DriverGenius9[.]61[.]4174[.]56单文件版[.]exe

resource	yara_rule
static1/unpack001/$TEMP/DriverGenius/msvcp80.dll	acprotect
static1/unpack001/$TEMP/DriverGenius/msvcr80.dll	acprotect

resource	yara_rule
static1/unpack001/$TEMP/DriverGenius/msvcp80.dll	upx
static1/unpack001/$TEMP/DriverGenius/msvcr80.dll	upx

resource
DriverGenius9.61.4174.56单文件版.exe
unpack001/$TEMP/DriverGenius/bin/diskspd32.exe
unpack001/$TEMP/DriverGenius/ksapi64_ev.sys
unpack001/$TEMP/DriverGenius/ksapi_ev.sys
unpack001/$TEMP/DriverGenius/mydrivers.sys
unpack001/$TEMP/DriverGenius/mydrivers64.sys
unpack001/$TEMP/DriverGenius/xlmodule/download/atl71.dll
unpack001/$TEMP/DriverGenius/xlmodule/download/minizip.dll
unpack001/$TEMP/DriverGenius/xlmodule/download/msvcp71.dll
unpack001/$TEMP/DriverGenius/xlmodule/download/msvcr71.dll
unpack001/$TEMP/DriverGenius/xlmodule/download/xlzlib1.dll
unpack001/$TEMP/DriverGenius/xlmodule/download/zlib1.dll

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

DriverGenius9.61.4174.56单文件版.exe

.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime

SearchPathA

GetShortPathNameA

GetFullPathNameA

MoveFileA

SetCurrentDirectoryA

GetFileAttributesA

GetLastError

CreateDirectoryA

SetFileAttributesA

Sleep

GetTickCount

GetFileSize

GetModuleFileNameA

GetCurrentProcess

CopyFileA

ExitProcess

GetWindowsDirectoryA

SetFileTime

GetCommandLineA

SetErrorMode

LoadLibraryA

lstrcpynA

GetDiskFreeSpaceA

GlobalUnlock

GlobalLock

CreateThread

CreateProcessA

RemoveDirectoryA

CreateFileA

GetTempFileNameA

lstrlenA

lstrcatA

GetSystemDirectoryA

GetVersion

CloseHandle

lstrcmpiA

lstrcmpA

ExpandEnvironmentStringsA

GlobalFree

GlobalAlloc

WaitForSingleObject

GetExitCodeProcess

GetModuleHandleA

LoadLibraryExA

GetProcAddress

FreeLibrary

MultiByteToWideChar

WritePrivateProfileStringA

GetPrivateProfileStringA

WriteFile

ReadFile

MulDiv

SetFilePointer

FindClose

FindNextFileA

FindFirstFileA

DeleteFileA

GetTempPathA

user32

EndDialog

ScreenToClient

GetWindowRect

EnableMenuItem

GetSystemMenu

SetClassLongA

IsWindowEnabled

SetWindowPos

GetSysColor

GetWindowLongA

SetCursor

LoadCursorA

CheckDlgButton

GetMessagePos

LoadBitmapA

CallWindowProcA

IsWindowVisible

CloseClipboard

SetClipboardData

EmptyClipboard

RegisterClassA

TrackPopupMenu

AppendMenuA

CreatePopupMenu

GetSystemMetrics

SetDlgItemTextA

GetDlgItemTextA

MessageBoxIndirectA

CharPrevA

DispatchMessageA

PeekMessageA

DestroyWindow

CreateDialogParamA

SetTimer

SetWindowTextA

PostQuitMessage

SetForegroundWindow

wsprintfA

SendMessageTimeoutA

FindWindowExA

SystemParametersInfoA

CreateWindowExA

GetClassInfoA

DialogBoxParamA

CharNextA

OpenClipboard

ExitWindowsEx

IsWindow

GetDlgItem

SetWindowLongA

LoadImageA

GetDC

EnableWindow

InvalidateRect

SendMessageA

DefWindowProcA

BeginPaint

GetClientRect

FillRect

DrawTextA

EndPaint

ShowWindow

gdi32

SetBkColor

GetDeviceCaps

DeleteObject

CreateBrushIndirect

CreateFontIndirectA

SetBkMode

SetTextColor

SelectObject

shell32

SHGetPathFromIDListA

SHBrowseForFolderA

SHGetFileInfoA

ShellExecuteA

SHFileOperationA

SHGetSpecialFolderLocation

advapi32

RegQueryValueExA

RegSetValueExA

RegEnumKeyA

RegEnumValueA

RegOpenKeyExA

RegDeleteKeyA

RegDeleteValueA

RegCloseKey

RegCreateKeyExA

comctl32

ImageList_AddMasked

ImageList_Destroy

ord17

ImageList_Create

ole32

CoTaskMemFree

OleInitialize

OleUninitialize

CoCreateInstance

version

GetFileVersionInfoSizeA

GetFileVersionInfoA

VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

$TEMP/DriverGenius/7z.dll

.dll windows:4 windows x86 arch:x86

37deedb4784101f901de7ee8fdfb81d7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

55:41:51:e0:cf:fa:2c:95:13:07:ae:60:87:c2:80:52
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

07/03/2013, 00:00

Not After

05/04/2016, 23:59

Subject

CN=Kingsoft Security Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=毒霸研发部,O=Kingsoft Security Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

fa:f2:2b:93:10:1e:2e:20:5d:ed:11:a8:67:69:a0:b4:b6:0c:97:41
Signer

Actual PE Digest

fa:f2:2b:93:10:1e:2e:20:5d:ed:11:a8:67:69:a0:b4:b6:0c:97:41

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

oleaut32

SysAllocStringByteLen

SysAllocStringLen

SysAllocString

SysFreeString

SysStringLen

VariantCopy

VariantClear

user32

CharPrevExA

CharUpperW

msvcrt

_adjust_fdiv

_initterm

_onexit

__dllonexit

?terminate@@YAXXZ

??1type_info@@UAE@XZ

_except_handler3

_beginthreadex

strchr

strcpy

memset

realloc

free

malloc

strlen

wcscmp

strcmp

strstr

_CxxThrowException

memmove

memcpy

memcmp

_purecall

__CxxFrameHandler

kernel32

GetProcAddress

InitializeCriticalSection

ReleaseSemaphore

CreateSemaphoreW

ResetEvent

SetEvent

CreateEventW

WaitForSingleObject

VirtualFree

VirtualAlloc

QueryPerformanceCounter

FileTimeToLocalFileTime

DeleteCriticalSection

GetVersionExW

LocalFileTimeToFileTime

WaitForMultipleObjects

EnterCriticalSection

LeaveCriticalSection

GetSystemTimeAsFileTime

FileTimeToDosDateTime

DosDateTimeToFileTime

GetSystemInfo

CompareFileTime

WriteFile

ReadFile

GetFileAttributesW

GetModuleHandleA

FindFirstFileW

FindClose

GetLastError

MultiByteToWideChar

WideCharToMultiByte

CloseHandle

CreateFileW

SetFileAttributesW

GetModuleHandleW

CreateDirectoryW

DeleteFileW

SetLastError

GetTempPathW

GetCurrentProcessId

GetTickCount

GetCurrentThreadId

Exports

CreateDecoder

CreateEncoder

CreateObject

GetHandlerProperty

GetHandlerProperty2

GetHashers

GetIsArc

GetMethodProperty

GetNumberOfFormats

GetNumberOfMethods

SetCaseSensitive

SetCodecs

SetLargePageMode

Sections

.text
Size: 794KB - Virtual size: 794KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$TEMP/DriverGenius/7z.exe

.exe windows:4 windows x86 arch:x86

a01d0c00ae4ce56b6886f26ab65d8fd9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

55:41:51:e0:cf:fa:2c:95:13:07:ae:60:87:c2:80:52
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

07/03/2013, 00:00

Not After

05/04/2016, 23:59

Subject

CN=Kingsoft Security Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=毒霸研发部,O=Kingsoft Security Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

10:60:60:d3:8e:b5:54:0a:29:a8:3c:db:ac:09:07:8c:11:75:9e:2e
Signer

Actual PE Digest

10:60:60:d3:8e:b5:54:0a:29:a8:3c:db:ac:09:07:8c:11:75:9e:2e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VariantCopy

SysAllocStringLen

SysFreeString

SysStringByteLen

SysStringLen

VariantClear

SysAllocString

user32

CharUpperW

advapi32

OpenProcessToken

GetFileSecurityW

SetFileSecurityW

RegQueryValueExW

RegCloseKey

RegOpenKeyExW

AdjustTokenPrivileges

LookupPrivilegeValueW

msvcrt

_controlfp

__set_app_type

__p__fmode

__p__commode

_adjust_fdiv

__setusermatherr

_initterm

__getmainargs

__p___initenv

exit

_XcptFilter

_exit

_onexit

__dllonexit

??1type_info@@UAE@XZ

?terminate@@YAXXZ

_except_handler3

_beginthreadex

_purecall

strlen

memcmp

memset

wcscmp

wcsstr

strcmp

memmove

fputs

fputc

fflush

fgetc

fclose

_iob

free

_CxxThrowException

malloc

memcpy

__CxxFrameHandler

_isatty

_fileno

kernel32

WaitForSingleObject

SetEvent

InitializeCriticalSection

VirtualAlloc

SetConsoleMode

GetConsoleMode

GetVersionExW

SetFileApisToOEM

GetCommandLineW

GetConsoleScreenBufferInfo

SetConsoleCtrlHandler

FileTimeToLocalFileTime

DeleteCriticalSection

EnterCriticalSection

LeaveCriticalSection

GetProcessTimes

OpenEventW

OpenFileMappingW

MapViewOfFile

UnmapViewOfFile

SetProcessAffinityMask

GetStdHandle

GetSystemTimeAsFileTime

FileTimeToDosDateTime

GlobalMemoryStatus

GetSystemInfo

FileTimeToSystemTime

CompareFileTime

GetCurrentProcess

GetDiskFreeSpaceW

GetFileInformationByHandle

SetEndOfFile

WriteFile

ReadFile

DeviceIoControl

SetFilePointer

GetFileSize

GetLogicalDriveStringsW

GetFileAttributesW

GetModuleHandleA

GetLastError

MultiByteToWideChar

WideCharToMultiByte

FreeLibrary

LoadLibraryExW

LoadLibraryW

GetModuleFileNameW

LocalFree

FormatMessageW

FindNextFileW

CloseHandle

SetFileTime

CreateFileW

SetFileAttributesW

RemoveDirectoryW

MoveFileW

GetProcAddress

GetModuleHandleW

CreateDirectoryW

DeleteFileW

SetLastError

SetCurrentDirectoryW

GetCurrentDirectoryW

GetTempPathW

GetCurrentProcessId

GetTickCount

GetCurrentThreadId

FindClose

FindFirstFileW

VirtualFree

Sections

.text
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

$TEMP/DriverGenius/Dgserbu.bak

.exe windows:4 windows x86 arch:x86

0e4d6bf5e9b6b797cc76ddbbd5d9910f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

