileNameA
FreeLibrary
GetModuleHandleA
GetPrivateProfileIntA
LoadLibraryA
GetProcAddress
InterlockedDecrement
CreateFileMappingA
LocalFree
CreateProcessA
TerminateProcess

user32

KillTimer
WaitForInputIdle
SetTimer
PostThreadMessageA
GetMessageA
DispatchMessageA
TranslateMessage

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

ole32

CoCreateInstance

oleaut32

SysAllocString
GetErrorInfo
SetErrorInfo
VariantChangeType
CreateErrorInfo
SysFreeString
VariantClear
VariantInit
SysAllocStringByteLen
SysStringByteLen

msvcp60

?id@?$ctype@D@std@@2V0locale@2@A
??1?$ctype@D@std@@UAE@XZ
??_7bad_cast@std@@6B@
??1_Locinfo@std@@QAE@XZ
?_Term@?$ctype@D@std@@KAXXZ
?_Cltab@?$ctype@D@std@@0PBFB
_Getctype
??0_Locinfo@std@@QAE@PBD@Z
??_7?$ctype@D@std@@6B@
??_7ctype_base@std@@6B@
??_7facet@locale@std@@6B@
?_Id_cnt@id@locale@std@@0HA
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Bid@locale@std@@QAEIXZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I_N@Z
?_Iscloc@locale@std@@QBE_NXZ
??0?$ctype@D@std@@QAE@PBF_NI@Z
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
?do_tolower@?$ctype@D@std@@MBEPBDPADPBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??1ctype_base@std@@UAE@XZ
?do_tolower@?$ctype@D@std@@MBEDD@Z
?do_toupper@?$ctype@D@std@@MBEPBDPADPBD@Z
?do_toupper@?$ctype@D@std@@MBEDD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??_7runtime_error@std@@6B@
??1runtime_error@std@@UAE@XZ
??0runtime_error@std@@QAE@ABV01@@Z
?what@runtime_error@std@@UBEPBDXZ
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Xlen@std@@YAXXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_filebuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ifstream@DU?$char_traits@D@std@@@std@@UAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?close@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
??_7?$basic_ifstream@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??_8?$basic_ifstream@DU?$char_traits@D@std@@@std@@7B@
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_ofstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??_7?$basic_ofstream@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??_8?$basic_ofstream@DU?$char_traits@D@std@@@std@@7B@
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??1?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??_7?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??_8?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B@
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Tidy@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXXZ
?_Init@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXPBDIH@Z
?_Mode@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEHH@Z
??_7?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0ios_base@std@@IAE@XZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??1locale@std@@QAE@XZ
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Incref@facet@locale@std@@QAEXXZ
?_Global@_Locimp@locale@std@@0PAV123@A
?_Init@locale@std@@CAPAV_Locimp@12@XZ
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Doraise@runtime_error@std@@MBEXXZ

ws2_32

inet_ntoa
WSACleanup
WSAStartup
gethostbyname
inet_addr

wininet

InternetTimeFromSystemTime
InternetTimeToSystemTimeA

shlwapi

PathAppendA

Exports

Exports

GetCoreParameter
GetCoreStatus
InitCore
RD_XXXX
ReleaseCore
SetCoreCallBack
SetCoreParameter
SetPlayerStatus
SetUPNP
StartChannel
StopChannel

Sections

.text
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/MngModule.dll
.dll windows:5 windows x86 arch:x86

a6d780066aa41ed5aef943b6057563e4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19-11-2009 00:00

Not After

18-11-2012 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1e:5a:ef:57:4c:b0:89:d8:5b:48:1d:2d:cf:b6:08:2a:b3:9b:e4:1b
Signer

Actual PE Digest

1e:5a:ef:57:4c:b0:89:d8:5b:48:1d:2d:cf:b6:08:2a:b3:9b:e4:1b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalFileTimeToFileTime
GetFileSizeEx
GlobalGetAtomNameW
GetAtomNameW
GetModuleHandleA
GetCurrentDirectoryW
GlobalFlags
GetVersionExA
LoadLibraryA
GlobalFindAtomW
FreeResource
HeapAlloc
HeapFree
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
VirtualProtect
VirtualAlloc
GetSystemInfo
GetCommandLineA
HeapReAlloc
ExitProcess
ExitThread
HeapSize
SetStdHandle
GetFileType
FatalAppExitA
VirtualFree
HeapCreate
HeapDestroy
GetStdHandle
GetCPInfo
GetFileAttributesExW
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
SetHandleCount
GetStartupInfoA
GetConsoleCP
GetConsoleMode
GetTimeFormatA
GetDateFormatA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCurrentDirectoryA
SetCurrentDirectoryA
GetDriveTypeA
GetFullPathNameA
GetProcessHeap
SetEnvironmentVariableA
CompareStringW
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalAddAtomW
SuspendThread
SetThreadPriority
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
lstrcmpW
WaitForMultipleObjects
ReleaseMutex
ReleaseSemaphore
CreateSemaphoreW
FindNextFileW
GetShortPathNameW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetFileSize
SetEndOfFile
UnlockFile
LockFile
GetThreadLocale
GetStringTypeExW
MoveFileW
GlobalFree
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
MulDiv
SetLastError
VirtualQuery
ReadFile
FlushFileBuffers
SetFileAttributesW
RemoveDirectoryW
GetTempFileNameW
SetFileTime
OutputDebugStringA
GetLocalTime
SetFilePointer
GetTempPathW
GetEnvironmentVariableW
ResetEvent
CreateMutexW
WritePrivateProfileStringW
DuplicateHandle
TerminateProcess
InterlockedDecrement
InterlockedIncrement
LocalAlloc
LocalFree
DeleteCriticalSection
InitializeCriticalSection
CreateEventW
ResumeThread
LoadLibraryExW
LoadLibraryW
GetFileAttributesW
lstrcmpiW
CreateThread
SetEvent
GetExitCodeThread
WaitForSingleObject
TerminateThread
CreateProcessW
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetCurrentProcess
GetCurrentThreadId
Sleep
GetEnvironmentVariableA
LoadLibraryExA
GetProcAddress
FreeLibrary
CreateFileW
WriteFile
CreateFileA
CloseHandle
GetModuleHandleW
GetModuleFileNameA
GetVersionExW
DeviceIoControl
GetModuleFileNameW
OutputDebugStringW
CopyFileW
GetPrivateProfileIntW
GetPrivateProfileStringW
SystemTimeToFileTime
GetCurrentProcessId
GetTickCount
GetCommandLineW
DeleteFileW
lstrlenW
lstrlenA
GetFileTime
GetSystemTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
WideCharToMultiByte
GetACP
MultiByteToWideChar

user32

SetRectEmpty
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
InflateRect
ScrollWindowEx
ShowWindow
MoveWindow
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
SetFocus
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
UpdateWindow
GetClientRect
CreateWindowExW
InvalidateRect
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
CallWindowProcW
CopyRect
GetMenu
SetWindowLongW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetDialogBaseUnits
GetSystemMenu
GetDlgCtrlID
GetWindowRect
GetClassNameW
PtInRect
SetWindowTextW
DeleteMenu
DestroyIcon
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
GetWindowTextLengthW
LoadCursorW
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassW
GetDesktopWindow
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
ShowOwnedPopups
SetCursor
SetWindowsHookExW
TranslateAcceleratorW
BringWindowToTop
CreatePopupMenu
InsertMenuItemW
LoadAcceleratorsW
ReleaseCapture
GetMenuBarInfo
LoadMenuW
ReuseDDElParam
UnpackDDElParam
SetRect
WindowFromPoint
GetKeyNameTextW
MapVirtualKeyW
IsRectEmpty
SetCapture
LockWindowUpdate
GetDCEx
UnionRect
SetParent
GetClassInfoExW
CallNextHookEx
TranslateMessage
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
SendMessageW
ModifyMenuW
EnableMenuItem
CheckMenuItem
PostMessageW
PostQuitMessage
UnhookWindowsHookEx
MsgWaitForMultipleObjects
CharUpperW
GetSystemMetrics
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
SetTimer
KillTimer
wsprintfW
GetWindowTextW
PostThreadMessageW
SendMessageTimeoutW
CharNextW
IsWindow
CharUpperBuffW
DispatchMessageW
GetMessageW
DefWindowProcW

gdi32

SetViewportOrgEx
DPtoLP
GetTextExtentPoint32W
GetCharWidthW
PatBlt
CombineRgn
CreateCompatibleBitmap
GetTextMetricsW
GetBkColor
CreateFontW
GetMapMode
SelectObject
Escape
SetRectRgn
CreateRectRgnIndirect
CreateFontIndirectW
GetDCOrgEx
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
CreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
GetStockObject
CreateCompatibleDC
CreatePatternBrush
CreateDIBPatternBrushPt
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
StretchDIBits
GetDeviceCaps
ExtTextOutW
TextOutW
RectVisible
PtVisible
StartDocW
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
GetObjectW
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
DeleteObject
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateBitmap
CreateDCW
CopyMetaFileW
OffsetViewportOrgEx

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryValueW
RegEnumKeyW
RegSetValueW
RegOpenKeyExA
RegQueryValueExA
RegEnumValueA
GetNamedSecurityInfoW
SetNamedSecurityInfoW
GetSecurityInfo
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetSecurityInfo
LookupPrivilegeValueW
AdjustTokenPrivileges
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
RegOpenKeyW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyW

shell32

SHGetFolderPathA
SHGetFolderPathW
SHCreateDirectoryExW
CommandLineToArgvW
SHGetFileInfoW
ExtractIconW
DragFinish
DragQueryFileW
ord165

shlwapi

UrlUnescapeW
StrStrIW
PathAppendW
PathFileExistsW
PathFindFileNameW
PathRemoveFileSpecW
PathAppendA
PathStripToRootW
PathIsUNCW
PathRemoveExtensionW
PathFindExtensionW

ole32

OleDuplicateData
CoDisconnectObject
CoTreatAsClass
StringFromCLSID
ReleaseStgMedium
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
CLSIDFromString
SetConvertStg
CoSuspendClassObjects
StringFromGUID2
CoInitializeEx
CoTaskMemRealloc
CoTaskMemAlloc
CoRegisterClassObject
CoRevokeClassObject
CLSIDFromProgID
CoCreateInstance
WriteFmtUserTypeStg
CoInitialize
CreateBindCtx
CoTaskMemFree
CoUninitialize

oleaut32

VarBstrFromDate
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
VarCyFromStr
SysReAllocStringLen
VarDateFromStr
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
VariantChangeType
SafeArrayRedim
SafeArrayCreate
SafeArrayGetElemsize
LoadRegTypeLi
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
VariantTimeToSystemTime
SystemTimeToVariantTime
SysFreeString
SysAllocString
VariantInit
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SysStringLen
VarBstrCmp
VariantClear
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
VarUI4FromStr

urlmon

CreateURLMoniker
RegisterBindStatusCallback
RevokeBindStatusCallback

sqlite3

sqlite3_open
sqlite3_column_int64
sqlite3_column_type
sqlite3_column_text
sqlite3_free
sqlite3_exec
sqlite3_vmprintf
sqlite3_prepare_v2
sqlite3_close
sqlite3_finalize
sqlite3_next_stmt
sqlite3_errcode
sqlite3_backup_finish
sqlite3_backup_step
sqlite3_backup_init
sqlite3_column_double
sqlite3_step
sqlite3_reset
sqlite3_column_count
sqlite3_column_name

wininet

InternetOpenUrlW
GopherOpenFileW
FtpFindFirstFileW
GopherCreateLocatorW
FtpCommandW
FtpOpenFileW
GopherGetAttributeW
HttpSendRequestExW
HttpEndRequestW
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
GopherFindFirstFileW
InternetFindNextFileW
HttpAddRequestHeadersW
InternetErrorDlg
FtpGetFileW
FtpPutFileW
FtpGetCurrentDirectoryW
FtpSetCurrentDirectoryW
FtpRemoveDirectoryW
FtpCreateDirectoryW
FtpRenameFileW
FtpDeleteFileW
InternetQueryDataAvailable
InternetGetCookieW
InternetSetCookieW
InternetSetOptionExW
InternetQueryOptionW
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
HttpQueryInfoW
HttpQueryInfoA
InternetReadFile
InternetCloseHandle
DeleteUrlCacheEntryW
InternetTimeToSystemTimeW

psapi

GetProcessMemoryInfo

uilib

inflateEnd
inflate
inflateInit2_
PP_GetDiskId

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
ExecCommand
RD_XXXX
TestPushServer
Upload

