7e4d8a9180f1ea4d696ac92189de59f4

Sharing

Copy URL Twitter E-mail

General

Target

7e4d8a9180f1ea4d696ac92189de59f4
Size

1.3MB
MD5

7e4d8a9180f1ea4d696ac92189de59f4
SHA1

cc1d33865936e9f70c0316ad6fc450776958f8d4
SHA256

f08c812f1046b2437423d4399eab2566e9bfaa4bb24f007fcd306a55525993e6
SHA512

9803d4d084e2d0e83379b1907c2fff32e97853e80ad10ddbf7aef5d92a47aed2e39bb3b6a758832f5941fc1a9758b835fc63f07fa90a73782d965a4638c6b200
SSDEEP

24576:AmJ1zx4I5N06Lc9sDgzeVSwggNTV+s5pV6X68bZNgqo/1pD:AYh5NPS0gCHgWV+shs68wqe

Score

3^/10

Malware Config

Signatures

Unsigned PE 27 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/MoreInfo.dll
unpack001/$PLUGINSDIR/NSISdl.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UAC.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/Plugins/AdvancedCPU.dll
unpack001/Plugins/CoreTemp.dll
unpack001/Plugins/FolderInfo.dll
unpack001/Plugins/InputText.dll
unpack001/Plugins/MediaKey.dll
unpack001/Plugins/NowPlaying.dll
unpack001/Plugins/PerfMon.dll
unpack001/Plugins/PingPlugin.dll
unpack001/Plugins/PowerPlugin.dll
unpack001/Plugins/Process.dll
unpack001/Plugins/QuotePlugin.dll
unpack001/Plugins/RecycleManager.dll
unpack001/Plugins/ResMon.dll
unpack001/Plugins/SpeedFanPlugin.dll
unpack001/Plugins/SysInfo.dll
unpack001/Plugins/VirtualDesktops.dll
unpack001/Plugins/WebParser.dll
unpack001/Plugins/WifiStatus.dll
unpack001/Plugins/Win7AudioPlugin.dll
unpack001/Plugins/WindowMessagePlugin.dll
unpack001/Plugins/iTunesPlugin.dll

Files

7e4d8a9180f1ea4d696ac92189de59f4
.exe windows:5 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

04:7a:55
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03/03/2009, 12:58

Not After

03/03/2024, 12:58

Subject

CN=Certum Time-Stamping Authority,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

04:7a:53
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03/03/2009, 12:53

Not After

03/03/2024, 12:53

Subject

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:94:69:b4:26:77:7d:b5:18:2f:82:8b:72:6b:80:62
Certificate

Issuer

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

15/12/2011, 12:12

Not After

14/12/2012, 12:12

Subject

CN=Rainmeter (Open Source Software),O=Rainmeter (Open Source Software),C=FI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fd:15:90:5b:02:be:6f:ba:48:0d:db:dd:10:1b:92:d9:aa:19:be:39
Signer

Actual PE Digest

fd:15:90:5b:02:be:6f:ba:48:0d:db:dd:10:1b:92:d9:aa:19:be:39

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:5 windows x86 arch:x86

e981c0ab92cb1f191bb5e23392e14796

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrlenW
GlobalAlloc
lstrcmpW
GetModuleHandleW
MulDiv
lstrcpyW
lstrcpynW

user32

SetWindowTextW
SetDlgItemTextW
EndDialog
SendDlgItemMessageW
DialogBoxParamW
LoadIconW
SendMessageW
ShowWindow
GetDC

gdi32

CreateFontIndirectW
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 729B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 350B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/MoreInfo.dll
.dll windows:4 windows x86 arch:x86

149adf074d317fbf0d2f17314bd18969

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

t:\untgz\MoreInfo\SRC\Release\MoreInfo.pdb

Imports

user32

wsprintfW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

lstrlenW
lstrcpyW
lstrcpynW
lstrcatW
GlobalAlloc
GetSystemDirectoryW
GlobalFree

Exports

Exports

GetComments
GetCompanyName
GetFileDescription
GetFileVersion
GetInternalName
GetLegalCopyright
GetLegalTrademarks
GetOSUserinterfaceLanguage
GetOriginalFilename
GetPrivateBuild
GetProductName
GetProductVersion
GetSpecialBuild
GetUserDefined

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:5 windows x86 arch:x86

cbc66eb3222e3fcdbee2e18ba7195f5e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
lstrlenA
lstrcpynA
lstrcatA
GlobalAlloc
GlobalFree
MulDiv
GetTickCount
DeleteFileA
Sleep
lstrcpyA
CreateFileA
lstrcpyW
lstrcpynW
WideCharToMultiByte
MultiByteToWideChar
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
CreateThread
WaitForSingleObject
WriteFile
CloseHandle
IsDebuggerPresent

user32

IsWindowVisible
GetFocus
GetDlgItem
ShowWindow
SetWindowTextA
SetDlgItemTextA
CharPrevA
SetWindowLongW
RegisterWindowMessageW
GetClientRect
GetWindowRect
CreateWindowExW
GetWindowLongW
wsprintfA
CallWindowProcW
DestroyWindow
EnableWindow
FindWindowExW
SendMessageW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

ws2_32

WSAGetLastError
send
closesocket
shutdown
ioctlsocket
htons
socket
WSACleanup
WSAStartup
recv
__WSAFDIsSet
connect
inet_addr
gethostbyname
select

Exports

Exports

download
download_quiet

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:4 windows x86 arch:x86

1fe003b76229a0ffee4a9219893de38e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExW
lstrcmpiW
GetCurrentThreadId
GetProcAddress
GetCommandLineW
UnmapViewOfFile
WaitForSingleObject
GetCurrentProcessId
SetEvent
SetLastError
SetCurrentDirectoryW
MapViewOfFile
Sleep
OpenProcess
GetExitCodeProcess
GetExitCodeThread
CreateThread
CreateFileMappingW
CreateEventW
lstrlenW
GlobalAlloc
CreateProcessW
GetLastError
FormatMessageW
LocalFree
GlobalFree
CloseHandle
GetModuleFileNameW
lstrcatW
GetPrivateProfileIntW
GetPrivateProfileStringW
DuplicateHandle
LoadLibraryA

user32

SetWindowsHookExW
DispatchMessageW
TranslateMessage
IsDialogMessageW
PeekMessageW
MsgWaitForMultipleObjects
DefWindowProcW
PostMessageW
SetForegroundWindow
CreateWindowExW
GetWindowThreadProcessId
CallWindowProcW
SetWindowPos
GetWindowRect
UnhookWindowsHookEx
GetClassNameW
CallNextHookEx
CharNextW
DialogBoxParamW
MessageBoxW
EndDialog
SetWindowLongW
LoadImageW
GetWindowLongW
EnableWindow
ShowWindow
wsprintfW
LoadStringW
GetDlgItem
SendMessageW
DestroyWindow

advapi32

GetUserNameW
OpenSCManagerW
GetTokenInformation
OpenProcessToken
FreeSid
CloseServiceHandle
EqualSid
AllocateAndInitializeSid
OpenThreadToken
AdjustTokenPrivileges
LookupPrivilegeValueW
QueryServiceStatus
OpenServiceW

shell32

ShellExecuteExW

ole32

CoInitialize

Exports

Exports

_

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 894B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Default.ini
Plugins/AdvancedCPU.dll
.dll windows:5 windows x86 arch:x86

983ee21d50e110a1038a24ccb08319f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rainmeter

ReadConfigString

kernel32

lstrcpyW
IsBadStringPtrW
DisableThreadLibraryCalls
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
GetCurrentThreadId
lstrlenW
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
GetCurrentProcessId

user32

wsprintfW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

msvcr100

??2@YAPAXI@Z
memmove
_wcsdup
_unlock
_CxxThrowException
_lock
_onexit
_malloc_crt
_encoded_null
_initterm
_initterm_e
wcstok
__CppXcptFilter
_crt_debugger_hook
_except_handler4_common
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
_wcsicmp
??3@YAXPAX@Z
wcsncpy
_amsg_exit
_wtoi
memset
memcpy
__CxxFrameHandler3
free
__dllonexit

Exports

Exports

Finalize
GetPluginAuthor
GetPluginVersion
GetString
Initialize
Update2

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/CoreTemp.dll
.dll windows:5 windows x86 arch:x86

094673f015b5021bd47a348c6214edc3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rainmeter

LSLog
RmReadString

kernel32

GetCurrentThreadId
GetSystemTimeAsFileTime
GetCurrentProcessId
DisableThreadLibraryCalls
CreateMutexW
MapViewOfFile
UnmapViewOfFile
WaitForSingleObject
SetLastError
OpenFileMappingW
ReleaseMutex
CloseHandle
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
GetTickCount
EncodePointer

msvcr100

memset
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
_malloc_crt
_lock
__dllonexit
_unlock
memcpy_s
??2@YAPAXI@Z
_vsnwprintf_s
_wtoi
_wcsicmp
??3@YAXPAX@Z
_onexit
free

Exports

Exports

Finalize
GetString
Initialize
Reload
Update

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 646B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/FolderInfo.dll
.dll windows:5 windows x86 arch:x86

66157e7135e30a21f3025be233fc4c81

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rainmeter

ord5
ReadConfigString
ord4
ord6

kernel32

IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
FindFirstFileW
GetTickCount
WideCharToMultiByte
FindClose
FindNextFileW
DisableThreadLibraryCalls
GetCurrentThreadId
QueryPerformanceCounter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
SetUnhandledExceptionFilter

user32

wsprintfW

msvcr100

??3@YAXPAX@Z
wcsncmp
??2@YAPAXI@Z
_wcsicmp
memmove
__dllonexit
_lock
_onexit
__CxxFrameHandler3
??_V@YAXPAX@Z
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
wcsrchr
_encoded_null
??_U@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
free
memcpy
_CxxThrowException
_unlock
_malloc_crt

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

Exports

Exports

Finalize
GetPluginAuthor
GetPluginVersion
Initialize
Update2

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/InputText.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Exports

Exports

ExecuteBang
Finalize
GetPluginAuthor
GetPluginVersion
GetString
Initialize
Update
Update2

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 257B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/MediaKey.dll
.dll windows:5 windows x86 arch:x86

b8ab2104d2c0f3e53e53f065045b74e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rainmeter

LSLog

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
DisableThreadLibraryCalls
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
IsDebuggerPresent

user32

GetMessageExtraInfo
SendInput

msvcr100

__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_crt_debugger_hook
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
_wcsicmp

Exports

Exports

ExecuteBang

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/NowPlaying.dll
.dll windows:5 windows x86 arch:x86

94be3dbf0cc5e56345681112bba58f68

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rainmeter

RmReadString
RmExecute
LSLog
RmGet

psapi

GetModuleFileNameExW

wininet

InternetOpenUrlW
InternetReadFile
InternetCloseHandle
InternetOpenW

kernel32

GetProcAddress
DisableThreadLibraryCalls
DeleteCriticalSection
GetTempFileNameW
TerminateThread
GetTempPathW
CloseHandle
DeleteFileW
MapViewOfFile
UnmapViewOfFile
GetTickCount
OpenFileMappingW
RaiseException
GetPrivateProfileStringW
OpenProcess
LoadLibraryW
WritePrivateProfileStringW
TerminateProcess
ReadProcessMemory
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
GetLastError
DecodePointer
EncodePointer
MultiByteToWideChar
InterlockedExchange
Sleep
InterlockedCompareExchange
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeLibrary
IsProcessorFeaturePresent

user32

GetWindowThreadProcessId
FindWindowW
IsWindow
SendMessageW
DefWindowProcW
SetTimer
CreateWindowExW
RegisterClassW
SendInput
KillTimer
MessageBoxW
DestroyWindow
PostMessageW
GetWindowTextW
UnregisterClassW
ShowWindow
BringWindowToTop
GetMessageExtraInfo

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

ShellExecuteW

ole32

CoCreateInstance

oleaut32

SysAllocStringLen
SysAllocString
SysFreeString

msvcp100

?_Xoverflow_error@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

msvcr100

fopen
_initterm_e
_initterm
_encoded_null
_malloc_crt
_onexit
_lock
__RTDynamicCast
__CxxFrameHandler3
_CxxThrowException
memcpy
memset
_fileno
_wcsnicmp
__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
__CppXcptFilter
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
memmove
_wfopen
_waccess
??3@YAXPAX@Z
fwrite
fclose
??2@YAPAXI@Z
wcschr
_errno
wcstol
??_V@YAXPAX@Z
_vsnwprintf_s
_wcsicmp
_wtoi
free
_snwprintf_s
_itow_s
wcsncmp
_beginthreadex
_purecall
wcstok
mbstowcs
ceil
div
_chsize
__dllonexit
fread
ftell
fseek
clearerr
_unlock
_amsg_exit

atl100

ord47
ord48
ord42
ord30
ord64
ord61
ord23
ord32

Exports

Exports

ExecuteBang
Finalize
GetString
Initialize
Reload
Update

Sections

.text
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/PerfMon.dll
.dll windows:5 windows x86 arch:x86

daf46f98a0505d97a25cd94dd08e6062

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rainmeter

ReadConfigString

kernel32

DisableThreadLibraryCalls
IsBadStringPtrW
GetTickCount
QueryPerformanceCounter
lstrcpyW
GetCurrentThreadId
lstrlenW
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
GetCurrentProcessId

user32

wsprintfW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

msvcr100

_onexit
_wtoi
_encoded_null
_CxxThrowException
_initterm_e
_amsg_exit
_lock
_crt_debugger_hook
_except_handler4_common
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_unlock
__dllonexit
__CppXcptFilter
memmove
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
_wcsicmp
_wcsdup
free
??2@YAPAXI@Z
??3@YAXPAX@Z
memset
memcpy
__CxxFrameHandler3
_malloc_crt
_initterm

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

Exports

Exports

Finalize
GetPluginAuthor
GetPluginVersion
Initialize
Update2

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/PingPlugin.dll
.dll windows:5 windows x86 arch:x86

675587fa91e2f491121ad782d75374cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rainmeter

LSLog
RmReadString

ws2_32

gethostbyname
WSACleanup
inet_addr
WSAStartup

iphlpapi

IcmpCloseHandle
IcmpCreateFile
IcmpSendEcho

kernel32

GetTickCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThreadId
GetCurrentProcessId
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSection
WideCharToMultiByte
TerminateThread
LeaveCriticalSection
EnterCriticalSection
DisableThreadLibraryCalls
DeleteCriticalSection
CloseHandle
CreateThread
TerminateProcess
InterlockedCompareExchange
GetCurrentProcess
Sleep
InterlockedExchange
DecodePointer
EncodePointer

msvcr100

_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_encoded_null
free
_malloc_crt
??2@YAPAXI@Z
??3@YAXPAX@Z
_wtoi
wcstod

Exports

Exports

Finalize
Initialize
Reload
Update

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/PowerPlugin.dll
.dll windows:5 windows x86 arch:x86

c65541f08588863430e34a385d3eb1e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rainmeter

RmReadString

kernel32

GetCurrentProcessId
GetSystemTimeAsFileTime
GetSystemPowerStatus
DisableThreadLibraryCalls
GetSystemInfo
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
DecodePointer
EncodePointer
RaiseException
LoadLibraryA
GetLastError
InterlockedExchange
FreeLibrary
GetProcAddress
LocalAlloc
GetCurrentThreadId

msvcr100

memset
_lock
_onexit
_except_handler4_common
__clean_type_info_names_internal
_crt_debugger_hook
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
??2@YAPAXI@Z
_wcsdup
_set_invalid_parameter_handler
??3@YAXPAX@Z
wcsftime
??_V@YAXPAX@Z
_errno
free
??_U@YAPAXI@Z
_wcsicmp
_unlock
__dllonexit

Exports

Exports

Finalize
GetString
Initialize
Reload
Update

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/Process.dll
.dll windows:5 windows x86 arch:x86

79ca6ab976a441b7dd23ebe1d41db7e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

psapi

EnumProcesses
GetModuleBaseNameW

rainmeter

RmReadString

kernel32

QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
OpenProcess
DisableThreadLibraryCalls
CloseHandle
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
IsDebuggerPresent

msvcp100

?_Xlength_error@std@@YAXPBD@Z

msvcr100

??2@YAPAXI@Z
_unlock
free
_lock
_onexit
_CxxThrowException
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_wcsdup
_except_handler4_common
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
memmove
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
_wcsicmp
??3@YAXPAX@Z
_crt_debugger_hook
??_V@YAXPAX@Z
__dllonexit
_malloc_crt

Exports

Exports

Finalize
Initialize
Reload
Update

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/QuotePlugin.dll
.dll windows:5 windows x86 arch:x86

67fab36b7ca8eb680db02a52c4418e07

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rainmeter

RmReadString
RmPathToAbsolute

shlwapi

PathIsDirectoryW
PathMatchSpecW

kernel32

GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
FindFirstFileW
WideCharToMultiByte
MultiByteToWideChar
DisableThreadLibraryCalls
FindNextFileW
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
GetTickCount

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

msvcr100

wcsstr
fread
rand
srand
??3@YAXPAX@Z
ftell
fseek
??0exception@std@@QAE@ABV01@@Z
_time64
??2@YAPAXI@Z
__CxxFrameHandler3
free
_encoded_null
_initterm
_initterm_e
_wfopen
__CppXcptFilter
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
feof
strstr
_wtoi
_amsg_exit
memmove
memset
memcpy
_CxxThrowException
fclose
_malloc_crt

Exports

Exports

Finalize
GetString
Initialize
Reload
Update

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/Rainmeter.dll
.dll windows:5 windows x64 arch:x64

80d8fa30cb63b48f116223cd93e2f6fc

Code Sign

04:7a:55
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03/03/2009, 12:58

Not After

03/03/2024, 12:58

Subject

CN=Certum Time-Stamping Authority,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

04:7a:53
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03/03/2009, 12:53

Not After

03/03/2024, 12:53

Subject

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:94:69:b4:26:77:7d:b5:18:2f:82:8b:72:6b:80:62
Certificate

Issuer

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

15/12/2011, 12:12

Not After

14/12/2012, 12:12

Subject

CN=Rainmeter (Open Source Software),O=Rainmeter (Open Source Software),C=FI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

59:c1:d4:4e:27:8f:6a:d7:06:1b:e5:47:42:c3:3f:0e:df:1b:fd:94
Signer

Actual PE Digest

59:c1:d4:4e:27:8f:6a:d7:06:1b:e5:47:42:c3:3f:0e:df:1b:fd:94

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

comctl32

ImageList_ReplaceIcon
ord17
ImageList_Create

wininet

InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCloseHandle

uxtheme

SetWindowTheme
EnableThemeDialogTexture

gdiplus

GdipRotateMatrix
GdipTranslateMatrix
GdipCreateMatrix
GdipSetImageAttributesColorMatrix
GdipGetImageRawFormat
GdipCreateBitmapFromStream
GdipSaveImageToFile
GdipCreateBitmapFromFile
GdiplusShutdown
GdiplusStartup
GdipDrawImageI
GdipCreateFromHDC
GdipSetWorldTransform
GdipIsMatrixIdentity
GdipGraphicsClear
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromHBITMAP
GdipPrivateAddFontFile
GdipNewPrivateFontCollection
GdipDeletePrivateFontCollection
GdipGetFamilyName
GdipGetFontCollectionFamilyList
GdipCloneFontFamily
GdipGetFontCollectionFamilyCount
GdipNewInstalledFontCollection
GdipDrawString
GdipMeasureString
GdipSetStringFormatMeasurableCharacterRanges
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipSetStringFormatAlign
GdipSetTextRenderingHint
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteFont
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipCreateFontFamilyFromName
ord1
GdipImageRotateFlip
GdipDrawImageRectI
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipDrawPath
GdipSetPenLineJoin
GdipAddPathLine
GdipDrawLine
GdipSetImageAttributesWrapMode
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipFillPath
GdipResetClip
GdipSetClipPath
GdipAddPathRectangleI
GdipDeletePath
GdipCreatePath
GdipBitmapGetPixel
GdipDrawCachedBitmap
GdipCreateCachedBitmap
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromScan0
GdipDeleteCachedBitmap
GdipDrawImageRectRectI
GdipGetImageHeight
GdipGetImageWidth
GdipDrawLineI
GdipDeletePen
GdipCreatePen1
GdipCreateLineBrushFromRectWithAngleI
GdipFillRectangleI
GdipDeleteBrush
GdipCreateSolidFill
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetCompositingQuality
GdipSetInterpolationMode
GdipCreateMatrix2
GdipAlloc
GdipSetMatrixElements
GdipFree
GdipDeleteMatrix
GdipDrawImageRectRect
GdipFillPolygonI
GdipCreateHICONFromBitmap
GdipResetWorldTransform

iphlpapi

GetNumberOfInterfaces
GetIfTable

shlwapi

AssocQueryStringW
PathCanonicalizeW

kernel32

RaiseException
LocalAlloc
GetCurrentProcessId
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleFileNameA
LoadLibraryA
FormatMessageA
GetFileTime
GetFileSize
ReadFile
GetTempFileNameW
GetTempPathW
DeleteFileW
SetFileAttributesW
SetCurrentDirectoryW
LoadLibraryW
GetTickCount
GetVersionExW
GetCurrentDirectoryW
ExpandEnvironmentStringsW
GetCurrentThreadId
FindFirstFileExW
GetPrivateProfileIntW
GetModuleFileNameW
DisableThreadLibraryCalls
GetLastError
Sleep
GetTimeZoneInformation
SystemTimeToFileTime
GetSystemTime
EncodePointer
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
GetSystemTimeAsFileTime
SetDllDirectoryW
WritePrivateProfileSectionW
GlobalMemoryStatusEx
GetVolumeInformationW
GetDiskFreeSpaceExW
SetLastError
GetCurrentProcess
GetDriveTypeW
GetSystemTimes
GetSystemInfo
LocalFree
FormatMessageW
LeaveCriticalSection
EnterCriticalSection
TryEnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesW
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryExW
GetLocaleInfoW
CloseHandle
CreateFileW
CreateDirectoryW
WritePrivateProfileStringW
GetPrivateProfileStringW
FindClose
DecodePointer
GetLocalTime
TerminateProcess
FindNextFileW
FreeLibrary
GetProcAddress
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
GetModuleHandleW
FindFirstFileW
SetErrorMode

user32

IsWindow
GetClassNameW
GetShellWindow
EnumDisplayMonitors
EnumWindows
EnumDisplayDevicesW
UnhookWinEvent
SetWinEventHook
RegisterClassW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
RegisterWindowMessageW
CopyIcon
PostQuitMessage
EnumDisplaySettingsW
SystemParametersInfoW
GetMenuItemID
GetMenuState
GetMenuItemCount
ModifyMenuW
RemoveMenu
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
HiliteMenuItem
GetMenuStringW
DeleteMenu
CheckMenuItem
SendMessageTimeoutW
GetWindowLongPtrW
GetDesktopWindow
DefWindowProcW
GetParent
LoadCursorW
SetCursor
FindWindowExW
GetAncestor
MapWindowPoints
IsWindowVisible
WindowFromPoint
EndPaint
BeginPaint
UpdateLayeredWindow
InvalidateRect
SetWindowRgn
MonitorFromRect
GetWindow
GetMonitorInfoW
MonitorFromPoint
TrackMouseEvent
SetTimer
RegisterClassExW
UnregisterClassW
KillTimer
ReleaseDC
GetDC
GetKeyState
DestroyIcon
LoadIconW
CreateWindowExW
LoadStringW
SetRect
EnableMenuItem
SetMenuItemInfoW
SetMenuDefaultItem
ScreenToClient
GetCursorPos
GetSubMenu
LoadMenuW
DestroyMenu
TrackPopupMenu
GetWindowRect
InsertMenuW
CreatePopupMenu
ShowScrollBar
EnableWindow
SetWindowTextW
GetWindowTextW
SetWindowPlacement
LoadImageW
GetWindowPlacement
PostMessageW
GetClientRect
SetWindowPos
GetDlgItem
SetForegroundWindow
ShowWindow
IsZoomed
BringWindowToTop
DestroyWindow
CreateDialogParamW
SendMessageW
EnumChildWindows
GetWindowLongW
SetWindowLongW
MessageBoxW
GetSystemMetrics
SetWindowLongPtrW

gdi32

DeleteDC
GetDeviceCaps
ExtCreateRegion
CreateRoundRectRgn
CreateEllipticRgn
CombineRgn
CreateCompatibleBitmap
BitBlt
SelectObject
CreateFontIndirectW
DeleteObject
CreateCompatibleDC
GetObjectW
CreateRectRgn
CreateDIBSection

advapi32

RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey

shell32

ShellExecuteExW
Shell_NotifyIconW
SHFileOperationW
SHGetFolderPathW
ShellExecuteW

ole32

CoUninitialize
CreateStreamOnHGlobal
CoInitializeEx

msvcp100

?_Xout_of_range@std@@YAXPEBD@Z
?_Orphan_all@_Container_base0@std@@QEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z

msvcr100

atoi
_beginthread
_snprintf_s
strtod
strncat
feof
strerror
ungetc
strstr
__iob_func
fopen
fread
fprintf
ferror
freopen
realloc
getc
fputs
strtoul
fgets
longjmp
exit
fscanf
tmpfile
_pclose
fflush
_popen
setvbuf
fwrite
ftell
fseek
clearerr
localeconv
ldexp
frexp
_HUGE
strrchr
getenv
sprintf
strncpy
strcspn
rename
_mktime64
_gmtime64
tmpnam
system
remove
clock
strftime
_difftime64
strpbrk
strcoll
__C_specific_handler
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_malloc_crt
_initterm
iscntrl
isupper
isdigit
isalpha
tolower
ispunct
wcsnlen
strchr
isspace
malloc
strncmp
_wtof
setlocale
towlower
_wcsupr
_localtime64
wcsftime
_tzset
rand
_time64
srand
_purecall
wcsncat_s
wcsncpy_s
_vsnprintf_s
memchr
modf
_wcsnicmp
iswdigit
iswalpha
acos
asin
ceil
floor
sqrt
log10
log
exp
fabs
tan
sin
cos
atan
_snwprintf_s
_set_invalid_parameter_handler
fputws
fclose
_wfopen
_ultow
towupper
_vsnwprintf_s
_itow_s
_wcsicmp
??_V@YAXPEAX@Z
_waccess
swscanf
iswspace
wcsncmp
free
_wtoi
wcstok
_wcsdup
wcschr
wcstoul
wcstol
wcstod
_errno
sinh
_wcslwr
memmove
??2@YAPEAX_K@Z
??0exception@std@@QEAA@AEBQEBD@Z
??1exception@std@@UEAA@XZ
?what@exception@std@@UEBAPEBDXZ
??0exception@std@@QEAA@AEBV01@@Z
??3@YAXPEAX@Z
_wasctime
wcsrchr
isxdigit
islower
isalnum
_initterm_e
_encoded_null
_amsg_exit
__CppXcptFilter
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__clean_type_info_names_internal
memcmp
memset
_setjmp
cosf
sinf
pow
fmod
memcpy
_CxxThrowException
__CxxFrameHandler3
__RTDynamicCast
atan2
tanh
cosh
toupper

Exports

Exports

LSLog
PluginBridge
ReadConfigString
RmExecute
RmGet
RmPathToAbsolute
RmReadFormula
RmReadString

Sections

.text
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/Rainmeter.exe
.exe windows:5 windows x64 arch:x64

06ddb85cb738d6d25d4e5ac3aef6674f

Code Sign

04:7a:55
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03/03/2009, 12:58

Not After

03/03/2024, 12:58

Subject

CN=Certum Time-Stamping Authority,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

04:7a:53
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03/03/2009, 12:53

Not After

03/03/2024, 12:53

Subject

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:94:69:b4:26:77:7d:b5:18:2f:82:8b:72:6b:80:62
Certificate

Issuer

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

15/12/2011, 12:12

Not After

14/12/2012, 12:12

Subject

CN=Rainmeter (Open Source Software),O=Rainmeter (Open Source Software),C=FI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

80:e0:5e:5f:28:c9:e6:4d:fa:76:8b:7c:40:52:46:d7:16:88:59:ff
Signer

Actual PE Digest

80:e0:5e:5f:28:c9:e6:4d:fa:76:8b:7c:40:52:46:d7:16:88:59:ff

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

rainmeter

ord2
ord1
ord3

kernel32

DecodePointer
EncodePointer
GetStartupInfoW
Sleep
GetCommandLineW
CreateMutexW
FreeLibrary
SetDllDirectoryW
GetModuleHandleW
GetSystemDirectoryW
LoadLibraryW
GetLastError
GetProcAddress
ReleaseMutex
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter

user32

FindWindowW
TranslateMessage
CreateWindowExW
PostQuitMessage
RegisterClassW
SendMessageW
DefWindowProcW
DispatchMessageW
GetMessageW
DestroyWindow
MessageBoxW

msvcp100

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

msvcr100

?what@exception@std@@UEBAPEBDXZ
towlower
_wcsicmp
??0exception@std@@QEAA@AEBQEBD@Z
??0exception@std@@QEAA@AEBV01@@Z
memmove
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
_amsg_exit
__wgetmainargs
memset
_XcptFilter
_exit
_cexit
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
memcpy
_CxxThrowException
__CxxFrameHandler3
??1exception@std@@UEAA@XZ
__C_specific_handler

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/RecycleManager.dll
.dll windows:5 windows x86 arch:x86

785725e99e270eac148771de63abe202

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rainmeter

RmReadString
LSLog
RmGet

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
DisableThreadLibraryCalls
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
GetCurrentProcess

shell32

SHEmptyRecycleBinW
SHQueryRecycleBinW
ShellExecuteW

msvcr100

_malloc_crt
_encoded_null
??2@YAPAXI@Z
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_wcsdup
wcstok
_vsnwprintf_s
??3@YAXPAX@Z
free
_wcsicmp
_initterm

Exports

Exports

ExecuteBang
Finalize
Initialize
Reload
Update

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/ResMon.dll
.dll windows:5 windows x86 arch:x86

de66e9c613e6536ad518e0fff166289f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rainmeter

RmGet
LSLog
RmReadString

psapi

GetModuleBaseNameW
EnumProcessModules
EnumProcesses

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
OpenProcess
GetProcessHandleCount
DisableThreadLibraryCalls
CloseHandle
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
Sleep

user32

GetGuiResources
EnumChildWindows

msvcr100

_vsnwprintf_s
??2@YAPAXI@Z
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
??3@YAXPAX@Z
free
_wcsicmp
_wcsdup

Exports

Exports

Finalize
Initialize
Reload
Update

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/SkinInstaller.exe
.exe windows:5 windows x64 arch:x64

8cd427e63405a221e24563ce97803cd5

Code Sign

04:7a:55
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03/03/2009, 12:58

Not After

03/03/2024, 12:58

Subject

CN=Certum Time-Stamping Authority,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

04:7a:53
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03/03/2009, 12:53

Not After

03/03/2024, 12:53

Subject

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:94:69:b4:26:77:7d:b5:18:2f:82:8b:72:6b:80:62
Certificate

Issuer

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

15/12/2011, 12:12

Not After

14/12/2012, 12:12

Subject

CN=Rainmeter (Open Source Software),O=Rainmeter (Open Source Software),C=FI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:8a:bc:f8:36:36:77:c0:ed:fc:d9:07:b1:85:a5:58:f4:3d:33:75
Signer

Actual PE Digest

52:8a:bc:f8:36:36:77:c0:ed:fc:d9:07:b1:85:a5:58:f4:3d:33:75

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

uxtheme

EnableThemeDialogTexture

kernel32

GetTempFileNameW
FindFirstFileExW
GetModuleHandleW
GetTempPathW
FindFirstFileA
FindClose
GetLocalTime
FindNextFileW
FileTimeToLocalFileTime
DeleteFileW
MapViewOfFile
UnmapViewOfFile
FreeLibrary
GetCurrentProcess
WriteFile
GlobalAlloc
LoadLibraryW
Sleep
CreateFileW
FileTimeToDosDateTime
GlobalFree
CreateFileMappingW
GetExitCodeThread
SetCurrentDirectoryW
OpenFileMappingW
GetPrivateProfileSectionW
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
DecodePointer
EncodePointer
GetStartupInfoW
CloseHandle
ReleaseMutex
GetLastError
WritePrivateProfileStringW
MultiByteToWideChar
GetModuleFileNameW
GetExitCodeProcess
GetVersionExW
WideCharToMultiByte
OpenProcess
GetPrivateProfileStringW
WaitForSingleObject
CreateDirectoryW
SetDllDirectoryW
CreateMutexW
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress

user32

GetSystemMenu
SetTimer
GetWindowRect
KillTimer
LoadIconW
SetWindowPos
GetMenuItemCount
RemoveMenu
CreateWindowExW
SetDlgItemTextW
LoadImageW
DialogBoxParamW
GetDlgItem
EndDialog
ShowWindow
FlashWindow
EnableWindow
SetWindowTextW
PostMessageW
SetForegroundWindow
FindWindowW
MessageBoxW
GetWindowThreadProcessId
DestroyWindow
BringWindowToTop
SystemParametersInfoW
EnumChildWindows
CreateDialogParamW
SendMessageW

gdi32

AddFontResourceW
CreateFontIndirectW
RemoveFontResourceW
DeleteObject

comdlg32

GetOpenFileNameW

advapi32

RegEnumKeyW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
FreeSid
AllocateAndInitializeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExW
OpenProcessToken
CreateProcessWithLogonW
GetTokenInformation
EqualSid
CheckTokenMembership

shell32

SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFolderPathW
ShellExecuteExW
SHFileOperationW

msvcp100

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

msvcr100

_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
__CxxFrameHandler3
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_initterm
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
memset
memcpy
_CxxThrowException
_XcptFilter
__C_specific_handler
__wgetmainargs
_amsg_exit
malloc
free
_wcmdln
exit
_cexit
__crt_debugger_hook
_exit
??3@YAXPEAX@Z
?what@exception@std@@UEBAPEBDXZ
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@AEBQEBD@Z
??0exception@std@@QEAA@AEBV01@@Z
memmove
_wcsnicmp
wcsrchr
_waccess
??2@YAPEAX_K@Z
feof
_beginthreadex
fopen
fread
_vsnwprintf_s
fclose
wcschr
_wcsicmp
_wtoi
wcsstr
??_V@YAXPEAX@Z
_ftelli64
_fseeki64
ferror
fwrite

Sections

.text
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 594B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/SpeedFanPlugin.dll
.dll windows:5 windows x86 arch:x86

fefa6bddee7e60c107d3530feb25efac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rainmeter

LSLog
RmReadString
RmGet

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
MapViewOfFile
UnmapViewOfFile
DisableThreadLibraryCalls
OpenFileMappingW
CloseHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
QueryPerformanceCounter

msvcr100

__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
??2@YAPAXI@Z
_vsnwprintf_s
??3@YAXPAX@Z
_wtoi
_wcsicmp
_amsg_exit

Exports

Exports

Finalize
Initialize
Reload
Update

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/SysInfo.dll
.dll windows:5 windows x86 arch:x86

9354a0392a900f08139facd7229b7e86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rainmeter

LSLog
ReadConfigString

rasapi32

RasEnumConnectionsW
RasGetConnectStatusW

iphlpapi

GetIpAddrTable
GetNetworkParams
GetAdaptersInfo

kernel32

GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
GetNativeSystemInfo
InterlockedCompareExchange
GetVersionExW
MultiByteToWideChar
DisableThreadLibraryCalls
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetComputerNameW
GetCurrentProcess
InterlockedExchange
DecodePointer
EncodePointer
TerminateProcess

user32

GetSystemMetrics
wsprintfW
EnumDisplayMonitors
GetMonitorInfoW

advapi32

GetUserNameW

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

msvcr100

??0exception@std@@QAE@ABV01@@Z
memmove
_wtoi
free
malloc
__CxxFrameHandler3
??2@YAPAXI@Z
_unlock
__dllonexit
_lock
_onexit
_wcsicmp
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
_except_handler4_common
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
??1exception@std@@UAE@XZ
_malloc_crt
?what@exception@std@@UBEPBDXZ
memcpy
_CxxThrowException
??0exception@std@@QAE@ABQBD@Z
??3@YAXPAX@Z

Exports

Exports

Finalize
GetPluginAuthor
GetPluginVersion
GetString
Initialize
Update2

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/VirtualDesktops.dll
.dll windows:5 windows x86 arch:x86

470683b4cce130ad532cc702d685413b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rainmeter

ReadConfigString

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
DisableThreadLibraryCalls
CloseHandle
ReleaseMutex
CreateFileMappingW
OpenMutexW
WaitForSingleObject
UnmapViewOfFile
MapViewOfFile
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsProcessorFeaturePresent

user32

FindWindowW
GetDC
SystemParametersInfoW
ReleaseDC
SetWindowLongW
SetWindowPos
IsWindow
CreateWindowExW
RegisterClassW
SendMessageW
DefWindowProcW
MoveWindow
UnregisterClassW
RegisterWindowMessageW
SendNotifyMessageW
DestroyWindow

gdi32

DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
SetDIBits
SetStretchBltMode
StretchBlt
CreateDIBSection
DeleteDC
GdiFlush

msvcp100

??Bid@locale@std@@QAEIXZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?_BADOFF@std@@3_JB
?_Xout_of_range@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Xlength_error@std@@YAXPBD@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Incref@facet@locale@std@@QAEXXZ

msvcr100

_lock
_CxxThrowException
memcpy
swprintf_s
_wcsicmp
fputc
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
memmove
_wtoi
_unlock_file
ungetc
fgetpos
_fseeki64
fflush
fgetc
fsetpos
setvbuf
_lock_file
_purecall
??3@YAXPAX@Z
memcpy_s
fwrite
fclose
??2@YAPAXI@Z
__CxxFrameHandler3
_unlock
__dllonexit
__clean_type_info_names_internal
_onexit
_malloc_crt
free
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
_except_handler4_common
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ

Exports

Exports

ExecuteBang
Finalize
GetPluginAuthor
GetPluginVersion
GetString
Initialize
Update

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/WebParser.dll
.dll windows:5 windows x86 arch:x86

24903960d265a0276c72c71da9edc8a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rainmeter

PluginBridge
ord5
ord4
LSLog
ReadConfigString

urlmon

URLDownloadToFileW

wininet

InternetOpenUrlW
InternetOpenUrlA
DeleteUrlCacheEntryW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
InternetReadFile

shlwapi

PathIsDirectoryW
PathFileExistsW
PathAddBackslashW
PathCanonicalizeW
PathRemoveFileSpecW

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
LocalFree
GetCurrentProcessId
DeleteFileW
CreateDirectoryW
GetModuleHandleW
InitializeCriticalSection
WideCharToMultiByte
TerminateThread
FormatMessageW
LeaveCriticalSection
GetFileAttributesW
CreateFileW
MultiByteToWideChar
GetTempPathW
GetLastError
EnterCriticalSection
DisableThreadLibraryCalls
DeleteCriticalSection
GetShortPathNameW
CloseHandle

user32

FindWindowExW
GetWindowThreadProcessId
SendMessageW
wsprintfW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

ole32

CoInitialize
CoUninitialize

msvcr100

__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_except_handler4_common
_crt_debugger_hook
memset
memcpy
_CxxThrowException
__CppXcptFilter
_amsg_exit
_initterm_e
free
__CxxFrameHandler3
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
memmove
??_U@YAPAXI@Z
wcstoul
_wtoi
_wcsnicmp
_wfopen
_errno
wcstol
_beginthreadex
??_V@YAXPAX@Z
??3@YAXPAX@Z
fwrite
wcstod
fclose
??2@YAPAXI@Z
_unlock
__dllonexit
_lock
_onexit
_malloc_crt
_encoded_null
_initterm

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

Exports

Exports

Finalize
GetPluginAuthor
GetPluginVersion
GetString
Initialize
Update2

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/WifiStatus.dll
.dll windows:5 windows x86 arch:x86

d7cd887f0244e2d97482b1866ae8a0c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rainmeter

ReadConfigString
LSLog

kernel32

TerminateProcess
Sleep
InterlockedExchange
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentProcessId
DecodePointer
EncodePointer
InterlockedCompareExchange
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess

user32

wsprintfW

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

wlanapi

WlanFreeMemory
WlanGetAvailableNetworkList
WlanOpenHandle
WlanCloseHandle
WlanEnumInterfaces
WlanQueryInterface

msvcr100

??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
_wtoi
free
?what@exception@std@@UBEPBDXZ
wcsstr
??3@YAXPAX@Z
??2@YAPAXI@Z
_unlock
__dllonexit
mbstowcs
_onexit
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
_except_handler4_common
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
memset
_wcsicmp
_CxxThrowException
__CxxFrameHandler3
malloc
_lock

Exports

Exports

Finalize
GetPluginAuthor
GetPluginVersion
GetString
Initialize
Update

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/Win7AudioPlugin.dll
.dll windows:5 windows x86 arch:x86

5c7a37bff360b9bb822ab839fd1e3a69

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rainmeter

LSLog

kernel32

SetUnhandledExceptionFilter
GetCurrentProcess
DisableThreadLibraryCalls
TerminateProcess
InterlockedCompareExchange
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
Sleep
InterlockedExchange
DecodePointer
EncodePointer
UnhandledExceptionFilter

user32

wsprintfW

ole32

CoCreateInstance
CoTaskMemFree
CoInitialize
CoUninitialize
PropVariantClear

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

msvcr100

memmove
wcsncpy
??3@YAXPAX@Z
swscanf_s
??0exception@std@@QAE@ABV01@@Z
_unlock
__dllonexit
_lock
_onexit
floor
??0exception@std@@QAE@ABQBD@Z
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
_except_handler4_common
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
free
_wcsicmp
memcpy
_CxxThrowException
__CxxFrameHandler3
??2@YAPAXI@Z
_malloc_crt

Exports

Exports

ExecuteBang
Finalize
GetPluginAuthor
GetPluginVersion
GetString
Initialize
Update2

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/WindowMessagePlugin.dll
.dll windows:5 windows x86 arch:x86

33c850f414bf7ea631823d7b18190bf0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rainmeter

LSLog
RmReadString

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
DisableThreadLibraryCalls
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
GetCurrentProcess

user32

SendMessageW
GetWindowTextW
FindWindowW
PostMessageW

msvcr100

_malloc_crt
_encoded_null
??2@YAPAXI@Z
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_wcsdup
??3@YAXPAX@Z
_wcsnicmp
free
swscanf
wcschr
_initterm

Exports

Exports

ExecuteBang
Finalize
GetString
Initialize
Reload
Update

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 470B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/iTunesPlugin.dll
.dll windows:5 windows x86 arch:x86

70b57c83c74b6b147aab834de02dc4dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rainmeter

LSLog
ReadConfigString

kernel32

GetCurrentProcess
InterlockedCompareExchange
Sleep
InterlockedIncrement
InterlockedDecrement
CreateDirectoryW
DisableThreadLibraryCalls
LocalFree
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedExchange
DecodePointer
EncodePointer
TerminateProcess

user32

wsprintfW
FindWindowW

ole32

OleRun
CoInitialize
CoCreateInstance

oleaut32

LoadRegTypeLi
SysFreeString
SysAllocString

msvcr100

clock
??0exception@std@@QAE@ABQBD@Z
??2@YAPAXI@Z
_unlock
__dllonexit
_lock
_onexit
_malloc_crt
free
wcsrchr
_initterm
_initterm_e
__CxxFrameHandler3
__CppXcptFilter
_crt_debugger_hook
_except_handler4_common
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
wcsncpy
_encoded_null
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
_wcsicmp
_CxxThrowException
??3@YAXPAX@Z
_amsg_exit

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

Exports

Exports

ExecuteBang
Finalize
GetPluginAuthor
GetPluginVersion
GetString
Initialize
Update

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rainmeter.dll
.dll windows:5 windows x86 arch:x86

e898c7e3b228355bfb7ed17119ac93c7

Code Sign

04:7a:55
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03/03/2009, 12:58

Not After

03/03/2024, 12:58

Subject

CN=Certum Time-Stamping Authority,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

04:7a:53
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03/03/2009, 12:53

Not After

03/03/2024, 12:53

Subject

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:94:69:b4:26:77:7d:b5:18:2f:82:8b:72:6b:80:62
Certificate

Issuer

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

15/12/2011, 12:12

Not After

14/12/2012, 12:12

Subject

CN=Rainmeter (Open Source Software),O=Rainmeter (Open Source Software),C=FI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

42:e9:8f:c6:bc:ed:84:25:5b:33:d8:33:70:e3:ef:9b:54:5a:dd:3a
Signer

Actual PE Digest

42:e9:8f:c6:bc:ed:84:25:5b:33:d8:33:70:e3:ef:9b:54:5a:dd:3a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

ImageList_ReplaceIcon
ord17
ImageList_Create

wininet

InternetCloseHandle
InternetReadFile
InternetOpenW
InternetOpenUrlW

uxtheme

SetWindowTheme
EnableThemeDialogTexture

gdiplus

GdipDeleteBrush
GdipCloneBrush
GdipFillRectangleI
GdipCreateLineBrushFromRectWithAngleI
GdipCreatePen1
GdipDeletePen
GdipDrawLineI
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectRectI
GdipDeleteCachedBitmap
GdipCreateBitmapFromScan0
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCreateCachedBitmap
GdipDrawCachedBitmap
GdipBitmapGetPixel
GdipCreatePath
GdipDeletePath
GdipAddPathRectangleI
GdipSetClipPath
GdipResetClip
GdipFillPath
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesWrapMode
GdipDrawLine
GdipAddPathLine
GdipSetPenLineJoin
GdipDrawPath
GdipCreateSolidFill
GdipRotateWorldTransform
GdipDrawImageRectI
GdipResetWorldTransform
ord1
GdipCreateFontFamilyFromName
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipDeleteFont
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipSetStringFormatMeasurableCharacterRanges
GdipMeasureString
GdipDrawString
GdipNewInstalledFontCollection
GdipGetFontCollectionFamilyCount
GdipCloneFontFamily
GdipGetFontCollectionFamilyList
GdipGetFamilyName
GdipDeletePrivateFontCollection
GdipNewPrivateFontCollection
GdipPrivateAddFontFile
GdipCreateBitmapFromHBITMAP
GdipCreateHBITMAPFromBitmap
GdipCreateMatrix2
GdipAlloc
GdipSetMatrixElements
GdipFree
GdipDeleteMatrix
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetCompositingQuality
GdipSetInterpolationMode
GdipFillPolygonI
GdipCreateHICONFromBitmap
GdipTranslateWorldTransform
GdipSetTextRenderingHint
GdipGraphicsClear
GdipIsMatrixIdentity
GdipSetWorldTransform
GdipCreateFromHDC
GdipDrawImageI
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromFile
GdipSaveImageToFile
GdipCreateBitmapFromStream
GdipGetImageRawFormat
GdipSetImageAttributesColorMatrix
GdipCreateMatrix
GdipTranslateMatrix
GdipRotateMatrix
GdipImageRotateFlip
GdipDrawImageRectRect

iphlpapi

GetIfTable
GetNumberOfInterfaces

shlwapi

PathCanonicalizeW
AssocQueryStringW

kernel32

LocalAlloc
InterlockedExchange
RaiseException
EncodePointer
DecodePointer
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetModuleFileNameA
LoadLibraryA
FormatMessageA
GetFileTime
GetFileSize
ReadFile
GetTempFileNameW
GetTempPathW
DeleteFileW
SetFileAttributesW
SetCurrentDirectoryW
LoadLibraryW
IsDebuggerPresent
GetVersionExW
GetCurrentDirectoryW
ExpandEnvironmentStringsW
GetCurrentThreadId
FindFirstFileExW
GetPrivateProfileIntW
GetModuleFileNameW
DisableThreadLibraryCalls
GetLastError
Sleep
GetTimeZoneInformation
SystemTimeToFileTime
GetSystemTime
GetLocalTime
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
GetSystemTimeAsFileTime
SetDllDirectoryW
WritePrivateProfileSectionW
GlobalMemoryStatusEx
GetVolumeInformationW
GetDiskFreeSpaceExW
SetLastError
SetErrorMode
GetDriveTypeW
GetSystemTimes
GetSystemInfo
LocalFree
FormatMessageW
LeaveCriticalSection
EnterCriticalSection
TryEnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesW
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryExW
GetLocaleInfoW
CloseHandle
CreateFileW
CreateDirectoryW
WritePrivateProfileStringW
GetPrivateProfileStringW
QueryPerformanceCounter
GetCurrentProcessId
GetTickCount
FindClose
FindNextFileW
FreeLibrary
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
GetModuleHandleW
FindFirstFileW
GetProcAddress

user32

PostQuitMessage
CopyIcon
RegisterWindowMessageW
CloseClipboard
SetClipboardData
EmptyClipboard
GetMenuStringW
OpenClipboard
EnumWindows
IsWindow
GetClassNameW
GetShellWindow
EnumDisplayMonitors
EnumDisplaySettingsW
EnumDisplayDevicesW
UnhookWinEvent
SetWinEventHook
RegisterClassW
GetMenuItemID
GetMenuState
GetMenuItemCount
RemoveMenu
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
HiliteMenuItem
DeleteMenu
CheckMenuItem
SendMessageTimeoutW
GetDesktopWindow
DefWindowProcW
GetParent
LoadCursorW
SetCursor
FindWindowExW
GetAncestor
MapWindowPoints
IsWindowVisible
WindowFromPoint
EndPaint
BeginPaint
UpdateLayeredWindow
InvalidateRect
SetWindowRgn
MonitorFromRect
GetWindow
GetMonitorInfoW
MonitorFromPoint
TrackMouseEvent
SetTimer
RegisterClassExW
UnregisterClassW
KillTimer
ReleaseDC
GetDC
GetKeyState
DestroyIcon
LoadIconW
CreateWindowExW
LoadStringW
SetRect
EnableMenuItem
SetMenuItemInfoW
SetMenuDefaultItem
ScreenToClient
GetCursorPos
GetSubMenu
LoadMenuW
DestroyMenu
TrackPopupMenu
GetWindowRect
InsertMenuW
CreatePopupMenu
ShowScrollBar
EnableWindow
SetWindowTextW
GetWindowTextW
SetWindowPlacement
LoadImageW
GetWindowPlacement
PostMessageW
GetClientRect
SetWindowPos
GetDlgItem
SetForegroundWindow
ShowWindow
IsZoomed
BringWindowToTop
DestroyWindow
CreateDialogParamW
SendMessageW
EnumChildWindows
GetWindowLongW
SetWindowLongW
MessageBoxW
GetSystemMetrics
SystemParametersInfoW
ModifyMenuW

gdi32

CreateDIBSection
GetObjectW
BitBlt
ExtCreateRegion
DeleteDC
GetDeviceCaps
CreateCompatibleDC
DeleteObject
CreateFontIndirectW
CombineRgn
CreateEllipticRgn
CreateRoundRectRgn
SelectObject
CreateCompatibleBitmap
CreateRectRgn

advapi32

RegCloseKey
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW

shell32

ShellExecuteExW
SHGetFolderPathW
SHFileOperationW
Shell_NotifyIconW
ShellExecuteW

ole32

CreateStreamOnHGlobal
CoInitializeEx
CoUninitialize

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

msvcr100

_CItan
_CItanh
_CIasin
_CIacos
_CIatan
_CIatan2
_CIsqrt
_CIlog
_CIlog10
_CIexp
__RTDynamicCast
__CxxFrameHandler3
_CxxThrowException
memcpy
_CIpow
_CIfmod
_CIsin
_CIcos
memset
_setjmp3
__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
strcoll
strpbrk
_difftime64
strftime
clock
remove
system
tmpnam
_gmtime64
_mktime64
rename
strcspn
strncpy
sprintf
getenv
strrchr
_HUGE
frexp
ldexp
localeconv
clearerr
fseek
ftell
fwrite
wcsnlen
_wasctime
wcsrchr
isxdigit
islower
toupper
iscntrl
isupper
isdigit
isalpha
_CIcosh
ispunct
isalnum
strchr
isspace
malloc
strncmp
_wtof
setlocale
towlower
_wcsupr
_localtime64
wcsftime
_tzset
rand
_time64
srand
_purecall
wcsncat_s
wcsncpy_s
_vsnprintf_s
memchr
modf
_wcsnicmp
iswdigit
iswalpha
acos
asin
ceil
floor
sqrt
log10
log
exp
fabs
tan
sin
cos
atan
_snwprintf_s
_set_invalid_parameter_handler
fputws
fclose
_wfopen
_ultow
towupper
_vsnwprintf_s
_itow_s
_wcsicmp
??_V@YAXPAX@Z
_waccess
swscanf
iswspace
wcsncmp
free
_wtoi
wcstok
_wcsdup
wcschr
setvbuf
wcstoul
wcstol
wcstod
_errno
_wcslwr
ungetc
memmove
??2@YAPAXI@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
??3@YAXPAX@Z
_CIsinh
strerror
feof
tolower
atoi
_beginthread
_snprintf_s
strtod
strstr
__iob_func
fopen
fread
fprintf
ferror
_popen
fflush
_pclose
tmpfile
fscanf
exit
longjmp
fgets
strtoul
fputs
getc
realloc
freopen
strncat

Exports

Exports

LSLog
PluginBridge
ReadConfigString
RmExecute
RmGet
RmPathToAbsolute
RmReadFormula
RmReadString

Sections

.text
Size: 519KB - Virtual size: 518KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rainmeter.exe
.exe windows:5 windows x86 arch:x86

9829c876f99956a2068f7a12b4e53175

Code Sign

04:7a:55
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03/03/2009, 12:58

Not After

03/03/2024, 12:58

Subject

CN=Certum Time-Stamping Authority,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

04:7a:53
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03/03/2009, 12:53

Not After

03/03/2024, 12:53

Subject

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:94:69:b4:26:77:7d:b5:18:2f:82:8b:72:6b:80:62
Certificate

Issuer

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

15/12/2011, 12:12

Not After

14/12/2012, 12:12

Subject

CN=Rainmeter (Open Source Software),O=Rainmeter (Open Source Software),C=FI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

98:ab:59:06:0a:4e:14:b1:59:fd:f4:8f:b3:89:4c:b0:36:f5:80:03
Signer

Actual PE Digest

98:ab:59:06:0a:4e:14:b1:59:fd:f4:8f:b3:89:4c:b0:36:f5:80:03

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rainmeter

ord2
ord1
ord3

kernel32

GetStartupInfoW
InterlockedCompareExchange
Sleep
InterlockedExchange
GetCommandLineW
CreateMutexW
FreeLibrary
SetDllDirectoryW
GetModuleHandleW
GetSystemDirectoryW
LoadLibraryW
GetLastError
GetProcAddress
ReleaseMutex
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DecodePointer
SetUnhandledExceptionFilter
EncodePointer
HeapSetInformation

user32

FindWindowW
TranslateMessage
CreateWindowExW
PostQuitMessage
RegisterClassW
SendMessageW
DefWindowProcW
DispatchMessageW
GetMessageW
DestroyWindow
MessageBoxW

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

msvcr100

?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
towlower
_wcsicmp
??0exception@std@@QAE@ABV01@@Z
memmove
??3@YAXPAX@Z
??2@YAPAXI@Z
_amsg_exit
__wgetmainargs
_cexit
memset
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
memcpy
_CxxThrowException
__CxxFrameHandler3
??0exception@std@@QAE@ABQBD@Z
_exit

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SkinInstaller.exe
.exe windows:5 windows x86 arch:x86

e3953ebe839d12111d378a2c2ca337a5

Code Sign

04:7a:55
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03/03/2009, 12:58

Not After

03/03/2024, 12:58

Subject

CN=Certum Time-Stamping Authority,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

04:7a:53
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03/03/2009, 12:53

Not After

03/03/2024, 12:53

Subject

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:94:69:b4:26:77:7d:b5:18:2f:82:8b:72:6b:80:62
Certificate

Issuer

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

15/12/2011, 12:12

Not After

14/12/2012, 12:12

Subject

CN=Rainmeter (Open Source Software),O=Rainmeter (Open Source Software),C=FI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e1:40:66:4f:5b:fe:b8:29:f7:e5:3b:24:33:46:5d:f7:1e:24:f8:27
Signer

Actual PE Digest

e1:40:66:4f:5b:fe:b8:29:f7:e5:3b:24:33:46:5d:f7:1e:24:f8:27

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

uxtheme

EnableThemeDialogTexture

kernel32

GetTempFileNameW
FindFirstFileExW
GetModuleHandleW
GetTempPathW
FindFirstFileA
FindClose
GetLocalTime
FindNextFileW
FileTimeToLocalFileTime
DeleteFileW
MapViewOfFile
UnmapViewOfFile
FreeLibrary
GetCurrentProcess
WriteFile
GlobalAlloc
LoadLibraryW
Sleep
CreateFileW
FileTimeToDosDateTime
GlobalFree
CreateFileMappingW
GetExitCodeThread
SetCurrentDirectoryW
OpenFileMappingW
GetPrivateProfileSectionW
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
DecodePointer
EncodePointer
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
InterlockedExchange
CloseHandle
ReleaseMutex
GetLastError
WritePrivateProfileStringW
MultiByteToWideChar
GetModuleFileNameW
GetExitCodeProcess
GetVersionExW
WideCharToMultiByte
OpenProcess
GetPrivateProfileStringW
WaitForSingleObject
CreateDirectoryW
SetDllDirectoryW
CreateMutexW
UnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress

user32

GetSystemMenu
SetTimer
GetWindowRect
KillTimer
LoadIconW
SetWindowPos
GetMenuItemCount
RemoveMenu
CreateWindowExW
SetDlgItemTextW
LoadImageW
DialogBoxParamW
GetDlgItem
EndDialog
ShowWindow
FlashWindow
EnableWindow
SetWindowTextW
PostMessageW
SetForegroundWindow
FindWindowW
MessageBoxW
GetWindowThreadProcessId
DestroyWindow
BringWindowToTop
SystemParametersInfoW
EnumChildWindows
CreateDialogParamW
SendMessageW

gdi32

AddFontResourceW
CreateFontIndirectW
RemoveFontResourceW
DeleteObject

comdlg32

GetOpenFileNameW

advapi32

EqualSid
RegSetValueExW
RegCloseKey
RegOpenKeyExW
FreeSid
AllocateAndInitializeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExW
OpenProcessToken
CreateProcessWithLogonW
GetTokenInformation
RegEnumKeyW
CheckTokenMembership

shell32

SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFolderPathW
ShellExecuteExW
SHFileOperationW

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

msvcr100

_commode
_fmode
__set_app_type
_unlock
__dllonexit
_lock
_onexit
__CxxFrameHandler3
?terminate@@YAXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
__setusermatherr
?_type_info_dtor_internal_method@type_info@@QAEXXZ
memset
memcpy
_CxxThrowException
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
malloc
_configthreadlocale
_initterm_e
_initterm
_crt_debugger_hook
_wcmdln
??3@YAXPAX@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
memmove
_wcsnicmp
wcsrchr
_waccess
??2@YAPAXI@Z
feof
_beginthreadex
fopen
fread
_vsnwprintf_s
fclose
wcschr
_wcsicmp
_wtoi
wcsstr
??_V@YAXPAX@Z
_ftelli64
_fseeki64
ferror
fwrite
free

Sections

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Themes/illustro default/Rainmeter.thm

Sharing

General

Malware Config

Signatures

Files

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

04:7a:55Certificate

Extended Key Usages

04:7a:53Certificate

Key Usages

47:94:69:b4:26:77:7d:b5:18:2f:82:8b:72:6b:80:62Certificate

Extended Key Usages

Key Usages

fd:15:90:5b:02:be:6f:ba:48:0d:db:dd:10:1b:92:d9:aa:19:be:39Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 409KB

.ndata Size: - Virtual size: 1.4MB

.rsrc Size: 37KB - Virtual size: 36KB

e981c0ab92cb1f191bb5e23392e14796

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 729B

.data Size: - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 350B

149adf074d317fbf0d2f17314bd18969

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

version

kernel32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: - Virtual size: 44B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 188B

cbc66eb3222e3fcdbee2e18ba7195f5e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 24KB

04:7a:55
Certificate

04:7a:53
Certificate

47:94:69:b4:26:77:7d:b5:18:2f:82:8b:72:6b:80:62
Certificate

fd:15:90:5b:02:be:6f:ba:48:0d:db:dd:10:1b:92:d9:aa:19:be:39
Signer

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 409KB

.ndata
Size: - Virtual size: 1.4MB

.rsrc
Size: 37KB - Virtual size: 36KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 729B

.data
Size: - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 350B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 44B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 188B

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 24KB

.CRT
Size: 512B - Virtual size: 4B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

.text
Size: 9KB - Virtual size: 9KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1024B - Virtual size: 894B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 48B

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 590B

.text
Size: 18KB - Virtual size: 18KB

.data
Size: 512B - Virtual size: 992B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB