1[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1.rar
Size

3.0MB
MD5

a49254ddd520ec65a5fd3c1c6fc52308
SHA1

b34d6ac5be2f29433433b794e7e95489eea6c2dc
SHA256

55f94a469cec1e289b7903b18fbb9ef0507bb5ec86b58493af806fa6ba606717
SHA512

4becc8911d3fa1691a925e63c880ef34b559752d5e625bd4062bc8b7ac8f2c302492d729268443aaea9e29395929c87d0aad1f62cdbefbf6af8555098d011fde
SSDEEP

49152:h73GITlSkSpd40sqcHPo8HD61rVtN36N4uOm5pTg2ygYFMyjlWxVMmmT4Zu4+j5h:ZBpS7BcHPo+QKNEuJMx8xa8ILwY+kj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/selfprot.dll

Files

1.rar
.rar
DuiLib.dll
.dll windows:5 windows x86 arch:x86

82da7ee900cc7c39439b01ac373ff6b6

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:49:49:3c:c1:d5:e7:3e:4f:a9:eb:a4:cd:ba:3f:d6
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/03/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Beijing Huorong Network Technology Co.\, Ltd.,O=Beijing Huorong Network Technology Co.\, Ltd.,POSTALCODE=100012,STREET=3rd Floor\, Ruipu Building D\, Courtyard 15\, Hongjunying South Road\, Chao Yang District,L=Beijing Shi,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d0:a1:c3:9b:bb:42:08:82:7f:d3:98:29:f0:93:e2:f4:18:d8:58:8f:11:cb:c1:e7:45:d9:11:8c:82:74:58:8e
Signer

Actual PE Digest

d0:a1:c3:9b:bb:42:08:82:7f:d3:98:29:f0:93:e2:f4:18:d8:58:8f:11:cb:c1:e7:45:d9:11:8c:82:74:58:8e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\docker\Documents\workspace\build-v2\common\hrduilib\bin\DuiLib.pdb

Imports

kernel32

DuplicateHandle
SystemTimeToFileTime
DosDateTimeToFileTime
CreateDirectoryW
WideCharToMultiByte
WaitForSingleObjectEx
OutputDebugStringA
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
DecodePointer
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
EnumSystemLocalesW
GetUserDefaultLCID
SetFileTime
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStdHandle
HeapReAlloc
GetCurrentThread
GetStringTypeW
GetModuleFileNameA
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
InterlockedFlushSList
InterlockedPushEntrySList
RaiseException
RtlUnwind
EncodePointer
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetFilePointer
WriteFile
GetFileType
GetCurrentProcess
ExitProcess
GetACP
GetVersionExW
LoadLibraryA
GetCurrentProcessId
OpenProcess
DisableThreadLibraryCalls
lstrlenW
CreateFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
FindResourceW
GetModuleHandleW
GetModuleFileNameW
CloseHandle
ReadFile
GetFileSize
SizeofResource
LoadResource
LockResource
FreeResource
GetLastError
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
GetProcAddress
InterlockedIncrement
OutputDebugStringW
GetProcessHeap
HeapFree
HeapAlloc
MultiByteToWideChar
GetTickCount
GetModuleHandleA
GetLocalTime
LoadLibraryW
MulDiv
IsValidLocale
CreateThread

user32

IsChild
NotifyWinEvent
AdjustWindowRectEx
GetPropW
SetPropW
GetMenu
CreateWindowExW
GetClassInfoExW
RegisterClassExW
RegisterClassW
CallWindowProcW
wsprintfW
GetSysColor
IsWindowVisible
IsIconic
DefWindowProcW
DestroyWindow
ShowWindow
MoveWindow
SetCapture
IsZoomed
EnumChildWindows
CharPrevW
SetRect
EnumDisplaySettingsW
ReleaseCapture
SetTimer
CreateAcceleratorTableW
GetDC
ReleaseDC
BeginPaint
EndPaint
InvalidateRect
InvalidateRgn
GetClientRect
ClientToScreen
ScreenToClient
FillRect
IntersectRect
PtInRect
GetGUIThreadInfo
CharNextW
SetCursor
LoadCursorW
KillTimer
InflateRect
GetUpdateRect
SetCaretPos
ShowCaret
HideCaret
CreateCaret
GetKeyState
SetWindowRgn
MessageBoxW
wvsprintfW
MonitorFromPoint
GetWindow
PostQuitMessage
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetIconInfo
DrawIconEx
LoadImageW
DestroyIcon
PrivateExtractIconsW
GetSystemMetrics
SetWindowLongW
GetWindowLongW
EqualRect
IsRectEmpty
UnionRect
GetCaretPos
GetCaretBlinkTime
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
DrawTextW
EnableWindow
IsWindow
OffsetRect
GetMonitorInfoW
MonitorFromWindow
GetParent
MapWindowPoints
GetCursorPos
GetWindowRect
GetFocus
SetFocus
SetWindowPos
SendMessageW

gdi32

GetObjectA
GetObjectW
SetTextColor
SetBkMode
SelectObject
CreateSolidBrush
DeleteObject
DeleteDC
GetObjectType
Rectangle
RestoreDC
RoundRect
SaveDC
GetTextMetricsW
ExtCreatePen
CombineRgn
CreateFontIndirectW
CreateRectRgnIndirect
CreateRoundRectRgn
GetCharABCWidthsW
GetClipBox
GetTextExtentPoint32W
LineTo
SelectClipRgn
ExtSelectClipRgn
SetBkColor
StretchBlt
SetStretchBltMode
CreateDIBSection
MoveToEx
TextOutW
ExtTextOutW
GdiFlush
GetStockObject
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetDeviceCaps
CreatePen

shell32

SHGetFileInfoW

ole32

CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleLockRunning

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

gdiplus

GdiplusShutdown
GdiplusStartup
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipSetTextRenderingHint
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateLineBrushI
GdipDeleteBrush
GdipCloneBrush
GdipFree
GdipAlloc