Sections

.text
Size: 609KB - Virtual size: 609KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/PPAP.exe
.exe windows:4 windows x86 arch:x86

a7c2770340db65b3dcb79c29aa100aca

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19-11-2009 00:00

Not After

18-11-2012 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:c8:9e:6c:14:0a:ee:24:c0:6a:21:17:a4:e2:f4:09:e0:9c:64:fc
Signer

Actual PE Digest

7b:c8:9e:6c:14:0a:ee:24:c0:6a:21:17:a4:e2:f4:09:e0:9c:64:fc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetCurrentProcessId
GetLocalTime
GetTempPathA
Module32NextW
GetLongPathNameA
Module32FirstW
CreateToolhelp32Snapshot
GetLastError
lstrcatA
lstrcpyA
VirtualQuery
FindFirstFileA
GetCommandLineA
CreateEventW
GetCurrentProcess
CreateMutexW
OpenProcess
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
lstrlenW
WaitForSingleObject
GetVersionExW
CreateProcessW
LocalFree
LocalAlloc
GetTempPathW
GetModuleHandleW
GetStartupInfoW
CloseHandle
OutputDebugStringA
GetModuleFileNameA
GetModuleFileNameW
GetEnvironmentVariableA
GetPrivateProfileStringA
CreateProcessA
TerminateProcess
SetUnhandledExceptionFilter
FreeLibrary
LoadLibraryW
GetProcAddress
GetCommandLineW
GetCurrentThread
GetCurrentThreadId
CreateFileA
GetFileSize
CreateFileMappingW
MapViewOfFile
IsBadReadPtr
ReleaseMutex
lstrcmpiW

user32

GetDesktopWindow
wsprintfW
GetWindowThreadProcessId
GetShellWindow

advapi32

SetTokenInformation
ImpersonateSelf
LookupPrivilegeValueW
AdjustTokenPrivileges
DuplicateTokenEx
OpenProcessToken
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetLengthSid
ConvertStringSidToSidW
SetThreadToken

shell32

CommandLineToArgvW
SHGetFolderPathA

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoCreateGuid
StringFromCLSID

msvcp60

_Getcvt
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?_Id_cnt@id@locale@std@@0HA
??_7codecvt_base@std@@6B@
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@IIABV?$allocator@G@1@@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0_Locinfo@std@@QAE@PBD@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Xlen@std@@YAXXZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?do_length@?$codecvt@GDH@std@@MBEHAAHPBG1I@Z
?do_out@?$codecvt@GDH@std@@MBEHAAHPBG1AAPBGPAD3AAPAD@Z
?do_in@?$codecvt@GDH@std@@MBEHAAHPBD1AAPBDPAG3AAPAG@Z
?do_encoding@?$codecvt@GDH@std@@MBEHXZ
?do_max_length@?$codecvt@GDH@std@@MBEHXZ
?do_always_noconv@?$codecvt@GDH@std@@MBE_NXZ
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
??0locale@std@@QAE@XZ
??1locale@std@@QAE@XZ
?_Incref@facet@locale@std@@QAEXXZ
??0bad_cast@std@@QAE@PBD@Z
?out@?$codecvt@GDH@std@@QBEHAAHPBG1AAPBGPAD3AAPAD@Z
??0?$codecvt@GDH@std@@QAE@I@Z
?_Iscloc@locale@std@@QBE_NXZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I_N@Z
??Bid@locale@std@@QAEIXZ
?id@?$codecvt@GDH@std@@2V0locale@2@A
??1_Lockit@std@@QAE@XZ
?_Global@_Locimp@locale@std@@0PAV123@A
??0_Lockit@std@@QAE@XZ
?_Init@locale@std@@CAPAV_Locimp@12@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??_7facet@locale@std@@6B@
??_7?$codecvt@GDH@std@@6B@
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
??_7bad_cast@std@@6B@
??1_Locinfo@std@@QAE@XZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z

msvcrt

_wcsicmp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
wcslen
_snprintf
??2@YAPAXI@Z
fclose
fflush
sprintf
_except_handler3
vfprintf
??0exception@@QAE@ABV0@@Z
fopen
toupper
_CxxThrowException
strncpy
__p___wargv
__p___argc
??0exception@@QAE@ABQBD@Z
free
_wcsdup
_XcptFilter
wcscpy
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

shlwapi

PathRemoveFileSpecW
PathAppendA
PathRemoveFileSpecA
PathAppendW
PathFindFileNameA
PathStripPathW

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/PPHookShell.dll
.dll windows:5 windows x86 arch:x86

89f107d056c4c082a3da5d76aa15ed89

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19-11-2009 00:00

Not After

18-11-2012 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:81:8e:b8:64:a2:0c:44:33:f3:b1:d7:1d:3c:f3:1e:b6:a0:b4:f3
Signer

Actual PE Digest

0b:81:8e:b8:64:a2:0c:44:33:f3:b1:d7:1d:3c:f3:1e:b6:a0:b4:f3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
CreateDirectoryW
GetCommandLineA
HeapAlloc
HeapFree
RtlUnwind
RaiseException
HeapReAlloc
ExitProcess
HeapSize
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
VirtualAlloc
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
GlobalFindAtomW
LoadLibraryA
GetVersionExA
GlobalFlags
GetModuleHandleA
WritePrivateProfileStringW
lstrlenA
InterlockedIncrement
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedDecrement
GlobalAddAtomW
ResumeThread
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
InterlockedExchange
lstrcmpW
GetLastError
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
lstrlenW
GetCurrentThreadId
GetProcAddress
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
OpenProcess
GetEnvironmentVariableW
GetPrivateProfileIntW
GetPrivateProfileStringW
MultiByteToWideChar
GetACP
WideCharToMultiByte
Sleep
GetCurrentProcessId
CloseHandle
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
LoadLibraryW

user32

DestroyMenu
ShowWindow
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
DefWindowProcW
CallWindowProcW
CopyRect
GetMenu
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameW
PtInRect
SetWindowTextW
CallNextHookEx
SetWindowsHookExW
GetSubMenu
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetWindowTextW
LoadCursorW
GetSystemMetrics
GetDC
SetMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
PostQuitMessage
PostMessageW
CheckMenuItem
EnableMenuItem
ModifyMenuW
SendMessageW
GetParent
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageW
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassW
UnhookWindowsHookEx
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
SetCursor
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState

gdi32

DeleteDC
GetStockObject
SelectObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
GetDeviceCaps
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
SetViewportOrgEx

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHGetFolderPathW

shlwapi

PathFileExistsW
PathAppendW
PathFindExtensionW
PathFindFileNameW

oleaut32

VariantClear
VariantChangeType
VariantInit

psapi

GetModuleBaseNameW
EnumProcessModules

Exports

Exports

INIT_FILTER
INIT_VAPROXYD
StartH

Sections

.text
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/PPInstallLog.dll
.dll windows:4 windows x86 arch:x86

256af4ebe940c94257ae641d926c73e1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19-11-2009 00:00

Not After

18-11-2012 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ff:d5:b8:6e:c3:34:ec:95:13:1b:45:d8:63:a7:b1:e1:c9:08:e0:10
Signer

Actual PE Digest

ff:d5:b8:6e:c3:34:ec:95:13:1b:45:d8:63:a7:b1:e1:c9:08:e0:10

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord2554
ord561
ord815
ord354
ord665
ord825
ord823
ord1979
ord858
ord5442
ord3318
ord5186
ord6385
ord537
ord6467
ord6663
ord668
ord3178
ord3181
ord4058
ord2781
ord2770
ord356
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord4486
ord6375
ord4274
ord2614
ord2818
ord939
ord535
ord800
ord3738
ord540
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord1116

msvcrt

__CxxFrameHandler
__dllonexit
_onexit
??1type_info@@UAE@XZ
free
_initterm
malloc
_adjust_fdiv

kernel32

LocalFree
GlobalAlloc
lstrcpynA
lstrcpyA
GlobalFree
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
LocalAlloc

user32

wsprintfA

shlwapi

PathFileExistsA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

CloseLog
FileLog
FolderLog
OpenLog
StringLog

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Send_Log_Kernel_Module.dll
.dll windows:4 windows x86 arch:x86

43e12366080d2670a77e2262b7a2a482

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19-11-2009 00:00

Not After

18-11-2012 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:e4:43:bf:8d:54:30:a5:c0:64:81:f7:ba:3a:a8:aa:9d:54:f5:4c
Signer

Actual PE Digest

11:e4:43:bf:8d:54:30:a5:c0:64:81:f7:ba:3a:a8:aa:9d:54:f5:4c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
HeapFree
GetProcessHeap
HeapReAlloc
RtlUnwind
RaiseException
ExitProcess
HeapSize
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
GetStdHandle
GetModuleFileNameA
Sleep
GetCPInfo
IsValidCodePage
LCMapStringA
LCMapStringW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalFindAtomW
LoadLibraryA
GetVersionExA
GlobalFlags
GetModuleHandleA
WritePrivateProfileStringW
InterlockedIncrement
GetThreadLocale
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedDecrement
GetCurrentProcessId
GlobalAddAtomW
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
InterlockedExchange
lstrcmpW
GetLastError
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
lstrlenW
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
GetACP
WideCharToMultiByte
LoadLibraryW
FreeLibrary
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetVersionExW
CloseHandle
DeviceIoControl
GetOEMCP
CreateFileW

user32

ShowWindow
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
CopyRect
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetWindowRect
GetClassNameW
PtInRect
SetWindowTextW
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
LoadCursorW
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetWindowTextW
UnregisterClassW
UnhookWindowsHookEx
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
DestroyMenu
GetClassInfoW
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
SendMessageW
ModifyMenuW
EnableMenuItem
CheckMenuItem
PostMessageW
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetDlgCtrlID
UnregisterClassA

gdi32

ScaleWindowExtEx
DeleteDC
GetStockObject
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
GetDeviceCaps
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
PtVisible

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyW
RegCloseKey

shlwapi

PathFindExtensionW
PathFindFileNameW

oleaut32

VariantInit
VariantClear
VariantChangeType

Exports

Exports

TS_XXXX

Sections

.text
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/TipsClient.dll
.dll windows:4 windows x86 arch:x86

bbc42149d4f5bf66ccd7430e6c3cf560

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19-11-2009 00:00

Not After

18-11-2012 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5a:e9:e3:c0:fa:57:f3:67:fa:e9:73:f8:cd:bd:d3:32:dc:71:20:72
Signer

Actual PE Digest

5a:e9:e3:c0:fa:57:f3:67:fa:e9:73:f8:cd:bd:d3:32:dc:71:20:72

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

PlaySoundA
PlaySoundW

shlwapi

StrStrIA
StrStrIW
PathIsDirectoryA

mfc42

ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord818
ord540
ord567
ord2135
ord4275
ord2688
ord2379
ord6442
ord1233
ord6467
ord858
ord539
ord3005
ord6453
ord1949
ord4034
ord815
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5714
ord4622
ord3738
ord561
ord1134
ord2725
ord1168
ord1575
ord5289
ord5810
ord5481
ord2031
ord4863
ord5796
ord5478
ord1971
ord966
ord3570
ord278
ord605
ord2077
ord6221
ord1639
ord2152
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1176
ord1116
ord1567
ord823
ord825
ord2393
ord268
ord1105
ord1247
ord690
ord800
ord1988
ord5356
ord5808
ord1075
ord5204
ord3229
ord537
ord389
ord668
ord665
ord5583
ord354
ord2764
ord3178
ord3181
ord4058
ord3402
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord6055
ord3742
ord2124
ord941
ord535
ord356
ord924
ord2770
ord2781
ord269

msvcrt

strrchr
strncpy
__CxxFrameHandler
_wcsicmp
_wcsnicmp
fflush
_iob
printf
_vsnprintf
tolower
rand
srand
sscanf
_purecall
sprintf
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
wcscmp
??8type_info@@QBEHABV0@@Z
memmove
_snwprintf
wcscpy
memchr
malloc
_snprintf
free
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_CxxThrowException
atoi
_mbsicmp
_except_handler3

kernel32

InterlockedCompareExchange
GetCurrentThreadId
VirtualQuery
ResumeThread
FlushInstructionCache
GetThreadContext
SetThreadContext
SuspendThread
VirtualProtect
GetTempPathA
LocalAlloc
LocalFree
WideCharToMultiByte
lstrcatA
lstrcpyA
GetShortPathNameA
GetCommandLineA
GetLastError
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
lstrlenW
lstrlenA
DeleteCriticalSection
InitializeCriticalSection
GetSystemInfo
CreateDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
GetEnvironmentVariableA
InterlockedDecrement
GetExitCodeThread
WaitForSingleObject
TerminateThread
GetCurrentProcess
DuplicateHandle
CreateEventA
MultiByteToWideChar
GetTickCount
CreateToolhelp32Snapshot
Process32First
Process32Next
WinExec
VirtualAlloc
WriteFile
FlushFileBuffers
TlsFree
GetModuleFileNameW
TlsAlloc
TlsSetValue
InterlockedIncrement
GetCurrentThread
Sleep
SetLastError
lstrcmpA
lstrcmpiA
CreateFileW
GetModuleHandleA
GetModuleFileNameA
GetVersionExA
CreateFileA
DeviceIoControl
CloseHandle

user32

GetWindowTextA
GetClassNameA
PostThreadMessageA
ShowWindow
GetLastInputInfo
GetMessageA
TranslateMessage
DispatchMessageA
GetSystemMetrics
EnableWindow
LoadCursorA
LoadIconA
SetTimer
CharNextA
KillTimer

gdi32

GetStockObject

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA

ole32

CoTaskMemAlloc
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SysAllocString
VariantClear
SysFreeString
SysStringLen
SysAllocStringLen

urlmon

URLDownloadToCacheFileA

wsock32

listen
setsockopt
getsockname
WSAGetLastError
ioctlsocket
gethostbyname
ntohs
accept
htons
inet_addr
getpeername

msvcp60

??_7out_of_range@std@@6B@
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?_Freeze@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??_7runtime_error@std@@6B@
??1runtime_error@std@@UAE@XZ
?what@runtime_error@std@@UBEPBDXZ
?_Doraise@runtime_error@std@@MBEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??_7overflow_error@std@@6B@
??1overflow_error@std@@UAE@XZ
??0overflow_error@std@@QAE@ABV01@@Z
??0runtime_error@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??_8?$basic_ofstream@DU?$char_traits@D@std@@@std@@7B@
??0ios_base@std@@IAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??_7?$basic_ofstream@DU?$char_traits@D@std@@@std@@6B@
?__Fiopen@std@@YAPAU_iobuf@@PBDH@Z
?_Init@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXPAU_iobuf@@W4_Initfl@12@@Z
?_Initcvt@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?clear@ios_base@std@@QAEXH_N@Z
??_7?$basic_filebuf@DU?$char_traits@D@std@@@std@@6B@
?close@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@XZ
??1locale@std@@QAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Xlen@std@@YAXXZ
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??_F?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ

wininet

DeleteUrlCacheEntry

Exports

Exports

Cleanup
Startup

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/VAProxyD.dll
.dll regsvr32 windows:4 windows x86 arch:x86

39e4649a28b0278fe059d01d71e5a556

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19-11-2009 00:00

Not After

18-11-2012 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

49:6b:ba:f3:57:4f:c9:d4:23:ba:7e:1b:c3:f8:3c:d9:09:55:ad:a3
Signer

Actual PE Digest

49:6b:ba:f3:57:4f:c9:d4:23:ba:7e:1b:c3:f8:3c:d9:09:55:ad:a3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileStringA
CreateDirectoryA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
CreateMutexW
ReleaseMutex
GetCurrentThreadId
InterlockedIncrement
ExpandEnvironmentStringsW
InterlockedExchange
GetLongPathNameA
GetModuleFileNameA
LoadLibraryW
GetModuleFileNameW
GetCurrentThread
GetTickCount
CreateProcessW
DeleteFileW
MoveFileW
WriteFile
CreateFileW
GetCurrentProcessId
GetLocalTime
CreateDirectoryW
HeapDestroy
SetEvent
GetEnvironmentVariableW
FreeLibrary
GetProcAddress
lstrcpyW
lstrcatW
CreateEventW
CreateThread
GetModuleHandleW
lstrcpynW
lstrcmpW
lstrcmpiW
lstrlenW
SetThreadPriority
GetThreadPriority
WaitForMultipleObjects
GetLastError
WaitForSingleObject
TerminateThread
EnterCriticalSection
LeaveCriticalSection
SetLastError
VirtualAlloc
SuspendThread
SetThreadContext
GetThreadContext
GetCurrentProcess
FlushInstructionCache
ResumeThread
VirtualProtect
InterlockedCompareExchange
VirtualQuery
DisableThreadLibraryCalls
ResetEvent

user32

SetWindowsHookExW
CallNextHookEx
CharNextW
PeekMessageW
MsgWaitForMultipleObjects
wvsprintfW
wsprintfW
PostThreadMessageW
RegisterWindowMessageW
GetQueueStatus
DispatchMessageW
UnhookWindowsHookEx
IsWindow
FindWindowExW

advapi32

RegQueryValueExA
RegOpenKeyExA
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHGetFolderPathW
SHGetFolderPathA

ole32

CoTaskMemAlloc
CoCreateInstance
CoUninitialize

oleaut32

LoadTypeLi
RegisterTypeLi
SysAllocString
SysFreeString

ws2_32

shutdown
ntohs
WSASetLastError
setsockopt
socket
recv
inet_ntoa
closesocket
getsockopt
getsockname
listen
ioctlsocket
bind
htons
accept
__WSAFDIsSet
select
WSAConnect
connect
send
WSAGetLastError

shlwapi

PathAppendW
PathFindFileNameW
PathFindFileNameA
PathAppendA

msvcp60

?_Xran@std@@YAXXZ
?_Xlen@std@@YAXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IABV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z

msvcrt

__CxxFrameHandler
isspace
??2@YAPAXI@Z
_purecall
atol
_beginthreadex
strtok
_itoa
malloc
free
_snprintf
memchr
wcscat
wcscpy
swprintf
_vsnprintf
_wcsicmp
_except_handler3
memset
memcpy
__dllonexit
_onexit
?terminate@@YAXXZ
_initterm
_adjust_fdiv
_strnicmp
_strdup
_strlwr
memmove
_stricmp

winmm

timeGetTime

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
PPVAConnect
VideoAccBegin
VideoAccEnd
VideoAccGetIS
VideoAccSetAppWnd
VideoAccSetMode
VideoAccSetProcessName
VideoAccSetProxyPort

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/admodule.dll
.dll regsvr32 windows:5 windows x86 arch:x86

84d3fae859555f3fa806d87efe60a956

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19-11-2009 00:00

Not After

18-11-2012 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9f:68:c5:88:c9:86:20:30:e3:28:d3:79:38:ec:c6:cb:8f:b1:42:e5
Signer

Actual PE Digest

9f:68:c5:88:c9:86:20:30:e3:28:d3:79:38:ec:c6:cb:8f:b1:42:e5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualProtect
VirtualAlloc
GetCommandLineA
HeapReAlloc
ExitProcess
HeapSize
HeapCreate
HeapDestroy
VirtualFree
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetTimeZoneInformation
LCMapStringA
SetHandleCount
GetFileType
GetStartupInfoA
HeapFree
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCurrentDirectoryA
GetDriveTypeA
GetProcessHeap
SetEnvironmentVariableA
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
InterlockedCompareExchange
GetFileSizeEx
GetFileAttributesW
GlobalFlags
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
TlsGetValue
LocalAlloc
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
GlobalAddAtomW
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
FindNextFileW
CreateFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetModuleHandleA
FormatMessageW
WaitForSingleObject
TerminateProcess
lstrcpyW
CreateProcessW
Sleep
VirtualQuery
ReadFile
LocalFree
SetFileTime
GlobalReAlloc
GlobalFree
CreateDirectoryW
GetEnvironmentVariableW
CreateFileA
WriteFile
CompareFileTime
GetPrivateProfileIntA
GetPrivateProfileStringA
LoadLibraryW
GetSystemInfo
GetProcAddress
CopyFileW
GetPrivateProfileStringW
SystemTimeToFileTime
GetCurrentProcessId
GetCommandLineW
DeleteFileW
lstrlenA
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
WideCharToMultiByte
GetTickCount
GetSystemTime
WritePrivateProfileStringW
GetPrivateProfileIntW
CreateEventW
CloseHandle
OutputDebugStringW
GetModuleHandleW
LoadLibraryExW
MultiByteToWideChar
FreeLibrary
SetLastError
GetCurrentThreadId
GetModuleFileNameW
MulDiv
lstrcmpW
GetCurrentProcess
FlushInstructionCache
GlobalAlloc
GlobalLock
GlobalUnlock
FreeResource
InterlockedDecrement
InterlockedIncrement
lstrcmpiW
GetLastError
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetConsoleCP
lstrlenW

user32

DestroyMenu
GetSysColorBrush
UnregisterClassW
WinHelpW
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
SetMenu
SetForegroundWindow
GetClassInfoW
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
GetKeyState
PeekMessageW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
PostQuitMessage
CharUpperW
UnhookWindowsHookEx
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxW
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetAncestor
WaitForInputIdle
LoadIconW
MapWindowPoints
GetDoubleClickTime
BringWindowToTop
SetRect
DestroyWindow
SetRectEmpty
UnregisterClassA
IsWindow
EnableWindow
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
LoadImageW
LoadBitmapW
OffsetRect
PostThreadMessageW
GetSystemMetrics
InflateRect
DrawEdge
DrawFocusRect
GetCapture
AdjustWindowRectEx
GetDlgCtrlID
IsWindowEnabled
UpdateWindow
GetMenu
SystemParametersInfoW
IsWindowVisible
PostMessageW
wsprintfW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
SetCursor
ValidateRect
KillTimer
CharNextW
SetWindowLongW
GetWindowLongW
DefWindowProcW
CopyRect
IsRectEmpty
GetClientRect
UpdateLayeredWindow
ClientToScreen
GetWindowDC
GetParent
PtInRect
ScreenToClient
GetCursorPos
EqualRect
GetWindowRect
ReleaseDC
GetDC
SetWindowRgn
GetSysColor
MoveWindow
SetWindowPos
InvalidateRect
InvalidateRgn
RedrawWindow
SetCapture
IsChild
GetDlgItem
GetClassNameW
ReleaseCapture
SetTimer
ShowWindow
CreateAcceleratorTableW
CreateWindowExW
RegisterClassExW
LoadCursorW
GetClassInfoExW
SendMessageW
SetFocus
GetFocus
GetWindow
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
FillRect
RegisterClassW

gdi32

ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkMode
RestoreDC
SaveDC
CreateBitmap
CreateFontW
CreateDIBSection
ExtCreateRegion
OffsetRgn
CombineRgn
CreateRectRgn
Escape
TextOutW
RectVisible
PtVisible
LPtoDP
DPtoLP
GetWindowExtEx
GetViewportExtEx
GetMapMode
GetBkColor
CreateFontIndirectW
SetViewportOrgEx
SetBkColor
ExtTextOutW
GetStockObject
GetObjectW
CreateSolidBrush
CreateCompatibleBitmap
CreateRoundRectRgn
CreateCompatibleDC
SelectObject
GetDeviceCaps
BitBlt
DeleteDC

msimg32

GradientFill

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

BuildExplicitAccessWithNameW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryValueW
RegEnumKeyW
RegOpenKeyW
GetNamedSecurityInfoW
RegDeleteKeyW
SetEntriesInAclW
SetNamedSecurityInfoW
RegQueryValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumKeyExW
RegQueryInfoKeyW

shell32

SHGetFolderPathW
ShellExecuteW
ord165

comctl32

ImageList_GetIconSize
ImageList_Draw
_TrackMouseEvent
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

shlwapi

PathRemoveFileSpecW
PathFileExistsW
PathFindExtensionW
StrStrIW
PathFindFileNameW
PathStripPathW
PathStripToRootW
PathIsUNCW
PathAppendW

ole32

CoTaskMemRealloc
CoTaskMemFree
CreateStreamOnHGlobal
OleDraw
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleInitialize
OleUninitialize
OleSetContainedObject
OleCreate
CreateBindCtx
CoTaskMemAlloc

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen
VarUI4FromStr
VariantInit
VariantClear
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
DispCallFunc
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantCopy
SysAllocStringByteLen
SysStringByteLen
UnRegisterTypeLi
RegisterTypeLi
VariantChangeType
VarBstrCmp
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SysStringLen
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayDestroy
SafeArrayGetLBound

urlmon

RegisterBindStatusCallback
RevokeBindStatusCallback
CreateURLMoniker

gdiplus

GdipBitmapGetPixel
GdipDrawImageRectI
GdipCreateFromHDC
GdipCreateBitmapFromFile
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteGraphics
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipLoadImageFromStream
GdipAlloc
GdipFree
GdiplusShutdown

wininet

InternetTimeToSystemTimeW

Exports

Exports

Cleanup
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DownloadFodder
NSGetModule
ShowABM
StartPlay

Sections

.text
Size: 553KB - Virtual size: 552KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/crashreporter.exe
.exe windows:4 windows x86 arch:x86

ecf049fd1e443d20553200f13e1deea6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19-11-2009 00:00

Not After

18-11-2012 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:d6:ba:5e:ed:3e:f6:1c:76:9e:2d:7e:a2:f7:d0:68:95:d3:e4:0c
Signer

Actual PE Digest

6a:d6:ba:5e:ed:3e:f6:1c:76:9e:2d:7e:a2:f7:d0:68:95:d3:e4:0c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetWriteFile
HttpSendRequestExA
InternetCloseHandle
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetOpenA
HttpEndRequestA

mfc42

ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord815
ord2614
ord540
ord561
ord2514
ord2818
ord858
ord535
ord2621
ord1134
ord1199
ord1247
ord641
ord656
ord922
ord924
ord926
ord5710
ord1997
ord939
ord941
ord5465
ord798
ord5194
ord533
ord860
ord4202
ord6392
ord825
ord5448
ord823
ord3318
ord6877
ord5572
ord2915
ord4129
ord6663
ord3573
ord3626
ord2414
ord3663
ord5265
ord4376
ord4853
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord3830
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord2302
ord4234
ord1779
ord6199
ord3092
ord4710
ord2754
ord755
ord470
ord3874
ord6215
ord3089
ord4476
ord1168
ord1641
ord2379
ord6055
ord1776
ord5290
ord3402
ord3610
ord567
ord1146
ord4396
ord3574
ord609
ord4275
ord2243
ord5875
ord2859
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord6172
ord5873
ord5789
ord5794
ord5678
ord1576
ord5579
ord5571
ord6061
ord5864
ord3596
ord640
ord323
ord6194
ord2567
ord3619
ord3571
ord1640
ord5785
ord2864
ord2575
ord1929
ord795
ord2244
ord4133
ord5788
ord472
ord3693
ord4297
ord3721
ord2764
ord5683
ord2763
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord800
ord537
ord4673
ord5261
ord5736

msvcrt

fseek
fopen
rewind
malloc
atoi
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
ftell
_setmbcp
__CxxFrameHandler
sprintf
strtol
strncpy
isalnum
strlen
_controlfp
strcmp
memset
_stricmp
strcpy
free
fread
fclose

kernel32

CreateProcessA
CloseHandle
Sleep
GetModuleHandleA
GetStartupInfoA
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryA
GetProcAddress
FreeLibrary
GetTickCount
GetEnvironmentVariableA
OutputDebugStringA
GetCommandLineW
lstrlenW
GetTempPathA
lstrlenA
DeleteFileA
CopyFileA

user32

UpdateWindow
PostMessageA
InvalidateRect
SetWindowPos
TabbedTextOutA
WaitForInputIdle
GetCapture
GetParent
GrayStringA
LoadBitmapA
OffsetRect
InflateRect
GetWindowLongA
GetAncestor
DrawTextA
PtInRect
CopyRect
GetSysColor
ReleaseCapture
LoadIconA
EnableWindow
GetClientRect
IsIconic
SendMessageA
DrawIcon
LoadCursorA
SetCursor
GetSystemMetrics
LoadImageA
SetCapture

gdi32

BitBlt
Escape
ExtTextOutA
TextOutA
PtVisible
LPtoDP
DPtoLP
GetMapMode
GetBkColor
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA
CreateFontIndirectA
RectVisible
CreateSolidBrush

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHGetFolderPathA
CommandLineToArgvW
ShellExecuteA

msvcp60

??1Init@ios_base@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??_D?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??Bios_base@std@@QBEPAXXZ
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

shlwapi

PathAppendA
PathRemoveFileSpecA
PathFileExistsA

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/mframe.dll
.dll regsvr32 windows:4 windows x86 arch:x86

b1a4cd97a03147d1e3e766f3602fd630

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19-11-2009 00:00

Not After

18-11-2012 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

45:a9:e0:de:d8:30:19:44:73:27:f9:41:61:79:9b:82:79:7c:b3:32
Signer

Actual PE Digest

45:a9:e0:de:d8:30:19:44:73:27:f9:41:61:79:9b:82:79:7c:b3:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord2810
ord956
ord3688
ord1634
ord3614
ord2371
ord861
ord2362
ord858
ord2634
ord2966
ord5755
ord6188
ord5752
ord6182
ord4324
ord6185
ord6017
ord5869
ord5790
ord5674
ord5732
ord5575
ord5567
ord6057
ord5860
ord3591
ord535
ord925
ord4124
ord6354
ord2756
ord4197
ord2859
ord6190
ord922
ord940
ord5706
ord3566
ord5781
ord6195
ord5795
ord1173
ord2862
ord4269
ord6371
ord4480
ord2546
ord2504
ord5783
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord3733
ord561
ord815
ord3948
ord2717
ord1165
ord2606
ord6193
ord6107
ord6238
ord2105
ord2559
ord2444
ord927
ord3711
ord790
ord5977
ord3541
ord4118
ord1143
ord2822
ord3016
ord1115
ord1568
ord1570
ord1179
ord342
ord1240
ord1194
ord1563
ord1248
ord1250
ord1571
ord600
ord826
ord269
ord5784
ord6871
ord6168
ord5785
ord537
ord2114
ord1088
ord860
ord2910
ord5568
ord942
ord556
ord809
ord3716
ord2078
ord4294
ord538
ord2294
ord795
ord4470
ord4704
ord6330
ord3087
ord4229
ord2356
ord2287
ord2350
ord2293
ord641
ord324
ord3592
ord4419
ord5276
ord4401
ord1767
ord6048
ord2506
ord4992
ord4847
ord4370
ord5261
ord6211
ord6466
ord567
ord3397
ord2573
ord4214
ord1633
ord3658
ord825
ord2406
ord3621
ord3568
ord470
ord755
ord2854
ord2746
ord283
ord5871
ord540
ord3798
ord323
ord2397
ord640
ord800
ord6451
ord5047
ord4270
ord692
ord3634
ord4418
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5286
ord4347
ord6370
ord5157
ord2377
ord5237
ord4395
ord1768
ord4073
ord6051
ord2016
ord2405
ord6362
ord1764
ord823
ord5727

msvcrt

wcscmp
abs
swprintf
_ftol
atoi
_purecall
_wcsicmp
memset
malloc
free
_wcsnicmp
fflush
vfprintf
fopen
_snprintf
strncpy
fclose
memcmp
realloc
wcslen
iswdigit
_wtoi
_wcsdup
_getdrives
strlen
isspace
wcscpy
srand
rand
_except_handler3
memcpy
__CxxFrameHandler
isalnum
?terminate@@YAXXZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
strcpy

kernel32

OutputDebugStringW
DeleteCriticalSection
LoadLibraryExW
InterlockedIncrement
GetPrivateProfileStringW
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
GetLongPathNameW
GetCurrentProcess
FlushInstructionCache
WideCharToMultiByte
LoadLibraryA
lstrcpynW
GetWindowsDirectoryW
FreeLibrary
GetTickCount
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
LoadLibraryW
OutputDebugStringA
GetLastError
SetLastError
lstrlenW
InterlockedDecrement
InitializeCriticalSection
lstrcmpW
SetUnhandledExceptionFilter
GetLocalTime
lstrcatA
lstrcpyA
GetModuleFileNameA
GetLongPathNameA
Module32FirstW
CreateToolhelp32Snapshot
CloseHandle
Module32NextW
FindClose
FindFirstFileA
GetCurrentThread
VirtualQuery
DebugBreak
lstrlenA
GetPrivateProfileIntW
WritePrivateProfileStringW
GetEnvironmentVariableW
MultiByteToWideChar
LocalFree
LocalAlloc
lstrcpyW
GetCurrentThreadId

user32

EnableWindow
RedrawWindow
DrawTextW
FillRect
InflateRect
CopyRect
GetSysColor
DestroyWindow
CreateWindowExW
UnhookWindowsHookEx
GetWindowRect
GetWindowLongW
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
GetDlgItem
GetParent
SetDlgItemTextW
SendMessageW
SetWindowsHookExW
CallNextHookEx
GetKeyState
GetMenuItemInfoW
SetMenuItemInfoW
SetMenuDefaultItem
CreateDialogParamW
GetDoubleClickTime
EndDeferWindowPos
DeferWindowPos
ScreenToClient
ShowWindow
BeginDeferWindowPos
IsWindow
PostMessageW
MessageBoxA
LoadStringW
SetRect
wsprintfW
CharNextW
GetFocus
GetDC
IsRectEmpty
MoveWindow
SetWindowTextW
LoadImageW
IsChild
SetFocus
DestroyMenu
TrackPopupMenu
GetSubMenu
LoadMenuW
DialogBoxParamW
SetRectEmpty
GetAncestor
MonitorFromWindow
GetMonitorInfoW
SetParent
SetForegroundWindow
EndDialog
GetClassNameW
WindowFromPoint
SetActiveWindow
GetCursorPos
BringWindowToTop
IsWindowVisible
RegisterWindowMessageW
GrayStringW
TabbedTextOutW
EndPaint
BeginPaint
GetMenu
AdjustWindowRectEx
GetDlgCtrlID
SetCapture
IsWindowEnabled
KillTimer
SetTimer
UpdateWindow
ClientToScreen
DefWindowProcW
SetWindowLongW
DrawEdge
DrawFocusRect
CallWindowProcW
ReleaseDC
PtInRect
GetCapture
SetCursor
CopyIcon
LoadCursorW
wvsprintfW
GetSystemMetrics
InvalidateRect
ReleaseCapture
LoadBitmapW
GetWindowTextW
GetWindow
SetClassLongW

gdi32

SetTextColor
GetBkColor
GetViewportExtEx
SetBkMode
LPtoDP
FloodFill
GetStockObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
DPtoLP
CreateBitmap
CreateCompatibleBitmap
GetMapMode
SetMapMode
SetBkColor
GetObjectW
Rectangle
CreateFontIndirectW
CreatePen
GetTextExtentPoint32W
CreateSolidBrush
CreateDIBSection
CreateCompatibleDC
SelectObject
StretchBlt
DeleteDC
BitBlt
DeleteObject
GetWindowExtEx

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCloseKey

shell32

ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFolderPathW
SHGetMalloc

ole32

CoTaskMemFree
CreateBindCtx

oleaut32

SysStringLen
LoadRegTypeLi
DispCallFunc
LoadTypeLi
SysAllocStringLen
SysAllocString
VariantClear
SysFreeString

urlmon

RegisterBindStatusCallback
CreateURLMoniker

atl

ord11
ord43
ord15
ord44
ord32
ord10
ord45
ord42
ord30
ord53
ord21
ord58
ord18
ord57
ord16

msimg32

GradientFill

msvcp60

?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??1_Lockit@std@@QAE@XZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

pplugin2

?GetCurrentVersionW@@YGHIPAGK@Z

shlwapi

PathFindFileNameA
PathFileExistsW
PathStripPathW
PathAppendA
PathRemoveFileSpecA
PathAppendW
PathRemoveFileSpecW

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 264KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 272KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/mir.dll
.dll windows:4 windows x86 arch:x86

1bb9ac75bcddcad19ef884bc3d73f3fc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19-11-2009 00:00

