7aaeaa91f39a23c704ee9955cc17de45

Sharing

Copy URL Twitter E-mail

General

Target

7aaeaa91f39a23c704ee9955cc17de45
Size

10.3MB
MD5

7aaeaa91f39a23c704ee9955cc17de45
SHA1

8b6ed047b0308c635478c9ba80b165c1e58a1987
SHA256

6841915926de29d58844c7b19a8afa6ec4dce03d448269091c0a2d74b775e614
SHA512

18a5a8579cebfb0a5da4b681435e63458b25af7bccae73572ca0c8744e8e0c475435237f522cb0d4882c54a05834cfd16ffcabffad5e8419aef4c48519db5a5d
SSDEEP

196608:V3Nojz6iJzP33CzxO8HAA1a1eUTL4/FOWgdxLzfq36a9tUeVkWr7RaPfIJZQH0gz:V30dz/ClOiAKa13cwHxLzfq36a9bKlfn

Score

3^/10

Malware Config

Signatures

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
unpack001/binkw32.dll
unpack001/dxwebsetup.exe
unpack001/iw5sp.exe
unpack001/miles/milesEq.flt
unpack001/miles/mssds3d.flt
unpack001/miles/mssdsp.flt
unpack001/miles/msseax.flt
unpack001/miles/mssmp3.asi
unpack001/miles/mssvoice.asi
unpack001/mss32.dll
unpack001/r.a.s.exe
unpack001/steamclient.dll

Files

7aaeaa91f39a23c704ee9955cc17de45
.7z
3DMGAME.INI
SteamAPIUpdater.dll
.dll windows:4 windows x86 arch:x86

bfa8523e03c08900983e2a1ab4a524d6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

68:69:75:35:e3:81:fe:1f:91:c1:15:35:28:14:6a:27
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24/11/2006, 00:00

Not After

24/11/2009, 23:59

Subject

CN=Valve,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Valve,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

36:65:13:c8:d1:61:41:07:21:d6:46:65:34:3c:e4:df:c5:89:05:47
Signer

Actual PE Digest

36:65:13:c8:d1:61:41:07:21:d6:46:65:34:3c:e4:df:c5:89:05:47

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

u:\p4clients\main_integ\Projects\GazelleProto\Client\SteamGameUpdater\steamapi_vc80_release_static\SteamAPIUpdater.pdb

Imports

shlwapi

SHDeleteKeyA

ws2_32

WSARecv
shutdown
WSASetLastError
WSASend
gethostname
gethostbyname
inet_addr
ioctlsocket
send
connect
WSAStartup
WSACleanup
WSAGetLastError
sendto
recvfrom
select
__WSAFDIsSet
socket
bind
getsockname
closesocket
htonl
htons
setsockopt
recv

kernel32

InterlockedIncrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FlushViewOfFile
SetEvent
CloseHandle
WaitForSingleObject
CreateEventA
GetFullPathNameA
RemoveDirectoryA
FormatMessageA
GetLastError
FindNextFileA
CopyFileA
FindClose
GetFileAttributesExA
FindFirstFileA
CreateDirectoryA
GetLongPathNameA
GetModuleFileNameA
GetCurrentDirectoryA
SetFileAttributesA
GetFileAttributesA
DeleteFileA
GetModuleHandleA
QueryPerformanceFrequency
QueryPerformanceCounter
SizeofResource
LockResource
LoadResource
FindResourceA
GetTempFileNameA
InterlockedDecrement
SetFilePointer
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
ReadFile
GetFileSize
CreateFileA
GetCurrentProcess
GetProcAddress
LoadLibraryA
GetSystemInfo
GetVersionExA
WideCharToMultiByte
TerminateThread
RaiseException
GetCurrentThreadId
SetThreadPriority
ReleaseSemaphore
CreateSemaphoreA
CreateProcessA
GetCurrentProcessId
GetTempPathA
SetUnhandledExceptionFilter
GetSystemTime
GetStartupInfoA
VirtualAlloc
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetEnvironmentVariableW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
GetTimeZoneInformation
HeapSize
SetEndOfFile
CreateFileW
InterlockedExchange
MultiByteToWideChar
RtlUnwind
HeapFree
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapReAlloc
GetDriveTypeA
FileTimeToSystemTime
FileTimeToLocalFileTime
SetEnvironmentVariableA
GetSystemTimeAsFileTime
ExitThread
CreateThread
GetCommandLineA
GetProcessHeap
LCMapStringA
LCMapStringW
GetCPInfo
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
WriteFile
GetStdHandle
HeapDestroy
HeapCreate
VirtualFree
GetACP

advapi32

CryptAcquireContextA
CryptReleaseContext
RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA
RegSetValueExA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
CryptGenRandom

Exports

Exports

CheckForUpdate
CreateInterface
RunUpdate

Sections

.text
Size: 864KB - Virtual size: 861KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UpdateDLLWrapper.dll
.dll windows:4 windows x86 arch:x86

d5515f0138e8849753644e28f124bede

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

68:69:75:35:e3:81:fe:1f:91:c1:15:35:28:14:6a:27
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24/11/2006, 00:00

Not After

24/11/2009, 23:59

Subject

CN=Valve,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Valve,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

97:4a:84:3d:e3:b1:fe:07:4f:0a:35:53:9f:d6:fc:06:84:b4:15:21
Signer

Actual PE Digest

97:4a:84:3d:e3:b1:fe:07:4f:0a:35:53:9f:d6:fc:06:84:b4:15:21

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

u:\steammainintegration\projects\gazelleproto\client\updatedllwrapper\release\UpdateDLLWrapper.pdb

Imports

kernel32

LockResource
LoadResource
FindResourceA
GetProcAddress
LoadLibraryA
FreeLibrary
DeleteFileA
CopyFileA
GetTempFileNameA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetModuleFileNameA
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

CreateInterface
Init

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
binkw32.dll
.dll windows:4 windows x86 arch:x86

869715df926e51eb88892a0d01b06219

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\devel\projects\bink\build\binkw32.pdb

Imports

user32

GetTopWindow
GetWindowLongA
GetActiveWindow
GetWindowThreadProcessId
GetWindow
UnregisterClassA
CreateWindowExA
EndPaint
PeekMessageA
ClientToScreen
ReleaseDC
DestroyWindow
SetCursor
DefWindowProcA
GetCursorPos
ScreenToClient
GetWindowRect
IsIconic
GetSystemMetrics
IsWindowVisible
GetClientRect
ChangeDisplaySettingsA
RegisterClassA
ShowCursor
GetDC
GetClassLongA
BeginPaint
MessageBoxA

gdi32

SetStretchBltMode
DeleteDC
CreateDIBSection
GetDeviceCaps
StretchBlt
GetDIBits
GetPixel
SetPixel
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap

kernel32

ResumeThread
ReleaseMutex
HeapFree
HeapAlloc
HeapCreate
DisableThreadLibraryCalls
CreateThread
GetCurrentProcess
TerminateProcess
CloseHandle
ReadFile
SetFilePointer
WaitForSingleObject
SetEvent
CreateEventA
SetThreadPriority
WaitForMultipleObjects
CreateMutexA
LocalAlloc
InterlockedExchange
GetLastError
GetModuleHandleA
GetWindowsDirectoryA
GetSystemDirectoryA
GetModuleFileNameA
GetProcAddress
LoadLibraryA
SetErrorMode
FreeLibrary
RaiseException
Sleep
GetCurrentProcessId
OutputDebugStringA
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
CreateFileA

winmm

waveOutRestart
waveOutPause
waveOutWrite
waveOutClose
timeGetTime
timeEndPeriod
timeBeginPeriod
waveOutSetVolume
waveOutUnprepareHeader
waveOutOpen
waveOutPrepareHeader
waveOutReset

Exports

Exports

_BinkBufferBlit@12
_BinkBufferCheckWinPos@12
_BinkBufferClear@8
_BinkBufferClose@4
_BinkBufferGetDescription@4
_BinkBufferGetError@0
_BinkBufferLock@4
_BinkBufferOpen@16
_BinkBufferSetDirectDraw@8
_BinkBufferSetHWND@8
_BinkBufferSetOffset@12
_BinkBufferSetResolution@12
_BinkBufferSetScale@12
_BinkBufferUnlock@4
_BinkCheckCursor@20
_BinkClose@4
_BinkCloseTrack@4
_BinkControlBackgroundIO@8
_BinkControlPlatformFeatures@8
_BinkCopyToBuffer@28
_BinkCopyToBufferRect@44
_BinkDDSurfaceType@4
_BinkDX8SurfaceType@4
_BinkDX9SurfaceType@4
_BinkDoFrame@4
_BinkGetError@0
_BinkGetFrameBuffersInfo@8
_BinkGetKeyFrame@12
_BinkGetPalette@4
_BinkGetRealtime@12
_BinkGetRects@8
_BinkGetSummary@8
_BinkGetTrackData@8
_BinkGetTrackID@8
_BinkGetTrackMaxSize@8
_BinkGetTrackType@8
_BinkGoto@12
_BinkIsSoftwareCursor@8
_BinkLogoAddress@0
_BinkNextFrame@4
_BinkOpen@8
_BinkOpenDirectSound@4
_BinkOpenMiles@4
_BinkOpenTrack@8
_BinkOpenWaveOut@4
_BinkPause@8
_BinkRegisterFrameBuffers@8
_BinkRestoreCursor@4
_BinkService@4
_BinkSetError@4
_BinkSetFrameRate@8
_BinkSetIO@4
_BinkSetIOSize@4
_BinkSetMemory@8
_BinkSetMixBinVolumes@20
_BinkSetMixBins@16
_BinkSetPan@12
_BinkSetSimulate@4
_BinkSetSoundOnOff@8
_BinkSetSoundSystem@8
_BinkSetSoundTrack@8
_BinkSetVideoOnOff@8
_BinkSetVolume@12
_BinkShouldSkip@4
_BinkWait@4
_RADTimerRead@0

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINKY12
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINKY16
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINKP8
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK16
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK32
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BINKBSS
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

BINKDATA
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
directX.url
dw-dev-ca.crt
dxwebsetup.exe
.exe windows:5 windows x86 arch:x86

9402b48d966c911f0785b076b349b5ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb

Imports

comctl32

ord17

kernel32

DeleteFileA
DeleteFileW
CreateDirectoryA
CreateDirectoryW
FindClose
FindNextFileA
FindFirstFileA
FindNextFileW
FindFirstFileW
GetTickCount
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GlobalAlloc
lstrlenA
GetModuleFileNameA
FindResourceA
GetModuleHandleA
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
CompareStringA
ExitProcess
GetLocaleInfoA
GetNumberFormatA
lstrcmpiA
GetProcAddress
GetDateFormatA
GetTimeFormatA
FileTimeToSystemTime
FileTimeToLocalFileTime
ExpandEnvironmentStringsA
WaitForSingleObject
SetCurrentDirectoryA
Sleep
GetTempPathA
MoveFileExA
UnmapViewOfFile
GetCommandLineA
MapViewOfFile
CreateFileMappingA
GetModuleFileNameW
SetEnvironmentVariableA
OpenFileMappingA
LocalFileTimeToFileTime
SystemTimeToFileTime
GetSystemTime
IsDBCSLeadByte
GetCPInfo
FreeLibrary
LoadLibraryA
GetCurrentDirectoryA
GetFullPathNameA
SetFileAttributesW
SetFileAttributesA
GetFileAttributesW
GetFileAttributesA
WriteFile
SetLastError
GetStdHandle
ReadFile
CreateFileW
CreateFileA
GetFileType
SetEndOfFile
SetFilePointer
MoveFileA
SetFileTime
GetCurrentProcess
CloseHandle
GetLastError
DosDateTimeToFileTime

user32

ReleaseDC
GetDC
SendMessageA
wsprintfA
SetDlgItemTextA
EndDialog
DestroyIcon
SendDlgItemMessageA
GetDlgItemTextA
DialogBoxParamA
IsWindowVisible
WaitForInputIdle
GetSysColor
PostMessageA
SetMenu
SetFocus
LoadBitmapA
LoadIconA
CharToOemA
OemToCharA
GetClassNameA
CharUpperA
GetWindowRect
GetParent
MapWindowPoints
CreateWindowExA
UpdateWindow
SetWindowTextA
LoadCursorA
RegisterClassExA
SetWindowLongA
GetWindowLongA
DefWindowProcA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
GetClientRect
CopyRect
IsWindow
MessageBoxA
ShowWindow
GetDlgItem
EnableWindow
FindWindowExA
wvsprintfA
CharToOemBuffA
LoadStringA
SetWindowPos
GetWindowTextA
GetWindow
GetSystemMetrics
OemToCharBuffA
DestroyWindow

gdi32

GetDeviceCaps
GetObjectA
CreateCompatibleBitmap
SelectObject
StretchBlt
CreateCompatibleDC
DeleteObject
DeleteDC

comdlg32

GetSaveFileNameA
CommDlgExtendedError
GetOpenFileNameA

advapi32

LookupPrivilegeValueA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
SetFileSecurityW
SetFileSecurityA
OpenProcessToken
AdjustTokenPrivileges

shell32

ShellExecuteExA
SHFileOperationA
SHGetFileInfoA
SHGetSpecialFolderLocation
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
SHChangeNotify

ole32

CreateStreamOnHGlobal
OleInitialize
CoCreateInstance
OleUninitialize
CLSIDFromString

oleaut32

VariantInit

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
installscript.vdf
iw5sp.exe
.exe windows:5 windows x86 arch:x86

23f6e541221809f0cfc5d64bff9490f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeBeginPeriod
timeGetTime
timeEndPeriod

steam_api

SteamAPI_RegisterCallResult
SteamAPI_UnregisterCallResult
SteamAPI_UnregisterCallback
SteamAPI_RegisterCallback
SteamAPI_RunCallbacks
SteamRemoteStorage
SteamNetworking
SteamApps
SteamUtils
SteamMatchmaking
SteamFriends
SteamUserStats
SteamAPI_Init
SteamAPI_Shutdown
SteamUser

mss32

_AIL_sample_ms_position@12
_AIL_set_sample_volume_levels@12
_AIL_set_room_type@8
_AIL_open_stream@12
_AIL_stream_ms_position@12
_AIL_sample_playback_rate@4
_AIL_set_sample_playback_rate@8
_AIL_set_stream_loop_count@8
_AIL_set_sample_reverb_levels@12
_AIL_set_stream_ms_position@8
_AIL_stream_info@20
_AIL_set_sample_3D_distances@16
_AIL_sample_channel_levels@8
_AIL_set_sample_channel_levels@12
_AIL_pause_stream@8
_AIL_close_stream@4
_AIL_sample_volume_pan@12
_AIL_stop_sample@4
_AIL_end_sample@4
_AIL_set_DirectSound_HWND@8
_AIL_stream_sample_handle@4
_AIL_sample_status@4
_AIL_digital_CPU_percent@4
_AIL_shutdown@0
_AIL_startup@0
_AIL_set_sample_processor@12
_AIL_sample_processor@8
_AIL_sample_stage_property@24
_AIL_find_filter@8
_AIL_open_filter@8
_AIL_allocate_sample_handle@4
_AIL_init_sample@12
_AIL_stream_status@4
_AIL_speaker_configuration@20
_AIL_resume_sample@4
_AIL_sample_3D_position@16
_AIL_size_processed_digital_audio@16
_AIL_process_digital_audio@24
_AIL_set_sample_info@8
_AIL_set_sample_loop_count@8
_AIL_set_sample_ms_position@8
_AIL_set_file_callbacks@16
_AIL_set_redist_directory@4
_AIL_set_3D_distance_factor@8
_AIL_set_3D_rolloff_factor@8
_AIL_open_digital_driver@16
_AIL_set_preference@8
_AIL_set_speaker_configuration@16
_AIL_set_sample_3D_position@16

binkw32

_BinkDoFrame@4
_BinkGoto@12
_BinkNextFrame@4
_BinkGetRealtime@12
_BinkControlBackgroundIO@8
_BinkGetRects@8
_BinkSetMemory@8
_BinkOpenMiles@4
_BinkSetSoundSystem@8
_BinkSetSoundTrack@8
_BinkGetFrameBuffersInfo@8
_BinkRegisterFrameBuffers@8
_BinkGetKeyFrame@12
_BinkSetMixBinVolumes@20
_BinkOpen@8
_BinkGetError@0
_BinkSetError@4
_BinkClose@4
_BinkPause@8
_BinkWait@4
_BinkSetIOSize@4

d3d9

Direct3DCreate9

powrprof

CallNtPowerInformation

ws2_32

htons
bind
closesocket
sendto
setsockopt
inet_addr
gethostbyname
WSAGetLastError
send
connect
ioctlsocket
recv
recvfrom
shutdown
ntohl
gethostname
inet_ntoa
select
__WSAFDIsSet
WSASetLastError
getsockopt
getsockname
WSAStartup
WSACleanup
ntohs
socket

kernel32

GetConsoleOutputCP
WriteConsoleA
SetEndOfFile
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
FlushFileBuffers
HeapCreate
WriteConsoleW
GetConsoleMode
GetConsoleCP
DeleteCriticalSection
SetHandleCount
SetFilePointer
GetFileType
PeekNamedPipe
GetStdHandle
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
GetCommandLineA
HeapReAlloc
GetModuleHandleW
CreateDirectoryA
RtlUnwind
GetDriveTypeA
FileTimeToLocalFileTime
MoveFileA
ReleaseMutex
CreateMutexA
CompareStringA
CompareStringW
SetEnvironmentVariableA
WaitForMultipleObjects
GetExitCodeThread
TerminateThread
ExpandEnvironmentStringsA
GetVersion
FlushConsoleInputBuffer
ExitThread
ReadConsoleInputA
SetConsoleMode
VirtualQuery
FindResourceW
OpenEventA
OpenFileMappingA
CreateSemaphoreA
CreateFileMappingA
MapViewOfFile
InterlockedDecrement
InterlockedExchangeAdd
GetFileSize
GetLastError
ReadFileEx
SleepEx
InterlockedIncrement
CloseHandle
InterlockedCompareExchange
InterlockedExchange
Sleep
GetCurrentThreadId
SetEvent
ResetEvent
CreateEventA
WaitForSingleObject
GetProcessAffinityMask
GetCurrentProcess
DuplicateHandle
GetCurrentThread
SetThreadPriority
RaiseException
CreateThread
SuspendThread
ResumeThread
SetThreadAffinityMask
GetThreadPriority
VirtualAlloc
VirtualFree
CreateFileA
QueryPerformanceCounter
QueryPerformanceFrequency
GetModuleFileNameA
GetModuleHandleA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GlobalMemoryStatus
GetProcAddress
GetSystemInfo
GetVersionExA
SetProcessAffinityMask
FormatMessageA
Module32Next
Module32First
CreateToolhelp32Snapshot
OpenProcess
WriteFile
ReadFile
GetCurrentProcessId
DeleteFileA
SetErrorMode
SetPriorityClass
GetSystemTime
SystemTimeToFileTime
MulDiv
SetThreadExecutionState
GetCurrentDirectoryA
FindClose
FindFirstFileA
FindNextFileA
GlobalMemoryStatusEx
FreeLibrary
LoadLibraryA
HeapFree
GetProcessHeap
lstrcmpiW
CreateFileW
GetFileInformationByHandle
GetFullPathNameW
HeapAlloc
HeapSize
GetTimeZoneInformation
GetComputerNameA
GetTickCount
ExitProcess
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetWindowsDirectoryW
GetModuleFileNameW
UnmapViewOfFile
LockResource
LoadResource
SizeofResource
GetConsoleWindow
GetCurrentDirectoryW
GetEnvironmentStringsW
GetCommandLineW
GetStartupInfoW
SetLastError
ReleaseSemaphore
GetFullPathNameA
GetModuleHandleExA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetProcessWindowStation
UpdateWindow
IsWindow
ClipCursor
ClientToScreen
GetClientRect
GetWindowRect
SetWindowLongA
GetWindowLongA
GetWindowTextA
ReleaseDC
GetDC
GetDesktopWindow
EnumThreadWindows
ChangeDisplaySettingsA
GetSystemMetrics
SetCursorPos
SetFocus
GetForegroundWindow
ScreenToClient
GetCursorPos
ShowCursor
PostMessageA
ShowWindow
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
RegisterClassExA
LoadCursorA
LoadIconA
MessageBoxA
GetActiveWindow
SetWindowPos
AdjustWindowRect
SendMessageA
CreateWindowExA
LoadImageA
RegisterClassA
DefWindowProcA
GetUserObjectInformationW
DestroyWindow
PostQuitMessage
CallWindowProcA
SetWindowTextA
CloseWindow
SystemParametersInfoA
MapVirtualKeyA
MoveWindow
GetMonitorInfoA
MonitorFromWindow
RegisterWindowMessageA
MonitorFromPoint
EnumDisplayMonitors
AdjustWindowRectEx

gdi32

GetBitmapBits
DeleteObject
DeleteDC
BitBlt
GetObjectA
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
GetDeviceCaps
CreateFontA
SelectObject
SetDeviceGammaRamp
CreateSolidBrush

advapi32

SetSecurityDescriptorDacl
RegQueryValueExW
RegOpenKeyExW
CryptReleaseContext
CryptAcquireContextA
CryptGenRandom
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegOpenKeyExA
RegCloseKey
RegQueryInfoKeyA
InitializeSecurityDescriptor
RegQueryValueExA
RegEnumKeyExA

shell32

ShellExecuteA

ole32

StringFromGUID2

Exports

Exports

�}C��ul�YT�.�)�3p�f;�� ,h�J��g >��W��%��y�X O�\*��'Mq;q��f�T�8cS�<��j<�1H�Y�*c(2�(W,�ga� T"�!��!.�X��R��]|\��U�W��bDa��f:C��obz'��a'�`��ࠗ�5B��aj��-m�Ɖ�#��In��k��$��m��p=t�tRTe벴��TC��lD��t��M�B r8 ��"2"�{��@��j�p��a~;��"Lyh�(6�v��DXq��I�d��3��/��(��|x�?�� %�,|OwH |T){��x��¦˭7ж�R��x��ǆ)��=�ʷ��r?`�S��=�iZ��!��0r��Q�$`ٗ�e5{��0zG۬��d��T��M�4�� jJ�� )X��TL�xH�"f�Ѕr��u��Ot�$\�?��g�� އ��\��&S<2�ٟ;��,]b�lN�1��0�!�˥��Z�S��T��AC��y��r C�� +Q�1��A��<k/KJ?��{B��&�� k��H�M�Qwe��sn,ߟ=��_�ޓ�ʿY��B�6@��x�U�e��1^�M�yX��+�@C��a,Ѵ��R�l8y�hhW��JLUX8W��,)F�B�/,��&��F�i[T�-�W�z^��|/?[��§�,R�V��W��Ə��[��11I� '=�w$]�!��DZ�,d�T .��؋��C�[`�� 4!��7��f��0��t$��!��2��$m��Ɓ��<@��g��S��>�5�&8Ñ��ݪ�z�ep��K�GAI�vF��}��0��#�t�� S�v�ϣ�Jvؤ��w�8��/ 4��6}��A4+^o<��8�-��ұ��c�d�\ ��1 mB�D:��lQ��<�1��[�[��#�R�64��hæ�u�t��fQ�A��³��x��Bb��ܲjS/�c: U�k� <i��6G��SZ�R<@_�π'��܋��i>b��K`��m[�2�x��V��B�$�/U��׫��Y�כ��|�o�덩�=�N'��!m�n��۷V��fX��L�$�ʅ<�c4V��)�A (��Y ��*��؇��o��^�\�%��?_��L�̭[��Am��B�Rn[t^��GvL,�v��f�5� ��^�aDr��d~�y�Ljpc�Wm8��⾏%�� 1 �d�{�F�� 賒��Z(��rI��'��ܝpOV|h:�:�F�S)��Q� ��R4��i�u��gJ�B�.G,I/f��oh�k Ͷ��*�Gೀb_�:y��=ÿ�(�D��7�*(�<�L^��B-w��nH��wx�Z�tDz`q鷘�4��Y�n/7&B�Z*�kBd��ު�� k�[b��~aź��f԰�}^��j��-�;90�1Jǉe��d�^;�'Q��>�Bȵ[�3��h��U��佅|~+�2��L�g�1�Z�VZ=v��ѥ��H��V��|�Po��e}Xx�H�`�I�Z(�m�%p��?Ҫ$=�)�'��C��a/�l��R��'Y�h۠ ʯ��jI�%��W/��D��\��>��5W�~��`#xJE��T ��[߁!�ĥD��^��>8޺A�*��@S��6G��O - ��H]G <�4Ȅ�9�W�� u-�:��LyS�Y��a~��<�Nnח�)eL��\*wpL��[��V��(*]v�c� ��;��+l��ý��@"��B��R&��m��iW$� ��=_�u.��u��S��fr��q��ܣ�4�^&�}.4�Ū�U�td�z�B.��=�Yp�A�ׅ��E^�#�MZT"�ڥ�GÄ�?�+zij+r �S��?��+�X !)f@��b^��T��9̋��~�`�Yn�j�j��P �_� �n*gl�f�+c��8W��<��P�&~��-�]kH*�E��U��hH ��\Z��n�v��5��J��n��9��f+{�y�:[B_�o��]�.i�1t�;�\ ��|�{�u��K*҃�WX��:��A��_��F(��lv�#�@�<��_M0��ƒҶ�B��?��V��R�_�2@)�u3��}�@~�CQ��I��7��%!��|'��rf��wO}͐��h�:�Oq>{�-塰��T<��l6K�9��x�I��Q:�� ?��XIP}�vZaz��{,-�nw�:R��zd��q��RcpE�8��$��8Lsq�s��4U��ɸ�~�Jb��? �+.�X�_��V(`e��K��R}��]r G��͸i/\u6y d!��Nu��x�� x�b�1<<��lneA�SZ�G�4O��S?��~��;�i��"��Ӻ|~^BpN��N��:�� 'Pq�F��m^�+B�D�N��h�}�(��転��{�� :�N�8�{�6�К�׽!_� x��z�+��(O��no��dz�Q�tj5��M��cD*GjRZ�y+��W��Z��j�R_�&�FGJ��#�S��$L�ec��{o�OJM��`&+��`��+Qt�k�@�U�0p��-�+?z�c�-6��(-��X ��C�`�J�"��^�$�7�z�U�mV��4��.��e`*Z��x/��:z��Ј`�Њ��q�H�X�xc��%�B�*�Up0n�[�ж�i4=�'?�e��"�e��0W��_�&G3�0�W��[��w�G��uF

Sections

.text
Size: - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 757KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 30.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 33B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.version
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

3DM0
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

3DM1
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
localization.txt
logo.bmp
miles/milesEq.flt
.dll windows:5 windows x86 arch:x86

d974b53b72215e5a754ce84ffb0619db

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\trees\iw5\game\pc\miles\milesEq.pdb

Imports

mss32

RIB_alloc_provider_handle
_AIL_mem_free_lock@4
_AIL_mem_alloc_lock@4
RIB_register_interface
RIB_unregister_interface

kernel32

GetCPInfo
GetCurrentThreadId
GetCommandLineA
GetProcAddress
GetModuleHandleA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteFile
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RaiseException
HeapSize

Exports

Exports

_RIB_Main@8

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
miles/mssds3d.flt
.dll windows:4 windows x86 arch:x86

8ccc62504f19ffdd395a1b53f95a8981

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\devel\projects\mss\build\win\mssds3d.pdb

Imports

mss32

RIB_register_interface
_AIL_unlock@0
_AIL_release_timer_handle@4
_AIL_stop_timer@4
_AIL_mem_alloc_lock@4
_AIL_delay@4
_AIL_set_timer_frequency@8
_AIL_ms_count@0
_AIL_set_timer_user@8
_AIL_us_count@0
_AIL_mem_free_lock@4
_AIL_start_timer@4
_AIL_set_error@4
_AIL_register_timer@4
RIB_unregister_interface
_AIL_get_DirectSound_info@12
_AIL_lock@0
_AIL_get_preference@4
_MSSDisableThreadLibraryCalls@4

Exports

Exports

_RIB_Main@8

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
miles/mssdsp.flt
.dll windows:4 windows x86 arch:x86

07956916cfc5683d7797e2343c049a99

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\devel\projects\mss\build\win\mssdsp.pdb

Imports

kernel32

Sleep
CreateEventA
CloseHandle
CreateThread
CreateFileA
SetFilePointer
WaitForSingleObject
SetEvent
WriteFile

mss32

_AIL_mem_alloc_lock@4
_AIL_mem_free_lock@4
RIB_unregister_interface
RIB_register_interface
_AIL_digital_configuration@16
_MSSDisableThreadLibraryCalls@4
RIB_alloc_provider_handle

Exports

Exports

_RIB_Main@8

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
miles/msseax.flt
.dll windows:4 windows x86 arch:x86

94286dc8978cf821da26bd81b45f5357

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\devel\projects\mss\build\win\msseax.pdb

Imports

mss32

_AIL_start_timer@4
_AIL_set_error@4
_AIL_register_timer@4
RIB_unregister_interface
_AIL_get_DirectSound_info@12
_AIL_lock@0
_AIL_get_preference@4
RIB_register_interface
_AIL_unlock@0
_AIL_release_timer_handle@4
_AIL_stop_timer@4
_AIL_mem_alloc_lock@4
_AIL_delay@4
_AIL_set_timer_frequency@8
_AIL_ms_count@0
_AIL_set_timer_user@8
_AIL_us_count@0
_AIL_mem_free_lock@4
RIB_alloc_provider_handle
_MSSDisableThreadLibraryCalls@4

Exports

Exports

_RIB_Main@8

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
miles/mssmp3.asi
.dll windows:4 windows x86 arch:x86

1a22df97376bbc4d32657ff1e58d54e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\devel\projects\mss\build\win\mssmp3.pdb

Imports

mss32

_AIL_mem_free_lock@4
_AIL_MMX_available@0
_AIL_mem_alloc_lock@4
RIB_register_interface
RIB_unregister_interface
_MSSDisableThreadLibraryCalls@4

Exports

Exports

_RIB_Main@8

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
miles/mssvoice.asi
.dll windows:4 windows x86 arch:x86

945702b766613f8e8c4cdfa38aea9e03

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\devel\projects\mss\build\win\mssvoice.pdb

Imports

mss32

RIB_alloc_provider_handle
_AIL_mem_free_lock@4
RIB_unregister_interface
RIB_register_interface
_AIL_mem_alloc_lock@4
_MSSDisableThreadLibraryCalls@4

Exports

Exports

_RIB_Main@8

Sections

.text
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mss32.dll
.dll windows:4 windows x86 arch:x86

7fabbcd3241199b1830a8abe506452a1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\devel\projects\mss\build\win\mss32.pdb

Imports

user32

SetTimer
KillTimer
wsprintfA
GetActiveWindow
IsWindow
GetTopWindow
GetWindowThreadProcessId
GetWindow
GetForegroundWindow
MessageBoxA
GetWindowLongA

kernel32

SetEnvironmentVariableA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ExitProcess
InterlockedDecrement
GetLastError
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
GetWindowsDirectoryA
ReleaseMutex
CloseHandle
GetCurrentProcessId
Sleep
SuspendThread
ResumeThread
CreateEventA
CreateThread
GetSystemDirectoryA
SetThreadPriority
RaiseException
CreateDirectoryA
WaitForSingleObject
WaitForMultipleObjects
SetEvent
GetModuleFileNameA
GetModuleHandleA
CreateMutexA
SetErrorMode
FreeLibrary
FindFirstFileA
GetProcAddress
DisableThreadLibraryCalls
FindClose
LoadLibraryA
FindNextFileA
SetFilePointer
ReadFile
CreateFileA
OpenFile
GetTempPathA
GetCurrentProcess
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount
GetCurrentThread
OutputDebugStringA
DuplicateHandle
GetProfileStringA
lstrcatA
WriteFile
GlobalAlloc
GlobalFree
CompareStringW
CompareStringA
HeapSize
SetEndOfFile
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
VirtualAlloc
HeapReAlloc
TlsAlloc
InitializeCriticalSection
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
VirtualFree
HeapCreate
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
WideCharToMultiByte
GetTimeZoneInformation
TlsGetValue
HeapDestroy

winmm

waveOutGetID
waveOutClose
waveOutPrepareHeader
waveOutWrite
waveOutReset
waveOutGetDevCapsA
waveOutUnprepareHeader
waveOutOpen
waveInClose
waveInOpen
waveInAddBuffer
waveInReset
waveInUnprepareHeader
waveInStart
midiOutLongMsg
midiOutClose
midiOutShortMsg
midiOutOpen
midiOutReset
midiOutPrepareHeader
midiOutUnprepareHeader
timeGetTime
auxGetNumDevs
mixerOpen
auxGetVolume
mciSendCommandA
mixerSetControlDetails
mixerGetControlDetailsA
mixerGetNumDevs
auxGetDevCapsA
mixerClose
mixerGetLineInfoA
auxSetVolume
mixerGetLineControlsA
waveInPrepareHeader

Exports

Exports

AIL_debug_printf
AIL_sprintf
DLSClose
DLSCompactMemory
DLSGetInfo
DLSLoadFile
DLSLoadMemFile
DLSMSSOpen
DLSSetAttribute
DLSUnloadAll
DLSUnloadFile
RIB_alloc_provider_handle
RIB_enumerate_interface
RIB_error
RIB_find_file_provider
RIB_free_provider_handle
RIB_free_provider_library
RIB_load_provider_library
RIB_register_interface
RIB_request_interface
RIB_request_interface_entry
RIB_type_string
RIB_unregister_interface
_AIL_3D_distance_factor@4
_AIL_3D_doppler_factor@4
_AIL_3D_rolloff_factor@4
_AIL_DLS_close@8
_AIL_DLS_compact@4
_AIL_DLS_get_info@12
_AIL_DLS_load_file@12
_AIL_DLS_load_memory@12
_AIL_DLS_open@28
_AIL_DLS_sample_handle@4
_AIL_DLS_unload@8
_AIL_HWND@0
_AIL_MIDI_handle_reacquire@4
_AIL_MIDI_handle_release@4
_AIL_MIDI_to_XMI@20
_AIL_MMX_available@0
_AIL_WAV_file_write@20
_AIL_WAV_info@8
_AIL_XMIDI_master_volume@4
_AIL_active_sample_count@4
_AIL_active_sequence_count@4
_AIL_allocate_sample_handle@4
_AIL_allocate_sequence_handle@4
_AIL_auto_service_stream@8
_AIL_background@0
_AIL_background_CPU_percent@0
_AIL_branch_index@8
_AIL_calculate_3D_channel_levels@56
_AIL_channel_notes@8
_AIL_close_XMIDI_driver@4
_AIL_close_digital_driver@4
_AIL_close_filter@4
_AIL_close_input@4
_AIL_close_stream@4
_AIL_compress_ADPCM@12
_AIL_compress_ASI@20
_AIL_compress_DLS@20
_AIL_controller_value@12
_AIL_create_wave_synthesizer@16
_AIL_decompress_ADPCM@12
_AIL_decompress_ASI@24
_AIL_delay@4
_AIL_destroy_wave_synthesizer@4
_AIL_digital_CPU_percent@4
_AIL_digital_configuration@16
_AIL_digital_driver_processor@8
_AIL_digital_handle_reacquire@4
_AIL_digital_handle_release@4
_AIL_digital_latency@4
_AIL_digital_master_reverb@16
_AIL_digital_master_reverb_levels@12
_AIL_digital_master_volume_level@4
_AIL_digital_output_filter@4
_AIL_end_sample@4
_AIL_end_sequence@4
_AIL_enumerate_MP3_frames@4
_AIL_enumerate_filter_properties@12
_AIL_enumerate_filter_sample_properties@12
_AIL_enumerate_filters@12
_AIL_enumerate_output_filter_driver_properties@12
_AIL_enumerate_output_filter_sample_properties@12
_AIL_enumerate_sample_stage_properties@16
_AIL_extract_DLS@28
_AIL_file_error@0
_AIL_file_read@8
_AIL_file_size@4
_AIL_file_type@8
_AIL_file_type_named@12
_AIL_file_write@12
_AIL_filter_DLS_with_XMI@24
_AIL_filter_property@20
_AIL_find_DLS@24
_AIL_find_filter@8
_AIL_ftoa@4
_AIL_get_DirectSound_info@12
_AIL_get_input_info@4
_AIL_get_preference@4
_AIL_get_timer_highest_delay@0
_AIL_init_sample@12
_AIL_init_sequence@12
_AIL_inspect_MP3@12
_AIL_last_error@0
_AIL_list_DLS@20
_AIL_list_MIDI@20
_AIL_listener_3D_orientation@28
_AIL_listener_3D_position@16
_AIL_listener_3D_velocity@16
_AIL_listener_relative_receiver_array@8
_AIL_load_sample_attributes@8
_AIL_load_sample_buffer@16
_AIL_lock@0
_AIL_lock_channel@4
_AIL_lock_mutex@0
_AIL_map_sequence_channel@12
_AIL_mem_alloc_lock@4
_AIL_mem_free_lock@4
_AIL_mem_use_free@4
_AIL_mem_use_malloc@4
_AIL_merge_DLS_with_XMI@16
_AIL_midiOutClose@4
_AIL_midiOutOpen@12
_AIL_minimum_sample_buffer_size@12
_AIL_ms_count@0
_AIL_open_XMIDI_driver@4
_AIL_open_digital_driver@16
_AIL_open_filter@8
_AIL_open_input@4
_AIL_open_stream@12
_AIL_output_filter_driver_property@20
_AIL_pause_stream@8
_AIL_platform_property@20
_AIL_primary_digital_driver@4
_AIL_process_digital_audio@24
_AIL_quick_copy@4
_AIL_quick_halt@4
_AIL_quick_handles@12
_AIL_quick_load@4
_AIL_quick_load_and_play@12
_AIL_quick_load_mem@8
_AIL_quick_load_named_mem@12
_AIL_quick_ms_length@4
_AIL_quick_ms_position@4
_AIL_quick_play@8
_AIL_quick_set_low_pass_cut_off@8
_AIL_quick_set_ms_position@8
_AIL_quick_set_reverb_levels@12
_AIL_quick_set_speed@8
_AIL_quick_set_volume@12
_AIL_quick_shutdown@0
_AIL_quick_startup@20
_AIL_quick_status@4
_AIL_quick_type@4
_AIL_quick_unload@4
_AIL_redbook_close@4
_AIL_redbook_eject@4
_AIL_redbook_id@4
_AIL_redbook_open@4
_AIL_redbook_open_drive@4
_AIL_redbook_pause@4
_AIL_redbook_play@12
_AIL_redbook_position@4
_AIL_redbook_resume@4
_AIL_redbook_retract@4
_AIL_redbook_set_volume_level@8
_AIL_redbook_status@4
_AIL_redbook_stop@4
_AIL_redbook_track@4
_AIL_redbook_track_info@16
_AIL_redbook_tracks@4
_AIL_redbook_volume_level@4
_AIL_register_EOB_callback@8
_AIL_register_EOS_callback@8
_AIL_register_ICA_array@8
_AIL_register_SOB_callback@8
_AIL_register_beat_callback@8
_AIL_register_event_callback@8
_AIL_register_falloff_function_callback@8
_AIL_register_prefix_callback@8
_AIL_register_sequence_callback@8
_AIL_register_stream_callback@8
_AIL_register_timbre_callback@8
_AIL_register_timer@4
_AIL_register_trace_callback@8
_AIL_register_trigger_callback@8
_AIL_release_all_timers@0
_AIL_release_channel@8
_AIL_release_sample_handle@4
_AIL_release_sequence_handle@4
_AIL_release_timer_handle@4
_AIL_request_EOB_ASI_reset@12
_AIL_resume_sample@4
_AIL_resume_sequence@4
_AIL_room_type@4
_AIL_sample_3D_cone@16
_AIL_sample_3D_distances@16
_AIL_sample_3D_orientation@28
_AIL_sample_3D_position@16
_AIL_sample_3D_velocity@16
_AIL_sample_51_volume_levels@28
_AIL_sample_51_volume_pan@24
_AIL_sample_buffer_info@20
_AIL_sample_buffer_ready@4
_AIL_sample_channel_levels@8
_AIL_sample_exclusion@4
_AIL_sample_granularity@4
_AIL_sample_loop_block@12
_AIL_sample_loop_count@4
_AIL_sample_low_pass_cut_off@4
_AIL_sample_ms_position@12
_AIL_sample_obstruction@4
_AIL_sample_occlusion@4
_AIL_sample_playback_rate@4
_AIL_sample_position@4
_AIL_sample_processor@8
_AIL_sample_reverb_levels@12
_AIL_sample_stage_property@24
_AIL_sample_status@4
_AIL_sample_user_data@8
_AIL_sample_volume_levels@12
_AIL_sample_volume_pan@12
_AIL_save_sample_attributes@8
_AIL_send_channel_voice_message@20
_AIL_send_sysex_message@8
_AIL_sequence_loop_count@4
_AIL_sequence_ms_position@12
_AIL_sequence_position@12
_AIL_sequence_status@4
_AIL_sequence_tempo@4
_AIL_sequence_user_data@8
_AIL_sequence_volume@4
_AIL_serve@0
_AIL_service_stream@8
_AIL_set_3D_distance_factor@8
_AIL_set_3D_doppler_factor@8
_AIL_set_3D_rolloff_factor@8
_AIL_set_DirectSound_HWND@8
_AIL_set_XMIDI_master_volume@8
_AIL_set_digital_driver_processor@12
_AIL_set_digital_master_reverb@16
_AIL_set_digital_master_reverb_levels@12
_AIL_set_digital_master_volume_level@8
_AIL_set_error@4
_AIL_set_file_async_callbacks@20
_AIL_set_file_callbacks@16
_AIL_set_input_state@8
_AIL_set_listener_3D_orientation@28
_AIL_set_listener_3D_position@16
_AIL_set_listener_3D_velocity@20
_AIL_set_listener_3D_velocity_vector@16
_AIL_set_listener_relative_receiver_array@12
_AIL_set_named_sample_file@20
_AIL_set_preference@8
_AIL_set_redist_directory@4
_AIL_set_room_type@8
_AIL_set_sample_3D_cone@16
_AIL_set_sample_3D_distances@16
_AIL_set_sample_3D_orientation@28
_AIL_set_sample_3D_position@16
_AIL_set_sample_3D_velocity@20
_AIL_set_sample_3D_velocity_vector@16
_AIL_set_sample_51_volume_levels@28
_AIL_set_sample_51_volume_pan@24
_AIL_set_sample_address@12
_AIL_set_sample_adpcm_block_size@8
_AIL_set_sample_channel_levels@12
_AIL_set_sample_exclusion@8
_AIL_set_sample_file@12
_AIL_set_sample_info@8
_AIL_set_sample_loop_block@12
_AIL_set_sample_loop_count@8
_AIL_set_sample_low_pass_cut_off@8
_AIL_set_sample_ms_position@8
_AIL_set_sample_obstruction@8
_AIL_set_sample_occlusion@8
_AIL_set_sample_playback_rate@8
_AIL_set_sample_position@8
_AIL_set_sample_processor@12
_AIL_set_sample_reverb_levels@12
_AIL_set_sample_user_data@12
_AIL_set_sample_volume_levels@12
_AIL_set_sample_volume_pan@12
_AIL_set_sequence_loop_count@8
_AIL_set_sequence_ms_position@8
_AIL_set_sequence_tempo@12
_AIL_set_sequence_user_data@12
_AIL_set_sequence_volume@12
_AIL_set_speaker_configuration@16
_AIL_set_speaker_reverb_levels@16
_AIL_set_stream_loop_block@12
_AIL_set_stream_loop_count@8
_AIL_set_stream_ms_position@8
_AIL_set_stream_position@8
_AIL_set_stream_user_data@12
_AIL_set_timer_divisor@8
_AIL_set_timer_frequency@8
_AIL_set_timer_period@8
_AIL_set_timer_user@8
_AIL_shutdown@0
_AIL_size_processed_digital_audio@16
_AIL_speaker_configuration@20
_AIL_speaker_reverb_levels@16
_AIL_start_all_timers@0
_AIL_start_sample@4
_AIL_start_sequence@4
_AIL_start_stream@4
_AIL_start_timer@4
_AIL_startup@0
_AIL_stop_all_timers@0
_AIL_stop_sample@4
_AIL_stop_sequence@4
_AIL_stop_timer@4
_AIL_stream_info@20
_AIL_stream_loop_count@4
_AIL_stream_ms_position@12
_AIL_stream_position@4
_AIL_stream_sample_handle@4
_AIL_stream_status@4
_AIL_stream_user_data@8
_AIL_true_sequence_channel@8
_AIL_unlock@0
_AIL_unlock_mutex@0
_AIL_update_listener_3D_position@8
_AIL_update_sample_3D_position@8
_AIL_us_count@0
_DLSMSSGetCPU@4
_MIX_RIB_MAIN@8
_MSSDisableThreadLibraryCalls@4
_RIB_enumerate_providers@12
_RIB_find_file_dec_provider@20
_RIB_find_files_provider@20
_RIB_find_provider@12
_RIB_load_application_providers@4
_RIB_load_static_provider_library@8
_RIB_provider_system_data@8
_RIB_provider_user_data@8
_RIB_set_provider_system_data@12
_RIB_set_provider_user_data@12

Sections

.text
Size: 275KB - Virtual size: 275KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

MSSMIXER
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
players2/CTF_default.dsr
players2/DOM_default.dsr
players2/DZ_default.dsr
players2/FFA_default.dsr
players2/GG_default.dsr
players2/HQ_default.dsr
players2/INF_default.dsr
players2/JUG_default.dsr
players2/KC_default.dsr
players2/OIC_default.dsr
players2/SAB_default.dsr
players2/SD_default.dsr
players2/TDEF_default.dsr
players2/TDM_default.dsr
players2/TJ_default.dsr
players2/default.dspl
players2/server.cfg
r.a.s.exe
.exe windows:4 windows x86 arch:x86

7c0d16eb084c88f44d7b4a143333925a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
_adj_fdiv_m64
_adj_fprem1
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
_CIatan
_allmul
_CItan
_CIexp

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
splash.bmp
steam_api.dll
.dll windows:4 windows x86 arch:x86

1feed11f0fda9343bc47b049452aa302

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:f6:32:6f:70:cb:ec:34:0b:f2:d1:86:8f:e6:5b:1e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

25/11/2009, 00:00

Not After

23/11/2012, 23:59

Subject

CN=Valve,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Valve,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ed:0d:ad:b9:e7:ca:bf:a0:33:e3:4b:7f:9a:55:82:2f:61:0b:75:34
Signer

Actual PE Digest

ed:0d:ad:b9:e7:ca:bf:a0:33:e3:4b:7f:9a:55:82:2f:61:0b:75:34

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\buildslave\steam_rel_client_win32\build\src\steam_api\Release\steam_api.pdb

Imports

kernel32

OpenProcess
GetExitCodeProcess
MultiByteToWideChar
SetEnvironmentVariableA
GetCommandLineA
GetModuleHandleA
LoadLibraryExA
OutputDebugStringA
CloseHandle
LoadLibraryExW
FreeLibrary
GetModuleFileNameA
GetProcAddress
WriteConsoleW
GetConsoleOutputCP
GetLastError
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetVersionExA
GetProcessHeap
RaiseException
RtlUnwind
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
ExitProcess
WriteFile
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
WideCharToMultiByte
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
LoadLibraryA
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
ReadFile
CreateFileA
CompareStringA
CompareStringW
SetStdHandle
WriteConsoleA
SetEndOfFile

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA

Exports

Exports

GetHSteamPipe
GetHSteamUser
SteamAPI_GetHSteamPipe
SteamAPI_GetHSteamUser
SteamAPI_GetSteamInstallPath
SteamAPI_Init
SteamAPI_InitSafe
SteamAPI_IsSteamRunning
SteamAPI_RegisterCallResult
SteamAPI_RegisterCallback
SteamAPI_RestartAppIfNecessary
SteamAPI_RunCallbacks
SteamAPI_SetBreakpadAppID
SteamAPI_SetMiniDumpComment
SteamAPI_SetTryCatchCallbacks
SteamAPI_Shutdown
SteamAPI_UnregisterCallResult
SteamAPI_UnregisterCallback
SteamAPI_UseBreakpadCrashHandler
SteamAPI_WriteMiniDump
SteamApps
SteamClient
SteamContentServer
SteamContentServerUtils
SteamContentServer_Init
SteamContentServer_RunCallbacks
SteamContentServer_Shutdown
SteamFriends
SteamGameServer
SteamGameServerApps
SteamGameServerNetworking
SteamGameServerStats
SteamGameServerUtils
SteamGameServer_BSecure
SteamGameServer_GetHSteamPipe
SteamGameServer_GetHSteamUser
SteamGameServer_GetIPCCallCount
SteamGameServer_GetSteamID
SteamGameServer_Init
SteamGameServer_InitSafe
SteamGameServer_RunCallbacks
SteamGameServer_Shutdown
SteamMasterServerUpdater
SteamMatchmaking
SteamMatchmakingServers
SteamNetworking
SteamRemoteStorage
SteamUser
SteamUserStats
SteamUtils
Steam_GetHSteamUserCurrent
Steam_RegisterInterfaceFuncs
Steam_RunCallbacks
g_pSteamClientGameServer

Sections

.text
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
steamclient.dll
.dll windows:5 windows x86 arch:x86

f5eeea9aff59e4c39110788a447209b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegQueryValueExA
GetUserNameA
RegOpenKeyExA

shell32

SHGetFolderPathA

user32

MessageBoxA

kernel32

GetProcessHeap
SetEndOfFile
CreateFileW
WriteConsoleW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualProtectEx
GetCurrentProcess
WriteProcessMemory
GetCurrentThread
SetLastError
GetModuleHandleA
GetProcAddress
GetTickCount
GetModuleFileNameA
SetEnvironmentVariableA
GetCurrentProcessId
FindClose
FindNextFileA
FindFirstFileA
GetLastError
GetPrivateProfileStringA
WritePrivateProfileStringA
GetVolumeInformationA
ResumeThread
VirtualQuery
VirtualProtect
VirtualAlloc
InterlockedCompareExchange
GetCurrentThreadId
GetThreadContext
SetThreadContext
FlushInstructionCache
SuspendThread
CloseHandle
WriteFile
SetFilePointer
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
Sleep
InterlockedExchange
EncodePointer
DecodePointer
MultiByteToWideChar
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
CreateDirectoryA
DeleteFileA
GetCommandLineA
RaiseException
RtlUnwind
LCMapStringW
GetCPInfo
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
HeapCreate
HeapDestroy
HeapSize
ExitProcess
IsProcessorFeaturePresent
ReadFile
InitializeCriticalSectionAndSpinCount
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetStartupInfoW
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
HeapReAlloc
LoadLibraryW
SetStdHandle
CreateFileA

Exports

Exports

?_Patch@@YAHIPBXI@Z
CreateInterface
3DMGAME
Steam_BConnected
Steam_BGetCallback
Steam_BLoggedOn
Steam_BReleaseSteamPipe
Steam_ConnectToGlobalUser
Steam_CreateGlobalUser
Steam_CreateLocalUser
Steam_CreateSteamPipe
Steam_FreeLastCallback
Steam_GSBLoggedOn
Steam_GSBSecure
Steam_GSGetSteam2GetEncryptionKeyToSendToNewClient
Steam_GSGetSteamID
Steam_GSLogOff
Steam_GSLogOn
Steam_GSRemoveUserConnect
Steam_GSSendSteam2UserConnect
Steam_GSSendSteam3UserConnect
Steam_GSSendUserDisconnect
Steam_GSSendUserStatusResponse
Steam_GSSetServerType
Steam_GSSetSpawnCount
Steam_GSUpdateStatus
Steam_GetAPICallResult
Steam_GetGSHandle
Steam_InitiateGameConnection
Steam_LogOff
Steam_LogOn
Steam_ReleaseUser
Steam_SetLocalIPBinding
Steam_TerminateGameConnection

Sections

.text
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.STMSIG
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tier0_s.dll
.dll windows:4 windows x86 arch:x86

47737e4d275809cf95c5dcd7570d304b

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7b:f6:32:6f:70:cb:ec:34:0b:f2:d1:86:8f:e6:5b:1e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

25/11/2009, 00:00

Not After

23/11/2012, 23:59

Subject

CN=Valve,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Valve,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ec:9d:38:02:b4:a4:b7:f2:f3:ad:c7:5f:e2:e5:59:75:e5:8a:4d:c6
Signer

Actual PE Digest

ec:9d:38:02:b4:a4:b7:f2:f3:ad:c7:5f:e2:e5:59:75:e5:8a:4d:c6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\buildslave\steam_rel_client_win32\build\src\tier0\Release\tier0_s.pdb

Imports

ws2_32

send
recv
recvfrom
WSASetLastError
WSAGetLastError

kernel32

GlobalLock
GlobalAlloc
GetVersionExA
QueryPerformanceCounter
QueryPerformanceFrequency
SetThreadAffinityMask
GetCurrentThread
GetSystemInfo
GetProcAddress
GetModuleHandleA
GetProcessAffinityMask
GetCurrentProcess
SetProcessAffinityMask
Sleep
IsDebuggerPresent
GetCurrentThreadId
OutputDebugStringA
TerminateProcess
HeapUnlock
HeapWalk
HeapQueryInformation
HeapLock
GetProcessHeap
GetProcessHeaps
GetCommandLineA
InterlockedExchange
DebugBreak
DeleteCriticalSection
FreeLibrary
LoadLibraryA
InitializeCriticalSection
InterlockedCompareExchange
LeaveCriticalSection
EnterCriticalSection
GetLastError
VirtualAlloc
VirtualFree
LoadLibraryExA
LoadLibraryW
LoadLibraryExW
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameW
GetModuleFileNameA
GlobalMemoryStatusEx
SetThreadPriority
SetPriorityClass
CloseHandle
DeviceIoControl
CreateFileA
GlobalUnlock
WaitForSingleObject
SetEvent
ExitThread
TerminateThread
CreateThread
CreateEventA
RaiseException
OpenProcess
GetExitCodeThread
OpenThread
GetThreadPriority
ReleaseSemaphore
ReleaseMutex
TlsFree
InitializeCriticalSectionAndSpinCount
SuspendThread
ResumeThread
WaitForMultipleObjects
ResetEvent
CreateSemaphoreA
CreateMutexA
TlsAlloc
TlsGetValue
TlsSetValue
GetNumberOfConsoleInputEvents
ReadConsoleInputA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetFilePointer
ReadFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetStartupInfoA
GetFileType
SetHandleCount
GetCurrentProcessId
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
CompareStringA
CompareStringW
GetTickCount
SetEnvironmentVariableA
GetStdHandle
RtlUnwind
HeapAlloc
HeapFree
ExitProcess
HeapDestroy
HeapCreate
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapValidate
HeapSize
HeapReAlloc
GetSystemTimeAsFileTime
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
SetLastError
LCMapStringA
LCMapStringW
VirtualQuery
WriteFile
WriteConsoleA

user32

GetKeyState
ScreenToClient
GetCursorPos
PeekMessageA
DialogBoxParamA
EndDialog
GetDlgItemInt
OpenClipboard
EmptyClipboard
GetDlgItem
wsprintfA
SetClipboardData
CloseClipboard
MessageBoxA
SetDlgItemTextA
SetDlgItemInt
GetWindowRect
GetDesktopWindow
SetWindowPos
EnumWindows
IsWindowVisible
GetWindowThreadProcessId
GetWindowTextLengthA

advapi32

RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCloseKey

shell32

ShellExecuteExA

Exports

Exports

??0CStack@@QAE@XZ
??0CThread@@QAE@XZ
??0CThreadEvent@@QAE@PAX_N@Z
??0CThreadEvent@@QAE@PBD_N1@Z
??0CThreadEvent@@QAE@_N@Z
??0CThreadFullMutex@@QAE@_NPBD@Z
??0CThreadLocalBase@@QAE@XZ
??0CThreadMutex@@QAE@XZ
??0CThreadRWLock@@QAE@XZ
??0CThreadSemaphore@@QAE@JJ@Z
??0CThreadSpinRWLock@@QAE@XZ
??0CThreadSyncObject@@IAE@XZ
??0CVProfManager@@QAE@XZ
??0CVProfNode@@QAE@PAVCVProfile@@PBDHPAV0@1H@Z
??0CVProfile@@QAE@ABV0@@Z
??0CVProfile@@QAE@XZ
??0CVProfileArray@@QAE@XZ
??0CValidator@@QAE@H_N@Z
??0CWorkerThread@@QAE@XZ
??1CStack@@QAE@XZ
??1CThread@@UAE@XZ
??1CThreadEvent@@QAE@XZ
??1CThreadFullMutex@@QAE@XZ
??1CThreadLocalBase@@QAE@XZ
??1CThreadMutex@@QAE@XZ
??1CThreadRWLock@@QAE@XZ
??1CThreadSemaphore@@QAE@XZ
??1CThreadSyncObject@@QAE@XZ
??1CVProfManager@@QAE@XZ
??1CVProfNode@@QAE@XZ
??1CVProfile@@QAE@XZ
??1CVProfileArray@@QAE@XZ
??1CValidator@@QAE@XZ
??1CWorkerThread@@UAE@XZ
??4CStack@@QAEAAV0@ABV0@@Z
??4CThreadLocalBase@@QAEAAV0@ABV0@@Z
??4CThreadSpinRWLock@@QAEAAV0@ABV0@@Z
??4CTier0@@QAEAAV0@ABV0@@Z
??4CVProfNode@@QAEAAV0@ABV0@@Z
??4CVProfile@@QAEAAV0@ABV0@@Z
??4CVProfileArray@@QAEAAV0@ABV0@@Z
??4CValidator@@QAEAAV0@ABV0@@Z
??7CThreadSyncObject@@QBE_NXZ
??BCThreadSyncObject@@QAEPAXXZ
??_7CThread@@6B@
??_7CWorkerThread@@6B@
??_FCThreadEvent@@QAEXXZ
??_FCThreadFullMutex@@QAEXXZ
?Add@CStack@@QAEX_K@Z
?AddBudgetGroupName@CVProfile@@IAEHPBDH@Z
?AddProfileForThread@CVProfManager@@QAEPAVCVProfileThreadEntry@@PAVCVProfile@@I@Z
?AddToTotal@CValidator@@QAEXH@Z
?AddValidationLock@CValidator@@QAEXPAVCThreadMutex@@@Z
?AssertOwnedByCurrentThread@CThreadFullMutex@@QAE_NXZ
?AssertOwnedByCurrentThread@CThreadMutex@@QAE_NXZ
?AssertUseable@CThreadSyncObject@@IAEXXZ
?AssignIf@CThreadSpinRWLock@@AAE_NABULockInfo_t@1@0@Z
?AtRoot@CVProfile@@QBE_NXZ
?BCountingOnly@CValidator@@QAE_NXZ
?BExcludeAllocationFromTracking@CValidator@@AAE_NPBDH@Z
?BHasValidThreadID@CThread@@IAE_NXZ
?BIsProfilePtrValid@CVProfManager@@QAE_NPAVCVProfile@@@Z
?BMemLeaks@CValidator@@QAE_NXZ
?BProfileHasNodesOutsideBudgetGroup_Recursive@CVProfile@@IAE_NPAVCVProfNode@@H@Z
?BoostPriority@CWorkerThread@@QAEHXZ
?BudgetGroupNameToBudgetGroupID@CVProfile@@QAEHPBD@Z
?BudgetGroupNameToBudgetGroupID@CVProfile@@QAEHPBDH@Z
?CalcStackDepth@CThread@@QAEIPAX@Z
?Call@CWorkerThread@@IAEHII_NP6GIIPBQAXHI@Z@Z
?CallMaster@CWorkerThread@@QAEHII@Z
?CallWorker@CWorkerThread@@QAEHII_N@Z
?Check@CThreadEvent@@QAE_NXZ
?ClaimArrayMemory@CValidator@@QAEXPAX@Z
?ClaimMemory@CValidator@@QAEXPAX@Z
?ClaimMemory_Aligned@CValidator@@QAEXPAX@Z
?ClaimUntrackedMemory@CValidator@@QAEXH@Z
?CleanupUnusedProfiles@CVProfManager@@QAEXXZ
?ClearPrevTime@CVProfNode@@QAEXXZ
?CreateBudgetGroups@CVProfile@@IAEXXZ
?CreateSimpleThread@@YAPAUThreadHandle_t__@@P6AIPAX@Z0PAII@Z
?DiffAgainst@CValidator@@QAEXPAV1@@Z
?DumpAllThreadProfiles@CVProfManager@@QAEXXZ
?DumpNodes@CVProfile@@IAEXPAVCVProfNode@@H_N@Z
?DumpSorted@CVProfile@@IAEXPBDNP6A_NABUTimeSums_t@@1@ZH@Z
?EnableDumpSpikes@CVProfManager@@QAEXH@Z
?EnterScope@CVProfNode@@QAEXPAX@Z
?EnterScope@CVProfile@@QAEXPBDH0_NHPAX@Z
?EnterScope@CVProfile@@QAEXPBDH0_NPAX@Z
?ExitScope@CVProfNode@@QAE_NXZ
?ExitScope@CVProfile@@QAEXXZ
?Finalize@CValidator@@QAEXXZ
?FindBudgetGroupName@CVProfile@@IAEHPBD@Z
?FindNode@CVProfile@@QAEPAVCVProfNode@@PAV2@PBD@Z
?FindObject@CValidator@@QAEPAVCValObject@@PAX@Z
?FindOrCreateCounter@CVProfile@@QAEPAHPBDW4CounterGroup_t@@@Z
?FreeNodes_R@CVProfile@@IAEXPAVCVProfNode@@@Z
?Get@CThreadLocalBase@@QBEPAXXZ
?GetAllThreadProfiles@CVProfManager@@QAEXPAVCVProfileArray@@@Z
?GetBudgetGroupColor@CVProfile@@QAEXHAAH000@Z
?GetBudgetGroupFlags@CVProfile@@QBEHH@Z
?GetBudgetGroupID@CVProfNode@@QAEHXZ
?GetBudgetGroupName@CVProfile@@QAEPBDH@Z
?GetCallHandle@CWorkerThread@@QAEPAXXZ
?GetCallParam@CWorkerThread@@QBEIXZ
?GetChild@CVProfNode@@QAEPAV1@XZ
?GetClientData@CVProfNode@@QBEHXZ
?GetCount@CVProfileArray@@QAEHXZ
?GetCounterGroup@CVProfile@@QBE?AW4CounterGroup_t@@H@Z
?GetCounterName@CVProfile@@QBEPBDH@Z
?GetCounterNameAndValue@CVProfile@@QBEPBDHAAH@Z
?GetCounterValue@CVProfile@@QBEHH@Z
?GetCubTotal@CValidator@@QAE_JXZ
?GetCurCalls@CVProfNode@@QAEHXZ
?GetCurTime@CVProfNode@@QAENXZ
?GetCurTimeLessChildren@CVProfNode@@QAENXZ
?GetCurrentCThread@CThread@@SAPAV1@XZ
?GetCurrentNode@CVProfile@@QAEPAVCVProfNode@@XZ
?GetCurrentScope@CVProfNode@@QAEPAXXZ
?GetCurrentScope@CVProfile@@QAEPAXXZ
?GetFrameTimeOutsideBudgetGroup_Recursive@CVProfile@@QAENPAVCVProfNode@@H@Z
?GetL2CacheMisses@CVProfNode@@QAEHXZ
?GetName@CThread@@QAEPBDXZ
?GetName@CVProfNode@@QAEPBDXZ
?GetNumBudgetGroups@CVProfile@@QAEHXZ
?GetNumCounters@CVProfile@@QBEHXZ
?GetNumFrames@CStack@@QAEHXZ
?GetOrigNameAddress@CVProfNode@@QAEPBXXZ
?GetParent@CVProfNode@@QAEPAV1@XZ
?GetPeakFrameTime@CVProfile@@QAENXZ
?GetPeakTime@CVProfNode@@QAENXZ
?GetPrevCalls@CVProfNode@@QAEHXZ
?GetPrevSibling@CVProfNode@@QAEPAV1@XZ
?GetPrevTime@CVProfNode@@QAENXZ
?GetPrevTimeLessChildren@CVProfNode@@QAENXZ
?GetPriority@CThread@@QBEHXZ
?GetProfile@CVProfNode@@QAEPAVCVProfile@@XZ
?GetProfile@CVProfileArray@@QAEPAVCVProfile@@H@Z
?GetResult@CThread@@QAEHXZ
?GetRoot@CVProfile@@QAEPAVCVProfNode@@XZ
?GetSibling@CVProfNode@@QAEPAV1@XZ
?GetSubNode@CVProfNode@@QAEPAV1@PBDH0@Z
?GetSubNode@CVProfNode@@QAEPAV1@PBDH0H@Z
?GetThreadHandle@CThread@@QAEPAXXZ
?GetThreadID@CVProfile@@QAEIXZ
?GetThreadId@CThread@@QAEIXZ
?GetThreadName@CVProfile@@QAEPBDXZ
?GetThreadProc@CThread@@EAEP6GIPAX@ZXZ
?GetTimeLastFrame@CVProfile@@QAENXZ
?GetTotalCalls@CVProfNode@@QAEHXZ
?GetTotalTime@CVProfNode@@QAENXZ
?GetTotalTimeLessChildren@CVProfNode@@QAENXZ
?GetTotalTimeSampled@CVProfile@@QAENXZ
?GetUniqueNodeID@CVProfNode@@ABEHXZ
?Handle@CThreadSyncObject@@QAEPAXXZ
?Init@CThread@@MAE_NXZ
?IsAlive@CThread@@QAE_NXZ
?IsClaimed@CValidator@@QAE_NPAX@Z
?IsEnabled@CVProfile@@QBE_NXZ
?IsThreadRunning@CThread@@MAE_NXZ
?Join@CThread@@QAE_NI@Z
?Lock@CThreadFastMutex@@ACEXII@Z
?Lock@CThreadFullMutex@@QAEXI@Z
?Lock@CThreadFullMutex@@QAEXXZ
?Lock@CThreadMutex@@QAEXXZ
?Lock@CThreadMutex@@QBEXXZ
?LockForRead@CThreadRWLock@@QAEXXZ
?LockForRead@CThreadRWLock@@QBEXXZ
?LockForRead@CThreadSpinRWLock@@QAEXXZ
?LockForRead@CThreadSpinRWLock@@QBEXXZ
?LockForWrite@CThreadRWLock@@QAEXXZ
?LockForWrite@CThreadRWLock@@QBEXXZ
?LockForWrite@CThreadSpinRWLock@@QAEXXZ
?LockForWrite@CThreadSpinRWLock@@QBEXXZ
?MarkFrame@CVProfNode@@QAEXXZ
?MarkFrame@CVProfile@@QAEXPBD@Z
?NGetPC@CStack@@QAE_KH@Z
?NumFramesSampled@CVProfile@@QAEHXZ
?OnExit@CThread@@MAEXXZ
?OutputReport@CVProfile@@QAEXHPBDH@Z
?PMEEnable@CVProfile@@QAEX_N@Z
?PMEInitialized@CVProfile@@QAEX_N@Z
?PValObjectFirst@CValidator@@QAEPAVCValObject@@XZ
?Pause@CVProfNode@@QAEXXZ
?Pause@CVProfile@@QAEXXZ
?PeekCall@CWorkerThread@@QAE_NPAI@Z
?Pop@CValidator@@QAEXXZ
?Push@CValidator@@QAEXPBDPAX0@Z
?RegisterCallbackHandler@CVProfile@@QAEXPAVIVProfileCallbackHandler@@@Z
?RegisterNumBudgetGroupsChangedCallBack@CVProfile@@QAEXP6AXXZ@Z
?Release@CThreadFullMutex@@QAE_NXZ
?Release@CThreadSemaphore@@QAE_NJPAJ@Z
?RenderLeaks@CValidator@@QAEXH@Z
?RenderObjects@CValidator@@QAEXH@Z
?Reply@CWorkerThread@@QAEXI@Z
?Reset@CStack@@QAEXXZ
?Reset@CThreadEvent@@QAE_NXZ
?Reset@CVProfNode@@QAEXXZ
?Reset@CVProfile@@QAEXXZ
?ResetCounters@CVProfile@@QAEXW4CounterGroup_t@@@Z
?ResetPeak@CVProfNode@@QAEXXZ
?ResetPeaks@CVProfile@@QAEXXZ
?Resume@CThread@@QAEIXZ
?Resume@CVProfNode@@QAEXXZ
?Resume@CVProfile@@QAEXXZ
?Set@CThreadEvent@@QAE_NXZ
?Set@CThreadLocalBase@@QAEXPAX@Z
?SetAllocSizeFilter@CValidator@@QAEXH@Z
?SetBudgetGroupID@CVProfNode@@QAEXH@Z
?SetClientData@CVProfNode@@QAEXH@Z
?SetCurFrameTime@CVProfNode@@QAEXK@Z
?SetName@CThread@@QAEXPBD@Z
?SetPriority@CThread@@QAE_NH@Z
?SetThreadEntry@CVProfile@@QAEXPAVCVProfileThreadEntry@@@Z
?SetTrace@CThreadFullMutex@@QAEX_N@Z
?SetTrace@CThreadMutex@@QAEX_N@Z
?SetUniqueNodeID@CVProfNode@@AAEXH@Z
?Sleep@CThread@@QAEXI@Z
?SpinLockForWrite@CThreadSpinRWLock@@AAEXI@Z
?Start@CThread@@QAE_NI@Z
?Start@CVProfile@@QAEXXZ
?StartProfilingAllThreads@CVProfManager@@QAEXXZ
?Stop@CThread@@QAEXH@Z
?Stop@CVProfile@@QAEXXZ
?StopProfilingAllThreads@CVProfManager@@QAEXXZ
?SumTimes@CVProfile@@IAEXPAVCVProfNode@@H@Z
?SumTimes@CVProfile@@IAEXPBDH@Z
?Suspend@CThread@@QAEIXZ
?Term@CVProfile@@QAEXXZ
?Terminate@CThread@@QAE_NH@Z
?ThreadProc@CThread@@CGIPAX@Z
?TryLock@CThreadMutex@@QAE_NH@Z
?TryLock@CThreadMutex@@QBE_NXZ
?TryLockForRead@CThreadSpinRWLock@@QAE_NXZ
?TryLockForRead@CThreadSpinRWLock@@QBE_NXZ
?TryLockForWrite@CThreadSpinRWLock@@AAE_NI@Z
?TryLockForWrite@CThreadSpinRWLock@@QAE_NXZ
?TryLockForWrite@CThreadSpinRWLock@@QBE_NXZ
?Unlock@CThreadFullMutex@@QAEXXZ
?Unlock@CThreadMutex@@QAEXXZ
?Unlock@CThreadMutex@@QBEXXZ
?UnlockRead@CThreadRWLock@@QAEXXZ
?UnlockRead@CThreadRWLock@@QBEXXZ
?UnlockRead@CThreadSpinRWLock@@QAEXXZ
?UnlockRead@CThreadSpinRWLock@@QBEXXZ
?UnlockValidationLocks@CValidator@@QAEXXZ
?UnlockWrite@CThreadRWLock@@QAEXXZ
?UnlockWrite@CThreadRWLock@@QBEXXZ
?UnlockWrite@CThreadSpinRWLock@@QAEXXZ
?UnlockWrite@CThreadSpinRWLock@@QBEXXZ
?UnregisterCallbackHandler@CVProfile@@QAEXPAVIVProfileCallbackHandler@@@Z
?UsePME@CVProfile@@QAE_NXZ
?Validate@CVProfManager@@QAEXAAVCValidator@@PBD@Z
?Validate@CVProfNode@@QAEXAAVCValidator@@PBD@Z
?Validate@CVProfile@@QAEXAAVCValidator@@PBD@Z
?Validate@CValidator@@QAEXAAV1@PBD@Z
?ValidateGlobals@CTier0@@SAXAAVCValidator@@@Z
?Wait@CThreadSyncObject@@QAE_NI@Z
?WaitForCall@CWorkerThread@@QAE_NIPAI@Z
?WaitForCall@CWorkerThread@@QAE_NPAI@Z
?WaitForCreateComplete@CThread@@AAE_NPAVCThreadEvent@@@Z
?WaitForRead@CThreadRWLock@@AAEXXZ
?WaitForReply@CWorkerThread@@IAEHIP6GIIPBQAXHI@Z@Z
?WaitForReply@CWorkerThread@@QAEHI@Z
?Yield@CThread@@SAXXZ
?fDumped@?6??GetBudgetGroupFlags@CVProfile@@QBEHH@Z@4_NA
?fDumped@?6??GetBudgetGroupName@CVProfile@@QAEPBDH@Z@4_NA
?fDumped@?6??GetName@CVProfNode@@QAEPBDXZ@4_NA
?fDumped@?6??GetOrigNameAddress@CVProfNode@@QAEPBXXZ@4_NA
?fDumped@?6??GetParent@CVProfNode@@QAEPAV2@XZ@4_NA
?fDumped@?P@??AddProfileForThread@CVProfManager@@QAEPAVCVProfileThreadEntry@@PAVCVProfile@@I@Z@4_NA
?g_bInException@@3_NC
?oldValue@?4??TryLockForWrite@CThreadSpinRWLock@@AAE_NI@Z@4ULockInfo_t@2@B
?s_iCurrentUniqueNodeID@CVProfNode@@0HA
AssertMsgImplementation
BBlockingGetMiniDumpLock
BGetMiniDumpLock
BWritingFatalMiniDump
BWritingMiniDump
BWritingNonFatalMiniDump
CallAssertFailedNotifyFunc
CallFlushLogFunc
CatchAndWriteMiniDump
CatchAndWriteMiniDumpEx
CatchAndWriteMiniDumpExForVoidPtrFn
CatchAndWriteMiniDumpExReturnsInt
CatchAndWriteMiniDumpForVoidPtrFn
ClearWritingMiniDump
CrackSmokingCompiler
CreateVProfile
DLog
DWarning
DeclareCurrentThreadIsMainThread
DoNewAssertDialog
Error
GetAvailableRAM
GetCPUInformation
GetCRunTimeVersion
GetCrashHandlerFactory
GetInstalledRAM
GetSpewOutputFunc
InitPME
Is64BitOS
IsInAssert
IsLogActive
IsSpewActive
Log
MiniDumpUnlock
Msg
PLAT_GetExecutablePath
Plat_Alloc
Plat_ExitProcess
Plat_FloatTime
Plat_Free
Plat_GetCommandLine
Plat_GetCurrentThreadID
Plat_IsInDebugSession
Plat_MSTime
Plat_OutputDebugString
Plat_OutputDebugStringRaw
Plat_PrimaryThreadID
Plat_Realloc
Plat_RegisterPrimaryThread
Plat_RegisterThread
Plat_SetThreadName
Plat_ctime
Plat_daylight
Plat_gmtime
Plat_localtime
Plat_timegm
Plat_timezone
ReleaseThreadHandle
SetAssertDumpStack
SetAssertFailedNotifyFunc
SetFlushLogFunc
SetInAssert
SetMiniDumpAppID
SetMiniDumpBuildID
SetMiniDumpSteamID
ShouldUseNewAssertDialog
ShutdownPME
SpewActivate
SpewAndLogActivate
SpewAndLogChangeIfStillDefault
SpewChangeIfStillDefault
SpewOutputFunc
TestThread_Yield
Test_HasFailed
Test_HasFinished
Test_IsActive
Test_RunFrame
Test_RunTest
Test_SetFailed
Test_TerminateThread
ThreadGetCurrentHandle
ThreadGetCurrentProcessId
ThreadGetPriority
ThreadInMainThread
ThreadInterlockedAssignIf64
ThreadInterlockedCompareExchange64
ThreadInterlockedDecrement64
ThreadInterlockedExchange64
ThreadInterlockedExchangeAdd64
ThreadInterlockedIncrement64
ThreadIsProcessActive
ThreadIsThreadIdRunning
ThreadSetAffinity
ThreadSetDebugName
ThreadSetPriority
ThreadShellExecute
ThreadSleep
ThreadTerminateProcess
ThreadWaitForObjects
Timer_GetTimeUS
ValidateSpew
WaitForMultipleEvents
Warning
WriteMiniDump
_DMsg
_DSpewMessage
_ExitOnFatalAssert
_SpewInfo
_SpewMessage
_SpewMessageType
g_ClockSpeed
g_ClockSpeedMicrosecondsMultiplier
g_ClockSpeedMillisecondsMultiplier
g_ClockSpeedSecondsMultiplier
g_VProfManager
g_VProfProfilesRunningCount
g_VProfile
g_cBadCycleCountReceived
g_dwClockSpeed
g_dwDllEntryThreadId
g_pMemAllocSteam
g_pVCR
g_ulLastCycleSample
vtune

Sections

.text
Size: 188KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tmp.exe
.exe windows:5 windows x86 arch:x86

1494de9b53e05fc1f40cb92afbdd6ce4

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:b2:9b:00:00:00:00:00:15
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

21/02/2011, 20:53

Not After

21/05/2012, 20:53

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:ba:f7:87:7a:93:e9:f2:77:9a:d0:d8:84:ae:dd:db:7d:05:48:fb
Signer

Actual PE Digest

25:ba:f7:87:7a:93:e9:f2:77:9a:d0:d8:84:ae:dd:db:7d:05:48:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

LocalFree
LocalAlloc
GetLastError
GetCurrentProcess
GetModuleFileNameA
lstrlenA
GetSystemDirectoryA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
lstrcatA
lstrcpyA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
CreateDirectoryA
GetFileAttributesA
ExpandEnvironmentStringsA
IsDBCSLeadByte
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpiA
GetProcAddress
GlobalUnlock
GlobalLock
GlobalAlloc
FreeResource
CloseHandle
LoadResource
SizeofResource
FindResourceA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetCurrentDirectoryA
GetTempFileNameA
ExitProcess
CreateFileA
LoadLibraryExA
lstrcpynA
GetVolumeInformationA
FormatMessageA
GetCurrentDirectoryA
GetVersionExA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
GetSystemInfo
CreateMutexA
SetEvent
CreateEventA
CreateThread
ResetEvent
TerminateThread
GetDriveTypeA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
LockResource
LoadLibraryA
GetDiskFreeSpaceA
MulDiv
EnumResourceLanguagesA
FreeLibrary
GlobalFree

gdi32

GetDeviceCaps

user32

ExitWindowsEx
wsprintfA
CharNextA
CharUpperA
CharPrevA
SetWindowLongA
GetWindowLongA
CallWindowProcA
DispatchMessageA
MsgWaitForMultipleObjects
PeekMessageA
SendMessageA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
SendDlgItemMessageA
GetDlgItem
SetForegroundWindow
SetWindowTextA
MessageBoxA
DialogBoxIndirectParamA
ShowWindow
EnableWindow
GetDlgItemTextA
EndDialog
GetDesktopWindow
MessageBeep
SetDlgItemTextA
LoadStringA
GetSystemMetrics

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 243KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
vcredist_x86.exe
.exe windows:5 windows x86 arch:x86

0ebb3c09b06b1666d307952e824c8697

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:27:81:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/10/2008, 21:24

Not After

22/01/2010, 21:34

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

14:67:a3:58:a1:34:46:0f:cd:a0:dc:62:6a:03:db:f7:d4:79:e2:d7
Signer

Actual PE Digest

14:67:a3:58:a1:34:46:0f:cd:a0:dc:62:6a:03:db:f7:d4:79:e2:d7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wextract.pdb

Imports

advapi32

FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

LocalFree
LocalAlloc
GetLastError
GetCurrentProcess
lstrlenA
GetModuleFileNameA
GetSystemDirectoryA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
CreateDirectoryA
GetFileAttributesA
ExpandEnvironmentStringsA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
IsDBCSLeadByte
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpiA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
FreeResource
GetProcAddress
LoadResource
SizeofResource
FindResourceA
lstrcatA
CloseHandle
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetCurrentDirectoryA
GetTempFileNameA
ExitProcess
CreateFileA
LoadLibraryExA
lstrcpynA
GetVolumeInformationA
FormatMessageA
GetCurrentDirectoryA
GetVersionExA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
GetSystemInfo
CreateMutexA
SetEvent
CreateEventA
CreateThread
ResetEvent
TerminateThread
GetDriveTypeA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ReadFile
LoadLibraryA
GetDiskFreeSpaceA
MulDiv
EnumResourceLanguagesA
FreeLibrary
LockResource

gdi32

GetDeviceCaps

user32

ExitWindowsEx
wsprintfA
CharNextA
CharUpperA
CharPrevA
SetWindowLongA
GetWindowLongA
CallWindowProcA
DispatchMessageA
MsgWaitForMultipleObjects
PeekMessageA
SendMessageA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
SendDlgItemMessageA
GetDlgItem
SetForegroundWindow
SetWindowTextA
MessageBoxA
DialogBoxIndirectParamA
ShowWindow
EnableWindow
GetDlgItemTextA
EndDialog
GetDesktopWindow
MessageBeep
SetDlgItemTextA
LoadStringA
GetSystemMetrics

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
vcredist_x86_2008.exe
.exe windows:5 windows x86 arch:x86

092eb6daba2f17cbda102fd1a32acd00

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:9f:10:fb:28:5b:a0:06:4b:55:37:02:3f:8b:c9:e0:6e:17:38:01
Signer

Actual PE Digest

0a:9f:10:fb:28:5b:a0:06:4b:55:37:02:3f:8b:c9:e0:6e:17:38:01

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

GetDriveTypeA
HeapFree
FormatMessageA
LeaveCriticalSection
DeleteFileA
EnterCriticalSection
TerminateProcess
WaitForMultipleObjects
CreateEventW
SetEvent
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
SetLastError
WriteFile
MoveFileA
ExitProcess
DeleteCriticalSection
FlushFileBuffers
GetVersionExA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateFileA
FindNextFileA
FindFirstFileA
CopyFileA
SetFileAttributesA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetCurrentDirectoryA
SetEndOfFile
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
ExpandEnvironmentStringsA
GetFileSize
CreateThread
CreateEventA
GetProcessHeap
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
CloseHandle
DeviceIoControl
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
SetErrorMode
GetTickCount
CreateDirectoryA
GetLastError
RemoveDirectoryA
MoveFileExA
SetFilePointer
FindClose
ReadFile

msvcrt

strchr
_strnicmp
_stricmp
strrchr
_strlwr
strncpy
strstr
_snprintf
sprintf

advapi32

AllocateAndInitializeSid
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
OpenProcessToken

user32

ShowWindow
SendDlgItemMessageA
SendMessageA
DialogBoxParamA
LoadStringA
EndDialog
SetParent
MessageBoxA

ntdll

NtShutdownSystem
NtAdjustPrivilegesToken
NtClose
NtOpenProcessToken

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.0MB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
vstdlib_s.dll
.dll windows:4 windows x86 arch:x86

81f129b3274ed7488befa64e66b4139e

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7b:f6:32:6f:70:cb:ec:34:0b:f2:d1:86:8f:e6:5b:1e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

25/11/2009, 00:00

Not After

23/11/2012, 23:59

Subject

CN=Valve,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Valve,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

df:32:92:fe:77:6c:0f:11:ef:e4:c3:c8:44:5a:5b:2e:25:2e:6d:aa
Signer

Actual PE Digest

df:32:92:fe:77:6c:0f:11:ef:e4:c3:c8:44:5a:5b:2e:25:2e:6d:aa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\buildslave\steam_rel_client_win32\build\src\vstdlib\Release\vstdlib_s.pdb

Imports

ws2_32

getsockname
gethostbyname
ntohl
ntohs
htons
htonl

kernel32

CompareStringW
GetCurrentDirectoryA
SetEnvironmentVariableA
GetFullPathNameA
GetDriveTypeA
RtlUnwind
GetFullPathNameW
GetCurrentThreadId
GetModuleFileNameA
VirtualQuery
HeapAlloc
GetProcessHeap
GetVersionExA
FoldStringW
SetLastError
IsBadStringPtrA
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
GetProcAddress
LoadLibraryA
GetVolumeInformationA
ReadFile
SetFilePointerEx
CloseHandle
SleepEx
FlushFileBuffers
WriteFile
GetLastError
CreateDirectoryW
GetFileSize
CreateFileW
GetFileAttributesW
SetFileAttributesW
GetTimeFormatW
GetDateFormatW
SetFileTime
GetFileTime
DeleteFileW
MoveFileExW
GetFileSizeEx
RemoveDirectoryW
GetDiskFreeSpaceA
SetEndOfFile
SetFilePointer
GetDiskFreeSpaceExW
WriteFileEx
CopyFileA
CancelIo
ReadDirectoryChangesW
GetModuleHandleA
LoadLibraryExA
LoadLibraryW
LoadLibraryExW
GetModuleHandleW
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
FindClose
CompareStringA
RaiseException
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
InterlockedExchange
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
CreateFileA
InitializeCriticalSection
GetConsoleMode
GetConsoleCP
SetStdHandle
GetLocaleInfoW
GetLocaleInfoA
SetConsoleCtrlHandler
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FatalAppExitA
LCMapStringW
LCMapStringA
ExitProcess
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
DeleteCriticalSection
GetStartupInfoA
FileTimeToSystemTime
GetFileType
SetHandleCount
IsDebuggerPresent
GetCurrentProcess
TerminateProcess
GetCurrentThread
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapFree
GetCommandLineA
FindNextFileW
FindFirstFileW
FindNextFileA
FindFirstFileA
FileTimeToLocalFileTime
SetCurrentDirectoryA

user32

CharLowerW

tier0_s

?ClaimMemory_Aligned@CValidator@@QAEXPAX@Z
?Lock@CThreadFastMutex@@ACEXII@Z
ThreadInterlockedAssignIf64
GetSpewOutputFunc
Plat_OutputDebugStringRaw
Plat_localtime
PLAT_GetExecutablePath
_SpewMessageType
IsInAssert
BGetMiniDumpLock
BWritingMiniDump
SetInAssert
_SpewInfo
_SpewMessage
CallAssertFailedNotifyFunc
ShouldUseNewAssertDialog
DoNewAssertDialog
WriteMiniDump
MiniDumpUnlock
ThreadGetCurrentProcessId
g_ulLastCycleSample
g_cBadCycleCountReceived
Is64BitOS
g_dwDllEntryThreadId
Plat_OutputDebugString
?UnlockRead@CThreadSpinRWLock@@QAEXXZ
?LockForRead@CThreadSpinRWLock@@QAEXXZ
?UnlockWrite@CThreadSpinRWLock@@QAEXXZ
?LockForWrite@CThreadSpinRWLock@@QAEXXZ
Msg
Warning
??1CThreadMutex@@QAE@XZ
??0CThreadMutex@@QAE@XZ
Plat_IsInDebugSession
?GetCurrentScope@CVProfile@@QAEPAXXZ
?GetCurrentNode@CVProfile@@QAEPAVCVProfNode@@XZ
?GetBudgetGroupID@CVProfNode@@QAEHXZ
?ExitScope@CVProfile@@QAEXXZ
?GetParent@CVProfNode@@QAEPAV1@XZ
?GetCurrentScope@CVProfNode@@QAEPAXXZ
?GetProfile@CVProfNode@@QAEPAVCVProfile@@XZ
?IsEnabled@CVProfile@@QBE_NXZ
?GetBudgetGroupName@CVProfile@@QAEPBDH@Z
?GetName@CVProfNode@@QAEPBDXZ
?EnterScope@CVProfile@@QAEXPBDH0_NPAX@Z
g_VProfile
CreateVProfile
g_VProfManager
?AddProfileForThread@CVProfManager@@QAEPAVCVProfileThreadEntry@@PAVCVProfile@@I@Z
?SetThreadEntry@CVProfile@@QAEXPAVCVProfileThreadEntry@@@Z
?Unlock@CThreadMutex@@QAEXXZ
?Lock@CThreadMutex@@QAEXXZ
?Set@CThreadLocalBase@@QAEXPAX@Z
?Get@CThreadLocalBase@@QBEPAXXZ
??0CThreadLocalBase@@QAE@XZ
??1CThreadLocalBase@@QAE@XZ
Plat_GetCommandLine
_DMsg
g_pMemAllocSteam
Error
?ClaimMemory@CValidator@@QAEXPAX@Z
?Push@CValidator@@QAEXPBDPAX0@Z
?Pop@CValidator@@QAEXXZ
AssertMsgImplementation
??0CThreadSpinRWLock@@QAE@XZ

Exports

Exports

??0CCommandLineParam@@QAE@PBD0@Z
??0CGaussianRandomStream@@QAE@PAVIUniformRandomStream@@@Z
??0CUniformRandomStream@@QAE@ABV0@@Z
??0CUniformRandomStream@@QAE@XZ
??1CCommandLineParam@@QAE@XZ
??4CCommandLineParam@@QAEAAV0@ABV0@@Z
??4CGaussianRandomStream@@QAEAAV0@ABV0@@Z
??4CStringNormalization@@QAEAAV0@ABV0@@Z
??4CUniformRandomStream@@QAEAAV0@ABV0@@Z
??_7CUniformRandomStream@@6B@
??_FCGaussianRandomStream@@QAEXXZ
?AttachToStream@CGaussianRandomStream@@QAEXPAVIUniformRandomStream@@@Z
?Exists@CCommandLineParam@@QAE_NXZ
?Fold@CStringNormalization@@SAHPBGPAGH@Z
?GenerateRandomNumber@CUniformRandomStream@@AAEHXZ
?GetHParam@CCommandLineParam@@QAEHXZ
?Initialize@CStringNormalization@@SAXXZ
?Normalize@CStringNormalization@@SAH_NPBDPADH@Z
?Normalize@CStringNormalization@@SAH_NPBGPAGH@Z
?Q_stristr@@YAPBDPBD0@Z
?RandomFloat@CGaussianRandomStream@@QAEMMM@Z
?RandomFloat@CUniformRandomStream@@UAEMMM@Z
?RandomInt@CUniformRandomStream@@UAEHHH@Z
?SetSeed@CUniformRandomStream@@UAEXH@Z
?Test_BValidateStructures@CStringNormalization@@SA_NXZ
?ValidateStatics@CStringNormalization@@SAXAAVCValidator@@PBD@Z
?m_bInitialized@CStringNormalization@@0_NA
BHanIdeograph
CanBeginLine
CanBreakBetween
CanBreakRepeated
CanEndLine
CommandLine
Coroutine_Cancel
Coroutine_Continue
Coroutine_Create
Coroutine_DebugBreak
Coroutine_GetCurrentlyActive
Coroutine_GetStackDepth
Coroutine_IsActive
Coroutine_IsAddressInOurStack
Coroutine_ReleaseThreadMemory
Coroutine_Test
Coroutine_ValidateGlobals
Coroutine_YieldToMain
CreateInterface
DebugStatsSystem
GetNameFromOSType
GetOSDetailString
GetOSType
GetOSTypeFromString_Deprecated
GetPlatformFromOS
GetPlatformName
GetPlatformNameFromEPlatformType
InstallUniformRandomStream
KeyValuesSystemSteam
OSTypesAreCompatible
Q_AggressiveStripPrecedingAndTrailingWhitespace
Q_AggressiveStripPrecedingAndTrailingWhitespaceW
Q_AppendParamToURL
Q_AppendSlash
Q_BasicHtmlEntityEncode
Q_CbMakeAbsolutePath
Q_ComposeFileName
Q_CopyAndFixSlashes
Q_DefaultExtension
Q_ExtractDomainFromURL
Q_ExtractFileExtension
Q_ExtractFilePath
Q_FileBase
Q_FixSlashes
Q_FormatAndAppend
Q_FormatAndAppendTail
Q_FormatAndAppendV
Q_GetFileExtension
Q_HtmlEntityDecodeToUTF8
Q_IsAbsolutePath
Q_MakeAbsolutePath
Q_NormalizeUTF8
Q_NormalizeUTF8Old
Q_RemoveDotSlashes
Q_ReplaceBadFilenameCharacters
Q_ReplaceBadFilenameCharactersInPlace
Q_SetExtension
Q_SetURLParam
Q_SplitNumbers
Q_SplitString
Q_SplitString2
Q_StrLeft
Q_StrRight
Q_StrSlice
Q_StrSubst
Q_StrSubstInPlace
Q_StrTrim
Q_StripExtension
Q_StripFilename
Q_StripHTML
Q_StripLastDir
Q_StripPrecedingAndTrailingWhitespace
Q_StripPrecedingAndTrailingWhitespaceW
Q_StripTrailingSlash
Q_StripUnprintable
Q_StripUnprintableW
Q_UCS2ToUTF8
Q_UCS2ToUnicode
Q_URLContainsDomain
Q_URLCracker
Q_URLDecode
Q_URLDecodeRaw
Q_URLEncode
Q_URLEncodeRaw
Q_UTF8ToUCS2
Q_UTF8ToUnicode
Q_UnicodeToUCS2
Q_UnicodeToUTF8
Q_UnqualifiedFileName
Q_atof
Q_atoi
Q_binarytohex
Q_hextobinary
Q_isvalidhex
Q_pretifymem
Q_pretifynum
Q_qsort_s
Q_snprintf
Q_strcat
Q_strcmp_prefix
Q_stricmp_prefix
Q_stristr
Q_strnappend
Q_strnappend_strlen
Q_strncat
Q_strnchr
Q_strncmp
Q_strncpy
Q_strnicmp
Q_strnistr
Q_strnlen
Q_strtoi64
Q_strtoui64
Q_strtowcs
Q_tolower
Q_toupper
Q_vsnprintf
Q_vsnprintfRet
Q_wcscat
Q_wcsncpy
Q_wcsnicmp
Q_wcstoi64
Q_wcstostr
Q_wcstoui64
RandomFloat
RandomGaussianFloat
RandomInt
RandomSeed
StringAfterPrefix
StringAfterPrefixCaseSensitive
VStdLib_GetICVarFactory
V_FixDoubleSlashes
V_FixupPathName
V_GetCurrentDirectory
V_MakeRelativePath
V_SetCurrentDirectory
_Q_atoi64
_Q_memcmp
_Q_memcpy
_Q_memmove
_Q_memset
_Q_strcmp
_Q_strcspn
_Q_stricmp
_Q_strlen
_Q_strlower
_Q_strpbrk
_Q_strrchr
_Q_strstr
_Q_strupr
_Q_wcscmp
_Q_wcslen
_Q_wcslower
_Q_wcsupr
_Q_wtoi
_Q_wtoi64
isbreakablewspace

Sections

.text
Size: 332KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bfa8523e03c08900983e2a1ab4a524d6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

68:69:75:35:e3:81:fe:1f:91:c1:15:35:28:14:6a:27Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

36:65:13:c8:d1:61:41:07:21:d6:46:65:34:3c:e4:df:c5:89:05:47Signer

Headers

File Characteristics

PDB Paths

Imports

shlwapi

ws2_32

kernel32

advapi32

Exports

Exports

Sections

.text Size: 864KB - Virtual size: 861KB

.rdata Size: 240KB - Virtual size: 239KB

.data Size: 52KB - Virtual size: 59KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 92KB - Virtual size: 91KB

d5515f0138e8849753644e28f124bede

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

68:69:75:35:e3:81:fe:1f:91:c1:15:35:28:14:6a:27Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

97:4a:84:3d:e3:b1:fe:07:4f:0a:35:53:9f:d6:fc:06:84:b4:15:21Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 616B

.reloc Size: 4KB - Virtual size: 3KB

869715df926e51eb88892a0d01b06219

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

gdi32

kernel32

winmm

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

BINK Size: 88KB - Virtual size: 87KB

BINKY12 Size: 512B - Virtual size: 432B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

68:69:75:35:e3:81:fe:1f:91:c1:15:35:28:14:6a:27
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

36:65:13:c8:d1:61:41:07:21:d6:46:65:34:3c:e4:df:c5:89:05:47
Signer

.text
Size: 864KB - Virtual size: 861KB

.rdata
Size: 240KB - Virtual size: 239KB

.data
Size: 52KB - Virtual size: 59KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 92KB - Virtual size: 91KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

68:69:75:35:e3:81:fe:1f:91:c1:15:35:28:14:6a:27
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

97:4a:84:3d:e3:b1:fe:07:4f:0a:35:53:9f:d6:fc:06:84:b4:15:21
Signer

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 616B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 4KB - Virtual size: 4KB

BINK
Size: 88KB - Virtual size: 87KB

BINKY12
Size: 512B - Virtual size: 432B

BINKY16
Size: 2KB - Virtual size: 2KB

BINKP8
Size: 2KB - Virtual size: 2KB

BINK16
Size: 4KB - Virtual size: 4KB

BINK32
Size: 5KB - Virtual size: 4KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 4KB

BINKBSS
Size: 20KB - Virtual size: 19KB

BINKDATA
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 66KB - Virtual size: 65KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 47KB

.CRT
Size: 512B - Virtual size: 16B

.rsrc
Size: 16KB - Virtual size: 15KB

.text
Size: - Virtual size: 3.6MB

.rdata
Size: - Virtual size: 757KB

.data
Size: - Virtual size: 30.9MB

.tls
Size: 512B - Virtual size: 33B

.version
Size: - Virtual size: 4B

.rsrc
Size: 93KB - Virtual size: 93KB

3DM0
Size: - Virtual size: 20KB

3DM1
Size: 2.3MB - Virtual size: 2.3MB