shlwapi

PathIsUNCW
PathIsDirectoryW

comctl32

ord17
ImageList_DrawIndirect
ImageList_GetImageCount
_TrackMouseEvent

oleacc

CreateStdAccessibleObject
LresultFromObject

Exports

Exports

??0CAccessibleServer@DuiLib@@QAE@ABV01@@Z
??0CAccessibleServer@DuiLib@@QAE@PAVCPaintManagerUI@1@@Z
??0CActiveXUI@DuiLib@@QAE@ABV01@@Z
??0CActiveXUI@DuiLib@@QAE@XZ
??0CAnimationData@DuiLib@@QAE@HHHH@Z
??0CButtonUI@DuiLib@@QAE@$$QAV01@@Z
??0CButtonUI@DuiLib@@QAE@ABV01@@Z
??0CButtonUI@DuiLib@@QAE@XZ
??0CCheckBoxUI@DuiLib@@QAE@$$QAV01@@Z
??0CCheckBoxUI@DuiLib@@QAE@ABV01@@Z
??0CCheckBoxUI@DuiLib@@QAE@XZ
??0CChildLayoutUI@DuiLib@@QAE@$$QAV01@@Z
??0CChildLayoutUI@DuiLib@@QAE@ABV01@@Z
??0CChildLayoutUI@DuiLib@@QAE@XZ
??0CComboExUI@DuiLib@@QAE@ABV01@@Z
??0CComboExUI@DuiLib@@QAE@XZ
??0CComboUI@DuiLib@@QAE@ABV01@@Z
??0CComboUI@DuiLib@@QAE@XZ
??0CContainerUI@DuiLib@@QAE@ABV01@@Z
??0CContainerUI@DuiLib@@QAE@XZ
??0CControlUI@DuiLib@@QAE@ABV01@@Z
??0CControlUI@DuiLib@@QAE@XZ
??0CDPI@DuiLib@@QAE@PAUHWND__@@@Z
??0CDPI@DuiLib@@QAE@XZ
??0CDateTimeUI@DuiLib@@QAE@$$QAV01@@Z
??0CDateTimeUI@DuiLib@@QAE@ABV01@@Z
??0CDateTimeUI@DuiLib@@QAE@XZ
??0CDelegateBase@DuiLib@@QAE@ABV01@@Z
??0CDelegateBase@DuiLib@@QAE@PAX0@Z
??0CDialogBuilder@DuiLib@@QAE@XZ
??0CDuiDrawInfo@DuiLib@@QAE@ABV01@@Z
??0CDuiDrawInfo@DuiLib@@QAE@XZ
??0CDuiPtrArray@DuiLib@@QAE@ABV01@@Z
??0CDuiPtrArray@DuiLib@@QAE@H@Z
??0CDuiRect@DuiLib@@QAE@ABUtagRECT@@@Z
??0CDuiRect@DuiLib@@QAE@HHHH@Z
??0CDuiRect@DuiLib@@QAE@XZ
??0CDuiSize@DuiLib@@QAE@ABUtagSIZE@@@Z
??0CDuiSize@DuiLib@@QAE@HH@Z
??0CDuiSize@DuiLib@@QAE@UtagRECT@@@Z
??0CDuiSize@DuiLib@@QAE@XZ
??0CDuiString@DuiLib@@QAE@ABV01@@Z
??0CDuiString@DuiLib@@QAE@PB_WH@Z
??0CDuiString@DuiLib@@QAE@XZ
??0CDuiString@DuiLib@@QAE@_W@Z
??0CDuiStringPtrMap@DuiLib@@QAE@H@Z
??0CDuiValArray@DuiLib@@QAE@HH@Z
??0CEditUI@DuiLib@@QAE@ABV01@@Z
??0CEditUI@DuiLib@@QAE@XZ
??0CEventSource@DuiLib@@QAE@ABV01@@Z
??0CEventSource@DuiLib@@QAE@XZ
??0CFileIconUI@DuiLib@@QAE@ABV01@@Z
??0CFileIconUI@DuiLib@@QAE@XZ
??0CHorizontalLayoutUI@DuiLib@@QAE@$$QAV01@@Z
??0CHorizontalLayoutUI@DuiLib@@QAE@ABV01@@Z
??0CHorizontalLayoutUI@DuiLib@@QAE@XZ
??0CLabelUI@DuiLib@@QAE@ABV01@@Z
??0CLabelUI@DuiLib@@QAE@XZ
??0CListBodyUI@DuiLib@@QAE@$$QAV01@@Z
??0CListBodyUI@DuiLib@@QAE@ABV01@@Z
??0CListBodyUI@DuiLib@@QAE@PAVCListUI@1@@Z
??0CListContainerElementUI@DuiLib@@QAE@$$QAV01@@Z
??0CListContainerElementUI@DuiLib@@QAE@ABV01@@Z
??0CListContainerElementUI@DuiLib@@QAE@XZ
??0CListElementUI@DuiLib@@QAE@$$QAV01@@Z
??0CListElementUI@DuiLib@@QAE@ABV01@@Z
??0CListElementUI@DuiLib@@QAE@XZ
??0CListHeaderItemUI@DuiLib@@QAE@$$QAV01@@Z
??0CListHeaderItemUI@DuiLib@@QAE@ABV01@@Z
??0CListHeaderItemUI@DuiLib@@QAE@XZ
??0CListHeaderUI@DuiLib@@QAE@$$QAV01@@Z
??0CListHeaderUI@DuiLib@@QAE@ABV01@@Z
??0CListHeaderUI@DuiLib@@QAE@XZ
??0CListLabelElementUI@DuiLib@@QAE@$$QAV01@@Z
??0CListLabelElementUI@DuiLib@@QAE@ABV01@@Z
??0CListLabelElementUI@DuiLib@@QAE@XZ
??0CListMiddleUI@DuiLib@@QAE@$$QAV01@@Z
??0CListMiddleUI@DuiLib@@QAE@ABV01@@Z
??0CListMiddleUI@DuiLib@@QAE@XZ
??0CListNotifyKey@DuiLib@@IAE@XZ
??0CListNotifyKey@DuiLib@@QAE@$$QAV01@@Z
??0CListNotifyKey@DuiLib@@QAE@ABV01@@Z
??0CListTextElementUI@DuiLib@@QAE@ABV01@@Z
??0CListTextElementUI@DuiLib@@QAE@XZ
??0CListUI@DuiLib@@QAE@ABV01@@Z
??0CListUI@DuiLib@@QAE@XZ
??0CMarkup@DuiLib@@QAE@PB_W@Z
??0CMarkupNode@DuiLib@@AAE@PAVCMarkup@1@H@Z
??0CMarkupNode@DuiLib@@QAE@XZ
??0CMenuBodyUI@DuiLib@@QAE@ABV01@@Z
??0CMenuBodyUI@DuiLib@@QAE@XZ
??0CMenuItemUI@DuiLib@@QAE@ABV01@@Z
??0CMenuItemUI@DuiLib@@QAE@PAVCMenuUI@1@@Z
??0CMenuUI@DuiLib@@QAE@ABV01@@Z
??0CMenuUI@DuiLib@@QAE@PB_WPAVCMenuItemUI@1@@Z
??0CNotifyPump@DuiLib@@QAE@$$QAV01@@Z
??0CNotifyPump@DuiLib@@QAE@ABV01@@Z
??0CNotifyPump@DuiLib@@QAE@XZ
??0COptionUI@DuiLib@@QAE@ABV01@@Z
??0COptionUI@DuiLib@@QAE@XZ
??0CPaintManagerUI@DuiLib@@QAE@ABV01@@Z
??0CPaintManagerUI@DuiLib@@QAE@XZ
??0CPoint@DuiLib@@QAE@ABUtagPOINT@@@Z
??0CPoint@DuiLib@@QAE@HH@Z
??0CPoint@DuiLib@@QAE@J@Z
??0CPoint@DuiLib@@QAE@XZ
??0CProgressUI@DuiLib@@QAE@$$QAV01@@Z
??0CProgressUI@DuiLib@@QAE@ABV01@@Z
??0CProgressUI@DuiLib@@QAE@XZ
??0CRenderClip@DuiLib@@QAE@XZ
??0CRichEditUI@DuiLib@@QAE@ABV01@@Z
??0CRichEditUI@DuiLib@@QAE@XZ
??0CScrollBarUI@DuiLib@@QAE@$$QAV01@@Z
??0CScrollBarUI@DuiLib@@QAE@ABV01@@Z
??0CScrollBarUI@DuiLib@@QAE@XZ
??0CSliderUI@DuiLib@@QAE@$$QAV01@@Z
??0CSliderUI@DuiLib@@QAE@ABV01@@Z
??0CSliderUI@DuiLib@@QAE@XZ
??0CTabControlMgr@DuiLib@@QAE@ABV01@@Z
??0CTabControlMgr@DuiLib@@QAE@PAVCPaintManagerUI@1@@Z
??0CTabLayoutUI@DuiLib@@QAE@$$QAV01@@Z
??0CTabLayoutUI@DuiLib@@QAE@ABV01@@Z
??0CTabLayoutUI@DuiLib@@QAE@XZ
??0CTextUI@DuiLib@@QAE@ABV01@@Z
??0CTextUI@DuiLib@@QAE@XZ
??0CTileLayoutUI@DuiLib@@QAE@$$QAV01@@Z
??0CTileLayoutUI@DuiLib@@QAE@ABV01@@Z
??0CTileLayoutUI@DuiLib@@QAE@XZ
??0CTranslateManager@DuiLib@@QAE@ABV01@@Z
??0CTranslateManager@DuiLib@@QAE@XZ
??0CTreeNodeExUI@DuiLib@@QAE@ABV01@@Z
??0CTreeNodeExUI@DuiLib@@QAE@XZ
??0CTreeNodeUI@DuiLib@@QAE@ABV01@@Z
??0CTreeNodeUI@DuiLib@@QAE@PAV01@@Z
??0CTreeViewExUI@DuiLib@@QAE@ABV01@@Z
??0CTreeViewExUI@DuiLib@@QAE@K@Z
??0CTreeViewUI@DuiLib@@QAE@ABV01@@Z
??0CTreeViewUI@DuiLib@@QAE@XZ
??0CUIAnimation@DuiLib@@QAE@$$QAV01@@Z
??0CUIAnimation@DuiLib@@QAE@ABV01@@Z
??0CUIAnimation@DuiLib@@QAE@PAVCControlUI@1@@Z
??0CVListBodyUI@DuiLib@@QAE@$$QAV01@@Z
??0CVListBodyUI@DuiLib@@QAE@ABV01@@Z
??0CVListBodyUI@DuiLib@@QAE@PAVCVListUI@1@@Z
??0CVListUI@DuiLib@@QAE@$$QAV01@@Z
??0CVListUI@DuiLib@@QAE@ABV01@@Z
??0CVListUI@DuiLib@@QAE@XZ
??0CVerticalLayoutUI@DuiLib@@QAE@$$QAV01@@Z
??0CVerticalLayoutUI@DuiLib@@QAE@ABV01@@Z
??0CVerticalLayoutUI@DuiLib@@QAE@XZ
??0CWaitCursor@DuiLib@@QAE@XZ
??0CWebBrowserUI@DuiLib@@QAE@ABV01@@Z
??0CWebBrowserUI@DuiLib@@QAE@XZ
??0CWindowWnd@DuiLib@@QAE@$$QAV01@@Z
??0CWindowWnd@DuiLib@@QAE@ABV01@@Z
??0CWindowWnd@DuiLib@@QAE@XZ
??0ITreeInfo@DuiLib@@QAE@ABV01@@Z
??0ITreeInfo@DuiLib@@QAE@XZ
??0IUIAnimation@DuiLib@@QAE@ABV01@@Z
??0IUIAnimation@DuiLib@@QAE@XZ
??0IVListCallbackUI@DuiLib@@QAE@$$QAV01@@Z
??0IVListCallbackUI@DuiLib@@QAE@ABV01@@Z
??0IVListCallbackUI@DuiLib@@QAE@XZ
??0WindowImplBase@DuiLib@@QAE@ABV01@@Z
??0WindowImplBase@DuiLib@@QAE@XZ
??1CAccessibleServer@DuiLib@@UAE@XZ
??1CActiveXUI@DuiLib@@UAE@XZ
??1CButtonUI@DuiLib@@UAE@XZ
??1CCheckBoxUI@DuiLib@@UAE@XZ
??1CChildLayoutUI@DuiLib@@UAE@XZ
??1CComboExUI@DuiLib@@UAE@XZ
??1CComboUI@DuiLib@@UAE@XZ
??1CContainerUI@DuiLib@@UAE@XZ
??1CControlUI@DuiLib@@UAE@XZ
??1CDateTimeUI@DuiLib@@UAE@XZ
??1CDelegateBase@DuiLib@@UAE@XZ
??1CDialogBuilder@DuiLib@@QAE@XZ
??1CDuiDrawInfo@DuiLib@@QAE@XZ
??1CDuiPtrArray@DuiLib@@QAE@XZ
??1CDuiString@DuiLib@@QAE@XZ
??1CDuiStringPtrMap@DuiLib@@QAE@XZ
??1CDuiValArray@DuiLib@@QAE@XZ
??1CEditUI@DuiLib@@UAE@XZ
??1CEventSource@DuiLib@@QAE@XZ
??1CFileIconUI@DuiLib@@UAE@XZ
??1CHorizontalLayoutUI@DuiLib@@UAE@XZ
??1CLabelUI@DuiLib@@UAE@XZ
??1CListBodyUI@DuiLib@@UAE@XZ
??1CListContainerElementUI@DuiLib@@UAE@XZ
??1CListElementUI@DuiLib@@UAE@XZ
??1CListHeaderItemUI@DuiLib@@UAE@XZ
??1CListHeaderUI@DuiLib@@UAE@XZ
??1CListLabelElementUI@DuiLib@@UAE@XZ
??1CListMiddleUI@DuiLib@@UAE@XZ
??1CListNotifyKey@DuiLib@@QAE@XZ
??1CListTextElementUI@DuiLib@@UAE@XZ
??1CListUI@DuiLib@@UAE@XZ
??1CMarkup@DuiLib@@QAE@XZ
??1CMenuBodyUI@DuiLib@@UAE@XZ
??1CMenuItemUI@DuiLib@@UAE@XZ
??1CMenuUI@DuiLib@@UAE@XZ
??1CNotifyPump@DuiLib@@QAE@XZ
??1COptionUI@DuiLib@@UAE@XZ
??1CPaintManagerUI@DuiLib@@QAE@XZ
??1CProgressUI@DuiLib@@UAE@XZ
??1CRenderClip@DuiLib@@QAE@XZ
??1CRichEditUI@DuiLib@@UAE@XZ
??1CScrollBarUI@DuiLib@@UAE@XZ
??1CSliderUI@DuiLib@@UAE@XZ
??1CTabControlMgr@DuiLib@@QAE@XZ
??1CTabLayoutUI@DuiLib@@UAE@XZ
??1CTextUI@DuiLib@@UAE@XZ
??1CTileLayoutUI@DuiLib@@UAE@XZ
??1CTranslateManager@DuiLib@@QAE@XZ
??1CTreeNodeExUI@DuiLib@@UAE@XZ
??1CTreeNodeUI@DuiLib@@UAE@XZ
??1CTreeViewExUI@DuiLib@@UAE@XZ
??1CTreeViewUI@DuiLib@@UAE@XZ
??1CUIAnimation@DuiLib@@UAE@XZ
??1CVListBodyUI@DuiLib@@UAE@XZ
??1CVListUI@DuiLib@@UAE@XZ
??1CVerticalLayoutUI@DuiLib@@UAE@XZ
??1CWaitCursor@DuiLib@@QAE@XZ
??1CWebBrowserUI@DuiLib@@UAE@XZ
??1ITreeInfo@DuiLib@@QAE@XZ
??1IUIAnimation@DuiLib@@UAE@XZ
??1WindowImplBase@DuiLib@@UAE@XZ
??4CAccessibleServer@DuiLib@@QAEAAV01@ABV01@@Z
??4CActiveXUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CAnimationData@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CAnimationData@DuiLib@@QAEAAV01@ABV01@@Z
??4CButtonUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CButtonUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CCheckBoxUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CCheckBoxUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CChildLayoutUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CChildLayoutUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CComboExUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CComboUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CContainerUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CControlUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CDPI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CDPI@DuiLib@@QAEAAV01@ABV01@@Z
??4CDateTimeUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CDateTimeUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CDelegateBase@DuiLib@@QAEAAV01@ABV01@@Z
??4CDialogBuilder@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CDialogBuilder@DuiLib@@QAEAAV01@ABV01@@Z
??4CDuiDrawInfo@DuiLib@@QAEABV01@ABV01@@Z
??4CDuiPtrArray@DuiLib@@QAEAAV01@ABV01@@Z
??4CDuiRect@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CDuiRect@DuiLib@@QAEAAV01@ABV01@@Z
??4CDuiSize@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CDuiSize@DuiLib@@QAEAAV01@ABV01@@Z
??4CDuiString@DuiLib@@QAEABV01@ABV01@@Z
??4CDuiString@DuiLib@@QAEABV01@PBD@Z
??4CDuiString@DuiLib@@QAEABV01@PB_W@Z
??4CDuiString@DuiLib@@QAEABV01@_W@Z
??4CDuiStringPtrMap@DuiLib@@QAEAAV01@ABV01@@Z
??4CDuiValArray@DuiLib@@QAEAAV01@ABV01@@Z
??4CEditUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CEventSource@DuiLib@@QAEAAV01@ABV01@@Z