Not After

18-11-2012 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

44:ee:0e:45:aa:2d:7f:1e:16:5e:69:ac:7b:43:97:90:46:36:be:0a
Signer

Actual PE Digest

44:ee:0e:45:aa:2d:7f:1e:16:5e:69:ac:7b:43:97:90:46:36:be:0a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcessId
InterlockedIncrement
InterlockedDecrement
CreateIoCompletionPort
CloseHandle
TlsFree
InterlockedCompareExchange
MapViewOfFile
CreateFileMappingA
GetQueuedCompletionStatus
InterlockedExchangeAdd
EnterCriticalSection
PostQueuedCompletionStatus
TlsAlloc
GetExitCodeThread
VirtualQuery
TlsGetValue
TlsSetValue
WaitForSingleObject
TerminateThread
GetModuleFileNameA
SetLastError
GetCurrentThreadId
InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetTickCount
OutputDebugStringA
UnmapViewOfFile
InterlockedExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
CreateFileW
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
ReadFile
GetTimeZoneInformation
GetLocaleInfoW
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetCurrentDirectoryA
GetFullPathNameA
GetOEMCP
GetACP
GetProcAddress
FreeLibrary
GetLocalTime
LoadLibraryA
GetSystemDefaultLangID
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
Sleep
SetEvent
CreateEventA
GetModuleHandleA
lstrlenA
GetVersionExA
WideCharToMultiByte
MultiByteToWideChar
LocalFree
FormatMessageA
HeapAlloc
HeapFree
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
ExitThread
CreateThread
GetCommandLineA
GetProcessHeap
DeleteFileA
HeapReAlloc
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetCPInfo
ExitProcess
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
WriteFile
GetStdHandle
HeapSize
GetLastError

shell32

SHGetFolderPathA
SHCreateDirectoryExA

ole32

CoCreateGuid

ws2_32

getpeername
getservbyname
WSAStringToAddressA
select
getsockopt
connect
accept
__WSAFDIsSet
WSASendTo
WSARecv
shutdown
WSARecvFrom
inet_ntoa
send
socket
WSASend
listen
closesocket
WSACleanup
getsockname
setsockopt
bind
WSAGetLastError
WSAStartup
gethostname
htonl
ntohl
WSASetLastError
inet_addr
gethostbyname
recvfrom
WSASocketA
sendto
htons
ntohs
ioctlsocket

mswsock

AcceptEx
GetAcceptExSockaddrs

iphlpapi

GetIpAddrTable

user32

wsprintfA
PostMessageA

advapi32

CryptReleaseContext
CryptAcquireContextA
CryptHashData
CryptGetHashParam
CryptCreateHash
CryptDestroyHash

Exports

Exports

LiveCleanup
LiveGetChannelParameter
LiveGetChannelStatus
LiveSetChannelCallback
LiveSetChannelParameter
LiveSetChannelPlayerStatus
LiveSetChannelUPNP
LiveStartChannel
LiveStartup
LiveStopChannel

Sections

.text
Size: 840KB - Virtual size: 837KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/peer.dll
.dll windows:5 windows x86 arch:x86

c61c0cd15465d6c46af4bae47f0bddc1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19-11-2009 00:00

Not After

18-11-2012 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8f:7f:a6:ec:d4:b0:0b:ea:38:29:3d:b4:42:6b:54:f0:85:a8:ac:24
Signer

Actual PE Digest

8f:7f:a6:ec:d4:b0:0b:ea:38:29:3d:b4:42:6b:54:f0:85:a8:ac:24

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReleaseSemaphore
CloseHandle
HeapAlloc
GetProcessHeap
HeapFree
SetEvent
WaitForSingleObject
PostQueuedCompletionStatus
InterlockedExchangeAdd
InterlockedCompareExchange
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
GetQueuedCompletionStatus
SetLastError
GetCurrentThreadId
TlsSetValue
TlsGetValue
WideCharToMultiByte
GetACP
MultiByteToWideChar
CreateIoCompletionPort
DeleteCriticalSection
InitializeCriticalSection
CreateToolhelp32Snapshot
GetCurrentProcessId
Process32First
Process32Next
WritePrivateProfileStringA
GetPrivateProfileIntA
GetLocalTime
GetModuleHandleA
GetProcAddress
GetVersionExA
OpenProcess
GetTickCount
GetCurrentDirectoryA
SetCurrentDirectoryA
GetDiskFreeSpaceExA
FindFirstFileA
FindNextFileA
FindClose
MoveFileExA
SetFileAttributesA
GetEnvironmentVariableA
TerminateThread
Sleep
FormatMessageA
LocalFree
UnmapViewOfFile
CreateFileMappingA
MapViewOfFileEx
FlushViewOfFile
CreateFileA
GetFileAttributesExA
GetFileAttributesA
CreateFileW
CreateDirectoryA
RemoveDirectoryA
DuplicateHandle
DeleteFileA
SetWaitableTimer
SystemTimeToFileTime
WaitForMultipleObjects
CreateMutexA
ReleaseMutex
ResetEvent
CreateWaitableTimerA
ResumeThread
GetModuleFileNameA
CompareStringW
CompareStringA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
QueryPerformanceCounter
GetCurrentProcess
CreateSemaphoreA
GetLastError
CreateEventA
GetSystemTimeAsFileTime
GetSystemInfo
TlsFree
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetStdHandle
ReadFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
InitializeCriticalSectionAndSpinCount
LoadLibraryA
VirtualAlloc
VirtualFree
HeapDestroy
HeapCreate
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetStdHandle
WriteFile
HeapSize
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
RaiseException
GetDateFormatA
GetTimeFormatA
GetCommandLineA
CreateThread
ExitThread
HeapReAlloc
ExitProcess
GetModuleHandleW
TlsAlloc
MoveFileA
IsDebuggerPresent
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter
SetEnvironmentVariableA

user32

OpenInputDesktop
SystemParametersInfoA
GetLastInputInfo
PostMessageA
GetSystemMetrics
CloseDesktop

advapi32

RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA

shell32

SHGetFolderPathA

ole32

CoCreateGuid

ws2_32

connect
ioctlsocket
listen
WSASocketA
sendto
send
recvfrom
bind
socket
gethostname
WSARecv
select
accept
inet_addr
htons
WSAStringToAddressA
ntohs
ntohl
WSASend
closesocket
setsockopt
htonl
WSAGetLastError
WSAAddressToStringA
WSASetLastError
WSAStartup
WSACleanup
getsockname
getsockopt
getaddrinfo
freeaddrinfo
getpeername
shutdown
WSARecvFrom
WSASendTo
gethostbyname
__WSAFDIsSet

mswsock

GetAcceptExSockaddrs
AcceptEx

shlwapi

PathFileExistsA
PathAppendA

iphlpapi

GetIpAddrTable

psapi

GetProcessMemoryInfo

Exports

Exports

TS_XXXX

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/pnsis.dll
.dll windows:4 windows x86 arch:x86

31c6ac2144003ec772b515931addb3ad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
GetCurrentProcessId
GetLongPathNameA
FreeLibrary
GlobalFree
lstrcpyA
GetVersionExA
CloseHandle
OpenProcess
TerminateProcess
DisableThreadLibraryCalls
LocalFree
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
FatalAppExitA
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetCurrentThread
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
HeapAlloc
GetStringTypeA
GetStringTypeW
RtlUnwind
Sleep
InterlockedDecrement
InterlockedIncrement
UnhandledExceptionFilter
VirtualAlloc
HeapReAlloc
IsBadWritePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA

advapi32

BuildExplicitAccessWithNameA
SetEntriesInAclA
SetNamedSecurityInfoA
GetNamedSecurityInfoA

Exports

Exports

AddEveryoneToAcl
KillLinger

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/pplugin2.dll
.dll regsvr32 windows:4 windows x86 arch:x86

2a8bfb8a1144751d8d12e443415e4f1c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19-11-2009 00:00

Not After

18-11-2012 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

40:44:b9:54:2d:81:22:d2:a0:63:ea:0e:91:4c:b4:33:e4:b4:22:46
Signer

Actual PE Digest

40:44:b9:54:2d:81:22:d2:a0:63:ea:0e:91:4c:b4:33:e4:b4:22:46

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GetCurrentThreadId
MulDiv
FlushInstructionCache
CreateFileW
SetEndOfFile
GlobalLock
WriteFile
LocalFree
GetVersionExW
LoadLibraryA
GlobalUnlock
InitializeCriticalSection
lstrcatW
DeleteCriticalSection
HeapDestroy
DisableThreadLibraryCalls
lstrcpynW
lstrcmpiW
FindResourceW
LoadResource
SizeofResource
GetShortPathNameW
MultiByteToWideChar
CreateEventW
FindClose
FindNextFileW
lstrcpyW
WaitForSingleObject
FindFirstFileW
SetLastError
WideCharToMultiByte
GetPrivateProfileIntW
GetPrivateProfileStringW
LoadLibraryExW
GetModuleFileNameW
GetEnvironmentVariableW
TerminateProcess
EnterCriticalSection
LeaveCriticalSection
LoadLibraryW
FreeLibrary
OpenMutexW
lstrlenA
OutputDebugStringW
DebugBreak
lstrlenW
InterlockedDecrement
InterlockedIncrement
CreateDirectoryW
GetLastError
CopyFileW
CreateProcessW
CloseHandle
GetCurrentProcess
GetModuleHandleW
GetProcAddress
ReadFile

user32

RegisterWindowMessageW
PostMessageW
DrawTextW
MapWindowPoints
IsWindow
SendMessageW
CreateWindowExW
DestroyWindow
GetWindowLongW
SetWindowTextW
GetWindowRect
CallWindowProcW
ScreenToClient
SetTimer
KillTimer
SetDlgItemTextW
GetDlgItem
SetWindowPos
SetWindowLongW
BeginPaint
EndPaint
wvsprintfW
CharNextW
LoadStringW
MoveWindow
IsChild
WaitForInputIdle
ShowWindow
GetKeyState
PtInRect
UnionRect
GetFocus
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
ReleaseDC
GetDC
InvalidateRect
RegisterClassExW
wsprintfW
LoadCursorW
GetClassInfoExW
DefWindowProcW
SetFocus
GetParent
CreateDialogParamW
RedrawWindow
GetClientRect

gdi32

CreateDCW
LPtoDP
SetMapMode
SetViewportOrgEx
GetDeviceCaps
CreateMetaFileW
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
DeleteDC
GetObjectW
CreateFontIndirectW
DeleteObject
SetBkColor
ExtTextOutW
SetTextColor
SetBkMode
SelectObject
GetStockObject

advapi32

RegDeleteKeyW
GetTokenInformation
OpenProcessToken
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteW
ShellExecuteA
ShellExecuteExW
SHGetFolderPathW

ole32

CreateDataAdviseHolder
CreateOleAdviseHolder
OleLoadFromStream
WriteClassStm
OleSaveToStream
CoTaskMemFree
CreateBindCtx
OleRegGetUserType
OleRegEnumVerbs
OleRegGetMiscStatus
CoTaskMemRealloc
CoTaskMemAlloc
CLSIDFromString
CoCreateInstance

oleaut32

VariantClear
VariantCopy
VariantInit
SysAllocString
LoadTypeLi
RegisterTypeLi
SysStringLen
LoadRegTypeLi
OleCreatePropertyFrame
SysAllocStringByteLen
VariantChangeType
SysStringByteLen
SysAllocStringLen
SysFreeString
VarUI4FromStr

urlmon

RegisterBindStatusCallback
CreateURLMoniker

msvcp60

??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??Mstd@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?empty@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE_NXZ
??0Init@ios_base@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z

msvcrt

__CxxFrameHandler
wcsncpy
memset
wcscpy
realloc
free
wcscmp
memcpy
??2@YAPAXI@Z
wcslen
iswdigit
_wtoi
malloc
wcscat
_wcsicmp
swprintf
strlen
_wfullpath
_CxxThrowException
wcsrchr
memcmp
_purecall
_wcsdup
??1type_info@@UAE@XZ
wcstoul
_adjust_fdiv
_initterm
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
rand
_snwprintf

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathAppendW

Exports

Exports

?GetCurrentVersionW@@YGHIPAGK@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ppp.dll
.dll regsvr32 windows:4 windows x86 arch:x86

46929088280429ac3354990b94720261

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19-11-2009 00:00

Not After

18-11-2012 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

cc:90:4b:17:da:27:76:65:f2:2a:ab:dd:f4:84:b2:36:09:c6:ba:ee
Signer

Actual PE Digest

cc:90:4b:17:da:27:76:65:f2:2a:ab:dd:f4:84:b2:36:09:c6:ba:ee

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord5852
ord3658
ord1115
ord1173
ord1568
ord1165
ord1570
ord1179
ord1863
ord1240
ord1194
ord1563
ord1248
ord1250
ord1571
ord600
ord826
ord269
ord1560
ord268
ord4199
ord4272
ord2756
ord2859
ord470
ord2746
ord755
ord942
ord5679
ord5706
ord4124
ord6770
ord2822
ord2910
ord5568
ord6139
ord940
ord925
ord6466
ord1128
ord2717
ord3948
ord815
ord561
ord3733
ord4418
ord4616
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5710
ord5285
ord800
ord5303
ord4692
ord4074
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord4269
ord927
ord5929
ord834
ord860
ord823
ord920
ord3050
ord3420
ord6874
ord5857
ord538
ord537
ord541
ord922
ord801
ord6868
ord1594
ord535
ord858
ord2606
ord2810
ord861
ord825
ord540
ord342

msvcrt

_findfirst
rand
srand
fclose
fgetws
_wfopen
wcsncpy
swprintf
strcat
_findclose
tolower
islower
toupper
isalnum
isspace
wcslen
realloc
memcpy
_wcsicmp
_purecall
_itow
memcmp
wcscmp
strrchr
_i64tow
atol
strncpy
sscanf
memset
_ftol
wcscpy
sprintf
strcpy
wcstoul
_wtoi
malloc
free
strlen
atoi
__CxxFrameHandler
_CxxThrowException
_wcsdup
_snprintf
strcmp
fprintf
fputs
isalpha
strncmp
strchr
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
_findnext

kernel32

WideCharToMultiByte
MultiByteToWideChar
lstrlenW
GetACP
lstrlenA
WritePrivateProfileStringW
CopyFileW
LocalFree
GetLastError
DeviceIoControl
GetPrivateProfileStringW
GetVersionExA
GetModuleFileNameA
GetModuleHandleA
CreateMutexW
MapViewOfFile
OpenFileMappingW
ReleaseMutex
FlushViewOfFile
UnmapViewOfFile
GetEnvironmentVariableW
GetProcAddress
LoadLibraryW
FreeLibrary
GetTickCount
DeleteFileW
GetTempPathW
CreateDirectoryW
LeaveCriticalSection
EnterCriticalSection
FlushInstructionCache
GetCurrentProcess
InterlockedDecrement
TerminateProcess
CloseHandle
CreateProcessW
WaitForSingleObject
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
OutputDebugStringW
LoadLibraryExW
GetSystemInfo
GetModuleHandleW
GetVersionExW
GetPrivateProfileIntW
VirtualQuery
Sleep
CreateFileA
LocalAlloc
GetSystemTime

user32

KillTimer
SetWindowLongW
DefWindowProcW
RegisterWindowMessageW
GetWindowLongW
CallWindowProcW
GetClientRect
IsWindow
DestroyWindow
FindWindowW
SendMessageW
SetWindowTextW
ShowWindow
BringWindowToTop
MoveWindow
GetWindowRect
wsprintfW
GetWindowThreadProcessId
CreateWindowExW
SetTimer
GetAncestor
SetWindowPos
PostMessageW
WaitForInputIdle

advapi32

RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
OpenProcessToken
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW

shell32

SHGetFolderPathW

ole32

CoCreateGuid
CoCreateInstance

oleaut32

SysAllocStringLen
LoadTypeLi
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
VariantInit
SysAllocString
SysStringLen
LoadRegTypeLi
VariantClear
DispCallFunc
SysFreeString

atl

ord21
ord42
ord18
ord10
ord58
ord30
ord57
ord23
ord15
ord53
ord16
ord32
ord44
ord43
ord45
ord48
ord11
ord47

msvcp60

??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
?resize@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?empty@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE_NXZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?good@ios_base@std@@QBE_NXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAGI@Z

rpcrt4

UuidToStringW
UuidFromStringA

ws2_32

gethostname
gethostbyname
inet_addr
inet_ntoa

shlwapi

PathRemoveExtensionW
PathFindExtensionW
PathRemoveFileSpecW
PathFileExistsW
PathAppendW
StrStrIW
StrStrIA
PathStripPathW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
NSGetModule

Sections

.text
Size: 204KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/sop.dll
.dll windows:5 windows x86 arch:x86

63ffc46e98a761cd967aad54cbb3823e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19-11-2009 00:00

Not After

18-11-2012 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fe:1a:53:2f:ba:f5:0c:e2:61:6c:d6:56:86:45:65:fb:e6:da:87:07
Signer

Actual PE Digest

fe:1a:53:2f:ba:f5:0c:e2:61:6c:d6:56:86:45:65:fb:e6:da:87:07

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetErrorMode
InterlockedIncrement
GlobalFlags
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesW
GetFileSizeEx
GetFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
CreateDirectoryW
HeapFree
GetCommandLineA
RtlUnwind
RaiseException
HeapReAlloc
ExitProcess
HeapSize
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
VirtualFree
VirtualAlloc
HeapCreate
HeapDestroy
GetStdHandle
TlsFree
LCMapStringA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
GetProcessHeap
GetPrivateProfileIntA
ExpandEnvironmentStringsA
CreateDirectoryA
LoadLibraryExW
GetEnvironmentVariableA
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GetModuleHandleA
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
GetVersionExA
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
GetSystemInfo
TerminateProcess
CreateProcessW
InterlockedDecrement
GetACP
lstrlenA
MoveFileW
GetPrivateProfileStringA
GetLastError
WritePrivateProfileStringA
WritePrivateProfileStringW
GetLogicalDriveStringsW
DeleteFileW
GetWindowsDirectoryW
GetDriveTypeW
GetDiskFreeSpaceExW
GetEnvironmentVariableW
lstrcpyW
WideCharToMultiByte
GetPrivateProfileStringW
lstrcpyA
lstrcatW
VirtualQuery
SetFileAttributesW
LocalFree
lstrlenW
MultiByteToWideChar
Sleep
CreateThread
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleHandleW
GetModuleFileNameW
GetVersionExW
DeviceIoControl
CreateFileW
GetTickCount
LockResource
GetCurrentProcessId
OpenMutexW
lstrcmpW
SizeofResource
LoadResource
FindResourceW
GetModuleFileNameA
CloseHandle

user32

DestroyMenu
LoadCursorW
GetSysColorBrush
UnregisterClassW
GetWindowThreadProcessId
SetCursor
GetActiveWindow
GetCursorPos
ValidateRect
CharUpperW
PostQuitMessage
IsWindowEnabled
ShowWindow
SetWindowTextW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetDC
ClientToScreen
DrawTextExW
DrawTextW
TabbedTextOutW
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
IsWindow
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
GetDlgItem
SetTimer
KillTimer
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
GrayStringW
PostMessageW
FindWindowW
SendMessageW
EnableWindow
GetMessageW
TranslateMessage
DispatchMessageW
WaitForInputIdle
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
GetWindow
GetSystemMetrics
GetWindowRect
GetWindowPlacement
IsWindowVisible
GetClientRect
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
GetParent
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
GetWindowLongW
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
ReleaseDC

gdi32

GetStockObject
CreateBitmap
DeleteDC
SetViewportOrgEx
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
DeleteObject
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
SetViewportExtEx
GetDeviceCaps
OffsetViewportOrgEx

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

SetNamedSecurityInfoW
RegQueryValueExA
RegQueryValueW
RegEnumKeyW
RegOpenKeyW
RegSetValueExW
RegDeleteKeyW
RegOpenKeyExA
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetNamedSecurityInfoW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey

shell32

SHGetFolderPathA
SHCreateDirectoryExW
SHGetFolderPathW

shlwapi

PathAppendW
PathIsRelativeW
PathFindFileNameW
PathCombineW
PathRemoveFileSpecW
PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathFileExistsW
PathAppendA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

VariantClear
SysAllocString
SysFreeString
SysAllocStringByteLen
SysStringByteLen
VariantInit
VariantChangeType

wininet

InternetSetOptionW

Exports

Exports

DownloadControl
GetBasicPeerInfo
GetPeerInfo
GetServerPort
NotifyJoinLeave
NotifyTastStatusChange
QueryDownloadProcess
QueryDownloadSpeed
QueryDragPeerState
QueryPeerStateMachine
SetDownloadMode
SetLimitDownload
SetPeerState
SetPushServerCallBack
SetRestPlayTime
StartLimitDownloadConnection
StartPeer
StopLimitDownloadConnection
StopPeer

Sections

.text
Size: 331KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/sqlite3.dll
.dll windows:4 windows x86 arch:x86

ae203af973724c4f20d47874300ff971

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19-11-2009 00:00

Not After

18-11-2012 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

73:c9:5e:12:30:09:9f:a9:60:f4:2f:42:46:75:13:ac:85:80:ae:35
Signer

Actual PE Digest

73:c9:5e:12:30:09:9f:a9:60:f4:2f:42:46:75:13:ac:85:80:ae:35

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AreFileApisANSI
CloseHandle
CreateFileA
CreateFileW
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeLibrary
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLastError
GetProcAddress
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetTickCount
GetVersionExA
InitializeCriticalSection
InterlockedCompareExchange
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
LockFile
LockFileEx
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
SetEndOfFile
SetFilePointer
Sleep
UnlockFile
WideCharToMultiByte
WriteFile

msvcrt

atoi
free
isalnum
isspace
localtime
malloc
memcpy
memmove
memset
qsort
realloc
strcmp
strncmp
tolower

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_config
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_step
sqlite3_stmt_status
sqlite3_strnicmp
sqlite3_table_column_metadata
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_win32_mbcs_to_utf8

Sections

.text
Size: 386KB - Virtual size: 385KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 944B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stab
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.stabstr
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/time.dll
.dll windows:4 windows x86 arch:x86

2e3a4d1f132aea64d421c1e936bcc407

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FileTimeToSystemTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
lstrcmpiA
lstrcpynA
GlobalFree
lstrcpyA
GlobalAlloc
GetSystemTime
GetLocalTime
SetSystemTime
SetLocalTime
FindClose
FindFirstFileA
CloseHandle
SetFileTime
CreateFileA
lstrcatA

user32

SendMessageA
wsprintfA

Exports

Exports

_GetFileTime
_GetFileTimeUTC
_GetLocalTime
_GetLocalTimeUTC
_MathTime
_SetFileTime
_SetFileTimeUTC
_SetLocalTime
_SetLocalTimeUTC
_TimeString
_Unload

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/tpi.dll
.dll windows:4 windows x86 arch:x86

90547e4eb5ec31263ac362ca3152bc21

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

ntohl

kernel32

GetEnvironmentVariableA
EnterCriticalSection
Sleep
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
RtlUnwind
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Exports

Exports

Locate

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 824KB - Virtual size: 822KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/uilib.dll
.dll regsvr32 windows:5 windows x86 arch:x86

61981375a0143ab4be30bf9bbb2f8885

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19-11-2009 00:00

Not After

18-11-2012 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:3f:84:2a:0f:7e:37:b7:64:b2:f9:01:d6:5a:47:a1:cb:b5:59:97
Signer

Actual PE Digest

39:3f:84:2a:0f:7e:37:b7:64:b2:f9:01:d6:5a:47:a1:cb:b5:59:97

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RtlUnwind
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
HeapSize
GetCommandLineA
ExitProcess
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
GetStdHandle
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
GetCurrentProcess
SetEndOfFile
FlushFileBuffers
SetFilePointer
ReadFile
GlobalFindAtomW
LoadLibraryA
GetVersionExA
GlobalFlags
GetModuleHandleA
WritePrivateProfileStringW
CompareStringW
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GetCurrentProcessId
GlobalAddAtomW
GlobalDeleteAtom
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
GlobalFree
FormatMessageW
SetLastError
InterlockedExchange
GetTickCount
GetCurrentThread
lstrcmpW
CreateFileW
WriteFile
OutputDebugStringW
GetCurrentThreadId
CreateFileA
GetModuleFileNameA
GetVersionExW
DeviceIoControl
GlobalAlloc
GlobalLock
GlobalUnlock
LoadLibraryW
Sleep
CreateProcessW
CloseHandle
ExpandEnvironmentStringsW
LoadLibraryExW
FreeLibrary
GetModuleHandleW
GetProcAddress
GetModuleFileNameW
LocalFree
GetEnvironmentVariableW
lstrcmpiW
FindResourceW
LoadResource
LockResource
SizeofResource
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
DeleteCriticalSection
InitializeCriticalSection
lstrlenW
InterlockedDecrement
InterlockedIncrement
GetACP
lstrlenA
WideCharToMultiByte
GetStartupInfoA
MultiByteToWideChar

user32

DestroyMenu
ShowWindow
LoadIconW
WinHelpW
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
GetClassInfoW
AdjustWindowRectEx
CallWindowProcW
CopyRect
GetMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameW
PtInRect
GetWindowTextW
SetWindowTextW
ClientToScreen
GrayStringW
DrawTextExW
TabbedTextOutW
LoadCursorW
GetSystemMetrics
GetSysColor
GetSysColorBrush
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
SendMessageW
GetClassInfoExW
ModifyMenuW
EnableMenuItem
CheckMenuItem
PostQuitMessage
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
DispatchMessageW
PeekMessageW
CreateWindowExW
RegisterClassW
UnregisterClassW
DefWindowProcW
SetWindowLongW
DestroyWindow
DrawTextW
GetDC
ReleaseDC
RegisterWindowMessageW
SetRect
KillTimer
IsRectEmpty
InvalidateRect
SetTimer
PostMessageW
GetAncestor
GetWindowLongW
SetWindowPos
WaitForInputIdle
CharNextW

gdi32

ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
PtVisible
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetDeviceCaps
GetStockObject
SetTextColor
RectVisible
CreateBitmap
SetBkColor
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
SetStretchBltMode
SetDIBitsToDevice
BitBlt
SelectObject
CreateCompatibleDC
CreateDIBSection
DeleteDC
ExtCreateRegion
CombineRgn

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegOpenKeyExA
RegQueryValueExA
RegEnumValueA
RegEnumKeyExW
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

SHGetFolderPathW
ShellExecuteW

shlwapi

StrCmpNIW
PathFindExtensionW
PathFindFileNameW
PathAppendW

ole32

CLSIDFromString
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CreateStreamOnHGlobal

oleaut32

SysFreeString
SysAllocStringLen
SysAllocString
SysStringLen
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
VariantClear
VariantChangeType
VariantInit

rpcrt4

UuidFromStringW
UuidFromStringA

wininet

HttpSendRequestW
InternetOpenA
InternetSetStatusCallbackA
CreateUrlCacheEntryW
CommitUrlCacheEntryW
InternetQueryDataAvailable
InternetReadFile
DeleteUrlCacheEntryW
InternetConnectW
InternetSetStatusCallbackW
HttpQueryInfoW
HttpOpenRequestW
InternetSetOptionW
InternetQueryOptionW
InternetCloseHandle
InternetCrackUrlW

Exports

Exports

??0TiXmlAttribute@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
??0TiXmlAttribute@@QAE@PBD0@Z
??0TiXmlAttribute@@QAE@XZ
??0TiXmlAttributeSet@@QAE@XZ
??0TiXmlBase@@QAE@XZ
??0TiXmlComment@@QAE@ABV0@@Z
??0TiXmlComment@@QAE@XZ
??0TiXmlDeclaration@@QAE@ABV0@@Z
??0TiXmlDeclaration@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@00@Z
??0TiXmlDeclaration@@QAE@PBD00@Z
??0TiXmlDeclaration@@QAE@XZ
??0TiXmlDocument@@QAE@ABV0@@Z
??0TiXmlDocument@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0TiXmlDocument@@QAE@PBD@Z
??0TiXmlDocument@@QAE@XZ
??0TiXmlElement@@QAE@ABV0@@Z
??0TiXmlElement@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0TiXmlElement@@QAE@PBD@Z
??0TiXmlNode@@IAE@W4NodeType@0@@Z
??0TiXmlText@@QAE@ABV0@@Z
??0TiXmlText@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0TiXmlText@@QAE@PBD@Z
??0TiXmlUnknown@@QAE@ABV0@@Z
??0TiXmlUnknown@@QAE@XZ
??1TiXmlAttribute@@UAE@XZ
??1TiXmlAttributeSet@@QAE@XZ
??1TiXmlBase@@UAE@XZ
??1TiXmlComment@@UAE@XZ
??1TiXmlDeclaration@@UAE@XZ
??1TiXmlDocument@@UAE@XZ
??1TiXmlElement@@UAE@XZ
??1TiXmlNode@@UAE@XZ
??1TiXmlText@@UAE@XZ
??1TiXmlUnknown@@UAE@XZ
??4TiXmlComment@@QAEXABV0@@Z
??4TiXmlDeclaration@@QAEXABV0@@Z
??4TiXmlDocument@@QAEXABV0@@Z
??4TiXmlElement@@QAEXABV0@@Z
??4TiXmlText@@QAEXABV0@@Z
??4TiXmlUnknown@@QAEXABV0@@Z
??8TiXmlAttribute@@QBE_NABV0@@Z
??MTiXmlAttribute@@QBE_NABV0@@Z
??OTiXmlAttribute@@QBE_NABV0@@Z
??_7TiXmlAttribute@@6B@
??_7TiXmlBase@@6B@
??_7TiXmlComment@@6B@
??_7TiXmlDeclaration@@6B@
??_7TiXmlDocument@@6B@
??_7TiXmlElement@@6B@
??_7TiXmlNode@@6B@
??_7TiXmlText@@6B@
??_7TiXmlUnknown@@6B@
?Add@TiXmlAttributeSet@@QAEXPAVTiXmlAttribute@@@Z
?Attribute@TiXmlElement@@QBEPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Attribute@TiXmlElement@@QBEPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAH@Z
?Attribute@TiXmlElement@@QBEPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAN@Z
?Attribute@TiXmlElement@@QBEPBDPBD@Z
?Attribute@TiXmlElement@@QBEPBDPBDPAH@Z
?Attribute@TiXmlElement@@QBEPBDPBDPAN@Z
?Blank@TiXmlText@@IBE_NXZ
?CDATA@TiXmlText@@QAE_NXZ
?Clear@TiXmlNode@@QAEXXZ
?ClearError@TiXmlDocument@@QAEXXZ
?ClearThis@TiXmlElement@@IAEXXZ
?Clone@TiXmlComment@@UBEPAVTiXmlNode@@XZ
?Clone@TiXmlDeclaration@@UBEPAVTiXmlNode@@XZ
?Clone@TiXmlDocument@@MBEPAVTiXmlNode@@XZ
?Clone@TiXmlElement@@UBEPAVTiXmlNode@@XZ
?Clone@TiXmlText@@MBEPAVTiXmlNode@@XZ
?Clone@TiXmlUnknown@@UBEPAVTiXmlNode@@XZ
?Column@TiXmlBase@@QBEHXZ
?ConvertUTF32ToUTF8@TiXmlBase@@KAXKPADPAH@Z
?CopyTo@TiXmlComment@@IBEXPAV1@@Z
?CopyTo@TiXmlDeclaration@@IBEXPAV1@@Z
?CopyTo@TiXmlDocument@@ABEXPAV1@@Z
?CopyTo@TiXmlElement@@IBEXPAV1@@Z
?CopyTo@TiXmlNode@@IBEXPAV1@@Z
?CopyTo@TiXmlText@@IBEXPAV1@@Z
?CopyTo@TiXmlUnknown@@IBEXPAV1@@Z
?DoubleValue@TiXmlAttribute@@QBENXZ
?Encoding@TiXmlDeclaration@@QBEPBDXZ
?Error@TiXmlDocument@@QBE_NXZ
?ErrorCol@TiXmlDocument@@QAEHXZ
?ErrorDesc@TiXmlDocument@@QBEPBDXZ
?ErrorId@TiXmlDocument@@QBEHXZ
?ErrorRow@TiXmlDocument@@QAEHXZ
?Find@TiXmlAttributeSet@@QAEPAVTiXmlAttribute@@PBD@Z
?Find@TiXmlAttributeSet@@QBEPBVTiXmlAttribute@@PBD@Z
?First@TiXmlAttributeSet@@QAEPAVTiXmlAttribute@@XZ
?First@TiXmlAttributeSet@@QBEPBVTiXmlAttribute@@XZ
?FirstAttribute@TiXmlElement@@QAEPAVTiXmlAttribute@@XZ
?FirstAttribute@TiXmlElement@@QBEPBVTiXmlAttribute@@XZ
?FirstChild@TiXmlNode@@QAEPAV1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?FirstChild@TiXmlNode@@QAEPAV1@PBD@Z
?FirstChild@TiXmlNode@@QAEPAV1@XZ
?FirstChild@TiXmlNode@@QBEPBV1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?FirstChild@TiXmlNode@@QBEPBV1@PBD@Z
?FirstChild@TiXmlNode@@QBEPBV1@XZ
?FirstChildElement@TiXmlNode@@QAEPAVTiXmlElement@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?FirstChildElement@TiXmlNode@@QAEPAVTiXmlElement@@PBD@Z
?FirstChildElement@TiXmlNode@@QAEPAVTiXmlElement@@XZ
?FirstChildElement@TiXmlNode@@QBEPBVTiXmlElement@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?FirstChildElement@TiXmlNode@@QBEPBVTiXmlElement@@PBD@Z
?FirstChildElement@TiXmlNode@@QBEPBVTiXmlElement@@XZ
?GetChar@TiXmlBase@@KAPBDPBDPADPAHW4TiXmlEncoding@@@Z
?GetDocument@TiXmlNode@@QAEPAVTiXmlDocument@@XZ
?GetDocument@TiXmlNode@@QBEPBVTiXmlDocument@@XZ
?GetEncoding@TiXmlDocument@@QAE?AW4TiXmlEncoding@@XZ
?GetEntity@TiXmlBase@@KAPBDPBDPADPAHW4TiXmlEncoding@@@Z
?GetText@TiXmlElement@@QBEPBDXZ
?GetUserData@TiXmlBase@@QAEPAXXZ
?Identify@TiXmlNode@@IAEPAV1@PBDW4TiXmlEncoding@@@Z
?InsertAfterChild@TiXmlNode@@QAEPAV1@PAV1@ABV1@@Z
?InsertBeforeChild@TiXmlNode@@QAEPAV1@PAV1@ABV1@@Z
?InsertEndChild@TiXmlNode@@QAEPAV1@ABV1@@Z
?IntValue@TiXmlAttribute@@QBEHXZ
?IsAlpha@TiXmlBase@@KAHEW4TiXmlEncoding@@@Z
?IsAlphaNum@TiXmlBase@@KAHEW4TiXmlEncoding@@@Z
?IsWhiteSpace@TiXmlBase@@KA_ND@Z
?IsWhiteSpaceCondensed@TiXmlBase@@SA_NXZ
?IterateChildren@TiXmlNode@@QAEPAV1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAV1@@Z
?IterateChildren@TiXmlNode@@QAEPAV1@PAV1@@Z
?IterateChildren@TiXmlNode@@QAEPAV1@PBDPAV1@@Z
?IterateChildren@TiXmlNode@@QBEPBV1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBV1@@Z
?IterateChildren@TiXmlNode@@QBEPBV1@PBDPBV1@@Z
?IterateChildren@TiXmlNode@@QBEPBV1@PBV1@@Z
?Last@TiXmlAttributeSet@@QAEPAVTiXmlAttribute@@XZ
?Last@TiXmlAttributeSet@@QBEPBVTiXmlAttribute@@XZ
?LastAttribute@TiXmlElement@@QAEPAVTiXmlAttribute@@XZ
?LastAttribute@TiXmlElement@@QBEPBVTiXmlAttribute@@XZ
?LastChild@TiXmlNode@@QAEPAV1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?LastChild@TiXmlNode@@QAEPAV1@PBD@Z
?LastChild@TiXmlNode@@QAEPAV1@XZ
?LastChild@TiXmlNode@@QBEPBV1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?LastChild@TiXmlNode@@QBEPBV1@PBD@Z
?LastChild@TiXmlNode@@QBEPBV1@XZ
?LinkEndChild@TiXmlNode@@QAEPAV1@PAV1@@Z
?LoadFile@TiXmlDocument@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4TiXmlEncoding@@@Z
?LoadFile@TiXmlDocument@@QAE_NPBDW4TiXmlEncoding@@@Z
?LoadFile@TiXmlDocument@@QAE_NW4TiXmlEncoding@@@Z
?Name@TiXmlAttribute@@QBEPBDXZ
?Next@TiXmlAttribute@@QAEPAV1@XZ
?Next@TiXmlAttribute@@QBEPBV1@XZ
?NextSibling@TiXmlNode@@QAEPAV1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?NextSibling@TiXmlNode@@QAEPAV1@PBD@Z
?NextSibling@TiXmlNode@@QAEPAV1@XZ
?NextSibling@TiXmlNode@@QBEPBV1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?NextSibling@TiXmlNode@@QBEPBV1@PBD@Z
?NextSibling@TiXmlNode@@QBEPBV1@XZ
?NextSiblingElement@TiXmlNode@@QAEPAVTiXmlElement@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?NextSiblingElement@TiXmlNode@@QAEPAVTiXmlElement@@PBD@Z
?NextSiblingElement@TiXmlNode@@QAEPAVTiXmlElement@@XZ
?NextSiblingElement@TiXmlNode@@QBEPBVTiXmlElement@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?NextSiblingElement@TiXmlNode@@QBEPBVTiXmlElement@@PBD@Z
?NextSiblingElement@TiXmlNode@@QBEPBVTiXmlElement@@XZ
?NoChildren@TiXmlNode@@QBE_NXZ
?Parent@TiXmlNode@@QAEPAV1@XZ
?Parent@TiXmlNode@@QBEPBV1@XZ
?Parse@TiXmlAttribute@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?Parse@TiXmlComment@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?Parse@TiXmlDeclaration@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?Parse@TiXmlDocument@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?Parse@TiXmlElement@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?Parse@TiXmlText@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?Parse@TiXmlUnknown@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?Previous@TiXmlAttribute@@QAEPAV1@XZ
?Previous@TiXmlAttribute@@QBEPBV1@XZ
?PreviousSibling@TiXmlNode@@QAEPAV1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?PreviousSibling@TiXmlNode@@QAEPAV1@PBD@Z
?PreviousSibling@TiXmlNode@@QAEPAV1@XZ
?PreviousSibling@TiXmlNode@@QBEPBV1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?PreviousSibling@TiXmlNode@@QBEPBV1@PBD@Z
?PreviousSibling@TiXmlNode@@QBEPBV1@XZ
?Print@TiXmlAttribute@@UBEXPAU_iobuf@@H@Z
?Print@TiXmlComment@@UBEXPAU_iobuf@@H@Z
?Print@TiXmlDeclaration@@UBEXPAU_iobuf@@H@Z
?Print@TiXmlDocument@@QBEXXZ
?Print@TiXmlDocument@@UBEXPAU_iobuf@@H@Z
?Print@TiXmlElement@@UBEXPAU_iobuf@@H@Z
?Print@TiXmlText@@UBEXPAU_iobuf@@H@Z
?Print@TiXmlUnknown@@UBEXPAU_iobuf@@H@Z
?PutString@TiXmlBase@@KAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAV23@@Z
?PutString@TiXmlBase@@KAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAV?$basic_ostream@DU?$char_traits@D@std@@@3@@Z
?QueryDoubleAttribute@TiXmlElement@@QBEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAN@Z
?QueryDoubleAttribute@TiXmlElement@@QBEHPBDPAN@Z
?QueryDoubleValue@TiXmlAttribute@@QBEHPAN@Z
?QueryFloatAttribute@TiXmlElement@@QBEHPBDPAM@Z
?QueryIntAttribute@TiXmlElement@@QBEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAH@Z
?QueryIntAttribute@TiXmlElement@@QBEHPBDPAH@Z
?QueryIntValue@TiXmlAttribute@@QBEHPAH@Z
?ReadName@TiXmlBase@@KAPBDPBDPAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4TiXmlEncoding@@@Z
?ReadText@TiXmlBase@@KAPBDPBDPAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N02W4TiXmlEncoding@@@Z
?ReadValue@TiXmlElement@@IAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?Remove@TiXmlAttributeSet@@QAEXPAVTiXmlAttribute@@@Z
?RemoveAttribute@TiXmlElement@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?RemoveAttribute@TiXmlElement@@QAEXPBD@Z
?RemoveChild@TiXmlNode@@QAE_NPAV1@@Z
?ReplaceChild@TiXmlNode@@QAEPAV1@PAV1@ABV1@@Z
?RootElement@TiXmlDocument@@QAEPAVTiXmlElement@@XZ
?RootElement@TiXmlDocument@@QBEPBVTiXmlElement@@XZ
?Row@TiXmlBase@@QBEHXZ
?SaveFile@TiXmlDocument@@QBE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SaveFile@TiXmlDocument@@QBE_NPBD@Z
?SaveFile@TiXmlDocument@@QBE_NXZ
?SetAttribute@TiXmlElement@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?SetAttribute@TiXmlElement@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?SetAttribute@TiXmlElement@@QAEXPBD0@Z
?SetAttribute@TiXmlElement@@QAEXPBDH@Z
?SetCDATA@TiXmlText@@QAEX_N@Z
?SetCondenseWhiteSpace@TiXmlBase@@SAX_N@Z
?SetDocument@TiXmlAttribute@@QAEXPAVTiXmlDocument@@@Z
?SetDoubleAttribute@TiXmlElement@@QAEXPBDN@Z
?SetDoubleValue@TiXmlAttribute@@QAEXN@Z
?SetError@TiXmlDocument@@QAEXHPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?SetIntValue@TiXmlAttribute@@QAEXH@Z
?SetName@TiXmlAttribute@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetName@TiXmlAttribute@@QAEXPBD@Z
?SetTabSize@TiXmlDocument@@QAEXH@Z
?SetUserData@TiXmlBase@@QAEXPAX@Z
?SetValue@TiXmlAttribute@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetValue@TiXmlAttribute@@QAEXPBD@Z
?SetValue@TiXmlNode@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetValue@TiXmlNode@@QAEXPBD@Z
?SkipWhiteSpace@TiXmlBase@@KAPBDPBDW4TiXmlEncoding@@@Z
?Standalone@TiXmlDeclaration@@QBEPBDXZ
?StreamIn@TiXmlComment@@MAEXPAV?$basic_istream@DU?$char_traits@D@std@@@std@@PAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z
?StreamIn@TiXmlDeclaration@@MAEXPAV?$basic_istream@DU?$char_traits@D@std@@@std@@PAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z
?StreamIn@TiXmlDocument@@MAEXPAV?$basic_istream@DU?$char_traits@D@std@@@std@@PAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z
?StreamIn@TiXmlElement@@MAEXPAV?$basic_istream@DU?$char_traits@D@std@@@std@@PAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z
?StreamIn@TiXmlText@@MAEXPAV?$basic_istream@DU?$char_traits@D@std@@@std@@PAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z
?StreamIn@TiXmlUnknown@@MAEXPAV?$basic_istream@DU?$char_traits@D@std@@@std@@PAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z
?StreamOut@TiXmlAttribute@@UBEXPAV?$basic_ostream@DU?$char_traits@D@std@@@std@@@Z
?StreamOut@TiXmlComment@@MBEXPAV?$basic_ostream@DU?$char_traits@D@std@@@std@@@Z
?StreamOut@TiXmlDeclaration@@MBEXPAV?$basic_ostream@DU?$char_traits@D@std@@@std@@@Z
?StreamOut@TiXmlDocument@@MBEXPAV?$basic_ostream@DU?$char_traits@D@std@@@std@@@Z
?StreamOut@TiXmlElement@@MBEXPAV?$basic_ostream@DU?$char_traits@D@std@@@std@@@Z
?StreamOut@TiXmlText@@MBEXPAV?$basic_ostream@DU?$char_traits@D@std@@@std@@@Z
?StreamOut@TiXmlUnknown@@MBEXPAV?$basic_ostream@DU?$char_traits@D@std@@@std@@@Z
?StreamTo@TiXmlBase@@KA_NPAV?$basic_istream@DU?$char_traits@D@std@@@std@@HPAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z
?StreamWhiteSpace@TiXmlBase@@KA_NPAV?$basic_istream@DU?$char_traits@D@std@@@std@@PAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z
?StringEqual@TiXmlBase@@KA_NPBD0_NW4TiXmlEncoding@@@Z
?TabSize@TiXmlDocument@@QBEHXZ
?ToComment@TiXmlNode@@QAEPAVTiXmlComment@@XZ
?ToComment@TiXmlNode@@QBEPBVTiXmlComment@@XZ
?ToDeclaration@TiXmlNode@@QAEPAVTiXmlDeclaration@@XZ
?ToDeclaration@TiXmlNode@@QBEPBVTiXmlDeclaration@@XZ
?ToDocument@TiXmlNode@@QAEPAVTiXmlDocument@@XZ
?ToDocument@TiXmlNode@@QBEPBVTiXmlDocument@@XZ
?ToElement@TiXmlNode@@QAEPAVTiXmlElement@@XZ
?ToElement@TiXmlNode@@QBEPBVTiXmlElement@@XZ
?ToLower@TiXmlBase@@KAHHW4TiXmlEncoding@@@Z
?ToText@TiXmlNode@@QAEPAVTiXmlText@@XZ
?ToText@TiXmlNode@@QBEPBVTiXmlText@@XZ
?ToUnknown@TiXmlNode@@QAEPAVTiXmlUnknown@@XZ
?ToUnknown@TiXmlNode@@QBEPBVTiXmlUnknown@@XZ
?Type@TiXmlNode@@QBEHXZ
?Value@TiXmlAttribute@@QBEPBDXZ
?Value@TiXmlNode@@QBEPBDXZ
?ValueStr@TiXmlNode@@QBEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?Version@TiXmlDeclaration@@QBEPBDXZ
?condenseWhiteSpace@TiXmlBase@@0_NA
?entity@TiXmlBase@@0PAUEntity@1@A
?errorString@TiXmlBase@@1PAPBDA
?utf8ByteTable@TiXmlBase@@2QBHB
CreatePlayLink
DllCanUnloadNow
DllGetClassObject
DllGetInstance
DllGetInstanceEx
DllRegisterServer
DllUnregisterServer
MD5
MD5Final
MD5Init
MD5StringA
MD5StringW
MD5Update
PP_AddEveryoneAccessToFile
PP_AtlEscapeUrlA
PP_AtlEscapeUrlW
PP_AtlUnescapeUrlA
PP_AtlUnescapeUrlW
PP_Base64DecoderA
PP_Base64DecoderW
PP_Base64EncoderA
PP_Base64EncoderW
PP_GetAllUserAppData
PP_GetCurrentUserAppdata
PP_GetDiskId
PP_GetMachineGUID
PP_GetPPGuid
PP_GetPPLiveNetworkPath
PP_OpenUrlA
PP_OpenUrlW
PP_URLXXX
PP_URLYYY
PP_free
PP_malloc
adler32
compress
compress2
compressBound
crc32
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePrime
deflateReset
deflateSetDictionary
get_crc_table
gzclearerr
gzclose
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgets
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzungetc
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateInit2_
inflateInit_
inflateReset
inflateSetDictionary
inflateSync
inflateSyncPoint
uncompress
zError

Sections

.text
Size: 481KB - Virtual size: 480KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff8d8dbb96b7ab762c0ce51911e4d104

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 107KB

.ndata Size: - Virtual size: 100KB

.rsrc Size: 179KB - Virtual size: 179KB

0f59a417be517814d6255c7c7ab35c48

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65Certificate

Extended Key Usages

Key Usages

86:5b:4d:43:95:47:7d:ce:88:a1:25:24:03:5c:e1:33:65:f4:9f:f7Signer

Headers

File Characteristics

Imports

kernel32

ole32

oleaut32

ws2_32

iphlpapi

Exports

Exports

Sections

.text Size: 101KB - Virtual size: 100KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 8KB - Virtual size: 8KB

39a0c6105a00746b436b64ffd0d840f1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65Certificate

Extended Key Usages

Key Usages

62:af:64:62:6c:5c:9e:1c:47:f7:b9:57:70:4d:bd:83:0e:d0:73:85Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 107KB

.ndata
Size: - Virtual size: 100KB

.rsrc
Size: 179KB - Virtual size: 179KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

86:5b:4d:43:95:47:7d:ce:88:a1:25:24:03:5c:e1:33:65:f4:9f:f7
Signer

.text
Size: 101KB - Virtual size: 100KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 8KB - Virtual size: 8KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

62:af:64:62:6c:5c:9e:1c:47:f7:b9:57:70:4d:bd:83:0e:d0:73:85
Signer

.text
Size: 177KB - Virtual size: 176KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 8KB - Virtual size: 23KB

.rsrc
Size: 15KB - Virtual size: 14KB

.reloc
Size: 29KB - Virtual size: 28KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

81:47:0e:4c:76:59:e3:cd:73:0e:c8:d7:a5:8f:59:9c:4b:31:fd:2c
Signer

.text
Size: 140KB - Virtual size: 137KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 832B

.reloc
Size: 16KB - Virtual size: 12KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

1e:5a:ef:57:4c:b0:89:d8:5b:48:1d:2d:cf:b6:08:2a:b3:9b:e4:1b
Signer