737c7ac72651e742a1f4761d0bc9ee99

resource	yara_rule
static1/unpack001/$PLUGINSDIR/KillProc.dll	acprotect

resource	yara_rule
static1/unpack001/$PLUGINSDIR/KillProc.dll	upx

resource
737c7ac72651e742a1f4761d0bc9ee99
unpack001/$PLUGINSDIR/GetVersion.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/KillProc.dll
unpack002/out.upx
unpack001/$PLUGINSDIR/ProcDll.dll
unpack001/$PLUGINSDIR/Processes.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/CrashReporter.dll
unpack001/CrashReporterSilent.exe
unpack001/KanboxPropSheetExtX64.dll
unpack001/Locales/zh-CN.dll
unpack001/auctl.dll
unpack001/disk_cache.dll
unpack001/down_surf.dll
unpack001/framework.dll
unpack001/job_dispatcher.dll
unpack001/mg.dll
unpack001/msvcm90.dll
unpack001/netproxy.dll
unpack001/p2sp_manager.dll
unpack001/rpt.dll
unpack001/stat.dll
unpack001/syncbox.dll
unpack001/sys_mon.dll
unpack001/token_id.dll
unpack001/zlib1.dll

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime

SearchPathA

GetShortPathNameA

GetFullPathNameA

MoveFileA

SetCurrentDirectoryA

GetFileAttributesA

GetLastError

CreateDirectoryA

SetFileAttributesA

Sleep

GetTickCount

CreateFileA

GetFileSize

GetModuleFileNameA

GetCurrentProcess

CopyFileA

ExitProcess

SetFileTime

GetTempPathA

GetCommandLineA

SetErrorMode

LoadLibraryA

lstrcpynA

GetDiskFreeSpaceA

GlobalUnlock

GlobalLock

CreateThread

CreateProcessA

RemoveDirectoryA

GetTempFileNameA

lstrlenA

lstrcatA

GetSystemDirectoryA

GetVersion

CloseHandle

lstrcmpiA

lstrcmpA

ExpandEnvironmentStringsA

GlobalFree

GlobalAlloc

WaitForSingleObject

GetExitCodeProcess

GetModuleHandleA

LoadLibraryExA

GetProcAddress

FreeLibrary

MultiByteToWideChar

WritePrivateProfileStringA

GetPrivateProfileStringA

WriteFile

ReadFile

MulDiv

SetFilePointer

FindClose

FindNextFileA

FindFirstFileA

DeleteFileA

GetWindowsDirectoryA

user32

EndDialog

ScreenToClient

GetWindowRect

EnableMenuItem

GetSystemMenu

SetClassLongA

IsWindowEnabled

SetWindowPos

GetSysColor

GetWindowLongA

SetCursor

LoadCursorA

CheckDlgButton

GetMessagePos

LoadBitmapA

CallWindowProcA

IsWindowVisible

CloseClipboard

SetClipboardData

EmptyClipboard

RegisterClassA

TrackPopupMenu

AppendMenuA

CreatePopupMenu

GetSystemMetrics

SetDlgItemTextA

GetDlgItemTextA

MessageBoxIndirectA

CharPrevA

DispatchMessageA

PeekMessageA

DestroyWindow

CreateDialogParamA

SetTimer

SetWindowTextA

PostQuitMessage

SetForegroundWindow

wsprintfA

SendMessageTimeoutA

FindWindowExA

SystemParametersInfoA

CreateWindowExA

GetClassInfoA

DialogBoxParamA

CharNextA

OpenClipboard

ExitWindowsEx

IsWindow

GetDlgItem

SetWindowLongA

LoadImageA

GetDC

EnableWindow

InvalidateRect

SendMessageA

DefWindowProcA

BeginPaint

GetClientRect

FillRect

DrawTextA

EndPaint

ShowWindow

gdi32

SetBkColor

GetDeviceCaps

DeleteObject

CreateBrushIndirect

CreateFontIndirectA

SetBkMode

SetTextColor

SelectObject

shell32

SHGetPathFromIDListA

SHBrowseForFolderA

SHGetFileInfoA

ShellExecuteA

SHFileOperationA

SHGetSpecialFolderLocation

advapi32

RegQueryValueExA

RegSetValueExA

RegEnumKeyA

RegEnumValueA

RegOpenKeyExA

RegDeleteKeyA

RegDeleteValueA

RegCloseKey

RegCreateKeyExA

comctl32

ImageList_AddMasked

ImageList_Destroy

ord17

ImageList_Create

ole32

CoTaskMemFree

OleInitialize

OleUninitialize

CoCreateInstance

version

GetFileVersionInfoSizeA

GetFileVersionInfoA

VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 304KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

$APPDATA/Daishu Network/Daishu/bin/wizard/UserDirectory.ico

$APPDATA/Kanbox Network/Kanbox/shellext/SyncStatOverlays/icons/errors.ico

$APPDATA/Kanbox Network/Kanbox/shellext/SyncStatOverlays/icons/synced.ico

$APPDATA/Kanbox Network/Kanbox/shellext/SyncStatOverlays/icons/syncing.ico

$APPDATA/Kanbox Network/Kanbox/shellext/SyncStateExt.dll

.dll regsvr32 windows:5 windows x86 arch:x86

b340c19659c56c7136fe064ab7944ffc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0a:0d:7b:29:32:d2:c6:d5:7b:85:e7:d7:53:56:8e:67
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/11/2010, 00:00

Not After

23/11/2013, 23:59

Subject

CN=Beijing LEBO infinity Technology Development CO.\,LTD,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Beijing LEBO infinity Technology Development CO.\,LTD,O=Beijing LEBO infinity Technology Development CO.\,LTD,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

WaitNamedPipeA

GetLastError

CreateFileA

GetOverlappedResult

WaitForSingleObject

TransactNamedPipe

GetModuleFileNameW

GetTickCount

lstrlenW

GetProcAddress

GetModuleHandleW

SetNamedPipeHandleState

FreeLibrary

MultiByteToWideChar

SizeofResource

LoadResource

FindResourceW

LoadLibraryExW

SetThreadLocale

GetThreadLocale

FlushFileBuffers

CreateEventW

CloseHandle

LeaveCriticalSection

EnterCriticalSection

InterlockedDecrement

InterlockedIncrement

DeleteCriticalSection

InitializeCriticalSection

lstrcmpiW

RaiseException

WriteConsoleW

GetConsoleOutputCP

WriteConsoleA

SetStdHandle

GetLocaleInfoA

GetStringTypeW

GetStringTypeA

GetConsoleMode

GetConsoleCP

RtlUnwind

TerminateProcess

GetCurrentProcess

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

HeapAlloc

HeapFree

GetCurrentThreadId

GetCommandLineA

TlsGetValue

TlsAlloc

TlsSetValue

TlsFree

SetLastError

Sleep

HeapSize

ExitProcess

GetCPInfo

GetACP

GetOEMCP

IsValidCodePage

LCMapStringA

WideCharToMultiByte

LCMapStringW

VirtualFree

VirtualAlloc

HeapReAlloc

HeapCreate

HeapDestroy

WriteFile

GetStdHandle

GetModuleFileNameA

SetHandleCount

GetFileType

GetStartupInfoA

FreeEnvironmentStringsA

GetEnvironmentStrings

FreeEnvironmentStringsW

GetEnvironmentStringsW

QueryPerformanceCounter

GetCurrentProcessId

GetSystemTimeAsFileTime

LoadLibraryA

InitializeCriticalSectionAndSpinCount

SetFilePointer

user32

CharNextW

FindWindowW

advapi32

RegEnumKeyExW

RegQueryInfoKeyW

RegSetValueExW

RegOpenKeyExW

RegCreateKeyExW

RegCloseKey

RegDeleteValueW

RegDeleteKeyW

RegCreateKeyW

ole32

CoCreateInstance

CoTaskMemAlloc

CoTaskMemRealloc

CoTaskMemFree

StringFromGUID2

oleaut32

SysStringLen

VarUI4FromStr

RegisterTypeLi

UnRegisterTypeLi

LoadTypeLi

SysAllocString

SysFreeString

shlwapi

PathRemoveFileSpecW

Exports

DllCanUnloadNow

DllGetClassObject

DllInstall

DllRegisterServer

DllUnregisterServer

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$APPDATA/Kanbox Network/Kanbox/shellext/SyncStateExtX64.dll

.dll regsvr32 windows:5 windows x64 arch:x64

c995ebed3f75a3ebb8dafbabfa72d263

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0a:0d:7b:29:32:d2:c6:d5:7b:85:e7:d7:53:56:8e:67
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/11/2010, 00:00

Not After

23/11/2013, 23:59

Subject

CN=Beijing LEBO infinity Technology Development CO.\,LTD,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Beijing LEBO infinity Technology Development CO.\,LTD,O=Beijing LEBO infinity Technology Development CO.\,LTD,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

Imports

kernel32

CreateFileA

GetOverlappedResult

WaitForSingleObject

TransactNamedPipe

GetModuleFileNameW

GetTickCount

lstrlenW

GetProcAddress

GetModuleHandleW

lstrcmpiW

GetLastError

MultiByteToWideChar

SizeofResource

LoadResource

FindResourceW

LoadLibraryExW

SetThreadLocale

GetThreadLocale

FlushFileBuffers

WaitNamedPipeA

SetNamedPipeHandleState

CreateEventW

CloseHandle

LeaveCriticalSection

EnterCriticalSection

DeleteCriticalSection

InitializeCriticalSection

FreeLibrary

RaiseException

WriteConsoleW

GetConsoleOutputCP

WriteConsoleA

SetStdHandle

GetLocaleInfoA

GetStringTypeW

GetStringTypeA

GetConsoleMode

GetConsoleCP

RtlUnwindEx

RtlPcToFileHeader

RtlLookupFunctionEntry

TerminateProcess

GetCurrentProcess

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

RtlVirtualUnwind

RtlCaptureContext

HeapAlloc

HeapFree

GetCurrentThreadId

FlsSetValue

GetCommandLineA

EncodePointer

DecodePointer

FlsGetValue

FlsFree

SetLastError

FlsAlloc

Sleep

HeapSize

ExitProcess

GetCPInfo

GetACP

GetOEMCP

IsValidCodePage

LCMapStringA

WideCharToMultiByte

LCMapStringW

WriteFile

GetStdHandle

GetModuleFileNameA

HeapSetInformation

HeapCreate

HeapDestroy

HeapReAlloc

SetHandleCount

GetFileType

GetStartupInfoA

FreeEnvironmentStringsA

GetEnvironmentStrings

FreeEnvironmentStringsW

GetEnvironmentStringsW

QueryPerformanceCounter

GetCurrentProcessId

GetSystemTimeAsFileTime

LoadLibraryA

InitializeCriticalSectionAndSpinCount

SetFilePointer

user32

CharNextW

FindWindowW

advapi32

RegEnumKeyExW

RegQueryInfoKeyW

RegSetValueExW

RegOpenKeyExW

RegCreateKeyExW

RegCloseKey

RegDeleteValueW

RegDeleteKeyW

RegCreateKeyW

ole32

CoCreateInstance

CoTaskMemAlloc

CoTaskMemRealloc

CoTaskMemFree

StringFromGUID2

oleaut32

SysStringLen

VarUI4FromStr

RegisterTypeLi

UnRegisterTypeLi

LoadTypeLi

SysAllocString

SysFreeString

shlwapi

PathRemoveFileSpecW

Exports

DllCanUnloadNow

DllGetClassObject

DllInstall

DllRegisterServer

DllUnregisterServer

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/GetVersion.dll

.dll windows:5 windows x86 arch:x86

fb1aa2bbc159c94cb45792330366bd5f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA

GetModuleHandleA

lstrcpynA

GlobalAlloc

GetProcAddress

GetSystemInfo

GetVersionExA

user32

GetSystemMetrics

wsprintfA

advapi32

RegQueryValueExA

RegOpenKeyExA

RegCloseKey

Exports

WindowsName

WindowsPlatformArchitecture

WindowsPlatformId

WindowsServerName

WindowsServicePack

WindowsServicePackBuild

WindowsServicePackMajor

WindowsServicePackMinor

WindowsType

WindowsVersion

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 558B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/InstallOptions.dll

.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA

GetCurrentDirectoryA

MultiByteToWideChar

GetPrivateProfileIntA

GlobalLock

GetModuleHandleA

lstrcmpiA

GetPrivateProfileStringA

lstrcatA

lstrcpynA

WritePrivateProfileStringA

lstrlenA

lstrcpyA

GlobalFree

GlobalUnlock

GlobalAlloc

user32

MapWindowPoints

GetDlgCtrlID

CloseClipboard

GetClipboardData

OpenClipboard

PtInRect

SetWindowRgn

LoadIconA

LoadImageA

SetWindowLongA

CreateWindowExA

MapDialogRect

SetWindowPos

GetWindowRect

CreateDialogParamA

ShowWindow

EnableMenuItem

GetSystemMenu

EnableWindow

GetDlgItem

DestroyIcon

DestroyWindow

DispatchMessageA

TranslateMessage

GetMessageA

IsDialogMessageA

LoadCursorA

SetCursor

DrawTextA

GetWindowLongA

DrawFocusRect

CallWindowProcA

PostMessageA

MessageBoxA

CharNextA

wsprintfA

GetWindowTextA

SetWindowTextA

SendMessageA

GetClientRect

gdi32

SetTextColor

CreateCompatibleDC

GetObjectA

GetDIBits

CreateRectRgn

CombineRgn

DeleteObject

SelectObject

shell32

SHBrowseForFolderA

SHGetDesktopFolder

SHGetPathFromIDListA

ShellExecuteA

comdlg32

GetOpenFileNameA

GetSaveFileNameA

CommDlgExtendedError

ole32

CoTaskMemFree

Exports

dialog

initDialog

show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/KillProc.dll

.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_BYTES_REVERSED_LO

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

IMAGE_FILE_BYTES_REVERSED_HI

Exports

FindProcesses

KillProcesses

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

UPX1
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

out.upx

.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_BYTES_REVERSED_LO

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 101B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

$PLUGINSDIR/ProcDll.dll

.dll windows:4 windows x86 arch:x86

6aac02222a7107798e494b35d1b0b7d6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

CloseHandle

LoadLibraryA

lstrcmpiA

OpenProcess

Process32Next

CreateToolhelp32Snapshot

TerminateProcess

GetVersionExA

WideCharToMultiByte

GlobalAlloc

SetStdHandle

SetFilePointer

IsBadCodePtr

IsBadReadPtr

SetUnhandledExceptionFilter

IsBadWritePtr

HeapReAlloc

lstrcpynA

lstrcpyA

GlobalFree

GetProcAddress

FlushFileBuffers

FreeLibrary

VirtualAlloc

InterlockedIncrement

InterlockedDecrement

GetStringTypeW

GetStringTypeA

WriteFile

VirtualFree

HeapCreate

HeapDestroy

GetEnvironmentVariableA

GetModuleHandleA

RtlUnwind

GetCommandLineA

GetVersion

InitializeCriticalSection

DeleteCriticalSection

EnterCriticalSection

LeaveCriticalSection

ExitProcess

GetCPInfo

GetACP

GetOEMCP

MultiByteToWideChar

LCMapStringA

LCMapStringW

HeapFree

HeapAlloc

GetCurrentThreadId

TlsSetValue

TlsAlloc

TlsFree

SetLastError

TlsGetValue

GetLastError

GetCurrentProcess

SetHandleCount

GetStdHandle

GetFileType

GetStartupInfoA

GetModuleFileNameA

FreeEnvironmentStringsA

FreeEnvironmentStringsW

GetEnvironmentStrings

GetEnvironmentStringsW

user32

CallNextHookEx

GetDlgCtrlID

GetWindowLongA

GetWindowThreadProcessId

GetParent

PostMessageA

SendMessageA

SetWindowsHookExA

GetClassNameA

wsprintfA

UnhookWindowsHookEx

GetWindowRect

GetCursorPos

PtInRect

GetFocus

CallWindowProcA

IsWindow

SetWindowLongA

advapi32

RegOpenKeyExA

RegQueryValueA

RegCloseKey

shell32

SHGetFolderPathA

ole32

StringFromCLSID

CoTaskMemFree

CoInitialize

CoCreateGuid

CoUninitialize

version

GetFileVersionInfoA

VerQueryValueA

GetFileVersionInfoSizeA

Exports

CompareFileVersion

CompareFileVersionLocal

GetAppDataFolder

GetBHOFileName

GetCmdLineParam

GetIEFolder

GetNewGUID

GetResult

GetWindowsVersion

IsModuleRunning

IsRegisterIEPolicy

KillProcess

KillProcessByName

OnInit

SetParam

Uninit

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/Processes.dll

.dll windows:5 windows x86 arch:x86

eaa5f91829171a65db414b9e64ec9548

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA

GetProcAddress

FreeLibrary

OpenProcess

CloseHandle

TerminateProcess

GlobalFree

lstrcpyA

FlushFileBuffers

CreateFileA

GetCurrentThreadId

GetCommandLineA

GetCurrentProcess

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

GetModuleHandleW

TlsGetValue

TlsAlloc

TlsSetValue

TlsFree

InterlockedIncrement

SetLastError

GetLastError

InterlockedDecrement

HeapFree

Sleep

ExitProcess

SetHandleCount

GetStdHandle

GetFileType

GetStartupInfoA

DeleteCriticalSection

GetModuleFileNameA

FreeEnvironmentStringsA

GetEnvironmentStrings

FreeEnvironmentStringsW

WideCharToMultiByte

GetEnvironmentStringsW

HeapCreate

HeapDestroy

VirtualFree

QueryPerformanceCounter

GetTickCount

GetCurrentProcessId

GetSystemTimeAsFileTime

SetFilePointer

WriteFile

GetConsoleCP

GetConsoleMode

EnterCriticalSection

LeaveCriticalSection

GetCPInfo

GetACP

GetOEMCP

IsValidCodePage

HeapAlloc

VirtualAlloc

HeapReAlloc

InitializeCriticalSectionAndSpinCount

RtlUnwind

SetStdHandle

WriteConsoleA

GetConsoleOutputCP

WriteConsoleW

MultiByteToWideChar

LCMapStringA

LCMapStringW

GetStringTypeA

GetStringTypeW

GetLocaleInfoA

HeapSize

user32

GetDesktopWindow

FindWindowA

UpdateWindow

wsprintfA

Exports

FindDevice

FindProcess

KillProcess

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/System.dll

.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc

GlobalFree

GlobalSize

GetLastError

lstrcpyA

lstrcpynA

FreeLibrary

lstrcatA

GetProcAddress

LoadLibraryA

GetModuleHandleA

MultiByteToWideChar

lstrlenA

WideCharToMultiByte

VirtualAlloc

VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2

CLSIDFromString

Exports

Alloc

Call

Copy

Free

Get

Int64Op

Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/ioSpecial.ini

$PLUGINSDIR/modern-header.bmp

$PLUGINSDIR/modern-wizard.bmp

$PLUGINSDIR/update.bmp

$PLUGINSDIR/update.ini

CrashReporter.dll

.dll windows:5 windows x86 arch:x86

989c00ed3b1e48eafdea6aed46e332d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

shlwapi

wnsprintfA

zlib1

compress2

compressBound

ws2_32

inet_addr

gethostbyaddr

htons

setsockopt

connect

select

__WSAFDIsSet

socket

WSASend

closesocket

WSAGetLastError

gethostbyname

inet_ntoa

WSAStartup

WSACleanup

ntohl

htonl

ioctlsocket

kernel32

CompareStringA

GetProcessHeap

SetEndOfFile

InterlockedExchange

FlushFileBuffers

SetStdHandle

WriteConsoleW

GetConsoleOutputCP

WriteConsoleA

LCMapStringW

LCMapStringA

SetFilePointer

GetStringTypeW

MultiByteToWideChar

GetStringTypeA

GetLocaleInfoA

TerminateProcess

GetModuleFileNameA

GetLocalTime

CloseHandle

WideCharToMultiByte

lstrlenW

GetCurrentProcessId

CompareStringW

WriteProcessMemory

VirtualProtect

GetProcAddress

LoadLibraryA

GetLastError

CreateFileA

GetCurrentThread

GetCurrentThreadId

WritePrivateProfileStringA

GetTickCount

FindClose

CreateDirectoryA

FindFirstFileA

GetTempPathA

SetUnhandledExceptionFilter

SetErrorMode

Sleep

ReadFile

GetFileSize

FreeLibrary

SetLastError

ReadProcessMemory

OutputDebugStringA

GetEnvironmentVariableA

GetFileAttributesA

GetCurrentDirectoryA

ResumeThread

GetThreadContext

SuspendThread

GetVersionExA

InitializeCriticalSectionAndSpinCount

SetEnvironmentVariableA

GetSystemTimeAsFileTime

QueryPerformanceCounter

InitializeCriticalSection

GetCurrentProcess

GetEnvironmentStringsW

FreeEnvironmentStringsW

GetEnvironmentStrings

FreeEnvironmentStringsA

RtlUnwind

UnhandledExceptionFilter

IsDebuggerPresent

RaiseException

HeapFree

HeapAlloc

GetCommandLineA

GetModuleHandleW

TlsGetValue

TlsAlloc

TlsSetValue

TlsFree

InterlockedIncrement

InterlockedDecrement

HeapCreate

HeapDestroy

VirtualFree

DeleteCriticalSection

LeaveCriticalSection

EnterCriticalSection

VirtualAlloc

HeapReAlloc

GetModuleHandleA

GetCPInfo

GetACP

GetOEMCP

IsValidCodePage

WriteFile

GetConsoleCP

GetConsoleMode

HeapSize

ExitProcess

GetTimeZoneInformation

GetStdHandle

SetHandleCount

GetFileType

GetStartupInfoA

user32

MessageBeep

advapi32

GetUserNameA

shell32

ShellExecuteA

version

GetFileVersionInfoSizeA

GetFileVersionInfoA

VerQueryValueA

Exports

RegisterCrash

ReportCrash

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

CrashReporterSilent.exe

.exe windows:5 windows x86 arch:x86

084700d3b5370566356cfb3f541b5a9e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA

SetFileAttributesA

FindClose

GetLocalTime

OutputDebugStringA

DeleteFileA

GetProcAddress

CreateFileA

SetErrorMode

GetTickCount

GetPrivateProfileStringA

CloseHandle

UnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

InterlockedCompareExchange

Sleep

InterlockedExchange

LoadLibraryA

IsDebuggerPresent

QueryPerformanceCounter

GetCurrentThreadId

GetCurrentProcessId

GetSystemTimeAsFileTime

SetUnhandledExceptionFilter

msvcp90

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

iphlpapi

GetAdaptersInfo

msvcr90

sprintf_s

vsprintf_s

??2@YAPAXI@Z

_strnicmp

__getmainargs

_cexit

_exit

_XcptFilter

exit

__initenv

_initterm

_initterm_e

_configthreadlocale

__setusermatherr

_adjust_fdiv

__p__commode

__p__fmode

_encode_pointer

__set_app_type

_crt_debugger_hook

?terminate@@YAXXZ

?_type_info_dtor_internal_method@type_info@@QAEXXZ

_unlock

__dllonexit

_lock

_onexit

_decode_pointer

_except_handler4_common

_invoke_watson

_controlfp_s

??3@YAXPAX@Z

__CxxFrameHandler3

_amsg_exit

memset

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Kanbox.exe

.exe windows:5 windows x86 arch:x86

c74ebeab48420c50d544326118dc368a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0a:0d:7b:29:32:d2:c6:d5:7b:85:e7:d7:53:56:8e:67
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/11/2010, 00:00

Not After

23/11/2013, 23:59

Subject

CN=Beijing LEBO infinity Technology Development CO.\,LTD,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Beijing LEBO infinity Technology Development CO.\,LTD,O=Beijing LEBO infinity Technology Development CO.\,LTD,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA

GetFileVersionInfoW

GetFileVersionInfoSizeW

GetFileVersionInfoSizeA

VerQueryValueA

VerQueryValueW

iphlpapi

GetAdaptersInfo

kernel32

DeleteFileA

GetPrivateProfileStringA

FormatMessageW

GetModuleHandleW

LoadLibraryExW

lstrcmpiW

GetDiskFreeSpaceExW

GetVolumeInformationW

GetDriveTypeW

GetLogicalDriveStringsW

lstrcatW

WinExec

FindNextFileW

FindFirstFileW

WaitForSingleObject

GetModuleFileNameA

MulDiv

CreateEventW

SetEvent

lstrcmpW

GetComputerNameExW

CompareStringW

GetLocalTime

HeapAlloc

IsProcessorFeaturePresent

VirtualFree

VirtualAlloc

HeapDestroy

HeapReAlloc

HeapSize

GetStartupInfoW

TerminateProcess

FindFirstFileA

FindClose

LoadLibraryW

FreeLibrary

GetProcAddress

CreateDirectoryW

CreateFileW

WriteFile

CloseHandle

GetFileAttributesW

SetFileAttributesW

DeleteFileW

IsBadWritePtr

WritePrivateProfileStringA

LeaveCriticalSection

EnterCriticalSection

FindResourceExW

GetVersionExW

lstrcpyW

FreeResource

LockResource

SizeofResource

FindResourceW

LoadResource

GetCurrentProcess

FlushInstructionCache

SetLastError

RaiseException

CreateMutexW

GetCurrentThreadId

GetLastError

InterlockedExchange

Sleep

GetModuleFileNameW

CreateProcessW

LoadLibraryA

GetTickCount

CopyFileW

WritePrivateProfileStringW

GetPrivateProfileStringW

InterlockedDecrement

InterlockedIncrement

InitializeCriticalSection

DeleteCriticalSection

MultiByteToWideChar

lstrlenA

HeapFree

WideCharToMultiByte

lstrlenW

GlobalAlloc

GlobalLock

GlobalUnlock

GlobalFree

IsBadCodePtr

GetProcessHeap

VirtualQuery

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

QueryPerformanceCounter

GetCurrentProcessId

GetSystemTimeAsFileTime

lstrcpynW

InterlockedCompareExchange

user32

DrawFocusRect

IsWindowEnabled

GetClassNameW

GetCapture

UpdateWindow

PtInRect

SetDlgItemInt

GetDlgItemInt

BringWindowToTop

InsertMenuW

ClientToScreen

SetRect

CharUpperW

GetIconInfo

SetRectEmpty

DeleteMenu

ModifyMenuW

EnableMenuItem

PostQuitMessage

LoadImageW

IntersectRect

FrameRect

InflateRect

GetFocus

GetDlgCtrlID

IsRectEmpty

SetScrollPos

GetKeyState

SetCapture

GetMessagePos

ReleaseCapture

GetScrollInfo

GetScrollPos

OffsetRect

SetWindowRgn

RegisterClipboardFormatW

DestroyCursor

SetScrollInfo

IsWindowVisible

SetCursor

FillRect

IsZoomed

IsIconic

MoveWindow

MessageBoxW

CallWindowProcW

MessageBeep

GetDC

SetDlgItemTextW

InvalidateRect

ScreenToClient

EnableWindow

EndPaint

BeginPaint

GetWindowTextLengthW

GetWindowTextW

SystemParametersInfoW

EndDialog

GetParent

GetWindow

GetWindowRect

GetWindowLongW

MonitorFromWindow

GetClientRect

MapWindowPoints

SetWindowPos

SetWindowTextW

GetDesktopWindow

LoadIconW

WindowFromPoint

wsprintfW

CharNextW

LoadStringW

RegisterClassExW

LoadCursorW

GetClassInfoExW

CreateWindowExW

SetWindowLongW

GetDlgItem

DrawStateW

GetSubMenu

LoadMenuW

DrawEdge

CopyRect

GetSysColor

LoadBitmapW

DrawTextW

ReleaseDC

GetWindowDC

GetSystemMetrics

MonitorFromPoint

GetMonitorInfoW

TrackPopupMenu

SetMenuDefaultItem

SetMenuItemInfoW

GetMenuItemInfoW

GetMenuItemCount

GetMenuItemID

DestroyMenu

GetCursorPos

SetFocus

RegisterWindowMessageW

CreateDialogParamW

DialogBoxParamW

DestroyWindow

DefWindowProcW

IsDialogMessageW

PeekMessageW

GetMessageW

TranslateMessage

DispatchMessageW

GetClassInfoW

RegisterClassW

RedrawWindow

FindWindowW

IsWindow

DestroyIcon

KillTimer

PostMessageW

SetTimer

GetActiveWindow

SendMessageW

SetForegroundWindow

ShowWindow

UnregisterClassA

gdi32

DeleteObject

DeleteDC

SelectObject

CreateFontIndirectW

GetObjectW

SetBkMode

SetTextColor

CreateSolidBrush

SetBkColor

Rectangle

ExtTextOutW

CreateCompatibleDC

DPtoLP

GetDeviceCaps

GetStockObject

GetTextExtentPoint32W

CreateRectRgn

CreatePolygonRgn

CombineRgn

CreateCompatibleBitmap

BitBlt

SetViewportOrgEx

SaveDC

RestoreDC

CreatePen

GetClipBox

RoundRect

MoveToEx

LineTo

GetDIBColorTable

CreatePalette

CreateHalftonePalette

CreateBitmap

GetCurrentObject

ExcludeClipRect

CreateDCW

TextOutW

CreateDIBSection

GetDIBits

advapi32

RegCreateKeyExW

RegOpenKeyW

RegEnumValueW

RegQueryValueExW

OpenProcessToken

GetTokenInformation

RegQueryInfoKeyW

RegSetValueExW

RegDeleteKeyW

RegDeleteValueW

RegCloseKey

RegOpenKeyExW

RegEnumKeyExW

shell32

SHBrowseForFolderW

SHGetPathFromIDListW

SHGetSpecialFolderLocation

ShellExecuteExW

SHChangeNotify

ShellExecuteW

ExtractIconW

Shell_NotifyIconW

SHFileOperationW

SHGetSpecialFolderPathW

ole32

CoCreateInstance

CoUninitialize

IIDFromString

StringFromIID

CoTaskMemFree

CoInitialize

OleUninitialize

OleInitialize

CreateStreamOnHGlobal

CoTaskMemAlloc

CoTaskMemRealloc

oleaut32

SysFreeString

VariantInit

VariantClear

SysAllocString

VarUI4FromStr

SysAllocStringLen

SysStringLen

msvcp90

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z

?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ

?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ

?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ

?uncaught_exception@std@@YA_NXZ

?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z

?good@ios_base@std@@QBE_NXZ

?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ

?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ

?length@?$char_traits@_W@std@@SAIPB_W@Z

?width@ios_base@std@@QBEHXZ

?flags@ios_base@std@@QBEHXZ

?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WXZ

?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ

?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z

?eof@?$char_traits@_W@std@@SAGXZ

?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z

?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ

?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z

?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ

??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z

?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z

?_Decref@facet@locale@std@@QAEPAV123@XZ

?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z

?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z

?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z

?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z

?find_first_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z

?find_last_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z

?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEPADXZ

?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z

?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z

?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z

?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z

??0?$allocator@_W@std@@QAE@XZ

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z

?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z

?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z

?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB

??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z

?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ

?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z

??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z

?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ

?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ

?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z

?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z

?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z

?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHABV12@@Z

?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ

?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z

?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z

??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z

?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ

?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z

?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHIIABV12@@Z

?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ

?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z

??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z

?widen@?$ctype@_W@std@@QBE_WD@Z

??1locale@std@@QAE@XZ

?getloc@ios_base@std@@QBE?AVlocale@2@XZ

??1_Lockit@std@@QAE@XZ

?_Incref@facet@locale@std@@QAEXXZ

?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z

??Bid@locale@std@@QAEIXZ

?id@?$ctype@_W@std@@2V0locale@2@A

??0_Lockit@std@@QAE@H@Z

?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z

??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z

??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z

?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ

?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ

?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WII@Z

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@II@Z

??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z

??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z

?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z

?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z

?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@I_W@Z

??0?$_String_val@_WV?$allocator@_W@std@@@std@@IAE@V?$allocator@_W@1@@Z

?_Tidy@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEX_NI@Z

??0?$allocator@D@std@@QAE@XZ

??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z

??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z

?max@?$numeric_limits@I@std@@SAIXZ

?max@?$numeric_limits@_J@std@@SA_JXZ

?min@?$numeric_limits@_J@std@@SA_JXZ

?max@?$numeric_limits@H@std@@SAHXZ

?eq_int_type@?$char_traits@_W@std@@SA_NABG0@Z

?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHPB_W@Z

?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@@Z

?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z

?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ

?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z

?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ

?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ

??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z

?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ

??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ

?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIABV12@@Z

?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z

?width@ios_base@std@@QAEHH@Z

?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z

?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ

?min@?$numeric_limits@H@std@@SAHXZ

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z

??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z

??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ

?str@?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ

??$?6_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z

??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z

shlwapi

SHDeleteKeyW

PathRemoveFileSpecW

PathCombineW

PathFileExistsW

comctl32

ImageList_Destroy

ImageList_Draw

ImageList_GetIcon

ImageList_LoadImageW

ImageList_GetIconSize

_TrackMouseEvent

InitCommonControlsEx

ImageList_DrawEx

msimg32

AlphaBlend

GradientFill

gdiplus

GdiplusStartup

GdipFree

GdipAlloc

GdipCreateBitmapFromFile

GdipCreateBitmapFromFileICM

GdipDisposeImage

GdipCloneImage

GdipCreateBitmapFromStream

GdipCreateBitmapFromStreamICM

GdipCreateBitmapFromResource

GdipCreateHBITMAPFromBitmap

GdiplusShutdown

msvcr90

free

exit

_XcptFilter

_exit

_cexit

__wgetmainargs

_amsg_exit

_except_handler4_common

_controlfp_s

_invoke_watson

?_type_info_dtor_internal_method@type_info@@QAEXXZ

_crt_debugger_hook

__set_app_type

__p__fmode

__p__commode

_adjust_fdiv

__setusermatherr

_configthreadlocale

_initterm_e

_initterm

??3@YAXPAX@Z

??_V@YAXPAX@Z

__CxxFrameHandler3

_wtoi

wcsncpy_s

memset

_snwprintf_s

??2@YAPAXI@Z

strlen

_purecall

strrchr

sprintf_s

_vsnprintf

_atoi64

_ultoa_s

wcscpy

_invalid_parameter_noinfo

_CxxThrowException

??0exception@std@@QAE@ABV01@@Z

??1exception@std@@UAE@XZ

??0exception@std@@QAE@XZ

??0exception@std@@QAE@ABQBD@Z

?what@exception@std@@UBEPBDXZ

wcscpy_s

wcsnlen

memcpy_s

swprintf_s

_wcsicmp

wcsstr

wcsrchr

_recalloc

memmove_s

_wcmdln

memcpy

wcslen

wcschr

_vscwprintf

vswprintf_s

vsprintf_s

malloc

memcmp

tolower

_wsplitpath_s

wcscmp

iswspace

_vsnprintf_s

calloc

_vsnwprintf

abs

_beginthreadex

_vscprintf

div

iswupper

iswprint

??0bad_cast@std@@QAE@PBD@Z

??1bad_cast@std@@UAE@XZ

??0bad_cast@std@@QAE@ABV01@@Z

_wtof

_wcsupr_s

strcpy_s

_wtol

towupper

isspace

_strnicmp

_snprintf_s

_wfindnext64i32

_wfindfirst64i32

_wchdir

_wcslwr_s

_itoa_s

abort

?terminate@@YAXXZ

_unlock

__dllonexit

_encode_pointer

_lock

_onexit

_decode_pointer

uxtheme

OpenThemeData

DrawThemeBackground

CloseThemeData

Sections

.text
Size: 441KB - Virtual size: 441KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

KanboxPropSheetExt.dll

.dll regsvr32 windows:5 windows x86 arch:x86

895bc393fdd9a3f5a4d05f6f08e52f19

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0a:0d:7b:29:32:d2:c6:d5:7b:85:e7:d7:53:56:8e:67
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/11/2010, 00:00

Not After

23/11/2013, 23:59

Subject

CN=Beijing LEBO infinity Technology Development CO.\,LTD,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Beijing LEBO infinity Technology Development CO.\,LTD,O=Beijing LEBO infinity Technology Development CO.\,LTD,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection

GetCurrentThreadId

FlushInstructionCache

GetCurrentProcess

LoadLibraryW

DebugBreak

OutputDebugStringW

lstrlenA

GetSystemTimeAsFileTime

GetCurrentProcessId

GetTickCount

QueryPerformanceCounter

EnterCriticalSection

SetUnhandledExceptionFilter

UnhandledExceptionFilter

TerminateProcess

Sleep

VirtualAlloc

VirtualFree

IsProcessorFeaturePresent

LoadLibraryA

HeapAlloc

GetProcessHeap

HeapFree

InterlockedCompareExchange

GetProcAddress

InterlockedDecrement

InterlockedIncrement

InitializeCriticalSection

RaiseException

DeleteCriticalSection

lstrcmpiW

LoadLibraryExW

FindResourceW

LoadResource

SizeofResource

MultiByteToWideChar

FreeLibrary

GetLastError

lstrlenW

GetModuleFileNameW

GetModuleHandleW

DisableThreadLibraryCalls

InterlockedExchange

WritePrivateProfileStringW

GetPrivateProfileStringW

lstrcatW

lstrcpyW

IsDebuggerPresent

user32

SetWindowTextW

CharNextW

SetRectEmpty

EndPaint

BeginPaint

GetClassNameW

LoadStringW

wvsprintfW

GetWindow

GetWindowRect

SystemParametersInfoW

MapWindowPoints

SetWindowPos

GetParent

SetDlgItemTextW

MessageBeep

SetFocus

UnregisterClassA

GetWindowTextLengthW

GetWindowTextW

GetDesktopWindow

FindWindowW

CallWindowProcW

GetWindowLongW

SetWindowLongW

DefWindowProcW

GetDlgItem

SendMessageW

GetClientRect

gdi32

StrokeAndFillPath

EndPath

MoveToEx

SetBkMode

SelectObject

Rectangle

DeleteObject

BeginPath

CreateSolidBrush

ArcTo

advapi32

RegDeleteKeyW

RegQueryValueExW

RegQueryInfoKeyW

RegSetValueExW

RegEnumKeyExW

RegOpenKeyExW

RegCreateKeyExW

RegCloseKey

RegDeleteValueW

shell32

SHGetSpecialFolderPathW

SHChangeNotify

SHGetSpecialFolderLocation

ole32

CoTaskMemAlloc

CoTaskMemRealloc

StringFromGUID2

CoCreateInstance

CoTaskMemFree

oleaut32

SysStringLen

RegisterTypeLi

UnRegisterTypeLi

LoadTypeLi

SysAllocString

SysFreeString

VarUI4FromStr

shlwapi

SHDeleteKeyW

comctl32

DestroyPropertySheetPage

CreatePropertySheetPageW