??4CFileIconUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CHorizontalLayoutUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CHorizontalLayoutUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CLabelUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CListBodyUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CListBodyUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CListContainerElementUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CListContainerElementUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CListElementUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CListElementUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CListHeaderItemUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CListHeaderItemUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CListHeaderUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CListHeaderUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CListLabelElementUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CListLabelElementUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CListMiddleUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CListMiddleUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CListNotifyKey@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CListNotifyKey@DuiLib@@QAEAAV01@ABV01@@Z
??4CListTextElementUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CListUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CMarkup@DuiLib@@QAEAAV01@ABV01@@Z
??4CMarkupNode@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CMarkupNode@DuiLib@@QAEAAV01@ABV01@@Z
??4CMenuBodyUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CMenuItemUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CMenuUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CNotifyPump@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CNotifyPump@DuiLib@@QAEAAV01@ABV01@@Z
??4COptionUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CPaintManagerUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CPoint@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CPoint@DuiLib@@QAEAAV01@ABV01@@Z
??4CProgressUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CProgressUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CRenderClip@DuiLib@@QAEAAV01@ABV01@@Z
??4CRenderEngine@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CRenderEngine@DuiLib@@QAEAAV01@ABV01@@Z
??4CRichEditUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CScrollBarUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CScrollBarUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CSliderUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CSliderUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CTabControlMgr@DuiLib@@QAEAAV01@ABV01@@Z
??4CTabLayoutUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CTabLayoutUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CTextUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CTileLayoutUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CTileLayoutUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CTranslateManager@DuiLib@@QAEAAV01@ABV01@@Z
??4CTreeNodeExUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CTreeNodeUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CTreeViewExUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CTreeViewUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CUIAnimation@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CUIAnimation@DuiLib@@QAEAAV01@ABV01@@Z
??4CVListBodyUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CVListBodyUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CVListUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CVListUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CVerticalLayoutUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CVerticalLayoutUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CWaitCursor@DuiLib@@QAEAAV01@ABV01@@Z
??4CWebBrowserUI@DuiLib@@QAEAAV01@ABV01@@Z
??4CWindowWnd@DuiLib@@QAEAAV01@$$QAV01@@Z
??4CWindowWnd@DuiLib@@QAEAAV01@ABV01@@Z
??4ITreeInfo@DuiLib@@QAEAAV01@ABV01@@Z
??4IUIAnimation@DuiLib@@QAEAAV01@ABV01@@Z
??4IVListCallbackUI@DuiLib@@QAEAAV01@$$QAV01@@Z
??4IVListCallbackUI@DuiLib@@QAEAAV01@ABV01@@Z
??4WindowImplBase@DuiLib@@QAEAAV01@ABV01@@Z
??8CDuiString@DuiLib@@QBE_NPB_W@Z
??9CDuiString@DuiLib@@QBE_NPB_W@Z
??ACDuiPtrArray@DuiLib@@QBEPAXH@Z
??ACDuiString@DuiLib@@QBE_WH@Z
??ACDuiStringPtrMap@DuiLib@@QBEPB_WH@Z
??ACDuiValArray@DuiLib@@QBEPAXH@Z
??BCDuiString@DuiLib@@QBEPB_WXZ
??BCEventSource@DuiLib@@QAE_NXZ
??BCWindowWnd@DuiLib@@QBEPAUHWND__@@XZ
??HCDuiString@DuiLib@@QBE?AV01@ABV01@@Z
??HCDuiString@DuiLib@@QBE?AV01@PB_W@Z
??MCDuiString@DuiLib@@QBE_NPB_W@Z
??NCDuiString@DuiLib@@QBE_NPB_W@Z
??OCDuiString@DuiLib@@QBE_NPB_W@Z
??PCDuiString@DuiLib@@QBE_NPB_W@Z
??RCDelegateBase@DuiLib@@QAE_NPAX@Z
??RCEventSource@DuiLib@@QAE_NPAX@Z
??YCDuiString@DuiLib@@QAEABV01@ABV01@@Z
??YCDuiString@DuiLib@@QAEABV01@PBD@Z
??YCDuiString@DuiLib@@QAEABV01@PB_W@Z
??YCDuiString@DuiLib@@QAEABV01@_W@Z
??YCEventSource@DuiLib@@QAEXABVCDelegateBase@1@@Z
??YCEventSource@DuiLib@@QAEXP6A_NPAX@Z@Z
??ZCEventSource@DuiLib@@QAEXABVCDelegateBase@1@@Z
??ZCEventSource@DuiLib@@QAEXP6A_NPAX@Z@Z
??_7CAccessibleServer@DuiLib@@6BIAccessible@@@
??_7CAccessibleServer@DuiLib@@6BIEnumVARIANT@@@
??_7CActiveXUI@DuiLib@@6BCControlUI@1@@
??_7CActiveXUI@DuiLib@@6BIMessageFilterUI@1@@
??_7CButtonUI@DuiLib@@6B@
??_7CCheckBoxUI@DuiLib@@6B@
??_7CChildLayoutUI@DuiLib@@6BCControlUI@1@@
??_7CChildLayoutUI@DuiLib@@6BIContainerUI@1@@
??_7CComboExUI@DuiLib@@6B@
??_7CComboExUI@DuiLib@@6BCControlUI@1@@
??_7CComboExUI@DuiLib@@6BIContainerUI@1@@
??_7CComboUI@DuiLib@@6B@
??_7CComboUI@DuiLib@@6BCControlUI@1@@
??_7CComboUI@DuiLib@@6BIContainerUI@1@@
??_7CContainerUI@DuiLib@@6BCControlUI@1@@
??_7CContainerUI@DuiLib@@6BIContainerUI@1@@
??_7CControlUI@DuiLib@@6B@
??_7CDateTimeUI@DuiLib@@6B@
??_7CDelegateBase@DuiLib@@6B@
??_7CEditUI@DuiLib@@6BCLabelUI@1@@
??_7CEditUI@DuiLib@@6BIMessageFilterUI@1@@
??_7CFileIconUI@DuiLib@@6B@
??_7CHorizontalLayoutUI@DuiLib@@6BCControlUI@1@@
??_7CHorizontalLayoutUI@DuiLib@@6BIContainerUI@1@@
??_7CLabelUI@DuiLib@@6B@
??_7CListBodyUI@DuiLib@@6BCControlUI@1@@
??_7CListBodyUI@DuiLib@@6BIContainerUI@1@@
??_7CListContainerElementUI@DuiLib@@6B@
??_7CListContainerElementUI@DuiLib@@6BCControlUI@1@@
??_7CListContainerElementUI@DuiLib@@6BIContainerUI@1@@
??_7CListElementUI@DuiLib@@6BCControlUI@1@@
??_7CListElementUI@DuiLib@@6BIListItemUI@1@@
??_7CListHeaderItemUI@DuiLib@@6B@
??_7CListHeaderUI@DuiLib@@6BCControlUI@1@@
??_7CListHeaderUI@DuiLib@@6BIContainerUI@1@@
??_7CListLabelElementUI@DuiLib@@6BCControlUI@1@@
??_7CListLabelElementUI@DuiLib@@6BIListItemUI@1@@
??_7CListMiddleUI@DuiLib@@6BCControlUI@1@@
??_7CListMiddleUI@DuiLib@@6BIContainerUI@1@@
??_7CListTextElementUI@DuiLib@@6BCControlUI@1@@
??_7CListTextElementUI@DuiLib@@6BIListItemUI@1@@
??_7CListUI@DuiLib@@6B@
??_7CListUI@DuiLib@@6BCControlUI@1@@
??_7CListUI@DuiLib@@6BIContainerUI@1@@
??_7CMenuBodyUI@DuiLib@@6B@
??_7CMenuBodyUI@DuiLib@@6BCControlUI@1@@
??_7CMenuBodyUI@DuiLib@@6BIContainerUI@1@@
??_7CMenuItemUI@DuiLib@@6B@
??_7CMenuItemUI@DuiLib@@6BCControlUI@1@@
??_7CMenuItemUI@DuiLib@@6BIContainerUI@1@@
??_7CMenuUI@DuiLib@@6BCWindowWnd@1@@
??_7CMenuUI@DuiLib@@6BIDialogBuilderCallback@1@@
??_7CMenuUI@DuiLib@@6BINotifyUI@1@@
??_7CNotifyPump@DuiLib@@6B@
??_7COptionUI@DuiLib@@6B@
??_7CProgressUI@DuiLib@@6B@
??_7CRichEditUI@DuiLib@@6B@
??_7CRichEditUI@DuiLib@@6BCControlUI@1@@
??_7CRichEditUI@DuiLib@@6BIContainerUI@1@@
??_7CScrollBarUI@DuiLib@@6B@
??_7CSliderUI@DuiLib@@6B@
??_7CTabLayoutUI@DuiLib@@6BCControlUI@1@@
??_7CTabLayoutUI@DuiLib@@6BIContainerUI@1@@
??_7CTextUI@DuiLib@@6B@
??_7CTileLayoutUI@DuiLib@@6BCControlUI@1@@
??_7CTileLayoutUI@DuiLib@@6BIContainerUI@1@@
??_7CTreeNodeExUI@DuiLib@@6B@
??_7CTreeNodeExUI@DuiLib@@6BCControlUI@1@@
??_7CTreeNodeExUI@DuiLib@@6BIContainerUI@1@@
??_7CTreeNodeUI@DuiLib@@6B@
??_7CTreeNodeUI@DuiLib@@6BCControlUI@1@@
??_7CTreeNodeUI@DuiLib@@6BIContainerUI@1@@
??_7CTreeViewExUI@DuiLib@@6BCControlUI@1@@
??_7CTreeViewExUI@DuiLib@@6BCVListUI@1@@
??_7CTreeViewExUI@DuiLib@@6BIContainerUI@1@@
??_7CTreeViewExUI@DuiLib@@6BITreeInfo@1@@
??_7CTreeViewExUI@DuiLib@@6BIVListCallbackUI@1@@
??_7CTreeViewUI@DuiLib@@6BCControlUI@1@@
??_7CTreeViewUI@DuiLib@@6BCListUI@1@@
??_7CTreeViewUI@DuiLib@@6BIContainerUI@1@@
??_7CTreeViewUI@DuiLib@@6BINotifyUI@1@@
??_7CUIAnimation@DuiLib@@6B@
??_7CVListBodyUI@DuiLib@@6BCControlUI@1@@
??_7CVListBodyUI@DuiLib@@6BIContainerUI@1@@
??_7CVListUI@DuiLib@@6B@
??_7CVListUI@DuiLib@@6BCControlUI@1@@
??_7CVListUI@DuiLib@@6BIContainerUI@1@@
??_7CVerticalLayoutUI@DuiLib@@6BCControlUI@1@@
??_7CVerticalLayoutUI@DuiLib@@6BIContainerUI@1@@
??_7CWebBrowserUI@DuiLib@@6BCControlUI@1@@
??_7CWebBrowserUI@DuiLib@@6BIDispatch@@@
??_7CWebBrowserUI@DuiLib@@6BIDocHostUIHandler@@@
??_7CWebBrowserUI@DuiLib@@6BIMessageFilterUI@1@@
??_7CWebBrowserUI@DuiLib@@6BIOleCommandTarget@@@
??_7CWebBrowserUI@DuiLib@@6BIServiceProvider@@@
??_7CWebBrowserUI@DuiLib@@6BITranslateAccelerator@1@@
??_7CWindowWnd@DuiLib@@6B@
??_7ITreeInfo@DuiLib@@6B@
??_7IUIAnimation@DuiLib@@6B@
??_7IVListCallbackUI@DuiLib@@6B@
??_7WindowImplBase@DuiLib@@6BCNotifyPump@1@@
??_7WindowImplBase@DuiLib@@6BCWindowWnd@1@@
??_7WindowImplBase@DuiLib@@6BIDialogBuilderCallback@1@@
??_7WindowImplBase@DuiLib@@6BIMessageFilterUI@1@@
??_7WindowImplBase@DuiLib@@6BINotifyUI@1@@
??_FCDuiPtrArray@DuiLib@@QAEXXZ
??_FCDuiStringPtrMap@DuiLib@@QAEXXZ
??_FCMarkup@DuiLib@@QAEXXZ
??_FCMenuUI@DuiLib@@QAEXXZ
??_FCTreeNodeUI@DuiLib@@QAEXXZ
??_FCTreeViewExUI@DuiLib@@QAEXXZ
?AccSerStringFormat@CControlUI@DuiLib@@QAAXPB_WZZ
?Activate@CButtonUI@DuiLib@@UAE_NXZ
?Activate@CCheckBoxUI@DuiLib@@UAE_NXZ
?Activate@CComboExUI@DuiLib@@UAE_NXZ
?Activate@CComboUI@DuiLib@@UAE_NXZ
?Activate@CControlUI@DuiLib@@UAE_NXZ
?Activate@CListContainerElementUI@DuiLib@@UAE_NXZ
?Activate@CListElementUI@DuiLib@@UAE_NXZ
?Activate@COptionUI@DuiLib@@UAE_NXZ
?Add@CComboUI@DuiLib@@UAE_NPAVCControlUI@2@@Z
?Add@CContainerUI@DuiLib@@UAE_NPAVCControlUI@2@@Z
?Add@CDuiPtrArray@DuiLib@@QAE_NPAX@Z
?Add@CDuiValArray@DuiLib@@QAE_NPBX@Z
?Add@CListBodyUI@DuiLib@@UAE_NPAVCControlUI@2@@Z
?Add@CListUI@DuiLib@@UAE_NPAVCControlUI@2@@Z
?Add@CTabLayoutUI@DuiLib@@UAE_NPAVCControlUI@2@@Z
?Add@CTreeNodeUI@DuiLib@@UAE_NPAVCControlUI@2@@Z
?Add@CTreeViewUI@DuiLib@@UAE_NPAVCTreeNodeUI@2@@Z
?Add@CVListUI@DuiLib@@UAE_NPAVCControlUI@2@@Z
?AddAccSerCtrl@CPaintManagerUI@DuiLib@@QAEXPAVCControlUI@2@@Z
?AddAt@CComboUI@DuiLib@@UAE_NPAVCControlUI@2@H@Z
?AddAt@CContainerUI@DuiLib@@UAE_NPAVCControlUI@2@H@Z
?AddAt@CListBodyUI@DuiLib@@UAE_NPAVCControlUI@2@H@Z
?AddAt@CListUI@DuiLib@@UAE_NPAVCControlUI@2@H@Z
?AddAt@CTabLayoutUI@DuiLib@@UAE_NPAVCControlUI@2@H@Z
?AddAt@CTreeNodeUI@DuiLib@@UAE_NPAVCControlUI@2@H@Z
?AddAt@CTreeViewUI@DuiLib@@UAEJPAVCTreeNodeUI@2@H@Z
?AddAt@CTreeViewUI@DuiLib@@UAE_NPAVCTreeNodeUI@2@0@Z
?AddAt@CVListUI@DuiLib@@UAE_NPAVCControlUI@2@H@Z
?AddChildNode@CTreeNodeUI@DuiLib@@QAE_NPAV12@@Z