4c:6d:7b:5e:a2:89:c2:74:42:64:34:e6:5b:41:7a:ba
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/02/2017, 00:00

Not After

19/03/2019, 23:59

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=IT,O=Beijing Kingsoft Security software Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

07:3d:c0:c1:2d:50:e6:bd:31:c1:66:38:47:51:1d:e4
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/02/2017, 00:00

Not After

14/03/2020, 23:59

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=IT,O=Beijing Kingsoft Security software Co.\,Ltd,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

39:21:87:53:ed:cc:eb:6b:9a:eb:08:74:2a:66:f1:07:70:7f:7d:c8:6c:c0:7c:a5:50:46:4d:4e:e6:85:34:76
Signer

Actual PE Digest

39:21:87:53:ed:cc:eb:6b:9a:eb:08:74:2a:66:f1:07:70:7f:7d:c8:6c:c0:7c:a5:50:46:4d:4e:e6:85:34:76

Digest Algorithm

sha256

PE Digest Matches

true

ab:51:33:7a:00:19:ed:19:1e:d1:e3:d0:a6:55:17:5a:a9:69:fc:70
Signer

Actual PE Digest

ab:51:33:7a:00:19:ed:19:1e:d1:e3:d0:a6:55:17:5a:a9:69:fc:70

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\DriverGeniusDev\DriverGenius\trunk\product\win32\dbginfo\DgService.pdb

Imports

kernel32

InterlockedDecrement

CreateProcessW

WTSGetActiveConsoleSessionId

QueryDosDeviceW

GetLogicalDriveStringsW

GetPrivateProfileIntW

OutputDebugStringA

SystemTimeToFileTime

GetLocalTime

DeleteFileW

MoveFileExW

MoveFileW

SetFileAttributesW

CreateDirectoryW

RemoveDirectoryW

FindClose

FindNextFileW

FindFirstFileW

ReadFile

GetFileSize

CreateFileW

WriteFile

GetSystemDirectoryW

CreateRemoteThread

GetModuleHandleA

WriteProcessMemory

VirtualAllocEx

EnterCriticalSection

LeaveCriticalSection

InitializeCriticalSection

DeleteCriticalSection

SetFilePointer

CreateSemaphoreW

CreateEventW

GetCurrentProcessId

WaitForMultipleObjects

OpenProcess

SetEnvironmentVariableA

CompareStringW

CompareStringA

CreateFileA

GetVersionExW

FindResourceExW

FindResourceW

LoadResource

LockResource

SizeofResource

FileTimeToLocalFileTime

FileTimeToSystemTime

lstrcmpA

lstrcpyW

LocalAlloc

LocalFree

GetCommandLineW

lstrcmpiW

CreateMutexW

SetConsoleCtrlHandler

GetCurrentThreadId

GetTickCount

OutputDebugStringW

GetCurrentThread

GetCurrentProcess

GetFileAttributesW

CreateThread

Sleep

InterlockedExchange

OpenEventW

SetEvent

TerminateThread

WaitForSingleObject

GetModuleFileNameW

GetPrivateProfileStringW

GetModuleFileNameA

GetPrivateProfileIntA

lstrlenA

MultiByteToWideChar

lstrlenW

CloseHandle

WideCharToMultiByte

GetLastError

LoadLibraryW

FreeLibrary

GetModuleHandleW

GetProcAddress

Process32FirstW

WriteConsoleW

GetConsoleOutputCP

WriteConsoleA

SetStdHandle

FlushFileBuffers

GetTimeZoneInformation

GetLocaleInfoW

LoadLibraryA

GetConsoleMode

GetConsoleCP

IsValidLocale

EnumSystemLocalesA

GetUserDefaultLCID

GetDateFormatA

GetTimeFormatA

GetStringTypeW

GetStringTypeA

QueryPerformanceCounter

GetStartupInfoA

GetFileType

SetHandleCount

GetCommandLineA

GetEnvironmentStringsW

FreeEnvironmentStringsW

GetEnvironmentStrings

FreeEnvironmentStringsA

GetStdHandle

ExitProcess

LCMapStringW

LCMapStringA

Process32NextW

Thread32First

OpenThread

Thread32Next

SuspendThread

CreateToolhelp32Snapshot

Module32FirstW

Module32NextW

ReleaseSemaphore

VirtualAlloc

FatalAppExitA

VirtualFree

HeapCreate

SetLastError

TlsFree

TlsSetValue

TlsAlloc

TlsGetValue

IsValidCodePage

GetOEMCP

InterlockedIncrement

GetACP

GetLocaleInfoA

GetThreadLocale

GetVersionExA

HeapDestroy

HeapAlloc

HeapFree

HeapReAlloc

HeapSize

GetProcessHeap

RaiseException

TerminateProcess

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

RtlUnwind

GetSystemTimeAsFileTime

ExitThread

ResumeThread

GetStartupInfoW

GetCPInfo

user32

PostThreadMessageW

LoadStringW

CharNextW

UnregisterClassA

advapi32

SetTokenInformation

RegOpenKeyA

RegEnumKeyExW

RegQueryInfoKeyW

RegDeleteKeyW

RegOpenKeyW

RegSetValueExW

RegOpenKeyExW

CloseServiceHandle

AllocateAndInitializeSid

EqualSid

FreeSid

CreateProcessAsUserW

DuplicateTokenEx

ConvertStringSidToSidW

QueryServiceConfigW

QueryServiceStatus

StartServiceCtrlDispatcherW

RegisterServiceCtrlHandlerExW

OpenThreadToken

OpenProcessToken

RegCreateKeyExW

GetTokenInformation

SetSecurityDescriptorGroup

SetSecurityDescriptorOwner

InitializeSecurityDescriptor

IsValidSid

GetLengthSid

CopySid

RegQueryValueExW

RegDeleteValueW

ChangeServiceConfigW

StartServiceW

SetServiceStatus

RegisterEventSourceW

ReportEventW

DeregisterEventSource

ControlService

DeleteService

CreateServiceW

OpenSCManagerW

OpenServiceW

RegCloseKey

shell32

SHGetSpecialFolderPathW

ole32

CoCreateInstance

CoInitializeSecurity

CoInitializeEx

OleRun

CLSIDFromProgID

CLSIDFromString

CoUninitialize

CoInitialize

oleaut32

SysStringLen

SetErrorInfo

VariantInit

VariantChangeType

GetErrorInfo

SysFreeString

SysAllocString

SysAllocStringByteLen

SysStringByteLen

CreateErrorInfo

VariantClear

shlwapi

PathAppendW

PathAppendA

PathRemoveFileSpecW

SHDeleteKeyW

PathRemoveFileSpecA

PathFileExistsW

wtsapi32

WTSFreeMemory

WTSEnumerateProcessesW

WTSEnumerateSessionsW

WTSWaitSystemEvent

crypt32

CryptDecodeObject

CertFreeCertificateContext

CryptMsgClose

CertCloseStore

CertFindCertificateInStore

CryptMsgGetParam

CryptQueryObject

CertGetNameStringW

userenv

CreateEnvironmentBlock

psapi

GetProcessImageFileNameW

patchcore

ord264

pnpsup

ord34

version

GetFileVersionInfoSizeW

VerQueryValueW

GetFileVersionInfoW

Sections

.text
Size: 280KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

$TEMP/DriverGenius/bin/diskspd32.exe

.exe windows:5 windows x86 arch:x86

213e735115eb176ea0b7e04c816776cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\HotProject\DiskMark5\diskspd\diskspd_vs2015\Release\diskspd32.pdb

Imports

kernel32

DeviceIoControl

GetQueuedCompletionStatus

WriteFileEx

SetEndOfFile

WaitForSingleObject

Sleep

GetFileAttributesA

CreateFileA

GetCurrentThread

TerminateThread

WaitForSingleObjectEx

GetSystemInfo

ReadFileEx

WriteFile

SetThreadIdealProcessor

GetProcAddress

SetFilePointerEx

GetFileSize

GetComputerNameExA

CreateDirectoryA

SetFileValidData

CreateIoCompletionPort

LoadLibraryExW

GetTickCount

VirtualAlloc

QueryPerformanceFrequency

QueryPerformanceCounter

GetCurrentProcess

VirtualFree

GetFileSizeEx

ReadFile

SetThreadAffinityMask

CreateEventA

CloseHandle

SetEvent

GetLastError

CreateThread

OpenEventA

UnhandledExceptionFilter

SetUnhandledExceptionFilter

TerminateProcess

IsProcessorFeaturePresent

GetCurrentProcessId

GetCurrentThreadId

GetSystemTimeAsFileTime

InitializeSListHead

IsDebuggerPresent

GetStartupInfoW

GetModuleHandleW

EncodePointer

RaiseException

GetModuleFileNameW

SetLastError

RtlUnwind

InitializeCriticalSectionAndSpinCount

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

FreeLibrary

EnterCriticalSection

LeaveCriticalSection

DeleteCriticalSection

GetStdHandle

GetFileType

GetModuleFileNameA

GetModuleHandleExW

WriteConsoleW

ExitProcess

MultiByteToWideChar

WideCharToMultiByte

GetCommandLineA

GetCommandLineW

GetACP

HeapFree

HeapAlloc

CompareStringW

LCMapStringW

GetStringTypeW

OutputDebugStringW

FindClose

FindFirstFileExA

FindNextFileA

IsValidCodePage

GetOEMCP

GetCPInfo

GetEnvironmentStringsW

FreeEnvironmentStringsW

SetEnvironmentVariableA

SetStdHandle

GetProcessHeap

FlushFileBuffers

GetConsoleCP

GetConsoleMode

HeapSize

HeapReAlloc

CreateFileW

DecodePointer

SetConsoleCtrlHandler

LocalFree

advapi32

SystemFunction036

AdjustTokenPrivileges

LookupPrivilegeValueA

OpenProcessToken

ole32

CoCreateInstance

CoInitialize

CoUninitialize

oleaut32

VariantClear

SysFreeString

SysAllocString

Sections

.text
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$TEMP/DriverGenius/bin/kszzdl.dll

.dll windows:4 windows x86 arch:x86

2265d6912992a3e8e6d054f863b6dd38

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4c:6d:7b:5e:a2:89:c2:74:42:64:34:e6:5b:41:7a:ba
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/02/2017, 00:00

Not After

19/03/2019, 23:59

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=IT,O=Beijing Kingsoft Security software Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

07:3d:c0:c1:2d:50:e6:bd:31:c1:66:38:47:51:1d:e4
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/02/2017, 00:00

Not After

14/03/2020, 23:59

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=IT,O=Beijing Kingsoft Security software Co.\,Ltd,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

30:e3:40:7c:9b:23:c6:cd:16:d8:29:30:6b:0f:d4:4e:1d:d8:b4:f3:b9:90:64:0b:12:d8:51:30:f7:80:81:16
Signer

Actual PE Digest

30:e3:40:7c:9b:23:c6:cd:16:d8:29:30:6b:0f:d4:4e:1d:d8:b4:f3:b9:90:64:0b:12:d8:51:30:f7:80:81:16

Digest Algorithm

sha256

PE Digest Matches

true

25:69:e5:9c:ce:12:eb:a7:9c:74:6b:26:61:65:4d:5c:6e:dd:60:f2
Signer

Actual PE Digest

25:69:e5:9c:ce:12:eb:a7:9c:74:6b:26:61:65:4d:5c:6e:dd:60:f2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

d:\DriverGeniusDev\drivergenius2015\trunk\product\win32\dbginfo\kszzdl.pdb

Imports

kernel32

MoveFileExW

Sleep

GetModuleFileNameW

GetPrivateProfileStringW

GetPrivateProfileIntW

MultiByteToWideChar

FindResourceW

SizeofResource

LockResource

LoadResource

FindResourceExW

GetDiskFreeSpaceExW

SetFilePointer

GetFileSize

ReadFile

CreateWaitableTimerW

SetWaitableTimer

WideCharToMultiByte

GetModuleHandleW

LoadLibraryW

FreeLibrary

GetCurrentThreadId

MoveFileW

FindFirstFileW

FindClose

GetCurrentProcessId

CreateDirectoryW

OutputDebugStringW

OutputDebugStringA

GetLocalTime

lstrlenW

GetCurrentProcess

lstrlenA

LocalFree

SetLastError

GetFullPathNameW

GetLongPathNameW

ExpandEnvironmentStringsW

GetFileAttributesW

DeviceIoControl

GetVersionExW

SetFileAttributesW

GetTickCount

GetLastError

DeleteFileW

WriteFile

CreateFileW

WaitForMultipleObjects

CloseHandle

InitializeCriticalSection

WaitForSingleObject

SetEvent

ResetEvent

CreateEventW

LeaveCriticalSection

EnterCriticalSection

DeleteCriticalSection

GetProcAddress

HeapDestroy

HeapAlloc

GetSystemTimeAsFileTime

QueryPerformanceCounter

DisableThreadLibraryCalls

IsDebuggerPresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

TerminateProcess

InterlockedCompareExchange

RaiseException

GetVersionExA

GetThreadLocale

GetLocaleInfoA

HeapFree

HeapReAlloc

HeapSize

GetProcessHeap

InterlockedExchange

GetACP

advapi32

GetLengthSid

SetNamedSecurityInfoW

GetNamedSecurityInfoW

GetAce

GetAclInformation

AddAce

InitializeAcl

IsValidSid

CopySid

GetSidSubAuthority

InitializeSid

GetSidLengthRequired

RegQueryValueExW

RegOpenKeyExW

RegCloseKey

shell32

SHGetSpecialFolderPathW

ole32

CoCreateInstance

shlwapi

StrCmpNW

StrChrW

StrCmpIW

PathRemoveFileSpecW

StrCpyNW

StrCmpNIW

PathFileExistsW

PathGetDriveNumberW

StrRChrW

msvcp80

??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IBEPBDXZ

?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ

??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z

??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z

?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB

?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z

?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z

?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ

?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z

?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z

?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z

?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ

?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ

?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ

?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IBEPB_WXZ

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z

??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z

??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

version

GetFileVersionInfoW

VerQueryValueW

GetFileVersionInfoSizeW

winhttp

WinHttpSendRequest

WinHttpSetStatusCallback

WinHttpCrackUrl

WinHttpReceiveResponse

WinHttpCloseHandle

WinHttpOpen

WinHttpSetTimeouts

WinHttpConnect

WinHttpOpenRequest

WinHttpReadData

WinHttpQueryHeaders

msvcr80

memcpy

_CxxThrowException

__CxxFrameHandler3

__clean_type_info_names_internal

?_type_info_dtor_internal_method@type_info@@QAEXXZ

?terminate@@YAXXZ

_crt_debugger_hook

??3@YAXPAX@Z

malloc

free

??2@YAPAXI@Z

??_V@YAXPAX@Z

rand

_invalid_parameter_noinfo

memcpy_s

??0exception@std@@QAE@XZ

memmove_s

wcscpy_s

??0exception@std@@QAE@ABQBD@Z

??0exception@std@@QAE@ABV01@@Z

??1exception@std@@UAE@XZ

?what@exception@std@@UBEPBDXZ

_purecall

_wcsnicmp

_beginthreadex

_snwprintf

wcsncat

_wtoi64

wcschr

_vscwprintf

vswprintf_s

fflush

fclose

fwrite

_errno

fseek

_wfopen_s

_waccess

_wtoi

wcstod

wcsrchr

_vsnprintf

_vsnwprintf

_recalloc

calloc

_vscprintf

vsprintf_s

strcpy_s

strchr

_strnicmp

strstr

strtol

_wcsicmp

_wcslwr_s

_mbsstr

_mbsinc

_ismbcspace

memmove

iswspace

memset

_unlock

__dllonexit

_encode_pointer

_lock

_onexit

_decode_pointer

_malloc_crt

_encoded_null

_initterm

_initterm_e

_amsg_exit

_adjust_fdiv

__CppXcptFilter

_except_handler4_common

wininet

InternetConnectW

InternetCloseHandle

InternetSetOptionW

InternetQueryOptionW

HttpOpenRequestW

HttpSendRequestExW

HttpEndRequestW

InternetReadFileExA

InternetCrackUrlW

InternetCanonicalizeUrlW

HttpQueryInfoW

InternetOpenW

InternetSetStatusCallbackW

libcurl

curl_easy_init

curl_easy_setopt

curl_slist_append

curl_easy_perform

curl_easy_getinfo

curl_slist_free_all

curl_easy_cleanup

curl_easy_pause

mpr

WNetGetResourceInformationW

user32

UnregisterClassA

Exports

CreateDownloadObject

CurlDownloadByUrl

SetLogPath

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$TEMP/DriverGenius/bittransport.dll

.dll windows:4 windows x86 arch:x86

5a455a5d9c62dbfdfca599e7b59a9265

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

1f:e9:f9:b8:a7:cd:ae:f9:96:2a:cb:1c:b3:08:cf:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/05/2009, 00:00

Not After

25/05/2012, 23:59

Subject

CN=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),L=Zhengzhou,ST=Henan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1a
Certificate

Issuer

Not Before

01/04/2009, 00:00

Not After

31/03/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

b9:12:c8:4f:72:0d:5f:e6:7a:c6:c7:1d:e0:64:11:7d:5c:ae:c6:19
Signer

Actual PE Digest

b9:12:c8:4f:72:0d:5f:e6:7a:c6:c7:1d:e0:64:11:7d:5c:ae:c6:19

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

e:\KINGSOFT_DUBA\Build\Build_Src\kfree\ksafe_released_3.4.2_rb\product\win32\bittransport.pdb

Imports

kernel32

OutputDebugStringA

GetTickCount

WaitForSingleObject

ReleaseSemaphore

GetSystemTimeAsFileTime

WaitForMultipleObjects

MultiByteToWideChar

FindResourceW

SizeofResource

LockResource

LoadResource

FindResourceExW

HeapAlloc

GetProcessHeap

HeapFree

CreateEventA

CloseHandle

InitializeCriticalSection

GetSystemDirectoryW

CreateSemaphoreA

LeaveCriticalSection

RaiseException

EnterCriticalSection

DeleteCriticalSection

GetVolumeInformationW

InterlockedIncrement

InterlockedDecrement

LoadLibraryW

FreeLibrary

GetProcAddress

WideCharToMultiByte

MoveFileW

DeleteFileW

GetFileSize

WriteFile

CreateFileW

GetPrivateProfileIntW

GetPrivateProfileStringW

GetFileAttributesW

SetEvent

CreateEventW

SetLastError

GetLastError

ReleaseMutex

CreateMutexW

GetConsoleOutputCP

WriteConsoleA

SetStdHandle

LCMapStringW

LCMapStringA

TerminateThread

GetModuleFileNameW

GetStringTypeW

GetStringTypeA

FlushFileBuffers

CreateFileA

InterlockedExchange

GetACP

GetLocaleInfoA

GetThreadLocale

GetVersionExA

HeapDestroy

HeapReAlloc

HeapSize

TlsAlloc

TlsFree

TlsGetValue

Sleep

GetCurrentProcessId

OpenEventA

ResetEvent

TlsSetValue

ResumeThread

SystemTimeToFileTime

SetWaitableTimer

CreateWaitableTimerA

TerminateProcess

GetCurrentProcess

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

ExitThread

CreateThread

GetCurrentThreadId

GetCommandLineA

RtlUnwind

VirtualFree

VirtualAlloc

HeapCreate

GetModuleHandleA

ExitProcess

GetStdHandle

GetModuleFileNameA

SetHandleCount

GetFileType

GetStartupInfoA

FreeEnvironmentStringsA

GetEnvironmentStrings

FreeEnvironmentStringsW

GetEnvironmentStringsW

QueryPerformanceCounter

LoadLibraryA

GetCPInfo

GetOEMCP

IsValidCodePage

SetFilePointer

GetConsoleCP

GetConsoleMode

WriteConsoleW

advapi32

RegSetValueExW

RegCreateKeyExW

RegQueryValueExW

RegOpenKeyExW

RegCloseKey

shlwapi

PathFileExistsW

StrStrIA

PathRemoveFileSpecW

PathAppendW

iphlpapi

GetAdaptersInfo

wininet

InternetCloseHandle

HttpOpenRequestW

InternetSetOptionW

InternetConnectW

InternetCrackUrlW

InternetOpenW

HttpSendRequestW

user32

UnregisterClassA

Exports

DllCanUnloadNow

DllGetClassObject

Sections

.text
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$TEMP/DriverGenius/browsercfg.dat

$TEMP/DriverGenius/cactus.dll

.dll windows:4 windows x86 arch:x86

f0b931b4375926588a38f0056b4504be

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4c:6d:7b:5e:a2:89:c2:74:42:64:34:e6:5b:41:7a:ba
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/02/2017, 00:00

Not After

19/03/2019, 23:59

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=IT,O=Beijing Kingsoft Security software Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

07:3d:c0:c1:2d:50:e6:bd:31:c1:66:38:47:51:1d:e4
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/02/2017, 00:00

Not After

14/03/2020, 23:59

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=IT,O=Beijing Kingsoft Security software Co.\,Ltd,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

59:f8:3f:de:42:ef:45:94:f4:8b:8d:b1:79:c9:09:ec:d5:8d:ae:e8:08:56:76:56:7f:5e:7b:70:59:1f:27:9e
Signer

Actual PE Digest

59:f8:3f:de:42:ef:45:94:f4:8b:8d:b1:79:c9:09:ec:d5:8d:ae:e8:08:56:76:56:7f:5e:7b:70:59:1f:27:9e

Digest Algorithm

sha256

PE Digest Matches

true

ee:8f:3b:fa:70:bf:31:b5:76:da:8d:f1:17:4e:ba:72:80:69:a8:54
Signer

Actual PE Digest

ee:8f:3b:fa:70:bf:31:b5:76:da:8d:f1:17:4e:ba:72:80:69:a8:54

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

d:\DriverGeniusDev\drivergenius2015\trunk\product\win32\cactus.pdb

Imports

libcurl

curl_easy_getinfo

curl_easy_setopt

curl_global_cleanup

curl_slist_append

curl_slist_free_all

curl_easy_perform

curl_easy_cleanup

curl_easy_init

setupapi

CM_Locate_DevNodeW

SetupDiGetDeviceRegistryPropertyW

SetupDiDestroyDeviceInfoList

SetupDiEnumDeviceInfo

CM_Reenumerate_DevNode

SetupDiGetClassDevsW

CM_Get_DevNode_Status

iphlpapi

GetAdaptersInfo

shlwapi

StrToIntW

SHSetValueW

SHGetValueW

StrStrIW

PathFindSuffixArrayW

StrCpyW

PathIsPrefixW

PathCommonPrefixW

PathAddBackslashW

PathAppendW

PathIsDirectoryW

PathRemoveFileSpecW

PathFileExistsW

StrFormatByteSizeW

crypt32

CryptMsgGetParam

CertCloseStore

CryptMsgClose

CryptQueryObject

version

GetFileVersionInfoW

GetFileVersionInfoSizeW

VerQueryValueW

psapi

GetModuleFileNameExW

GetProcessImageFileNameW

EnumProcesses

userenv

DestroyEnvironmentBlock

CreateEnvironmentBlock

rpcrt4

UuidFromStringW

winmm

timeSetEvent

timeKillEvent

sqlite3

sqlite3_last_insert_rowid

sqlite3_step

sqlite3_busy_timeout

sqlite3_close

sqlite3_open16

sqlite3_errmsg16

sqlite3_free

sqlite3_interrupt

sqlite3_finalize

sqlite3_prepare16

sqlite3_reset

sqlite3_changes

sqlite3_bind_text16

sqlite3_bind_int

sqlite3_bind_double

sqlite3_bind_blob

sqlite3_bind_null

sqlite3_column_count

sqlite3_column_text16

sqlite3_column_int

sqlite3_column_double

sqlite3_column_blob

sqlite3_column_bytes16

sqlite3_column_name16

sqlite3_column_decltype16

sqlite3_column_type

kernel32

HeapSize

HeapReAlloc

GetVersionExA

InterlockedExchange

GetACP

GetLocaleInfoA

GetThreadLocale

HeapDestroy

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

DisableThreadLibraryCalls

GetCurrentProcessId

GetModuleHandleA

ReleaseSemaphore

TlsAlloc

TlsFree

TlsGetValue

OpenEventA

TlsSetValue

ResumeThread

SetWaitableTimer

CreateWaitableTimerA

FormatMessageA

InterlockedCompareExchange

AllocConsole

SetConsoleTextAttribute

GetTickCount

GetStdHandle

DuplicateHandle

SetHandleInformation

LoadLibraryW

SetLastError

FreeLibrary

MultiByteToWideChar

WideCharToMultiByte

GetLocalTime

FileTimeToSystemTime

FileTimeToLocalFileTime

CloseHandle

GetFileTime

CreateFileW

SystemTimeToFileTime

GetLastError

GetSystemTimeAsFileTime

LocalAlloc

LocalFree

GetProcAddress

EnterCriticalSection

LeaveCriticalSection

InitializeCriticalSection

DeleteCriticalSection

GetSystemInfo

GetModuleHandleW

GetVersionExW

GetEnvironmentVariableW

SetEnvironmentVariableW

GetComputerNameW

GetLongPathNameW

GetSystemDirectoryW

GetWindowsDirectoryW

GetTempPathW

GetSystemDefaultUILanguage

GlobalMemoryStatusEx

GetDiskFreeSpaceExW

FindResourceW

SizeofResource

LockResource

LoadResource

FindResourceExW

lstrlenW

GetCurrentDirectoryW

SetCurrentDirectoryW

GetFullPathNameW

GetShortPathNameW

CreateDirectoryW

GetModuleFileNameW

FindClose

FindFirstFileW

GetFileAttributesW

MoveFileExW

SetFileAttributesW

RemoveDirectoryW

GetTempFileNameW

ReadFile

GetFileSize

WriteFile

UnmapViewOfFile

FlushViewOfFile

MapViewOfFile

CreateFileMappingW

FindNextFileW

DeleteFileW

GetCompressedFileSizeW

ExpandEnvironmentStringsW

lstrcpyW

MoveFileW

CopyFileW

FreeResource

GlobalUnlock

GlobalLock

GlobalAlloc

GetDriveTypeW

GetFileSizeEx

IsBadReadPtr

SetFilePointer

lstrlenA

GetUserDefaultLangID

GetDiskFreeSpaceW

DeviceIoControl

InterlockedIncrement

InterlockedDecrement

SetEvent

CreateEventA

HeapFree

GetProcessHeap

HeapAlloc

GetSystemTime

GetCurrentProcess

OpenProcess

IsWow64Process

GetVersion

ReadProcessMemory

GetExitCodeProcess

WaitForMultipleObjects

OutputDebugStringW

QueryDosDeviceW

GetLogicalDriveStringsW

Process32NextW

Process32FirstW

CreateToolhelp32Snapshot

TerminateProcess

WaitForSingleObject

CreateProcessW

Sleep

RaiseException

OutputDebugStringA

ResetEvent

CreateEventW

GetCurrentThreadId

QueryPerformanceCounter

QueryPerformanceFrequency

CreatePipe

user32

UnregisterClassA

SendMessageW

WaitForInputIdle

MessageBoxW

EnumWindows

PostMessageW

wsprintfW

GetSystemMetrics

CharLowerBuffW

IsCharAlphaW

GetWindowThreadProcessId

FindWindowW

advapi32

ChangeServiceConfigW

QueryServiceConfigW

OpenServiceW

OpenSCManagerW

RegCloseKey

RegOpenKeyExW

RegQueryValueExW

RegQueryInfoKeyW

RegEnumKeyExW

GetSidSubAuthority

InitializeSid

GetSidLengthRequired

CopySid

GetLengthSid

IsValidSid

GetNamedSecurityInfoW

GetAce

GetAclInformation

SetNamedSecurityInfoW

AddAce

InitializeAcl

OpenProcessToken

AdjustTokenPrivileges

LookupPrivilegeValueW

GetTokenInformation

CreateProcessAsUserW

RegCreateKeyExW

RegEnumValueW

RegDeleteKeyW

RegSetValueExW

RegDeleteValueW

LockServiceDatabase

ChangeServiceConfig2W

UnlockServiceDatabase

DeleteService

CreateServiceW

ControlService

RegEnumKeyW

QueryServiceStatus

StartServiceW

CloseServiceHandle

shell32

SHGetSpecialFolderPathW

ShellExecuteExW

SHGetDesktopFolder

ShellExecuteW

SHGetFolderPathW

SHFileOperationW

SHGetFileInfoW

ole32

CoTaskMemFree

CreateStreamOnHGlobal

CoUninitialize

CoInitialize

msvcp80

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ

?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ

?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ

?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ

?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

?length@?$char_traits@D@std@@SAIPBD@Z

?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ

?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ

?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z

?eof@?$char_traits@D@std@@SAHXZ

?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z

?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z

?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEPADXZ

?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ

??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z

??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

?eof@ios_base@std@@QBE_NXZ

?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z

?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z

?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ

??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z

??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z

?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z

?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z

??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ

?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ

?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z

??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z

?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z

??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@1@0@Z

??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ

?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ

??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z

?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@JH@Z

?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBD@Z

?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IABV12@@Z

?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z

?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ

?is_open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QBE_NXZ

?open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z

??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ

??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ

?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z

??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z

?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z

?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE?AVlocale@2@ABV32@@Z

??1locale@std@@QAE@XZ

?global@locale@std@@SA?AV12@ABV12@@Z

??0locale@std@@QAE@PBDH@Z

?sync_with_stdio@ios_base@std@@SA_N_N@Z

?width@ios_base@std@@QBEHXZ

??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@XZ

?open@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXPB_WHH@Z

?bad@ios_base@std@@QBE_NXZ

?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z

?close@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ

?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A

??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z

??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z

?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ

?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ

?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@V32@0@Z

??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z

??7ios_base@std@@QBE_NXZ

??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