Sections

.text
Size: 666KB - Virtual size: 666KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 299KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HipsDB.dll
.dll windows:5 windows x86 arch:x86

27a05d2d00281307fff2bbb42cea4d0e

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:49:49:3c:c1:d5:e7:3e:4f:a9:eb:a4:cd:ba:3f:d6
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/03/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Beijing Huorong Network Technology Co.\, Ltd.,O=Beijing Huorong Network Technology Co.\, Ltd.,POSTALCODE=100012,STREET=3rd Floor\, Ruipu Building D\, Courtyard 15\, Hongjunying South Road\, Chao Yang District,L=Beijing Shi,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ae:4e:ac:14:17:27:cb:f9:f9:43:65:b3:b3:7b:09:a0:07:aa:9b:6b:9b:e3:6e:86:5f:7d:94:0a:e5:65:2a:c4
Signer

Actual PE Digest

ae:4e:ac:14:17:27:cb:f9:f9:43:65:b3:b3:7b:09:a0:07:aa:9b:6b:9b:e3:6e:86:5f:7d:94:0a:e5:65:2a:c4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\docker\Documents\workspace\build-v2\common\hr_sysdiag-app-50\bin\HipsDB.pdb

Imports

jansson

json_load_callback
json_loadb
json_array
json_object
json_delete
json_integer_value
json_array_size
json_object_iter
json_object_iter_key
json_array_get
json_object_iter_next
json_string_value
json_object_size
json_object_iter_value
json_array_append_new
json_object_set_new
json_object_key_to_iter
json_pack
json_unpack
json_string
json_deep_copy
json_integer
json_real
json_null
json_dumps
json_dumps_free
json_true
json_false
json_copy
json_array_clear
json_object_get
json_loads

sqlite

sqlite3_mutex_leave
sqlite3_db_mutex
sqlite3_mutex_enter
sqlite3_bind_text
sqlite3_column_int
sqlite3_reset
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_blob
sqlite3_column_type
sqlite3_column_int64
sqlite3_column_bytes
sqlite3_close_v2
sqlite3_errmsg
sqlite3_open
sqlite3_busy_timeout
sqlite3_exec
sqlite3_column_count
sqlite3_column_name
sqlite3_column_double
sqlite3_bind_double
sqlite3_value_text
sqlite3_result_int
sqlite3_create_function
sqlite3_last_insert_rowid
sqlite3_changes
sqlite3_prepare_v2
sqlite3_finalize
sqlite3_column_blob
sqlite3_step
sqlite3_column_text

kernel32

ReadConsoleW
GetConsoleMode
GetFileType
GetStdHandle
GetACP
GetStringTypeW
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
RtlUnwind
SetLastError
InterlockedFlushSList
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
WaitForSingleObjectEx
SetFilePointerEx
GetConsoleCP
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
EnterCriticalSection
GetCurrentProcess
LeaveCriticalSection
InitializeCriticalSection
MultiByteToWideChar
Sleep
CloseHandle
DeleteCriticalSection
GetModuleHandleA
GetProcAddress
GetVersion
CreateFileW
GetFileAttributesW
CreateDirectoryW
GetLastError
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
SetFileAttributesW
RaiseException
DecodePointer
InitializeCriticalSectionAndSpinCount
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
ReadFile
GetFileSize
GetNativeSystemInfo
CreateFileMappingA
UnmapViewOfFile
SetFilePointer
WriteFile
SetFileTime
GetFileInformationByHandle
CreateEventW
CreateThread
SetEvent
WaitForSingleObject
WaitForMultipleObjects
ResetEvent
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
WriteConsoleW
SetEndOfFile
WideCharToMultiByte
MapViewOfFile

advapi32

RegOpenKeyExA
RegQueryValueExW
RegCloseKey
RegQueryValueExA
RegOpenKeyExW
ImpersonateLoggedOnUser
RevertToSelf

libxsse

ord30
ord2
ord10

usysdiag

vif_autorun_get
vif_iokit_get

Sections

.text
Size: 198KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Meiq.exe
.exe windows:5 windows x86 arch:x86

c0a2e17fe80aee2ace9659ff9544cf57

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:49:49:3c:c1:d5:e7:3e:4f:a9:eb:a4:cd:ba:3f:d6
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/03/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Beijing Huorong Network Technology Co.\, Ltd.,O=Beijing Huorong Network Technology Co.\, Ltd.,POSTALCODE=100012,STREET=3rd Floor\, Ruipu Building D\, Courtyard 15\, Hongjunying South Road\, Chao Yang District,L=Beijing Shi,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5a:45:97:93:33:26:90:cf:76:35:7b:c3:a4:df:d2:79:7d:80:ce:2e:af:9c:ad:66:4e:5d:e4:34:28:88:26:59
Signer

Actual PE Digest

5a:45:97:93:33:26:90:cf:76:35:7b:c3:a4:df:d2:79:7d:80:ce:2e:af:9c:ad:66:4e:5d:e4:34:28:88:26:59

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\docker\Documents\workspace\build-v2\common\hr_sysdiag-app-50\bin\HRUpdate.pdb

Imports

jansson

json_integer_value
json_object_get
json_delete
json_pack
json_object
json_object_set_new
json_integer
json_deep_copy
json_string
json_array
json_array_append_new
json_loads
json_array_insert_new
json_dumps
json_dumps_free
json_array_extend
json_object_size
json_array_size
json_array_get

kernel32

TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetSystemTimeAsFileTime
GetStartupInfoW
RtlUnwind
ResetEvent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
VirtualFree
GetCommandLineA
WaitForSingleObjectEx
IsProcessorFeaturePresent
FlushInstructionCache
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
InterlockedPushEntrySList
LCMapStringW
CompareStringW
IsDebuggerPresent
OutputDebugStringW
RemoveDirectoryW
MoveFileExW
SetFileAttributesW
GetCommandLineW
ExitProcess
GetModuleHandleExW
VirtualAlloc
SetFilePointer
lstrlenW
GetStringTypeW
SetEnvironmentVariableW
SetEnvironmentVariableA
GetFileType
GetACP
GetStdHandle
FlushFileBuffers
GetSystemDirectoryW
SetLastError
CreateProcessW
OpenEventW
LocalAlloc
GetModuleFileNameA
GetCurrentProcessId
CreateMutexW
LoadLibraryExW
lstrcmpiW
GetCurrentThreadId
SetCurrentDirectoryW
GetModuleFileNameW
GetUserDefaultUILanguage
CreateEventW
CreateThread
WaitForMultipleObjects
SetEvent
TerminateThread
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
FreeLibrary
GetVersionExW
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
TerminateProcess
Process32NextW
Process32FirstW
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
LoadLibraryW
SystemTimeToTzSpecificLocalTime
GetLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
GetSystemTime
FindClose
FindNextFileW
FindFirstFileW
GetFileAttributesW
LoadLibraryA
GetVersion
GetModuleHandleA
GetTickCount
InterlockedIncrement
DeleteCriticalSection
LocalFree
Sleep
OpenProcess
InitializeCriticalSection
LeaveCriticalSection
GetCurrentProcess
GetLongPathNameW
EnterCriticalSection
InterlockedExchange
DeviceIoControl
CreateFileA
GetSystemDirectoryA
MultiByteToWideChar
GetSystemDefaultLangID
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
InterlockedDecrement
GetNativeSystemInfo
GetWindowsDirectoryW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
MoveFileW
DeleteFileW
GetTempFileNameW
GetFileSize
WriteFile
ReadFile
GetLastError
GetModuleHandleW
GetProcAddress
CreateFileW
CloseHandle
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
SetEndOfFile
ReadConsoleW
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
GetLocaleInfoW

user32

GetSystemMetrics
UnregisterClassW
DefWindowProcW
GetClientRect
SetWindowPos
GetWindowThreadProcessId
GetWindowRect
IsWindowVisible
GetParent
ExitWindowsEx
GetForegroundWindow
EnumThreadWindows
EnumChildWindows
IntersectRect
SendMessageW
LoadImageW
MoveWindow
FlashWindow
LoadCursorW
GetClassInfoExW
RegisterClassExW
CreateWindowExW
EnableWindow
SetFocus
PostQuitMessage
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetWindow
MapWindowPoints
DestroyWindow
SendMessageTimeoutW
CharNextW
SetWindowRgn
OffsetRect
CopyRect
MonitorFromWindow
GetMonitorInfoW
IsZoomed
CallWindowProcW
GetWindowLongW
SetWindowLongW
ScreenToClient
IsChild
KillTimer
FindWindowW
IsWindow
IsIconic
SetForegroundWindow
PostMessageW
SetTimer
ShowWindow

gdi32

GetObjectType
DeleteObject
CreateRoundRectRgn

advapi32

RegOpenKeyExA
LookupPrivilegeValueW
RegCreateKeyExA
RegSetValueExA
OpenProcessToken
GetTokenInformation
RegQueryValueExA
RegEnumKeyExA
RegSetValueExW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenServiceW
QueryServiceConfigW
StartServiceW
OpenSCManagerW
CloseServiceHandle
QueryServiceStatus
CreateServiceW
CheckTokenMembership
CreateWellKnownSid
DuplicateToken
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyExW
GetSidSubAuthority
FreeSid
AllocateAndInitializeSid
AdjustTokenPrivileges

shell32

SHGetSpecialFolderPathA
ShellExecuteExW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
ShellExecuteW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemRealloc

oleaut32

VarUI4FromStr
VariantClear
VariantInit
SysFreeString
SysAllocString

hipsdb

ord9
ord13

comctl32

InitCommonControlsEx

libcurl

curl_easy_init
curl_easy_perform
curl_easy_cleanup
curl_easy_setopt

libxsse

ord10
ord30

gdiplus

GdipCreatePen2
GdipDeletePen
GdipSetPenMode
GdipSetPenStartCap
GdipCreatePath
GdipDeletePath
ord1
GdipCreateFromHDC
GdipDeleteGraphics
GdipDeleteBrush
GdipSetPenEndCap
GdipCreateLineBrush
GdipSetSmoothingMode
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipDrawPath
GdipResetWorldTransform
GdipFillEllipseI
GdipCreateSolidFill

duilib

?Invalidate@CControlUI@DuiLib@@QAEXXZ
?DoEvent@CControlUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?GetInstance@CPaintManagerUI@DuiLib@@SAPAUHINSTANCE__@@XZ
?GetDPIAwareness@CDPI@DuiLib@@SA?AW4PROCESS_DPI_AWARENESS@@XZ
?GetDPIOfMonitorNearestToPoint@CDPI@DuiLib@@SAHUtagPOINT@@@Z
?GetMainMonitorDPI@CDPI@DuiLib@@SAHPAUHWND__@@@Z
?SetDPIAwareness@CDPI@DuiLib@@SAHW4PROCESS_DPI_AWARENESS@@@Z
?SelectTable@CTranslateManager@DuiLib@@QAE_NPB_W@Z
?SetDefaultTable@CTranslateManager@DuiLib@@QAE_NPB_W@Z
?GetTranslateManager@CPaintManagerUI@DuiLib@@SAAAVCTranslateManager@2@XZ
?LoadTable@CTranslateManager@DuiLib@@QAEHVSTRINGorID@2@PB_W1@Z
?SetResourceZip@CPaintManagerUI@DuiLib@@SAXPB_W_N@Z
?GetInstancePath@CPaintManagerUI@DuiLib@@SA?AVCDuiString@2@XZ
?SetResourcePath@CPaintManagerUI@DuiLib@@SAXPB_W@Z
?SetInstance@CPaintManagerUI@DuiLib@@SAXPAUHINSTANCE__@@@Z
?GetRoundCorner@CPaintManagerUI@DuiLib@@QAE?AUtagSIZE@@XZ
?FindControl@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@UtagPOINT@@@Z
?GetCaptionRect@CPaintManagerUI@DuiLib@@QAE?AUtagRECT@@XZ
?GetSizeBox@CPaintManagerUI@DuiLib@@QAE?AUtagRECT@@XZ
?GetMinInfo@CPaintManagerUI@DuiLib@@QAE?AUtagSIZE@@XZ
?GetMaxInfo@CPaintManagerUI@DuiLib@@QAE?AUtagSIZE@@XZ
?GetScale@CDPI@DuiLib@@QAEIXZ
?GetDPIFix@CPaintManagerUI@DuiLib@@QAE?AUtagSIZE@@H@Z
?GetDPIObj@CPaintManagerUI@DuiLib@@QAEPAVCDPI@2@XZ
?GetInitSize@CPaintManagerUI@DuiLib@@QAE?AUtagSIZE@@XZ
?AddNotifier@CPaintManagerUI@DuiLib@@QAE_NPAVINotifyUI@2@@Z
?AttachDialog@CPaintManagerUI@DuiLib@@QAE_NPAVCControlUI@2@@Z
?Create@CDialogBuilder@DuiLib@@QAEPAVCControlUI@2@VSTRINGorID@2@PB_WPAVIDialogBuilderCallback@2@PAVCPaintManagerUI@2@PAV32@@Z
?Init@CPaintManagerUI@DuiLib@@QAEXPAUHWND__@@@Z
??1CDialogBuilder@DuiLib@@QAE@XZ
??0CDialogBuilder@DuiLib@@QAE@XZ
?ReapObjects@CPaintManagerUI@DuiLib@@QAEXPAVCControlUI@2@@Z
?GetRoot@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@XZ
??0CControlUI@DuiLib@@QAE@XZ
?SetAccSerMouseCtrl@CPaintManagerUI@DuiLib@@QAEXPAVCControlUI@2@@Z
?IsEnableAccSerHitTest@CPaintManagerUI@DuiLib@@QBE_NXZ
?PreMessageHandler@CPaintManagerUI@DuiLib@@QAE_NIIJAAJ@Z
?TranslateAcceleratorW@CPaintManagerUI@DuiLib@@QAE_NPAUtagMSG@@@Z
?MessageHandler@CPaintManagerUI@DuiLib@@QAE_NIIJAAJ@Z
??1CDuiString@DuiLib@@QAE@XZ
?StringFormat@CControlUI@DuiLib@@QAAXPB_WZZ
?FindControl@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PB_W@Z
??1CPaintManagerUI@DuiLib@@QAE@XZ
??0CPaintManagerUI@DuiLib@@QAE@XZ
??BCDuiString@DuiLib@@QBEPB_WXZ
?SetManager@CControlUI@DuiLib@@UAEXPAVCPaintManagerUI@2@PAV12@_N@Z
?GetParent@CControlUI@DuiLib@@UBEPAV12@XZ
?GetText@CControlUI@DuiLib@@UBE?AVCDuiString@2@XZ
?SetText@CControlUI@DuiLib@@UAEXPB_W@Z
?GetPos@CControlUI@DuiLib@@UBEABUtagRECT@@XZ
?GetRelativePos@CControlUI@DuiLib@@UBE?AUtagRECT@@XZ
?SetPos@CControlUI@DuiLib@@UAEXUtagRECT@@_N@Z
?GetWidth@CControlUI@DuiLib@@UBEHXZ
?GetHeight@CControlUI@DuiLib@@UBEHXZ
?GetX@CControlUI@DuiLib@@UBEHXZ
?GetY@CControlUI@DuiLib@@UBEHXZ
?SetPadding@CControlUI@DuiLib@@UAEXUtagRECT@@@Z
?GetFixedXY@CControlUI@DuiLib@@UBE?AUtagSIZE@@XZ
?Scale@CDPI@DuiLib@@QAEHH@Z
?GetFixedWidth@CControlUI@DuiLib@@UBEHXZ
?SetFixedWidth@CControlUI@DuiLib@@UAEXH@Z
?GetMinWidth@CControlUI@DuiLib@@UBEHXZ
?SetMinWidth@CControlUI@DuiLib@@UAEXH@Z
?GetMaxWidth@CControlUI@DuiLib@@UBEHXZ
?SetMaxWidth@CControlUI@DuiLib@@UAEXH@Z
?GetMinHeight@CControlUI@DuiLib@@UBEHXZ
?SetMinHeight@CControlUI@DuiLib@@UAEXH@Z
?GetMaxHeight@CControlUI@DuiLib@@UBEHXZ
?GetAccCtrlFromPoint@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@ABUtagPOINT@@@Z
??1CControlUI@DuiLib@@UAE@XZ
?SetMaxHeight@CControlUI@DuiLib@@UAEXH@Z
?GetFloatPercent@CControlUI@DuiLib@@UBE?AUtagTPercentInfo@2@XZ
?SetFloatPercent@CControlUI@DuiLib@@UAEXUtagTPercentInfo@2@@Z
?ResetPos@CControlUI@DuiLib@@UAEXXZ
?GetToolTip@CControlUI@DuiLib@@UBE?AVCDuiString@2@XZ
?SetToolTip@CControlUI@DuiLib@@UAEXPB_W@Z
?SetToolTipWidth@CControlUI@DuiLib@@UAEXH@Z
?GetToolTipWidth@CControlUI@DuiLib@@UAEHXZ
?GetShortcut@CControlUI@DuiLib@@UBE_WXZ
?SetShortcut@CControlUI@DuiLib@@UAEX_W@Z
?IsContextMenuUsed@CControlUI@DuiLib@@UBE_NXZ
?SetContextMenuUsed@CControlUI@DuiLib@@UAEX_N@Z
?SetAttribute@CControlUI@DuiLib@@UAEXPB_W0@Z
?SetTimer@CPaintManagerUI@DuiLib@@QAE_NPAVCControlUI@2@II@Z
?KillTimer@CPaintManagerUI@DuiLib@@QAE_NPAVCControlUI@2@I@Z
??0CProgressUI@DuiLib@@QAE@XZ
?GetInterface@CProgressUI@DuiLib@@UAEPAXPB_W@Z
?SetAttribute@CProgressUI@DuiLib@@UAEXPB_W0@Z
?Scale@CDPI@DuiLib@@QAEXPAUtagSIZE@@@Z
?Scale@CDPI@DuiLib@@QAEXPAUtagRECT@@@Z
??0CRenderClip@DuiLib@@QAE@XZ
??1CRenderClip@DuiLib@@QAE@XZ
?GenerateRoundClip@CRenderClip@DuiLib@@SAXPAUHDC__@@UtagRECT@@1HHAAV12@@Z
?PaintBkColor@CControlUI@DuiLib@@UAEXPAUHDC__@@@Z
?PaintBkImage@CControlUI@DuiLib@@UAEXPAUHDC__@@@Z
?PaintBorder@CControlUI@DuiLib@@UAEXPAUHDC__@@@Z
?PaintText@CLabelUI@DuiLib@@UAEXPAUHDC__@@@Z
?GenerateClip@CRenderClip@DuiLib@@SAXPAUHDC__@@UtagRECT@@AAV12@@Z
?PaintStatusImage@CProgressUI@DuiLib@@UAEXPAUHDC__@@@Z
??1CProgressUI@DuiLib@@UAE@XZ
?GetAccSerName@CProgressUI@DuiLib@@UBE?AVCDuiString@2@_N@Z
?EstimateSize@CLabelUI@DuiLib@@UAE?AUtagSIZE@@U3@@Z
?DoEvent@CLabelUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?GetText@CLabelUI@DuiLib@@UBE?AVCDuiString@2@XZ
?HandleCursorMessage@CControlUI@DuiLib@@UBE_NABUtagPOINT@@@Z
?GetControlData@CControlUI@DuiLib@@UAE_NPAPAX@Z
?FindAccSerChildByPt@CControlUI@DuiLib@@UAEPAV12@ABUtagPOINT@@@Z
?GetAccSerState@CControlUI@DuiLib@@UBEJXZ
?GetAccSerName@CControlUI@DuiLib@@UBE?AVCDuiString@2@_N@Z
?SetAccSerInfo@CControlUI@DuiLib@@UAEXPAUtagTAccessibleServerInfo@2@@Z
?FindFirstAccSerCtrl@CControlUI@DuiLib@@UAEPAV12@XZ
?DoPostPaint@CControlUI@DuiLib@@UAEXPAUHDC__@@ABUtagRECT@@@Z
?PaintText@CControlUI@DuiLib@@UAEXPAUHDC__@@@Z
?PaintStatusImage@CControlUI@DuiLib@@UAEXPAUHDC__@@@Z
?DoPaint@CControlUI@DuiLib@@UAEXPAUHDC__@@ABUtagRECT@@@Z
?EstimateSize@CControlUI@DuiLib@@UAE?AUtagSIZE@@U3@@Z
?SetAttributeList@CControlUI@DuiLib@@UAEXPB_W@Z
?Event@CControlUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z
?DoInit@CControlUI@DuiLib@@UAEXXZ
?Init@CControlUI@DuiLib@@UAEXXZ
?FindControl@CControlUI@DuiLib@@UAEPAV12@P6GPAV12@PAV12@PAX@Z1I@Z
?SetFloat@CControlUI@DuiLib@@UAEX_N@Z
?IsFloat@CControlUI@DuiLib@@UBE_NXZ
?IsFocused@CControlUI@DuiLib@@UBE_NXZ
?SetKeyboardEnabled@CControlUI@DuiLib@@UAEX_N@Z
?IsKeyboardEnabled@CControlUI@DuiLib@@UBE_NXZ
?SetMouseEnabled@CControlUI@DuiLib@@UAEX_N@Z
?IsMouseEnabled@CControlUI@DuiLib@@UBE_NXZ
?IsEnabled@CControlUI@DuiLib@@UBE_NXZ
?SetInternVisible@CControlUI@DuiLib@@UAEX_N@Z
?IsVisible@CControlUI@DuiLib@@UBE_NXZ
?SetTag@CControlUI@DuiLib@@UAEXI@Z
?GetTag@CControlUI@DuiLib@@UBEIXZ
?SetUserData@CControlUI@DuiLib@@UAEXPB_W@Z
?GetPadding@CControlUI@DuiLib@@UBE?AUtagRECT@@XZ
?SelectItem@CTabLayoutUI@DuiLib@@QAE_NH_N@Z
?SetText@CLabelUI@DuiLib@@UAEXPB_W@Z
?GetItem@CTranslateManager@DuiLib@@QAE?AVCDuiString@2@PB_W0@Z
?FindSubControl@CContainerUI@DuiLib@@QAEPAVCControlUI@2@PB_W@Z
?SetVisible@CControlUI@DuiLib@@UAEX_N@Z
?GetCurSel@CTabLayoutUI@DuiLib@@QBEHXZ
?SetFixedHeight@CControlUI@DuiLib@@UAEXH@Z
?GetUserData@CControlUI@DuiLib@@UAEABVCDuiString@2@XZ
?GetManager@CControlUI@DuiLib@@UBEPAVCPaintManagerUI@2@XZ
?ScaleBack@CDPI@DuiLib@@QAEHH@Z
?GetFixedHeight@CControlUI@DuiLib@@UBEHXZ
??0CDuiString@DuiLib@@QAE@XZ
??4CDuiString@DuiLib@@QAEABV01@ABV01@@Z
?IsEmpty@CDuiString@DuiLib@@QBE_NXZ
?SetEnabled@CControlUI@DuiLib@@UAEX_N@Z
?GetMaxValue@CProgressUI@DuiLib@@QBEHXZ
?GetValue@CProgressUI@DuiLib@@QBEHXZ
?SetValue@CProgressUI@DuiLib@@QAEXH@Z
?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z
?GetMinValue@CProgressUI@DuiLib@@QBEHXZ
?GetName@CControlUI@DuiLib@@UBE?AVCDuiString@2@XZ
?GetLinkContent@CTextUI@DuiLib@@QAEPAVCDuiString@2@H@Z
??8CDuiString@DuiLib@@QBE_NPB_W@Z
?SetMaxValue@CProgressUI@DuiLib@@QAEXH@Z
?SetNextTabControl@CPaintManagerUI@DuiLib@@QAE_N_N@Z
?SetFocus@CControlUI@DuiLib@@UAEXXZ
?SetName@CControlUI@DuiLib@@UAEXPB_W@Z
?GetInterface@CControlUI@DuiLib@@UAEPAXPB_W@Z
?GetControlFlags@CControlUI@DuiLib@@UBEIXZ
?Activate@CControlUI@DuiLib@@UAE_NXZ
?SetFixedXY@CControlUI@DuiLib@@UAEXUtagSIZE@@@Z

upgrade

ord13
ord4
ord11
ord5
ord14
ord15
ord17
ord12
ord6
ord9
ord8
ord7
ord10
ord16
ord1
ord2

hrcomm

CreateLPCClient

iphlpapi

GetAdaptersInfo

psapi

GetProcessImageFileNameW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

selfprot

disable_msg_inject

Sections

.text
Size: 270KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hrcomm.dll
.dll windows:5 windows x86 arch:x86

516bb8c28d494cb6cb1b12bbfeec4a13

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:49:49:3c:c1:d5:e7:3e:4f:a9:eb:a4:cd:ba:3f:d6
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/03/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Beijing Huorong Network Technology Co.\, Ltd.,O=Beijing Huorong Network Technology Co.\, Ltd.,POSTALCODE=100012,STREET=3rd Floor\, Ruipu Building D\, Courtyard 15\, Hongjunying South Road\, Chao Yang District,L=Beijing Shi,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bc:0a:49:3c:f7:86:67:54:22:c6:47:58:11:ef:a7:03:21:54:43:ce:26:57:ce:a1:eb:83:33:85:65:4d:b8:bb
Signer

Actual PE Digest

bc:0a:49:3c:f7:86:67:54:22:c6:47:58:11:ef:a7:03:21:54:43:ce:26:57:ce:a1:eb:83:33:85:65:4d:b8:bb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\docker\Documents\workspace\build-v2\common\hr_sysdiag-app-50\bin\hrcomm.pdb

Imports

jansson

json_string
json_array
json_array_append_new
json_loads
json_integer_value
json_object_get
json_unpack
json_pack
json_object_set_new
json_null
json_dumps
json_pack_ex
json_dumps_free
json_string_value
json_array_get
json_array_size
json_deep_copy
json_delete

kernel32

SetStdHandle
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
RaiseException
GetLastError
DecodePointer
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetConsoleCP
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
CloseHandle
InitializeCriticalSection
CancelIo
DisconnectNamedPipe
InterlockedIncrement
Sleep
CreateFileW
CreateThread
SetEvent
WaitForSingleObject
ReadFile
CreateEventW
ResetEvent
DeviceIoControl
CreateFileA
WriteFile
GetOverlappedResult
LocalAlloc
LocalFree
PostQueuedCompletionStatus
WaitForMultipleObjects
CreateNamedPipeA
ConnectNamedPipe
CreateIoCompletionPort
GetQueuedCompletionStatus
FindNextFileA
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
WriteConsoleW
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
InterlockedFlushSList
SetLastError
RtlUnwind
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetStdHandle
GetFileType
LCMapStringW
FindClose
FindFirstFileExA

advapi32

SetEntriesInAclW
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AllocateAndInitializeSid

Exports

Exports

CreateLPCClient
CreateLPCServer

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
jansson.dll
.dll windows:5 windows x86 arch:x86

6352b05f36a3dbcf39d907d987aec925

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:49:49:3c:c1:d5:e7:3e:4f:a9:eb:a4:cd:ba:3f:d6
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/03/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Beijing Huorong Network Technology Co.\, Ltd.,O=Beijing Huorong Network Technology Co.\, Ltd.,POSTALCODE=100012,STREET=3rd Floor\, Ruipu Building D\, Courtyard 15\, Hongjunying South Road\, Chao Yang District,L=Beijing Shi,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d7:8f:71:77:a6:74:2b:a2:6a:58:b0:c9:e8:70:cf:3e:9f:57:17:a1:bb:5b:76:22:3b:f7:7f:4e:e2:4a:82:77
Signer

Actual PE Digest

d7:8f:71:77:a6:74:2b:a2:6a:58:b0:c9:e8:70:cf:3e:9f:57:17:a1:bb:5b:76:22:3b:f7:7f:4e:e2:4a:82:77

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\hrcode\hr_sysdiag-fund\bin\jansson.pdb

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
CloseHandle
WriteFile
GetConsoleCP
GetConsoleMode
GetCurrentThread
GetACP
GetStdHandle
GetFileType
GetStringTypeW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetProcessHeap
SetConsoleCtrlHandler
CreateFileW
SetStdHandle
FlushFileBuffers
SetFilePointerEx
WriteConsoleW
ReadFile
ReadConsoleW
HeapSize
HeapReAlloc
SetEndOfFile
OutputDebugStringA
OutputDebugStringW
WaitForSingleObjectEx
CreateThread
EncodePointer
DecodePointer
RaiseException

Exports

Exports

json_array
json_array_append_new
json_array_clear
json_array_extend
json_array_get
json_array_insert_new
json_array_remove
json_array_set_new
json_array_size
json_copy
json_deep_copy
json_delete
json_dump_callback
json_dump_file
json_dumpf
json_dumps
json_dumps_free
json_equal
json_false
json_integer
json_integer_set
json_integer_value
json_load_callback
json_load_file
json_loadb
json_loadf
json_loads
json_null
json_number_value
json_object
json_object_clear
json_object_del
json_object_get
json_object_iter
json_object_iter_at
json_object_iter_key
json_object_iter_next
json_object_iter_set_new
json_object_iter_value
json_object_key_to_iter
json_object_set_new
json_object_set_new_nocheck
json_object_size
json_object_update
json_object_update_existing
json_object_update_missing
json_pack
json_pack_ex
json_real
json_real_set
json_real_value
json_set_alloc_funcs
json_string
json_string_nocheck
json_string_set
json_string_set_nocheck
json_string_value
json_true
json_unpack
json_unpack_ex
json_vpack_ex
json_vunpack_ex

Sections

.text
Size: 294KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libcurl.dll
.dll windows:5 windows x86 arch:x86

882acd5087a5ac829628463b4aeaf80e

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:49:49:3c:c1:d5:e7:3e:4f:a9:eb:a4:cd:ba:3f:d6
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/03/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Beijing Huorong Network Technology Co.\, Ltd.,O=Beijing Huorong Network Technology Co.\, Ltd.,POSTALCODE=100012,STREET=3rd Floor\, Ruipu Building D\, Courtyard 15\, Hongjunying South Road\, Chao Yang District,L=Beijing Shi,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:7f:2b:da:32:80:0a:d8:cf:74:1a:be:93:08:37:ab:a0:a1:5e:ce:23:78:99:52:3e:7e:0a:ad:17:d6:65:50
Signer

Actual PE Digest

78:7f:2b:da:32:80:0a:d8:cf:74:1a:be:93:08:37:ab:a0:a1:5e:ce:23:78:99:52:3e:7e:0a:ad:17:d6:65:50

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\workspace\libcurl\bin\x86\libcurl.pdb

Imports

ws2_32

getnameinfo
recvfrom
sendto
send
__WSAFDIsSet
select
ioctlsocket
accept
listen
WSACleanup
WSAStartup
gethostname
getaddrinfo
freeaddrinfo
bind
WSAIoctl
closesocket
WSASetLastError
getpeername
getsockname
socket
ntohs
connect
recv
getsockopt
htons
setsockopt
WSAGetLastError
shutdown

kernel32

FlushFileBuffers
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
SleepEx
MultiByteToWideChar
WideCharToMultiByte
WaitForSingleObject
CloseHandle
ExpandEnvironmentStringsA
Sleep
SetLastError
GetLastError
FormatMessageA
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
VerSetConditionMask
GetModuleHandleW
VerifyVersionInfoW
ReadFile
GetStdHandle
WaitForMultipleObjects
PeekNamedPipe
FindClose
GetFileType
GetTickCount
GetEnvironmentVariableW
WriteFile
GetSystemTimeAsFileTime
FormatMessageW
SwitchToFiber
DeleteFiber
CreateFiber
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
ConvertFiberToThread
ConvertThreadToFiber
GetConsoleMode
ReadConsoleA
ReadConsoleW
SetConsoleMode
GetSystemTime
SystemTimeToFileTime
GetFullPathNameW
GetCurrentDirectoryW
FindFirstFileExA
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
SetEndOfFile
FindFirstFileW
WriteConsoleW
SetStdHandle
HeapReAlloc
GetTimeZoneInformation
HeapSize
DecodePointer
FreeLibrary
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InterlockedFlushSList
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
SetFilePointerEx
CreateFileW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
SetConsoleCtrlHandler
RaiseException
GetModuleFileNameA
GetConsoleCP
HeapFree
HeapAlloc
GetStringTypeW
GetACP
CompareStringW
LCMapStringW

user32

GetUserObjectInformationW
MessageBoxW
GetProcessWindowStation

advapi32

CryptGenRandom
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
DeregisterEventSource

crypt32

CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertCloseStore
CertOpenStore

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_pushheader_byname
curl_pushheader_bynum
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_version
curl_version_info

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 372KB - Virtual size: 371KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libxsse.dll
.dll windows:5 windows x86 arch:x86

c1a77b6099db379d3f12d5329ceded1c

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:49:49:3c:c1:d5:e7:3e:4f:a9:eb:a4:cd:ba:3f:d6
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/03/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Beijing Huorong Network Technology Co.\, Ltd.,O=Beijing Huorong Network Technology Co.\, Ltd.,POSTALCODE=100012,STREET=3rd Floor\, Ruipu Building D\, Courtyard 15\, Hongjunying South Road\, Chao Yang District,L=Beijing Shi,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

31:9f:2f:00:77:e7:4a:e4:ae:46:89:ac:96:00:09:d5:cc:82:a5:7d:ef:c4:f9:9a:fa:12:b9:4f:93:d9:fd:27
Signer

Actual PE Digest

31:9f:2f:00:77:e7:4a:e4:ae:46:89:ac:96:00:09:d5:cc:82:a5:7d:ef:c4:f9:9a:fa:12:b9:4f:93:d9:fd:27

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\devel\works\hr_sysdiag-dist\xsse\bin\libxsse.pdb

Imports

oleaut32

SysStringLen
VariantClear
VariantCopy
SysAllocString
SysAllocStringLen

kernel32

FindFirstFileW
FindNextFileW
FindClose
SystemTimeToFileTime
GetSystemTime
InterlockedExchange
GetCurrentThreadId
CreateThread
ReadFile
GetModuleFileNameA
GetFileSizeEx
GetLongPathNameW
GetCurrentProcess
WriteFile
InterlockedDecrement
ExpandEnvironmentStringsA
SetEndOfFile
CreateFileW
GetFileAttributesW
UnmapViewOfFile
DuplicateHandle
GetModuleHandleA
OpenProcess
GetVersion
Sleep
LoadLibraryA
GetSystemInfo
GetCurrentDirectoryW
SearchPathA
VirtualAlloc
GetProcAddress
SetFilePointerEx
LocalFree
IsBadReadPtr
CreateFileMappingW
MapViewOfFile
GetTickCount
InterlockedCompareExchange
GetModuleFileNameW
LoadLibraryW
FreeLibrary
GetVersionExW
WriteProcessMemory
ReadProcessMemory
DisableThreadLibraryCalls
HeapSize
GetTimeZoneInformation
WriteConsoleW
SetConsoleCtrlHandler
GetProcessHeap
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
VirtualFree
VirtualProtect
CreateSemaphoreW
ResetEvent
CloseHandle
SetEvent
CreateEventW
WaitForSingleObject
InitializeCriticalSection
ReleaseSemaphore
InterlockedIncrement
DeleteCriticalSection
DecodePointer
LeaveCriticalSection
EnterCriticalSection
CompareFileTime
WideCharToMultiByte
GetLastError
MultiByteToWideChar
GetTempPathW
OutputDebugStringA
OutputDebugStringW
WaitForSingleObjectEx
FlushFileBuffers
GetWindowsDirectoryW
FindNextFileA
FindFirstFileExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
QueryPerformanceFrequency
GetDriveTypeW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileAttributesExW
SetFileAttributesW
DeleteFileW
ExitProcess
GetConsoleMode
ReadConsoleW
GetConsoleCP
HeapFree
HeapAlloc
GetCurrentThread
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetACP
GetStringTypeW
HeapReAlloc
SetCurrentDirectoryW
GetFullPathNameW
GetFullPathNameA
SetStdHandle
GetStdHandle
GetCPInfo
FindFirstFileExA

user32

IsWindowVisible
CloseWindowStation
EnumDesktopsA
GetWindowRect
OpenWindowStationA
OpenDesktopA
EnumDesktopWindows
GetParent
CharUpperW
EnumWindowStationsA
GetWindowThreadProcessId
CloseDesktop

advapi32

RegSetValueExA
BuildExplicitAccessWithNameA
SetSecurityDescriptorDacl
SetEntriesInAclA
GetSecurityDescriptorDacl
RegGetKeySecurity
RegCloseKey
RegDeleteKeyA
RegQueryValueExA
RegCreateKeyExA
RegSetKeySecurity
RegSetValueExW
OpenProcessToken
RegLoadKeyA
InitializeSecurityDescriptor
RegOpenKeyExA
ConvertSidToStringSidW
RegEnumValueA
RegDeleteValueA
RegOpenKeyW
RegSaveKeyA
RegQueryValueExW
RegEnumKeyExA
GetTokenInformation

sfc

SfcIsFileProtected

Exports

Exports

libxsse_exrec_alloc
libxsse_record_alloc
libxsse_register_codec
libxsse_register_exunit

Sections

.text
Size: 854KB - Virtual size: 853KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
s.bin
selfprot.dll
.dll windows:4 windows x86 arch:x86

308b72fc76c681d9308f7640bb30bee9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord3922
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord5731
ord2512
ord2554
ord4486
ord6375
ord2976
ord4274
ord1255
ord6467
ord269
ord826
ord600
ord1578
ord1116

msvcrt

__CxxFrameHandler
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
??2@YAPAXI@Z

kernel32

LocalFree
CreateFileA
GetFileSize
ReadFile
Sleep
LocalAlloc

user32

EnumWindows

Exports

Exports

disable_msg_inject

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 158KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sqlite.dll
.dll windows:5 windows x86 arch:x86

ed240468ea6db5274f2bb379c1fc6ca9

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:49:49:3c:c1:d5:e7:3e:4f:a9:eb:a4:cd:ba:3f:d6
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/03/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Beijing Huorong Network Technology Co.\, Ltd.,O=Beijing Huorong Network Technology Co.\, Ltd.,POSTALCODE=100012,STREET=3rd Floor\, Ruipu Building D\, Courtyard 15\, Hongjunying South Road\, Chao Yang District,L=Beijing Shi,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

91:de:cd:90:89:c7:7d:e2:16:1b:91:84:ce:e5:ad:05:45:fa:51:5e:fe:9b:ff:3b:4a:3f:85:8d:2c:57:46:24
Signer

Actual PE Digest

91:de:cd:90:89:c7:7d:e2:16:1b:91:84:ce:e5:ad:05:45:fa:51:5e:fe:9b:ff:3b:4a:3f:85:8d:2c:57:46:24

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\hrcode\hr_sysdiag-fund\bin\sqlite.pdb

Imports

kernel32

SetConsoleCtrlHandler
FindFirstFileW
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetCurrentProcess
GetStdHandle
SetFileTime
GetEnvironmentVariableA
FindClose
CreateFileW
LoadLibraryA
CloseHandle
SetCurrentDirectoryW
GetProcAddress
GetCurrentProcessId
SystemTimeToFileTime
FreeLibrary
GetSystemTime
DebugBreak
AreFileApisANSI
ReadFile
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
WriteFile
InterlockedCompareExchange
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
GetFileAttributesW
GetCurrentThreadId
GetVersionExW
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetLastError
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
WaitForSingleObjectEx
GetVersionExA
DeleteFileA
DeleteFileW
HeapReAlloc
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
CreateFileMappingA
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetProcessHeap
WideCharToMultiByte
GetSystemTimeAsFileTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
FindFirstFileExW
FindNextFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
DuplicateHandle
CreateProcessA
CreateProcessW
GetDriveTypeW
GetFileType
PeekNamedPipe
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleFileNameA
GetModuleFileNameW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetCurrentThread
GetACP
GetConsoleCP
GetExitCodeProcess
CreatePipe
SetStdHandle
GetCurrentDirectoryW
SetFileAttributesW
GetStringTypeW
CreateDirectoryW
GetTimeZoneInformation
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
WriteConsoleW
EncodePointer
DecodePointer
RaiseException

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_blob64
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_text64
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_bind_zeroblob64
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_cancel_auto_extension
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_close_v2
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_cacheflush
sqlite3_db_config
sqlite3_db_filename
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_readonly
sqlite3_db_release_memory
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_errstr
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_malloc64
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_msize
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_realloc64
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_blob64
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_subtype
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_text64
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_result_zeroblob64
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_status64
sqlite3_step
sqlite3_stmt_busy
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_strglob
sqlite3_stricmp
sqlite3_strlike
sqlite3_strnicmp
sqlite3_system_errno
sqlite3_table_column_metadata
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_uri_boolean
sqlite3_uri_int64
sqlite3_uri_parameter
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_dup
sqlite3_value_free
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_subtype
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vtab_config
sqlite3_vtab_on_conflict
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_is_nt
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_set_directory
sqlite3_win32_sleep
sqlite3_win32_utf8_to_mbcs
sqlite3_win32_write_debug

Sections

.text
Size: 933KB - Virtual size: 933KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uactmon.dll
.dll windows:5 windows x86 arch:x86

86e7eec1e15c4d784791412b483ec56e

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:49:49:3c:c1:d5:e7:3e:4f:a9:eb:a4:cd:ba:3f:d6
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/03/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Beijing Huorong Network Technology Co.\, Ltd.,O=Beijing Huorong Network Technology Co.\, Ltd.,POSTALCODE=100012,STREET=3rd Floor\, Ruipu Building D\, Courtyard 15\, Hongjunying South Road\, Chao Yang District,L=Beijing Shi,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6d:a9:a1:22:0b:46:fd:67:64:2a:48:35:ac:8e:4c:b5:a7:55:4a:69:90:dd:93:b8:7d:3d:fe:8e:f6:18:e6:d0
Signer

Actual PE Digest

6d:a9:a1:22:0b:46:fd:67:64:2a:48:35:ac:8e:4c:b5:a7:55:4a:69:90:dd:93:b8:7d:3d:fe:8e:f6:18:e6:d0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\hrcode\hr_sysdiag-fund\bin\uactmon.pdb

Imports

kernel32

GetSystemInfo
GetCurrentDirectoryW
SearchPathA
GetWindowsDirectoryW
SetFilePointerEx
LocalFree
DeleteCriticalSection
WideCharToMultiByte
InterlockedIncrement
IsBadReadPtr
CreateFileMappingW
MapViewOfFile
GetTickCount
SetThreadPriority
WaitForSingleObject
SetEvent
GetCurrentThread
GetVersionExA
CreateThread
CreateEventA
DisableThreadLibraryCalls
ReleaseSemaphore
WaitForMultipleObjects
GetThreadPriority
GetLastError
DeviceIoControl
GetOverlappedResult
GetLongPathNameA
TerminateThread
WaitForSingleObjectEx
LoadLibraryW
ResetEvent
DecodePointer
EncodePointer
OutputDebugStringW
OutputDebugStringA
ReadConsoleW
WriteConsoleW
GetTimeZoneInformation
HeapSize
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
Sleep
MultiByteToWideChar
GetVersion
OpenProcess
GetModuleHandleA
DuplicateHandle
UnmapViewOfFile
GetFileAttributesW
CreateFileW
SetEndOfFile
ExpandEnvironmentStringsA
InitializeCriticalSection
LeaveCriticalSection
InterlockedDecrement
WriteFile
GetCurrentProcess
GetLongPathNameW
EnterCriticalSection
VirtualProtect
GetFileSizeEx
GetQueuedCompletionStatus
InterlockedExchange
GetModuleFileNameA
ReadFile
CreateIoCompletionPort
GetProcAddress
CloseHandle
LoadLibraryA
GetFullPathNameA
GetFullPathNameW
SetCurrentDirectoryW
PostQueuedCompletionStatus
CreateSemaphoreA
SetConsoleCtrlHandler
GetProcessHeap
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RtlUnwind
GetFileAttributesExW
SetFileAttributesW
DeleteFileW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetDriveTypeW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
HeapFree
HeapAlloc
HeapReAlloc
GetACP
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetStringTypeW
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
RaiseException

user32

GetParent
EnumDesktopWindows
OpenDesktopA
OpenWindowStationA
GetWindowThreadProcessId
EnumWindowStationsA
GetWindowRect
IsWindowVisible
CloseWindowStation
EnumDesktopsA
CloseDesktop

advapi32

GetSecurityDescriptorDacl
RegEnumKeyExA
CloseServiceHandle
OpenSCManagerW
OpenServiceW
BuildExplicitAccessWithNameA
SetSecurityDescriptorDacl
SetEntriesInAclA
RegGetKeySecurity
RegCloseKey
RegDeleteKeyA
RegQueryValueExA
RegCreateKeyExA
RegSetKeySecurity
RegSetValueExW
RegSetValueExA
OpenProcessToken
RegLoadKeyA
InitializeSecurityDescriptor
RegOpenKeyExA
ConvertSidToStringSidW
RegEnumValueA
RegDeleteValueA
RegOpenKeyW
RegSaveKeyA
RegQueryValueExW
GetTokenInformation

libxsse

ord10
ord11

iphlpapi

SetTcpEntry

ws2_32

htons

Sections

.text
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
upgrade.dll
.dll windows:5 windows x86 arch:x86

728b7e78535c23780f9cf421e03852bb

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:49:49:3c:c1:d5:e7:3e:4f:a9:eb:a4:cd:ba:3f:d6
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/03/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Beijing Huorong Network Technology Co.\, Ltd.,O=Beijing Huorong Network Technology Co.\, Ltd.,POSTALCODE=100012,STREET=3rd Floor\, Ruipu Building D\, Courtyard 15\, Hongjunying South Road\, Chao Yang District,L=Beijing Shi,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

76:24:a6:43:30:42:6a:e1:9d:ef:ae:d2:b7:42:60:0e:42:16:4d:e0:e2:97:ce:75:95:76:5a:fb:4f:8e:be:8c
Signer

Actual PE Digest

76:24:a6:43:30:42:6a:e1:9d:ef:ae:d2:b7:42:60:0e:42:16:4d:e0:e2:97:ce:75:95:76:5a:fb:4f:8e:be:8c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\workspace\bot\bin\upgrade.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

libxsse

ord30
ord10
ord12
ord11

libcurl

curl_slist_free_all
curl_slist_append
curl_easy_init
curl_global_cleanup
curl_global_init
curl_easy_getinfo
curl_easy_perform
curl_easy_escape
curl_free
curl_easy_setopt
curl_easy_cleanup

jansson

json_string_value
json_string_set
json_array_get
json_string
json_real
json_array_size
json_integer_value
json_delete
json_array_append_new
json_array
json_loadb
json_object_get
json_integer
json_unpack
json_object_set_new
json_object

kernel32

GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
GetStringTypeW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
InterlockedDecrement
WaitForSingleObject
TerminateThread
CloseHandle
CreateThread
GetTempFileNameW
InterlockedIncrement
ExpandEnvironmentStringsW
DeleteFileW
MoveFileExW
CreateProcessW
GetExitCodeProcess
InterlockedExchange
EnterCriticalSection
GetLongPathNameW
GetCurrentProcess
LeaveCriticalSection
InitializeCriticalSection
GetCommandLineW
MultiByteToWideChar
Sleep
GetWindowsDirectoryW
LocalFree
DeleteCriticalSection
WideCharToMultiByte
GetTickCount
GetModuleHandleA
GetProcAddress
GetVersion
VirtualProtect
ExpandEnvironmentStringsA
CreateFileW
LoadLibraryA
GetSystemInfo
SearchPathA
IsBadReadPtr
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileType
GetStdHandle
GetACP
HeapReAlloc
GetCurrentThread
HeapAlloc
HeapFree
GetModuleFileNameW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetProcessHeap
SetConsoleCtrlHandler
GetTempPathW
SetStdHandle
HeapSize
RaiseException
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
ReadFile
ReadConsoleW
SetEndOfFile
EncodePointer
DecodePointer
WriteConsoleW
OutputDebugStringA
OutputDebugStringW
WaitForSingleObjectEx
OpenProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
InterlockedPushEntrySList
InterlockedFlushSList
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RtlUnwind
CreateDirectoryW
GetFileAttributesExW
SetFileAttributesW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA

user32

GetWindowThreadProcessId
EnumWindowStationsA
GetWindowRect
IsWindowVisible
CloseWindowStation
EnumDesktopsA
CloseDesktop
OpenWindowStationA
OpenDesktopA
EnumDesktopWindows
GetParent
wsprintfW

advapi32

RegEnumValueA
BuildExplicitAccessWithNameA
SetSecurityDescriptorDacl
SetEntriesInAclA
GetSecurityDescriptorDacl
RegGetKeySecurity
RegDeleteKeyA
RegQueryValueExA
RegCreateKeyExA
RegSetKeySecurity
RegSetValueExW
RegSetValueExA
RegLoadKeyA
InitializeSecurityDescriptor
RegOpenKeyExA
RegDeleteValueA
RegSaveKeyA
RegQueryValueExW
RegEnumKeyExA
RegCloseKey
OpenProcessToken
ConvertSidToStringSidW
RegOpenKeyW
GetTokenInformation

Sections

.text
Size: 296KB - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
usysdiag.dll
.dll windows:5 windows x86 arch:x86

e17404561494c850a5ac4b53ea852723

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:49:49:3c:c1:d5:e7:3e:4f:a9:eb:a4:cd:ba:3f:d6
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/03/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Beijing Huorong Network Technology Co.\, Ltd.,O=Beijing Huorong Network Technology Co.\, Ltd.,POSTALCODE=100012,STREET=3rd Floor\, Ruipu Building D\, Courtyard 15\, Hongjunying South Road\, Chao Yang District,L=Beijing Shi,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:88:6f:af:ac:7c:f6:27:e2:a6:c9:30:88:21:9d:a8:80:1b:9e:3a:d5:56:4d:0d:96:d2:55:d3:77:42:4b:e0
Signer

Actual PE Digest

51:88:6f:af:ac:7c:f6:27:e2:a6:c9:30:88:21:9d:a8:80:1b:9e:3a:d5:56:4d:0d:96:d2:55:d3:77:42:4b:e0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\hrcode\hr_sysdiag-fund\bin\usysdiag.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

wtsapi32

WTSFreeMemory
WTSEnumerateProcessesA

ws2_32

ntohs

sfc

SfcIsFileProtected

kernel32

GetModuleHandleA
GetProcAddress
GetVersion
CreateFileW
LoadLibraryA
GetSystemInfo
SearchPathA
IsBadReadPtr
GetVersionExW
TerminateProcess
GetModuleFileNameW
GetCurrentProcessId
CreateProcessW
GetExitCodeProcess
ReadFile
SearchPathW
WriteFile
DeviceIoControl
SetFilePointer
GetCurrentDirectoryA
CreateFileA
GetCurrentDirectoryW
FreeLibrary
DisableThreadLibraryCalls
GetNativeSystemInfo
TerminateThread
OpenThread
GetVersionExA
InterlockedCompareExchange
GetLongPathNameA
FindFirstFileW
FindFirstFileA
GetFullPathNameW
GetFullPathNameA
GetTickCount
MoveFileExA
DeleteFileA
DeleteFileW
VirtualProtectEx
MoveFileExW
SetThreadAffinityMask
Process32First
TlsSetValue
SetLastError
Thread32Next
Thread32First
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
GetLastError
GetCurrentThread
TlsAlloc
Process32Next
TlsGetValue
FlushFileBuffers
CreateThread
WaitForSingleObjectEx
OutputDebugStringW
OutputDebugStringA
SetConsoleCtrlHandler
GetProcessHeap
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
InterlockedIncrement
WideCharToMultiByte
DeleteCriticalSection
LocalFree
GetWindowsDirectoryW
CloseHandle
Sleep
MultiByteToWideChar
OpenProcess
InitializeCriticalSection
LeaveCriticalSection
InterlockedDecrement
HeapAlloc
GetCurrentProcess
GetLongPathNameW
EnterCriticalSection
VirtualAlloc
VirtualFree
VirtualProtect
InterlockedExchange
GetFileAttributesA
ExpandEnvironmentStringsA
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
SetFilePointerEx
WriteConsoleW
ReadConsoleW
DecodePointer
GetACP
GetStringTypeW
FindClose
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
GetCPInfo
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
HeapFree
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
GetLogicalDrives
CreatePipe
GetFileType
SetStdHandle
LoadLibraryExW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsFree
GetStdHandle

user32

GetParent
EnumDesktopWindows
OpenDesktopA
wsprintfW
CloseDesktop
EnumDesktopsA
CloseWindowStation
GetWindowThreadProcessId
EnumWindowStationsA
OpenWindowStationA
GetWindowRect
IsWindowVisible

advapi32

RegLoadKeyA
ChangeServiceConfigA
StartServiceA
LookupAccountSidA
CloseServiceHandle
OpenSCManagerA
DeleteService
ControlService
OpenServiceA
BuildExplicitAccessWithNameA
SetSecurityDescriptorDacl
SetEntriesInAclA
GetSecurityDescriptorDacl
RegGetKeySecurity
RegDeleteKeyA
RegQueryValueExA
RegCreateKeyExA
RegSetKeySecurity
RegSetValueExW
RegSetValueExA
InitializeSecurityDescriptor
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegSaveKeyA
RegQueryValueExW
RegEnumKeyExA
RegCloseKey
OpenProcessToken
ConvertSidToStringSidW
RegOpenKeyW
GetTokenInformation

shell32

ShellExecuteW
ShellExecuteExW
SHParseDisplayName

ole32

OleRun
CoCreateInstance
CoTaskMemFree
CoInitializeEx
CoUninitialize

oleaut32

VariantInit
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysStringLen
VariantChangeType
VariantClear
CreateErrorInfo
GetErrorInfo
SetErrorInfo

uactmon

ord2
ord11
ord5
ord1

Exports

Exports

vif_assist_get
vif_autorun_get
vif_get
vif_hooklet_get
vif_iokit_get
vif_sysutils_get

Sections

.text
Size: 410KB - Virtual size: 409KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

82da7ee900cc7c39439b01ac373ff6b6

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

7b:49:49:3c:c1:d5:e7:3e:4f:a9:eb:a4:cd:ba:3f:d6Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

d0:a1:c3:9b:bb:42:08:82:7f:d3:98:29:f0:93:e2:f4:18:d8:58:8f:11:cb:c1:e7:45:d9:11:8c:82:74:58:8eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

gdiplus

shlwapi

comctl32

oleacc

Exports

Exports

Sections

.text Size: 666KB - Virtual size: 666KB

.rdata Size: 299KB - Virtual size: 298KB

.data Size: 6KB - Virtual size: 13KB

.gfids Size: 512B - Virtual size: 480B

.rsrc Size: 1024B - Virtual size: 928B

.reloc Size: 35KB - Virtual size: 38KB

27a05d2d00281307fff2bbb42cea4d0e

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

7b:49:49:3c:c1:d5:e7:3e:4f:a9:eb:a4:cd:ba:3f:d6Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

ae:4e:ac:14:17:27:cb:f9:f9:43:65:b3:b3:7b:09:a0:07:aa:9b:6b:9b:e3:6e:86:5f:7d:94:0a:e5:65:2a:c4Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

jansson

sqlite

kernel32

advapi32

libxsse

usysdiag

Sections

.text Size: 198KB - Virtual size: 197KB

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

7b:49:49:3c:c1:d5:e7:3e:4f:a9:eb:a4:cd:ba:3f:d6
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

d0:a1:c3:9b:bb:42:08:82:7f:d3:98:29:f0:93:e2:f4:18:d8:58:8f:11:cb:c1:e7:45:d9:11:8c:82:74:58:8e
Signer

.text
Size: 666KB - Virtual size: 666KB

.rdata
Size: 299KB - Virtual size: 298KB

.data
Size: 6KB - Virtual size: 13KB

.gfids
Size: 512B - Virtual size: 480B

.rsrc
Size: 1024B - Virtual size: 928B

.reloc
Size: 35KB - Virtual size: 38KB

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

7b:49:49:3c:c1:d5:e7:3e:4f:a9:eb:a4:cd:ba:3f:d6
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

ae:4e:ac:14:17:27:cb:f9:f9:43:65:b3:b3:7b:09:a0:07:aa:9b:6b:9b:e3:6e:86:5f:7d:94:0a:e5:65:2a:c4
Signer

.text
Size: 198KB - Virtual size: 197KB

.rdata
Size: 67KB - Virtual size: 66KB

.data
Size: 7KB - Virtual size: 26KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 236B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 19KB - Virtual size: 22KB

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

7b:49:49:3c:c1:d5:e7:3e:4f:a9:eb:a4:cd:ba:3f:d6
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

5a:45:97:93:33:26:90:cf:76:35:7b:c3:a4:df:d2:79:7d:80:ce:2e:af:9c:ad:66:4e:5d:e4:34:28:88:26:59
Signer

.text
Size: 270KB - Virtual size: 269KB

.rdata
Size: 86KB - Virtual size: 86KB

.data
Size: 9KB - Virtual size: 32KB

.gfids
Size: 512B - Virtual size: 388B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 41KB - Virtual size: 40KB

.reloc
Size: 18KB - Virtual size: 21KB

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

7b:49:49:3c:c1:d5:e7:3e:4f:a9:eb:a4:cd:ba:3f:d6
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate