ad7d96809f5af4f07287784cc9174b43

Sharing

Copy URL

Twitter E-mail

General

Target

ad7d96809f5af4f07287784cc9174b43
Size

10.5MB
MD5

ad7d96809f5af4f07287784cc9174b43
SHA1

86e4f76a12f38312eea6c014d64f5bc2ce8d8945
SHA256

00335ac2ede76fa9f1a1c7fce54cc57263c594bcf14708d752b6d5b88015332a
SHA512

4b8c9c7c03e735d018ae1f3056e1935ecbe8e9cb9ffa8ac78e95f87e38aecfb2a81bc8a60f09dc12a1905e77aec8594d00286987779ff03292132dcd1d1c08e3
SSDEEP

196608:A5q/nh0QTjRYylBu+8a4ErfGTqwCZOFyXlIeIC3+Rj3VKampZ25YfvnLaLp/I6Z5:AQ/nh0QTjRhpOE7AZCUFkII3cKamL25D

Score

3^/10

Malware Config

Signatures

Unsigned PE 22 IoCs

Checks for missing Authenticode signature.

resource
unpack002/_0200BEB4EFB34AC8AF68134E35F0622D
unpack002/_07F57D9CEFDA42F78AFA5E0E12E5A347
unpack002/_1B4DC5A2E06842A2AF67D90F083EA79B
unpack002/_2797A4C85C6646FB9F5D7699281AD20E
unpack002/_5166333B561A42EFB427183C9CD5A5B1
unpack002/_51F27D9C8FDC4BD282031DF404D02A73
unpack002/_528528BFE55848F79C4FFC8647DC53F9
unpack002/_6227252443C841BF9FFDFF29A9856421
unpack002/_6EB9C22CA48A4A69B04ABDFBFC299E16
unpack002/_91DD0277F6794C6597E2DA27B65C4BBC
unpack002/_9EA6AAA228A44FD6A24ACAC72FB32C6B
unpack002/_A40BCB9B90BC41C692ECCE672F8800FD
unpack002/_B5CA5227B1C24B17A565A4E8176F6601
unpack002/_BBCA55E33AF34A9780F85F92C57DC336
unpack002/_CB6F64C253E3483F9B3B0128D6331678
unpack002/_D0E8288CDAFD40A2B6AD599CBD54170E
unpack002/_D39EA4E518FD42FD8531B35125F98719
unpack002/_E9B310DB31B141ECA9D91559763180F2
unpack002/_FF329A019EB3479FBB8943DC6AF7E021
unpack001/msi.dll
unpack001/setup.exe
unpack001/vcredist.exe

Files

ad7d96809f5af4f07287784cc9174b43
.rar
AdfuUpdate.inf
AmvPlayer.ini
AmvTransform.ini
InstMsiA.exe
.exe windows:5 windows x86 arch:x86

1494de9b53e05fc1f40cb92afbdd6ce4

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12-05-1997 00:00

Not After

07-01-2004 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28-02-2001 00:00

Not After

06-01-2004 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-12-2000 08:00

Not After

12-11-2005 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:07:11:43:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-05-2002 00:55

Not After

25-11-2003 01:05

Subject

CN=Microsoft Corporation,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

LocalFree
LocalAlloc
GetLastError
GetCurrentProcess
GetModuleFileNameA
lstrlenA
GetSystemDirectoryA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
lstrcatA
lstrcpyA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
CreateDirectoryA
GetFileAttributesA
ExpandEnvironmentStringsA
IsDBCSLeadByte
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpiA
GetProcAddress
GlobalUnlock
GlobalLock
GlobalAlloc
FreeResource
CloseHandle
LoadResource
SizeofResource
FindResourceA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetCurrentDirectoryA
GetTempFileNameA
ExitProcess
CreateFileA
LoadLibraryExA
lstrcpynA
GetVolumeInformationA
FormatMessageA
GetCurrentDirectoryA
GetVersionExA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
GetSystemInfo
CreateMutexA
SetEvent
CreateEventA
CreateThread
ResetEvent
TerminateThread
GetDriveTypeA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
LockResource
LoadLibraryA
GetDiskFreeSpaceA
MulDiv
EnumResourceLanguagesA
FreeLibrary
GlobalFree

gdi32

GetDeviceCaps

user32

ExitWindowsEx
wsprintfA
CharNextA
CharUpperA
CharPrevA
SetWindowLongA
GetWindowLongA
CallWindowProcA
DispatchMessageA
MsgWaitForMultipleObjects
PeekMessageA
SendMessageA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
SendDlgItemMessageA
GetDlgItem
SetForegroundWindow
SetWindowTextA
MessageBoxA
DialogBoxIndirectParamA
ShowWindow
EnableWindow
GetDlgItemTextA
EndDialog
GetDesktopWindow
MessageBeep
SetDlgItemTextA
LoadStringA
GetSystemMetrics

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstMsiW.exe
.exe windows:5 windows x86 arch:x86

1494de9b53e05fc1f40cb92afbdd6ce4

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12-05-1997 00:00

Not After

07-01-2004 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28-02-2001 00:00

Not After

06-01-2004 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-12-2000 08:00

Not After

12-11-2005 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:07:11:43:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-05-2002 00:55

Not After

25-11-2003 01:05

Subject

CN=Microsoft Corporation,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

LocalFree
LocalAlloc
GetLastError
GetCurrentProcess
GetModuleFileNameA
lstrlenA
GetSystemDirectoryA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
lstrcatA
lstrcpyA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
CreateDirectoryA
GetFileAttributesA
ExpandEnvironmentStringsA
IsDBCSLeadByte
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpiA
GetProcAddress
GlobalUnlock
GlobalLock
GlobalAlloc
FreeResource
CloseHandle
LoadResource
SizeofResource
FindResourceA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetCurrentDirectoryA
GetTempFileNameA
ExitProcess
CreateFileA
LoadLibraryExA
lstrcpynA
GetVolumeInformationA
FormatMessageA
GetCurrentDirectoryA
GetVersionExA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
GetSystemInfo
CreateMutexA
SetEvent
CreateEventA
CreateThread
ResetEvent
TerminateThread
GetDriveTypeA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
LockResource
LoadLibraryA
GetDiskFreeSpaceA
MulDiv
EnumResourceLanguagesA
FreeLibrary
GlobalFree

gdi32

GetDeviceCaps

user32

ExitWindowsEx
wsprintfA
CharNextA
CharUpperA
CharPrevA
SetWindowLongA
GetWindowLongA
CallWindowProcA
DispatchMessageA
MsgWaitForMultipleObjects
PeekMessageA
SendMessageA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
SendDlgItemMessageA
GetDlgItem
SetForegroundWindow
SetWindowTextA
MessageBoxA
DialogBoxIndirectParamA
ShowWindow
EnableWindow
GetDlgItemTextA
EndDialog
GetDesktopWindow
MessageBeep
SetDlgItemTextA
LoadStringA
GetSystemMetrics

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MSIcn.msi
.msi
MSIen.msi
.msi
MSIfr.msi
.msi
MSIge.msi
.msi
MSIit.msi
.msi
MSIjp.msi
.msi
MSIko.msi
.msi
MSIsp.msi
.msi
MSItw.msi
.msi
SoundCon.ini
fwupgrade.ini
msi.cab
.cab
_0200BEB4EFB34AC8AF68134E35F0622D
.dll windows:5 windows x86 arch:x86

c6e592e19acd0da69bdcb49a95a6f100

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

IoDeleteDevice
KeInitializeEvent
KeInitializeSpinLock
IofCallDriver
IoSetDeviceInterfaceState
IoBuildDeviceIoControlRequest
IoRegisterDeviceInterface
ExAllocatePoolWithTag
IoCreateDevice
KeSetEvent
InterlockedDecrement
KeWaitForSingleObject
InterlockedIncrement
ExFreePool
IofCompleteRequest
IoDetachDevice
KeInitializeDpc
IoAttachDeviceToDeviceStack
RtlInitUnicodeString
ObfReferenceObject
PoRequestPowerIrp
PoCallDriver
PoStartNextPowerIrp
IoFreeIrp
IoAllocateIrp
ExQueueWorkItem
KeInsertQueueDpc

hal

KfAcquireSpinLock
KfReleaseSpinLock
KeStallExecutionProcessor

usbd.sys

USBD_CreateConfigurationRequest
USBD_GetUSBDIVersion
_USBD_ParseConfigurationDescriptorEx@28

Exports

Exports

UMSS_GetMaxLun
UMSS_GetNextPDO
UMSS_RegisterCompletionHandler
UMSS_StartRequest

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 288B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 192B - Virtual size: 171B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 992B - Virtual size: 990B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 832B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 480B - Virtual size: 454B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
_0368F931787C440698E442F539090BA7
_07F57D9CEFDA42F78AFA5E0E12E5A347
.exe windows:4 windows x86 arch:x86

c834eb888cf1c9cb34c435b50ee39557

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dsound

ord1

comctl32

ImageList_GetImageInfo
_TrackMouseEvent
ImageList_GetIconSize
ImageList_Draw

kernel32

GetModuleHandleA
GetStartupInfoA
ReleaseMutex
FreeLibrary
CloseHandle
CreateFileA
GetPrivateProfileIntA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
OpenMutexA
ResetEvent
GetTickCount
GetSystemDefaultLangID
CopyFileA
DeleteFileA
GetSystemDirectoryA
GetModuleFileNameA
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
SetEvent
Sleep
CreateEventA
CreateThread
SetThreadPriority
lstrcpynA
GetPrivateProfileStringA
WritePrivateProfileStringA
FindFirstFileA
CreateMutexA
LoadLibraryA
GetLastError
GetProcAddress
WaitForSingleObject
OpenFileMappingA

user32

GetDesktopWindow
SetRect
TabbedTextOutA
DrawTextA
GrayStringA
GetFocus
PeekMessageA
PtInRect
FindWindowA
MessageBoxA
CallWindowProcA
ShowWindow
MoveWindow
GetWindowDC
SetWindowRgn
FrameRect
DrawStateA
IsWindow
SetWindowPos
SetWindowLongA
IsIconic
AppendMenuA
MapWindowPoints
GetAsyncKeyState
RedrawWindow
LoadBitmapA
GetSysColorBrush
GetSystemMenu
ScreenToClient
PostThreadMessageA
MsgWaitForMultipleObjects
UnhookWindowsHookEx
CallNextHookEx
KillTimer
SetRectEmpty
InflateRect
GetSysColor
OffsetRect
DrawFocusRect
TrackPopupMenuEx
ClientToScreen
WindowFromPoint
GetActiveWindow
SetCursor
GetNextDlgTabItem
GetWindowLongA
DestroyIcon
DestroyCursor
DestroyMenu
LoadImageA
EnableWindow
PostMessageA
LoadMenuA
GetSubMenu
GetMenuItemCount
ModifyMenuA
GetMenuItemID
GetCursorPos
GetDC
ReleaseDC
GetWindowRect
InvalidateRect
GetClientRect
WinHelpA
GetIconInfo
CreateIconIndirect
FillRect
CopyRect
UpdateWindow
SetWindowsHookExA
GetParent
SystemParametersInfoA
CopyImage
DrawIconEx
SetTimer
GetSystemMetrics
SendMessageA

gdi32

CreateFontIndirectA
StretchDIBits
GetTextExtentPoint32A
DeleteDC
DeleteObject
BitBlt
SetWindowOrgEx
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
StretchBlt
GetStockObject
SetBkColor
CreateBitmap
SetPixel
GetPixel
GetDeviceCaps
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
PatBlt
RealizePalette
SelectPalette
ExtCreateRegion
GetDIBits
CreateICA
EnumFontFamiliesA
GetTextCharsetInfo
CreateRectRgnIndirect
GetObjectA
CreateRectRgn
CombineRgn

advapi32

RegSetValueA
RegCloseKey
RegCreateKeyA

shell32

DragQueryFileA
DragFinish
ShellExecuteExA

ole32

CoUninitialize
CreateStreamOnHGlobal
CoInitializeEx

oleaut32

OleLoadPicture

mfc42

ord609
ord3907
ord6567
ord922
ord6270
ord4185
ord5628
ord909
ord696
ord394
ord3643
ord1949
ord3286
ord6007
ord2713
ord2243
ord1105
ord6111
ord2044
ord5834
ord6215
ord6380
ord2645
ord4694
ord2448
ord3452
ord3998
ord6907
ord2642
ord4299
ord3546
ord790
ord3693
ord3716
ord430
ord2504
ord1176
ord4243
ord559
ord2614
ord693
ord812
ord3640
ord3370
ord4402
ord2582
ord4204
ord2915
ord2107
ord5781
ord3706
ord2841
ord682
ord3630
ord4400
ord2580
ord4235
ord2450
ord1576
ord6366
ord1771
ord4224
ord6779
ord6394
ord5450
ord6383
ord5440
ord2763
ord562
ord816
ord4401
ord3639
ord4454
ord5067
ord800
ord540
ord825
ord1200
ord2818
ord924
ord858
ord1168
ord3619
ord1641
ord3626
ord2414
ord3663
ord535
ord537
ord939
ord941
ord4277
ord2764
ord641
ord6055
ord4078
ord1776
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3402
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3721
ord795
ord860
ord567
ord6283
ord6282
ord4275
ord2860
ord2864
ord5875
ord755
ord640
ord1640
ord323
ord470
ord823
ord6880
ord2859
ord2379
ord6453
ord4220
ord2584
ord3654
ord2438
ord2455
ord2863
ord1644
ord1146
ord6197
ord6378
ord1175
ord2452
ord613
ord5785
ord289
ord4278
ord5683
ord2575
ord4396
ord3574
ord3571
ord809
ord3815
ord556
ord4284
ord2405
ord5053
ord5981
ord3874
ord4133
ord4297
ord5788
ord472
ord283
ord2122
ord6358
ord1088
ord2567
ord1834
ord4229
ord4759
ord2413
ord2024
ord4219
ord2581
ord686
ord4635
ord4607
ord4716
ord4750
ord5016
ord5265
ord4375
ord4852
ord4998
ord2515
ord6052
ord1775
ord5280
ord4834
ord4425
ord802
ord542
ord355
ord692
ord6675
ord5710
ord3301
ord3200
ord3092
ord5063
ord4497
ord4710
ord5651
ord3127
ord3616
ord665
ord1979
ord5442
ord3318
ord5186
ord350
ord354
ord2753
ord3573
ord6172
ord3797
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord5873
ord5789
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord6194
ord384
ord4698
ord3293
ord6654
ord2862
ord3910
ord5787
ord3754
ord6888
ord6762
ord538
ord6648
ord4615
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4376
ord5307
ord5289
ord5714
ord4622
ord3738
ord815
ord561
ord2514
ord617
ord5214
ord296
ord4159
ord6117
ord2621
ord1134
ord2725
ord4853
ord3597
ord324
ord2302
ord4234
ord6199
ord6241
ord4230
ord1803

msvcrt

__p__fmode
_acmdln
_XcptFilter
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
_controlfp
__set_app_type
_stricmp
_setmbcp
__getmainargs
_exit
?terminate@@YAXXZ
_except_handler3
_onexit
_mbsicmp
_strdup
memmove
fread
sscanf
_mbsicoll
exit
free
__dllonexit
strchr
strrchr
time
localtime
fopen
fwrite
vfprintf
fclose
_mbscmp
_mbsnbcpy
sprintf
atoi
__CxxFrameHandler
_ftol

Sections

.text
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_0901CF1F2F3F40589047A58594F3B940
_0F8DEEB6A699445CBD1AEDF8E3977E14
_147C28713DB44828B1B9CC82EB2037F6
_17551744EA394F279D3E33BC201B0F9D
_1A254ED0A8434CB4B380811041EA710B
_1B4DC5A2E06842A2AF67D90F083EA79B
.dll windows:4 windows x86 arch:x86

3c75018a31636a38bbbd789f3af2b482

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

ExFreePool
KeSetEvent
InterlockedDecrement
IoBuildDeviceIoControlRequest
ExAllocatePoolWithTag
RtlQueryRegistryValues
IoOpenDeviceRegistryKey
IoDeleteDevice
IoDetachDevice
InterlockedIncrement
ZwClose
KeWaitForSingleObject
RtlInitUnicodeString
PoRequestPowerIrp
PoCallDriver
PoStartNextPowerIrp
IoFreeIrp
IoAllocateIrp
ExQueueWorkItem
KeInsertQueueDpc
IoCreateDevice
KeInitializeEvent
KeInitializeSpinLock
IofCallDriver
ObfReferenceObject
KeInitializeDpc
IofCompleteRequest
IoAttachDeviceToDeviceStack

hal

KeStallExecutionProcessor
KfAcquireSpinLock
KfReleaseSpinLock

usbd.sys

USBD_GetUSBDIVersion
USBD_CreateConfigurationRequest
_USBD_ParseConfigurationDescriptorEx@28

Exports

Exports

UMSS_GetMaxLun
UMSS_GetNextPDO
UMSS_RegisterCompletionHandler
UMSS_StartRequest

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 192B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 832B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 416B - Virtual size: 386B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
_1D0E49FA575846418C21EA59D74977BF
_1DEBE9680B714D66AF1C983CE47F8E93
_1DF73217BB3C4D82BD9D6D43F230E3F2
_1E04C5195CB34EBD8D2A96FABD8ABB56
_1F6E32A8F43E4798A1E9B9347A141C51
_22A7643F5B704B74B2636AC698E060E9
_23C78418266442168F20046E2004F6C8
_2797A4C85C6646FB9F5D7699281AD20E
.exe windows:5 windows x86 arch:x86

119233f82752a98520a64b8d5c0cd6db

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_except_handler3
_controlfp
_adjust_fdiv
__p__fmode
__set_app_type
__p__commode
towlower
??2@YAPAXI@Z
??3@YAXPAX@Z
_iob
fputs
__wgetmainargs
__setusermatherr
_initterm
_XcptFilter
__p___winitenv
exit
wcsrchr
_exit
wprintf
towupper
_wcsnicmp
iswalpha
fputws
_wcsicmp
wcschr

advapi32

RegCloseKey
RegQueryValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

kernel32

LoadLibraryW
GetProcAddress
FreeLibrary
GetFullPathNameW
FileTimeToSystemTime
GetDateFormatW
lstrcpynW
lstrcpyW
lstrcmpiW
lstrcmpW
GetLastError
GetCurrentProcess
lstrlenW
FormatMessageW
LocalFree
CloseHandle

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
CM_Get_Device_ID_ExW
SetupDiEnumDeviceInfo
SetupDiGetDeviceInfoListDetailW
SetupDiOpenDeviceInfoW
SetupDiGetClassDevsExW
SetupDiCreateDeviceInfoListExW
SetupDiClassGuidsFromNameExW
CM_Get_DevNode_Status_Ex
CM_Get_Res_Des_Data_Ex
CM_Get_Res_Des_Data_Size_Ex
CM_Free_Res_Des_Handle
CM_Get_Next_Res_Des_Ex
CM_Free_Log_Conf_Handle
CM_Get_First_Log_Conf_Ex
SetupDiDestroyDriverInfoList
SetupDiGetDriverInfoDetailW
SetupDiEnumDriverInfoW
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsW
SetupDiOpenDevRegKey
SetupDiGetDeviceInstallParamsW
SetupCloseFileQueue
SetupScanFileQueueW
SetupDiCallClassInstaller
SetupOpenFileQueue
SetupDiSetSelectedDriverW
SetupDiGetDriverInstallParamsW
SetupDiOpenClassRegKeyExW
SetupDiGetClassDescriptionExW
SetupDiClassNameFromGuidExW
SetupDiBuildClassInfoListExW
SetupDiSetClassInstallParamsW
SetupDiSetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInfoList
SetupDiGetINFClassW
CM_Disconnect_Machine
CM_Reenumerate_DevNode_Ex
CM_Locate_DevNode_ExW
CM_Connect_MachineW

user32

CharNextW
LoadStringW
ExitWindowsEx

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_27B8C3D7D0994AE0B9EEE6CC89E3148E
_29F1BB2847B84F499F5F20825A00ABC4
.html
_2A94A2533E9C4F8481AFD28340E5094A
_2B494F7268314CF39AFA4861F0EDAB20
_321EC7552A0C40CE8B1EF6A6D90F7B1F
.chm
_330687F9852D4A4A94E7BA8BE4A5CECA
_337AAFE51E7446D6BABEF3B5CBFF4A85
_357999644DF34D2CA7442BA96527B93E
_3CDD561900D546D29FC7E7030A037C86
_3F16066EA4204839A6A09EE36F56B757
_409966C9CFA64CDC8586B17C39294F00
_42F44AD61191441386459A9489068B81
.chm
_45E78F43A57D42568BB318CE10EE62FD
_47F2F9020AAA4D3B9AAFECC85832B3D6
_499EFAB3963F4894BBB6056936A58395
_4C2379E67BD84E369D70B4C370C34DC1
_4E8D2D898B524FCB8549DA161835000A
_50440A9784214246AAD318160B764D56
_5166333B561A42EFB427183C9CD5A5B1
.dll windows:5 windows x86 arch:x86

c6e592e19acd0da69bdcb49a95a6f100

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

IoDeleteDevice
KeInitializeEvent
KeInitializeSpinLock
IofCallDriver
IoSetDeviceInterfaceState
IoBuildDeviceIoControlRequest
IoRegisterDeviceInterface
ExAllocatePoolWithTag
IoCreateDevice
KeSetEvent
InterlockedDecrement
KeWaitForSingleObject
InterlockedIncrement
ExFreePool
IofCompleteRequest
IoDetachDevice
KeInitializeDpc
IoAttachDeviceToDeviceStack
RtlInitUnicodeString
ObfReferenceObject
PoRequestPowerIrp
PoCallDriver
PoStartNextPowerIrp
IoFreeIrp
IoAllocateIrp
ExQueueWorkItem
KeInsertQueueDpc

hal

KfAcquireSpinLock
KfReleaseSpinLock
KeStallExecutionProcessor

usbd.sys

USBD_CreateConfigurationRequest
USBD_GetUSBDIVersion
_USBD_ParseConfigurationDescriptorEx@28

Exports

Exports

UMSS_GetMaxLun
UMSS_GetNextPDO
UMSS_RegisterCompletionHandler
UMSS_StartRequest

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 288B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 192B - Virtual size: 171B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 992B - Virtual size: 990B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 832B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 480B - Virtual size: 454B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
_51F27D9C8FDC4BD282031DF404D02A73
.dll windows:4 windows x86 arch:x86

28246e3fbcffaa9f00e83f6b0233f849

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetStdHandle
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetProcAddress
RaiseException
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
HeapFree
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

AmvEncoder
AmvEncoderClose
AmvEncoderInit
AmvHeaderEncoder

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
_528528BFE55848F79C4FFC8647DC53F9
.dll windows:4 windows x86 arch:x86

3f33864ea5180a15c70fbf099e3b13c0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList

mfc42

ord5442
ord1200
ord940
ord2915
ord2764
ord2763
ord6283
ord4277
ord4204
ord5861
ord541
ord4274
ord6375
ord4486
ord2554
ord2512
ord6282
ord3922
ord1089
ord5199
ord2396
ord801
ord5731
ord1105
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3346
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord2818
ord1577
ord858
ord941
ord354
ord5186
ord3318
ord1979
ord665
ord4224
ord823
ord535
ord537
ord860
ord924
ord825
ord540
ord800
ord1168
ord1575
ord1176
ord1116
ord5302
ord5300
ord3831
ord1255
ord269
ord826
ord600
ord1578
ord6467
ord1182
ord1253
ord1570
ord1197
ord1243
ord342

msvcrt

__CxxFrameHandler
sscanf
_mbscmp
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
sprintf
strncpy
free
malloc
_except_handler3
?terminate@@YAXXZ
_mkdir

kernel32

GetProcAddress
FreeLibrary
GetModuleFileNameA
GetWindowsDirectoryA
CopyFileA
DeleteFileA
LoadLibraryA
DeviceIoControl
GetDriveTypeA
GetLogicalDriveStringsA
CloseHandle
CreateFileA
Sleep
GetLastError
GetVersionExA
GetSystemDefaultLangID
WaitForSingleObject
ResetEvent
CreateEventA
GetPrivateProfileStringA
FindFirstFileA
LocalFree
LocalAlloc

user32

DispatchMessageA
TranslateMessage
PeekMessageA
MessageBoxA
LoadCursorA
SetCursor
SendMessageA
GetTopWindow
GetWindow
GetWindowTextA

ole32

CoCreateGuid

msvcp60

?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Xlen@std@@YAXXZ

Exports

Exports

DownFimware
EnableDrm
EnableErase
Eraseflash
GetDevName
GetDeviceInfo
GetDogCurrentCount
GetFirmwareInfo
GetFmVersion
GetLogoRes
GetTotalNumber
GetUDiskCount
Initial
ReSetUdisk
SetCurrectCheck
SetDTFile
SetDownAutorun
SetFirmwareFile
SetPKFile
run_log

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
_52F7995691804071AB89F1930BBB0FD9
_55426AF2A0B7421D88C3003D5C6DE56B
_55E431F8AE0E4C39B9F7BA701D5C1687
.rtf
_5A97E6612FD942DC80376C05603F8CBE
_5DC2633923D44F4C8570392FA3A6BF90
_600B2382DA8349F897D8A5F592D85A1C
_6083DC713F36445F9EFE02D1F7C3E75E
_611736EA86604374B59F447AFC14E044
.dll windows:6 windows x86 arch:x86

785d5607ed2f18f4ea0be5809350b169

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12-05-1997 00:00

Not After

07-01-2004 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28-02-2001 00:00

Not After

06-01-2004 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-12-2000 08:00

Not After

12-11-2005 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:07:11:43:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-05-2002 00:55

Not After

25-11-2003 01:05

Subject

CN=Microsoft Corporation,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

unicows.pdb

Imports

kernel32

GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetDriveTypeA
GetDriveTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
FindClose
IsDBCSLeadByte
GetFullPathNameA
GetFullPathNameW
GetLocaleInfoW
GetLogicalDriveStringsA
GetLogicalDriveStringsW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetNamedPipeHandleStateA
GetNamedPipeHandleStateW
GetNumberFormatA
GetNumberFormatW
GetPrivateProfileIntA
GetPrivateProfileIntW
GetPrivateProfileSectionA
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionNamesW
GetPrivateProfileStringA
GetPrivateProfileStringW
GetPrivateProfileStructA
GetPrivateProfileStructW
GetProfileIntA
GetProfileIntW
GetProfileSectionA
GetProfileSectionW
GetProfileStringA
GetProfileStringW
GetShortPathNameA
GetShortPathNameW
GetStartupInfoA
GetStartupInfoW
GetStringTypeExA
GetStringTypeExW
GetSystemDirectoryA
GetSystemDirectoryW
GetTempFileNameW
GetTempPathW
GetTimeFormatA
GetTimeFormatW
GetVersionExA
GetVersionExW
GetVolumeInformationA
GetVolumeInformationW
GetWindowsDirectoryA
GetWindowsDirectoryW
GlobalAddAtomW
GlobalFindAtomA
GlobalFindAtomW
GlobalGetAtomNameA
GlobalGetAtomNameW
IsBadStringPtrW
IsValidCodePage
LCMapStringA
LCMapStringW
LoadLibraryW
LoadLibraryExW
lstrcatW
lstrcmpW
lstrcmpiW
lstrcpyW
lstrcpynW
MoveFileW
OpenEventA
OpenEventW
GetDefaultCommConfigW
OpenFileMappingW
OpenMutexA
OpenMutexW
OpenSemaphoreA
OpenSemaphoreW
OutputDebugStringA
OutputDebugStringW
PeekConsoleInputA
PeekConsoleInputW
QueryDosDeviceA
QueryDosDeviceW
ReadConsoleA
ReadConsoleW
ReadConsoleInputA
ReadConsoleInputW
ReadConsoleOutputA
ReadConsoleOutputW
ReadConsoleOutputCharacterA
ReadConsoleOutputCharacterW
RemoveDirectoryA
RemoveDirectoryW
ScrollConsoleScreenBufferA
ScrollConsoleScreenBufferW
SearchPathA
SearchPathW
SetComputerNameA
SetComputerNameW
SetConsoleTitleA
SetConsoleTitleW
SetCurrentDirectoryA
SetCurrentDirectoryW
SetDefaultCommConfigA
SetDefaultCommConfigW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetFileAttributesA
SetFileAttributesW
SetLocaleInfoA
SetLocaleInfoW
SetVolumeLabelA
SetVolumeLabelW
VerLanguageNameA
VerLanguageNameW
WaitNamedPipeA
WaitNamedPipeW
WriteConsoleA
WriteConsoleW
WriteConsoleInputA
WriteConsoleInputW
WriteConsoleOutputA
WriteConsoleOutputW
WriteConsoleOutputCharacterA
WriteConsoleOutputCharacterW
WritePrivateProfileSectionA
WritePrivateProfileSectionW
WritePrivateProfileStringA
WritePrivateProfileStringW
WritePrivateProfileStructA
WritePrivateProfileStructW
WriteProfileSectionA
WriteProfileSectionW
WriteProfileStringA
WriteProfileStringW
FindResourceA
lstrcpyA
IsBadWritePtr
SetErrorMode
GetStringTypeW
FindResourceW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
GetDefaultCommConfigA
GetDateFormatW
GetDateFormatA
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrencyFormatW
GetCurrencyFormatA
GetConsoleTitleW
GetConsoleTitleA
GetComputerNameW
GetComputerNameA
GetAtomNameW
GetAtomNameA
FormatMessageW
FormatMessageA
LocalFree
HeapReAlloc
LocalAlloc
FreeEnvironmentStringsW
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
FindFirstChangeNotificationW
FindFirstChangeNotificationA
FindAtomW
FindAtomA
FillConsoleOutputCharacterW
FillConsoleOutputCharacterA
FatalAppExitW
FatalAppExitA
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
EnumTimeFormatsW
EnumTimeFormatsA
EnumSystemLocalesW
EnumSystemLocalesA
EnumSystemCodePagesW
EnumDateFormatsW
EnumDateFormatsA
EnumCalendarInfoW
EnumCalendarInfoA
DeleteFileW
CreateSemaphoreW
CreateSemaphoreA
CreateProcessW
CreateProcessA
CreateNamedPipeW
CreateNamedPipeA
CreateMutexW
CreateMutexA
CreateMailslotW
CreateMailslotA
CreateFileMappingW
CreateFileMappingA
CreateFileW
CreateEventW
CreateEventA
CreateDirectoryExW
CreateDirectoryExA
CreateDirectoryW
CreateDirectoryA
CopyFileW
CopyFileA
CompareStringW
CommConfigDialogW
CommConfigDialogA
CallNamedPipeW
CallNamedPipeA
BuildCommDCBAndTimeoutsW
BuildCommDCBAndTimeoutsA
BuildCommDCBW
BuildCommDCBA
AddAtomW
AddAtomA
InitializeCriticalSection
GetACP
GetOEMCP
DeleteCriticalSection
GetFileAttributesA
LoadLibraryExA
EnumResourceTypesW
EnumResourceNamesW
EnumResourceLanguagesW
lstrlenW
FindResourceExW
SizeofResource
LoadResource
LockResource
FreeResource
GetTempFileNameA
GetTempPathA
DeleteFileA
MoveFileA
_lclose
_lread
_lwrite
_llseek
VirtualQuery
GetSystemInfo
VirtualFree
VirtualAlloc
VirtualProtect
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
GetCurrentProcessId
EnterCriticalSection
LeaveCriticalSection
CompareStringA
GlobalAddAtomA
AreFileApisANSI
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
GetCurrentThreadId
lstrcmpA
WideCharToMultiByte
lstrcmpiA
GetLocaleInfoA
CreateFileA
GetFileSize
CloseHandle
IsDBCSLeadByteEx
LoadLibraryA
InterlockedExchange
FreeLibrary
GetModuleHandleA
GetProcAddress
GetCPInfo
GetVersion
GetFileAttributesW
GetLastError
lstrlenA
GetProcessHeap
HeapAlloc
SetLastError
MultiByteToWideChar
OpenFileMappingA
HeapFree
RtlUnwind

user32

SystemParametersInfoW
TranslateAcceleratorW
TabbedTextOutA
TabbedTextOutW
UnregisterClassA
UnregisterClassW
VkKeyScanExA
VkKeyScanExW
WinHelpA
WinHelpW
wvsprintfW
EnumClipboardFormats
GetClipboardData
VkKeyScanW
wsprintfW
IsCharLowerW
IsCharAlphaNumericW
IsCharAlphaW
InsertMenuItemW
InsertMenuItemA
InsertMenuW
InsertMenuA
GrayStringW
GrayStringA
GetWindowTextLengthW
GetWindowTextLengthA
GetWindowTextW
GetWindowTextA
GetWindowLongW
GetTabbedTextExtentW
GetTabbedTextExtentA
GetPropW
GetMessageW
GetMenuStringW
GetMenuStringA
GetMenuItemInfoW
GetMenuItemInfoA
GetKeyNameTextW
GetKeyboardLayout
GetKeyNameTextA
GetKeyboardLayoutNameW
GetKeyboardLayoutNameA
GetDlgItemTextW
GetDlgItemTextA
GetClipboardFormatNameW
GetClipboardFormatNameA
GetClassNameW
GetClassLongW
GetClassLongA
GetClassInfoExW
GetClassInfoExA
GetClassInfoW
GetClassInfoA
FindWindowExW
FindWindowExA
FindWindowW
FindWindowA
EnableWindow
EnumPropsExW
EnumPropsExA
EnumPropsW
EnumPropsA
EnumDisplaySettingsW
EnumDisplaySettingsA
DrawTextExW
DrawTextExA
DrawTextW
DrawTextA
DrawStateW
DrawStateA
DlgDirSelectExW
DlgDirSelectExA
DlgDirSelectComboBoxExW
DlgDirSelectComboBoxExA
DlgDirListComboBoxW
DlgDirListComboBoxA
DlgDirListW
SystemParametersInfoA
DispatchMessageW
DialogBoxParamW
DialogBoxParamA
DialogBoxIndirectParamW
DialogBoxIndirectParamA
DefMDIChildProcW
DefFrameProcW
DefDlgProcW
DdeQueryStringW
DdeQueryStringA
DdeQueryConvInfo
DdeInitializeW
DdeInitializeA
DdeCreateStringHandleW
DdeCreateStringHandleA
DdeConnectList
DdeConnect
CharUpperBuffW
CharUpperW
CharToOemBuffW
CharToOemW
CharPrevW
CharNextW
CharLowerBuffW
CharLowerW
ChangeMenuW
SetWindowTextW
SetWindowTextA
SetWindowsHookExW
SetWindowsHookW
SetWindowsHookA
SetWindowLongW
SetPropW
SetMenuItemInfoW
SetMenuItemInfoA
SetDlgItemTextW
SetDlgItemTextA
SetClassLongW
SetClassLongA
SendNotifyMessageW
SendMessageTimeoutW
SendMessageCallbackW
SendMessageW
SendDlgItemMessageW
RemovePropW
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClipboardFormatA
RegisterClassExW
RegisterClassExA
RegisterClassW
RegisterClassA
PostThreadMessageW
PostMessageW
PeekMessageW
OemToCharBuffW
OemToCharW
ModifyMenuW
ModifyMenuA
MessageBoxIndirectW
MessageBoxIndirectA
MessageBoxExW
MessageBoxW
MapVirtualKeyExW
MapVirtualKeyExA
ChangeMenuA
ChangeDisplaySettingsW
ChangeDisplaySettingsA
CreateWindowExW
CreateWindowExA
CreateMDIWindowW
CreateMDIWindowA
CreateDialogParamW
CreateDialogParamA
CreateDialogIndirectParamW
CreateDialogIndirectParamA
CreateAcceleratorTableW
CreateAcceleratorTableA
CopyAcceleratorTableW
CopyAcceleratorTableA
CallWindowProcW
CallMsgFilterW
CallMsgFilterA
AppendMenuW
AppendMenuA
GetWindowThreadProcessId
SetWindowLongA
TranslateAcceleratorA
IsDialogMessageA
DispatchMessageA
PeekMessageA
GetMessageA
PostThreadMessageA
PostMessageA
SendNotifyMessageA
SendMessageTimeoutA
SendMessageCallbackA
SendMessageA
DefWindowProcA
CallWindowProcA
DefMDIChildProcA
DefFrameProcA
DefDlgProcA
GetWindowLongA
GetParent
GetDlgItem
SetPropA
RemovePropA
GetPropA
IsDlgButtonChecked
GetClassNameA
CharLowerA
CharUpperA
UnhookWindowsHookEx
SetWindowsHookExA
MapVirtualKeyW
CallNextHookEx
MapVirtualKeyA
LoadStringW
LoadMenuIndirectW
LoadMenuIndirectA
EnumChildWindows
RegisterWindowMessageA
LoadMenuW
LoadMenuA
LoadKeyboardLayoutW
LoadKeyboardLayoutA
LoadImageW
LoadImageA
LoadIconW
LoadIconA
LoadCursorFromFileW
LoadCursorFromFileA
LoadCursorW
LoadCursorA
LoadBitmapW
LoadBitmapA
LoadAcceleratorsW
LoadAcceleratorsA
IsWindowUnicode
IsWindow
IsDialogMessageW
DlgDirListA
IsClipboardFormatAvailable
IsCharUpperW

gdi32

GetEnhMetaFileDescriptionW
GetGlyphOutlineA
GetGlyphOutlineW
GetICMProfileA
GetICMProfileW
GetKerningPairsA
GetKerningPairsW
GetLogColorSpaceA
GetLogColorSpaceW
GetMetaFileA
GetMetaFileW
GetObjectA
GetObjectType
GetObjectW
GetOutlineTextMetricsA
GetOutlineTextMetricsW
GetTextExtentExPointA
GetTextExtentExPointW
GetTextExtentPointA
GetEnhMetaFileDescriptionA
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextFaceA
GetTextFaceW
GetTextMetricsA
GetTextMetricsW
PolyTextOutA
PolyTextOutW
RemoveFontResourceA
RemoveFontResourceW
ResetDCA
ResetDCW
SetICMProfileA
SetICMProfileW
StartDocA
StartDocW
TextOutW
UpdateICMRegKeyA
UpdateICMRegKeyW
GetEnhMetaFileW
GetEnhMetaFileA
GetCharacterPlacementW
GetCharacterPlacementA
GetCharWidthFloatW
GetCharWidthFloatA
GetCharWidth32W
GetCharWidthW
GetCharWidthA
GetCharABCWidthsFloatW
GetCharABCWidthsFloatA
GetCharABCWidthsW
GetCharABCWidthsA
ExtTextOutW
ExtTextOutA
EnumICMProfilesW
EnumICMProfilesA
EnumFontsW
EnumFontsA
EnumFontFamiliesExW
EnumFontFamiliesExA
EnumFontFamiliesW
EnumFontFamiliesA
CreateScalableFontResourceW
CreateScalableFontResourceA
CreateMetaFileW
CreateMetaFileA
CreateICW
CreateICA
CreateFontIndirectW
CreateFontIndirectA
CreateFontW
CreateFontA
CreateEnhMetaFileW
CreateEnhMetaFileA
CreateDCW
CreateDCA
CreateColorSpaceW
CreateColorSpaceA
CopyMetaFileW
CopyMetaFileA
CopyEnhMetaFileW
CopyEnhMetaFileA
AddFontResourceW
AddFontResourceA
GetFontData
GetTextExtentPointW
TranslateCharsetInfo
GetTextCharset

mpr

WNetGetUniversalNameW
MultinetGetConnectionPerformanceW
WNetAddConnectionA
WNetAddConnectionW
WNetAddConnection2A
WNetAddConnection2W
WNetAddConnection3A
WNetAddConnection3W
WNetCancelConnectionA
WNetCancelConnectionW
WNetCancelConnection2A
WNetCancelConnection2W
WNetConnectionDialog1A
WNetConnectionDialog1W
WNetDisconnectDialog1A
WNetDisconnectDialog1W
WNetEnumResourceA
WNetEnumResourceW
WNetGetConnectionA
WNetGetConnectionW
WNetGetLastErrorA
WNetGetLastErrorW
WNetGetNetworkInformationA
WNetGetNetworkInformationW
WNetGetProviderNameA
WNetUseConnectionW
WNetUseConnectionA
WNetOpenEnumW
WNetOpenEnumA
WNetGetUserW
WNetGetUserA
MultinetGetConnectionPerformanceA
WNetGetUniversalNameA
WNetGetResourceParentW
WNetGetResourceParentA
WNetGetResourceInformationW
WNetGetResourceInformationA
WNetGetProviderNameW

advapi32

RegOpenKeyA
RegEnumValueA
RegUnLoadKeyW
RegUnLoadKeyA
RegSetValueExW
RegSetValueExA
RegSetValueW
RegSetValueA
RegSaveKeyW
RegSaveKeyA
RegReplaceKeyW
RegReplaceKeyA
RegQueryValueExW
RegQueryValueExA
RegQueryValueW
RegQueryValueA
RegQueryMultipleValuesW
RegQueryMultipleValuesA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExW
RegOpenKeyW
RegCloseKey
RegLoadKeyW
RegLoadKeyA
RegEnumValueW
RegEnumKeyExW
RegEnumKeyExA
RegEnumKeyW
RegEnumKeyA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
RegCreateKeyExA
RegCreateKeyW
RegCreateKeyA
RegConnectRegistryW
RegConnectRegistryA
IsTextUnicode
GetUserNameW
GetUserNameA
RegOpenKeyExA

comdlg32

GetOpenFileNameW
GetFileTitleW
GetFileTitleA
FindTextW
ChooseFontW
ChooseFontA
ChooseColorW
ChooseColorA
ReplaceTextW
FindTextA
ReplaceTextA
GetOpenFileNameA
GetSaveFileNameA
PageSetupDlgA
PageSetupDlgW
PrintDlgA
PrintDlgW
GetSaveFileNameW

version

VerQueryValueW
VerQueryValueA
VerInstallFileW
VerInstallFileA
VerFindFileW
VerFindFileA
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
GetFileVersionInfoW
GetFileVersionInfoA

shell32

SHGetPathFromIDListA
ord180
ord179
SHGetFileInfoA
SHFileOperationA
SHChangeNotify
SHBrowseForFolderA
Shell_NotifyIconA
ShellExecuteExA
ShellExecuteW
ShellExecuteA
ShellAboutW
ShellAboutA
FindExecutableW
FindExecutableA
ExtractIconExA
DragQueryFileA
DragQueryFileW
ExtractIconW
ExtractIconA

winspool.drv

GetPrinterW
GetPrinterDataW
GetPrinterDriverW
GetPrinterDriverDirectoryA
GetPrinterDriverDirectoryW
GetPrintProcessorDirectoryA
GetPrintProcessorDirectoryW
GetJobW
OpenPrinterW
ResetPrinterA
ResetPrinterW
SetJobA
SetJobW
SetPrinterA
SetPrinterW
SetPrinterDataA
SetPrinterDataW
StartDocPrinterA
EnumPrintProcessorsW
EnumPrintProcessorDatatypesW
EnumPrintersW
EnumPrinterDriversW
EnumPortsW
EnumMonitorsW
DocumentPropertiesW
DocumentPropertiesA
DeviceCapabilitiesW
DeviceCapabilitiesA
DeletePrintProvidorW
DeletePrintProvidorA
DeletePrintProcessorW
DeletePrintProcessorA
DeletePrinterDriverW
DeletePrinterDriverA
DeletePortW
DeletePortA
DeleteMonitorW
DeleteMonitorA
ConfigurePortW
ConfigurePortA
AdvancedDocumentPropertiesW
AdvancedDocumentPropertiesA
AddPrintProvidorW
AddPrintProvidorA
AddPrintProcessorW
AddPrintProcessorA
AddPrinterDriverW
AddPrinterDriverA
AddPrinterW
AddPrinterA
AddPortW
AddPortA
AddMonitorW
AddMonitorA
AddJobW
AddJobA
OpenPrinterA
StartDocPrinterW

oledlg

OleUIUpdateLinksW
OleUIPromptUserW
OleUIPasteSpecialW
OleUIObjectPropertiesW
OleUIInsertObjectW
OleUIEditLinksW
OleUIConvertW
OleUIChangeSourceW
OleUIChangeIconW
OleUIBusyW
ord8
OleUIAddVerbMenuW
ord1
ord6

winmm

waveOutGetErrorTextW
waveOutGetErrorTextA
waveOutGetDevCapsW
waveOutGetDevCapsA
waveInGetErrorTextW
mixerGetControlDetailsW
midiOutGetErrorTextW
midiOutGetErrorTextA
midiOutGetDevCapsW
midiOutGetDevCapsA
midiInGetErrorTextW
midiInGetDevCapsW
midiInGetDevCapsA
mciSendStringW
mciSendStringA
mciSendCommandW
mciGetErrorStringW
mciGetErrorStringA
midiInGetErrorTextA
mciGetDeviceIDW
mciGetDeviceIDA
joyGetDevCapsW
joyGetDevCapsA
auxGetDevCapsW
auxGetDevCapsA
PlaySoundW
PlaySoundA
mixerGetDevCapsW
mixerGetLineControlsW
mixerGetLineInfoW
mmioInstallIOProcW
mmioOpenA
mmioOpenW
mmioRenameA
mmioRenameW
mmioStringToFOURCCA
mmioStringToFOURCCW
sndPlaySoundA
sndPlaySoundW
waveInGetDevCapsA
waveInGetDevCapsW
waveInGetErrorTextA
mixerGetDevCapsA

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

msvfw32

MCIWndCreateW
MCIWndCreateA
GetSaveFileNamePreviewW
GetOpenFileNamePreviewW

imm32

ImmReleaseContext
ImmGetCompositionStringA
ImmGetContext
ImmGetCompositionStringW

Exports

Exports

AcquireCredentialsHandleW
AddAtomW
AddFontResourceW
AddJobW
AddMonitorW
AddPortW
AddPrintProcessorW
AddPrintProvidorW
AddPrinterDriverW
AddPrinterW
AdvancedDocumentPropertiesW
AppendMenuW
BeginUpdateResourceA
BeginUpdateResourceW
BroadcastSystemMessageW
BuildCommDCBAndTimeoutsW
BuildCommDCBW
CallMsgFilterW
CallNamedPipeW
CallWindowProcA
CallWindowProcW
ChangeDisplaySettingsExW
ChangeDisplaySettingsW
ChangeMenuW
CharLowerBuffW
CharLowerW
CharNextW
CharPrevW
CharToOemBuffW
CharToOemW
CharUpperBuffW
CharUpperW
ChooseColorW
ChooseFontW
CommConfigDialogW
CompareStringW
ConfigurePortW
CopyAcceleratorTableW
CopyEnhMetaFileW
CopyFileExW
CopyFileW
CopyMetaFileW
CreateAcceleratorTableW
CreateColorSpaceW
CreateDCW
CreateDialogIndirectParamW
CreateDialogParamW
CreateDirectoryExW
CreateDirectoryW
CreateEnhMetaFileW
CreateEventW
CreateFileMappingW
CreateFileW
CreateFontIndirectW
CreateFontW
CreateICW
CreateMDIWindowW
CreateMailslotW
CreateMetaFileW
CreateMutexW
CreateNamedPipeW
CreateProcessW
CreateScalableFontResourceW
CreateSemaphoreW
CreateStdAccessibleProxyW
CreateWaitableTimerW
CreateWindowExW
CryptAcquireContextW
CryptEnumProviderTypesW
CryptEnumProvidersW
CryptGetDefaultProviderW
CryptSetProviderExW
CryptSetProviderW
CryptSignHashW
CryptVerifySignatureW
DdeConnect
DdeConnectList
DdeCreateStringHandleW
DdeInitializeW
DdeQueryConvInfo
DdeQueryStringW
DefDlgProcW
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeleteFileW
DeleteMonitorW
DeletePortW
DeletePrintProcessorW
DeletePrintProvidorW
DeletePrinterDriverW
DeviceCapabilitiesW
DialogBoxIndirectParamW
DialogBoxParamW
DispatchMessageW
DlgDirListComboBoxW
DlgDirListW
DlgDirSelectComboBoxExW
DlgDirSelectExW
DocumentPropertiesW
DragQueryFileW
DrawStateW
DrawTextExW
DrawTextW
EnableWindow
EndUpdateResourceA
EndUpdateResourceW
EnumCalendarInfoExW
EnumCalendarInfoW
EnumClipboardFormats
EnumDateFormatsExW
EnumDateFormatsW
EnumDisplayDevicesW
EnumDisplaySettingsExW
EnumDisplaySettingsW
EnumFontFamiliesExW
EnumFontFamiliesW
EnumFontsW
EnumICMProfilesW
EnumMonitorsW
EnumPortsW
EnumPrintProcessorDatatypesW
EnumPrintProcessorsW
EnumPrinterDriversW
EnumPrintersW
EnumPropsA
EnumPropsExA
EnumPropsExW
EnumPropsW
EnumSystemCodePagesW
EnumSystemLocalesW
EnumTimeFormatsW
EnumerateSecurityPackagesW
ExpandEnvironmentStringsW
ExtTextOutW
ExtractIconExW
ExtractIconW
FatalAppExitW
FillConsoleOutputCharacterW
FindAtomW
FindExecutableW
FindFirstChangeNotificationW
FindFirstFileW
FindNextFileW
FindResourceExW
FindResourceW
FindTextW
FindWindowExW
FindWindowW
FormatMessageW
FreeContextBuffer
FreeEnvironmentStringsW
GetAltTabInfoW
GetAtomNameW
GetCPInfo
GetCPInfoExW
GetCalendarInfoW
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetCharWidth32W
GetCharWidthFloatW
GetCharWidthW
GetCharacterPlacementW
GetClassInfoExW
GetClassInfoW
GetClassLongW
GetClassNameW
GetClipboardData
GetClipboardFormatNameW
GetComputerNameW
GetConsoleTitleW
GetCurrencyFormatW
GetCurrentDirectoryW
GetCurrentHwProfileW
GetDateFormatW
GetDefaultCommConfigW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDlgItemTextW
GetDriveTypeW
GetEnhMetaFileDescriptionW
GetEnhMetaFileW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetFileAttributesExW
GetFileAttributesW
GetFileTitleW
GetFileVersionInfoSizeW
GetFileVersionInfoW
GetFullPathNameW
GetGlyphOutlineW
GetICMProfileW
GetJobW
GetKerningPairsW
GetKeyNameTextW
GetKeyboardLayoutNameW
GetLocaleInfoW
GetLogColorSpaceW
GetLogicalDriveStringsW
GetLongPathNameW
GetMenuItemInfoW
GetMenuStringW
GetMessageW
GetMetaFileW
GetModuleFileNameW
GetModuleHandleW
GetMonitorInfoW
GetNamedPipeHandleStateW
GetNumberFormatW
GetObjectW
GetOpenFileNamePreviewW
GetOpenFileNameW
GetOutlineTextMetricsW
GetPrintProcessorDirectoryW
GetPrinterDataW
GetPrinterDriverDirectoryW
GetPrinterDriverW
GetPrinterW
GetPrivateProfileIntW
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
GetPrivateProfileStringW
GetPrivateProfileStructW
GetProcAddress
GetProfileIntW
GetProfileSectionW
GetProfileStringW
GetPropA
GetPropW
GetRoleTextW
GetSaveFileNamePreviewW
GetSaveFileNameW
GetShortPathNameW
GetStartupInfoW
GetStateTextW
GetStringTypeExW
GetStringTypeW
GetSystemDirectoryW
GetSystemWindowsDirectoryW
GetTabbedTextExtentW
GetTempFileNameW
GetTempPathW
GetTextExtentExPointW
GetTextExtentPoint32W
GetTextExtentPointW
GetTextFaceW
GetTextMetricsW
GetTimeFormatW
GetUserNameW
GetVersionExW
GetVolumeInformationW
GetWindowLongA
GetWindowLongW
GetWindowModuleFileNameW
GetWindowTextLengthW
GetWindowTextW
GetWindowsDirectoryW
GlobalAddAtomW
GlobalFindAtomW
GlobalGetAtomNameW
GrayStringW
InitSecurityInterfaceW
InitializeSecurityContextW
InsertMenuItemW
InsertMenuW
IsBadStringPtrW
IsCharAlphaNumericW
IsCharAlphaW
IsCharLowerW
IsCharUpperW
IsClipboardFormatAvailable
IsDestinationReachableW
IsDialogMessageW
IsTextUnicode
IsValidCodePage
IsWindowUnicode
LCMapStringW
LoadAcceleratorsW
LoadBitmapW
LoadCursorFromFileW
LoadCursorW
LoadIconW
LoadImageW
LoadKeyboardLayoutW
LoadLibraryExW
LoadLibraryW
LoadMenuIndirectW
LoadMenuW
LoadStringW
MCIWndCreateW
MapVirtualKeyExW
MapVirtualKeyW
MessageBoxExW
MessageBoxIndirectW
MessageBoxW
ModifyMenuW
MoveFileW
MultiByteToWideChar
MultinetGetConnectionPerformanceW
OemToCharBuffW
OemToCharW
OleUIAddVerbMenuW
OleUIBusyW
OleUIChangeIconW
OleUIChangeSourceW
OleUIConvertW
OleUIEditLinksW
OleUIInsertObjectW
OleUIObjectPropertiesW
OleUIPasteSpecialW
OleUIPromptUserW
OleUIUpdateLinksW
OpenEventW
OpenFileMappingW
OpenMutexW
OpenPrinterW
OpenSemaphoreW
OpenWaitableTimerW
OutputDebugStringW
PageSetupDlgW
PeekConsoleInputW
PeekMessageW
PlaySoundW
PolyTextOutW
PostMessageW
PostThreadMessageW
PrintDlgW
QueryContextAttributesW
QueryCredentialsAttributesW
QueryDosDeviceW
QuerySecurityPackageInfoW
RasConnectionNotificationW
RasCreatePhonebookEntryW
RasDeleteEntryW
RasDeleteSubEntryW
RasDialW
RasEditPhonebookEntryW
RasEnumConnectionsW
RasEnumDevicesW
RasEnumEntriesW
RasGetConnectStatusW
RasGetEntryDialParamsW
RasGetEntryPropertiesW
RasGetErrorStringW
RasGetProjectionInfoW
RasHangUpW
RasRenameEntryW
RasSetEntryDialParamsW
RasSetEntryPropertiesW
RasSetSubEntryPropertiesW
RasValidateEntryNameW
ReadConsoleInputW
ReadConsoleOutputCharacterW
ReadConsoleOutputW
ReadConsoleW
RegConnectRegistryW
RegCreateKeyExW
RegCreateKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumKeyW
RegEnumValueW
RegLoadKeyW
RegOpenKeyExW
RegOpenKeyW
RegQueryInfoKeyW
RegQueryMultipleValuesW
RegQueryValueExW
RegQueryValueW
RegReplaceKeyW
RegSaveKeyW
RegSetValueExW
RegSetValueW
RegUnLoadKeyW
RegisterClassExW
RegisterClassW
RegisterClipboardFormatW
RegisterDeviceNotificationW
RegisterWindowMessageW
RemoveDirectoryW
RemoveFontResourceW
RemovePropA
RemovePropW
ReplaceTextW
ResetDCW
ResetPrinterW
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetFileInfoW
SHGetNewLinkInfoW
SHGetPathFromIDListW
ScrollConsoleScreenBufferW
SearchPathW
SendDlgItemMessageW
SendMessageCallbackW
SendMessageTimeoutW
SendMessageW
SendNotifyMessageW
SetCalendarInfoW
SetClassLongW
SetComputerNameW
SetConsoleTitleW
SetCurrentDirectoryW
SetDefaultCommConfigW
SetDlgItemTextW
SetEnvironmentVariableW
SetFileAttributesW
SetICMProfileW
SetJobW
SetLocaleInfoW
SetMenuItemInfoW
SetPrinterDataW
SetPrinterW
SetPropA
SetPropW
SetVolumeLabelW
SetWindowLongA
SetWindowLongW
SetWindowTextW
SetWindowsHookExW
SetWindowsHookW
ShellAboutW
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW
StartDocPrinterW
StartDocW
SystemParametersInfoW
TabbedTextOutW
TextOutW
TranslateAcceleratorW
UnregisterClassW
UpdateICMRegKeyW
UpdateResourceA
UpdateResourceW
VerFindFileW
VerInstallFileW
VerLanguageNameW
VerQueryValueW
VkKeyScanExW
VkKeyScanW
WNetAddConnection2W
WNetAddConnection3W
WNetAddConnectionW
WNetCancelConnection2W
WNetCancelConnectionW
WNetConnectionDialog1W
WNetDisconnectDialog1W
WNetEnumResourceW
WNetGetConnectionW
WNetGetLastErrorW
WNetGetNetworkInformationW
WNetGetProviderNameW
WNetGetResourceInformationW
WNetGetResourceParentW
WNetGetUniversalNameW
WNetGetUserW
WNetOpenEnumW
WNetUseConnectionW
WaitNamedPipeW
WideCharToMultiByte
WinHelpW
WriteConsoleInputW
WriteConsoleOutputCharacterW
WriteConsoleOutputW
WriteConsoleW
WritePrivateProfileSectionW
WritePrivateProfileStringW
WritePrivateProfileStructW
WriteProfileSectionW
WriteProfileStringW
__FreeAllLibrariesInMsluDll
auxGetDevCapsW
capCreateCaptureWindowW
capGetDriverDescriptionW
joyGetDevCapsW
lstrcatW
lstrcmpW
lstrcmpiW
lstrcpyW
lstrcpynW
lstrlenW
mciGetDeviceIDW
mciGetErrorStringW
mciSendCommandW
mciSendStringW
midiInGetDevCapsW
midiInGetErrorTextW
midiOutGetDevCapsW
midiOutGetErrorTextW
mixerGetControlDetailsW
mixerGetDevCapsW
mixerGetLineControlsW
mixerGetLineInfoW
mmioInstallIOProcW
mmioOpenW
mmioRenameW
mmioStringToFOURCCW

Sections

.text
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
_6227252443C841BF9FFDFF29A9856421
.exe windows:4 windows x86 arch:x86

a3722627a3d4a3ccffacf157941f058a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord561
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord5302
ord2725
ord825
ord815
ord2915
ord4129
ord5683
ord924
ord860
ord922
ord939
ord858
ord2614
ord800
ord2818
ord540
ord535
ord941
ord537
ord2621
ord1134
ord5572
ord668
ord3738
ord2396
ord4058
ord2781
ord2770
ord356
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord4673
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord641
ord4234
ord1168
ord2379
ord755
ord470
ord5300
ord3346
ord3922
ord5199
ord1089
ord2554
ord5731
ord2512
ord4274
ord4486
ord6375
ord1980
ord3178
ord2385
ord1576

msvcrt

_except_handler3
__set_app_type
_controlfp
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__p__fmode
sprintf
__CxxFrameHandler
_mbscmp
__dllonexit
_setmbcp

kernel32

GetPrivateProfileStringA
DeleteFileA
GetModuleFileNameA
GetVersionExA
GetWindowsDirectoryA
CloseHandle
GetExitCodeProcess
GetLastError
GetStartupInfoA
RemoveDirectoryA
CreateProcessA
GetModuleHandleA

user32

DrawIcon
GetClientRect
SendMessageA
IsIconic
EnableWindow
GetSystemMetrics

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_636707B3F0C64E1788C9E885C85E0E90
_63CBC5E779AC443CAEDC833F58AD874A
_655240DE553B4B9A852444224B6222A3
_677868C91441435D97431D030EA62E62
_684AA00E7E434BC9B99B93E35E0950CE
_6A590CCCA24242BCB8FCFF69DEE39075
_6E25DC3BAEA34EB0AC6BE7F343F90882
_6EB9C22CA48A4A69B04ABDFBFC299E16
.dll regsvr32 windows:5 windows x86 arch:x86

20264582df85180f5b29d7280a7ac0ee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_except_handler3
strchr
iswctype
towupper
_ftol

kernel32

IsBadReadPtr
IsBadWritePtr
lstrcpyW
lstrcmpW
FreeLibraryAndExitThread
FreeLibrary
GetLastError
WaitForMultipleObjects
SetThreadPriority
CreateThread
CreateEventW
LoadLibraryW
GetTickCount
lstrcmpiW
ReadFileEx
DuplicateHandle
GetCurrentProcess
ReleaseMutex
WaitForSingleObject
MulDiv
GetVersion
LocalAlloc
LocalReAlloc
GetCurrentProcessId
ResumeThread
GetProcAddress
DisableThreadLibraryCalls
UnmapViewOfFile
MultiByteToWideChar
lstrlenA
IsBadCodePtr
CompareFileTime
lstrcpynW
GetPrivateProfileStringW
GetWindowsDirectoryW
WriteFileEx
Sleep
DeviceIoControl
SystemTimeToFileTime
GetLocalTime
HeapFree
HeapAlloc
GetProcessHeap
MapViewOfFile
CreateFileMappingW
CreateMutexW
LoadResource
FindResourceW
CreateProcessW
InitializeCriticalSection
GetVersionExW
CreateFileA
GetFullPathNameA
WideCharToMultiByte
ResetEvent
DeleteCriticalSection
SetEvent
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
lstrlenW
GetSystemTimeAsFileTime
CreateFileW
ReadFile
SetFilePointer
GetFileSize
CloseHandle
GetModuleHandleW
GetModuleFileNameW
GetFullPathNameW
InterlockedExchange
LocalFree
InterlockedDecrement
InterlockedIncrement
SleepEx

advapi32

RegEnumValueW
BuildTrusteeWithSidW
SetEntriesInAclW
GetSecurityInfo
RegDeleteKeyW
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAceEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorControl
FreeSid
RegEnumKeyExW
RegSetKeySecurity
RegCreateKeyW
RegOpenKeyW
RegQueryValueW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
GetUserNameW
RegCreateKeyExW

user32

MapVirtualKeyExW
GetKeyboardLayout
GetActiveWindow
GetKeyNameTextW
ToUnicodeEx
PostMessageW
wsprintfW
CharUpperW
UnhookWindowsHookEx
GetWindowThreadProcessId
IsIconic
GetForegroundWindow
GetWindowLongW
CallNextHookEx
SetWindowsHookExW
PostThreadMessageW
MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage
PeekMessageW
SetTimer
GetInputState
SystemParametersInfoW
IntersectRect
GetWindowRect
GetDesktopWindow
MapWindowPoints
GetClientRect
ReleaseCapture
SetCursorPos
mouse_event
GetAsyncKeyState
SetCapture
ClipCursor
ShowCursor
GetMessageTime
SendNotifyMessageW
GetCursorPos
GetSystemMetrics
MapVirtualKeyW
LoadStringW
keybd_event
GetKeyboardType
IsRectEmpty
SubtractRect
RegisterWindowMessageW
SetWindowLongW
DefWindowProcW
GetPropW
SetPropW
RemovePropW
CallWindowProcW
IsWindow

Exports

Exports

DirectInput8Create
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 517KB - Virtual size: 520KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
_765BB95B02884AE69FCBC1C522DEC567
_7C56FCEB7F1848ABBF9DF02DEEB99290
_7ED9018EAC1C4C7EBCC68EB06D58C9DC
_7EFE442503424A91971AB57D985B8AD4
_80E7588D09E14CA0A4CF228EE7627E06
_829C157FB6354A2DAEEE36F5B616A7B1
_84666B04713F4BD2944015B7B145A126
_84785AFE042A4BF3A3F64547A0660F13
_8534A5958E644FFB9199E71930183481
_864AA81AE69D47DE93E3CDAE3DA092FA
_88A461ED36CB4F0783F6E4AF920F81B8
_8929EED6822F48E6864D6EFF9DDAE4CA
_8BE1087E41A34858AC470071288F3B7B
.chm
_8CFD7BF6C1FE41779994CABED03A395C
_8F52C21855974CA3836E4DFB00272ED0
_90432418149B4C70B78E532A3734F85D
_904B83F3D51C4B0FBBA4F6F6E1CD7F6A
_91D72CCB122C4CF899F62DA873FE12E5
_91DD0277F6794C6597E2DA27B65C4BBC
.dll windows:5 windows x86 arch:x86

c6e592e19acd0da69bdcb49a95a6f100

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

IoDeleteDevice
KeInitializeEvent
KeInitializeSpinLock
IofCallDriver
IoSetDeviceInterfaceState
IoBuildDeviceIoControlRequest
IoRegisterDeviceInterface
ExAllocatePoolWithTag
IoCreateDevice
KeSetEvent
InterlockedDecrement
KeWaitForSingleObject
InterlockedIncrement
ExFreePool
IofCompleteRequest
IoDetachDevice
KeInitializeDpc
IoAttachDeviceToDeviceStack
RtlInitUnicodeString
ObfReferenceObject
PoRequestPowerIrp
PoCallDriver
PoStartNextPowerIrp
IoFreeIrp
IoAllocateIrp
ExQueueWorkItem
KeInsertQueueDpc

hal

KfAcquireSpinLock
KfReleaseSpinLock
KeStallExecutionProcessor

usbd.sys

USBD_CreateConfigurationRequest
USBD_GetUSBDIVersion
_USBD_ParseConfigurationDescriptorEx@28

Exports

Exports

UMSS_GetMaxLun
UMSS_GetNextPDO
UMSS_RegisterCompletionHandler
UMSS_StartRequest

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 288B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 192B - Virtual size: 171B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 992B - Virtual size: 990B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 832B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 480B - Virtual size: 454B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
_937E2D62A10F4356A69CFA1E641A351A
_95143E7CC17049EEBEC9B8610C05BAC8
_9819CB3DC02D4819BD441005B847AEC8
_9CBBE48CD97B40D9B47097AAA05A08BA
_9EA6AAA228A44FD6A24ACAC72FB32C6B
.dll regsvr32 windows:4 windows x86 arch:x86

d30080695b4ab11081783c0b12fa4f1a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
Sleep
GetSystemDefaultLangID
lstrcpynW
DisableThreadLibraryCalls
HeapAlloc
GetSystemInfo
GetVersionExA
HeapCreate
lstrlenA
lstrcpynA
lstrcatA
lstrcpyA
EnterCriticalSection
InterlockedDecrement
lstrlenW
DebugBreak
FindClose
CreateFileA
GetFileSize
ReadFile
CloseHandle
DeleteCriticalSection
FindFirstFileA
lstrcmpiA
FindNextFileA
GetLastError
lstrcmpA
GetFileAttributesA
LeaveCriticalSection
InterlockedIncrement
InitializeCriticalSection
HeapFree

user32

SetCursor
InsertMenuA
GetCursor
LoadCursorA
LoadStringA

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

DragQueryFileA
ShellExecuteA

ole32

ReleaseStgMedium

oleaut32

SysFreeString
LoadRegTypeLi
SysStringLen

shlwapi

StrCmpIW

atl

ord23
ord16
ord15
ord21
ord18
ord57
ord32
ord58
ord30

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
_9EB919C17DE040ACAF371BE974A29263
_9FB8E8CC328D4FDCBA47EF16ED4A5D5D
_A0338F59FC7B47F6AB375021D253D850
_A09A1C7A9C7E47E08066099067ACD47A
_A18C2019F4D8427B8366297F2F71C635
_A3EC81049529437C87432956736FA5A5
_A40BCB9B90BC41C692ECCE672F8800FD
.dll windows:4 windows x86 arch:x86

3c75018a31636a38bbbd789f3af2b482

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

ExFreePool
KeSetEvent
InterlockedDecrement
IoBuildDeviceIoControlRequest
ExAllocatePoolWithTag
RtlQueryRegistryValues
IoOpenDeviceRegistryKey
IoDeleteDevice
IoDetachDevice
InterlockedIncrement
ZwClose
KeWaitForSingleObject
RtlInitUnicodeString
PoRequestPowerIrp
PoCallDriver
PoStartNextPowerIrp
IoFreeIrp
IoAllocateIrp
ExQueueWorkItem
KeInsertQueueDpc
IoCreateDevice
KeInitializeEvent
KeInitializeSpinLock
IofCallDriver
ObfReferenceObject
KeInitializeDpc
IofCompleteRequest
IoAttachDeviceToDeviceStack

hal

KeStallExecutionProcessor
KfAcquireSpinLock
KfReleaseSpinLock

usbd.sys

USBD_GetUSBDIVersion
USBD_CreateConfigurationRequest
_USBD_ParseConfigurationDescriptorEx@28

Exports

Exports

UMSS_GetMaxLun
UMSS_GetNextPDO
UMSS_RegisterCompletionHandler
UMSS_StartRequest

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 192B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 832B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 416B - Virtual size: 386B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
_A9F41CD700464396AE479BA2B088C6A1
_ACA64445097A4C9E885352B40E74AFFC
_AEA1C1C7371F40B793705000CD58EFE6
_B1EFD689E6CA40AABA6B834CDF5AF86D
_B375609A90B94F3E88C72F92BE2F0DD6
_B50319BF2A0B4628AFFAE51EF694E65E
_B5CA5227B1C24B17A565A4E8176F6601
.exe windows:4 windows x86 arch:x86

e7b127b9cbd223cc41edfac1acba0ccf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
GetACP
HeapAlloc
HeapSize
HeapFree
GetTimeZoneInformation
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
GetCommandLineA
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
RaiseException
VirtualFree
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
SetStdHandle
SizeofResource
SetUnhandledExceptionFilter
GlobalFlags
CompareStringA
CompareStringW
GetTickCount
RtlUnwind
ExitProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
SetErrorMode
GetFileTime
WritePrivateProfileStringA
GetFileSize
GetFileAttributesA
GetOEMCP
TlsGetValue
GetCPInfo
GetProcessVersion
EnterCriticalSection
LocalReAlloc
TlsSetValue
TlsFree
GlobalReAlloc
LeaveCriticalSection
TlsAlloc
GlobalHandle
DeleteCriticalSection
SetHandleCount
GetStdHandle
InitializeCriticalSection
GlobalLock
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
GetTempPathA
TerminateProcess
GetStartupInfoA
CreateProcessA
GetSystemDefaultLangID
GetPrivateProfileStringA
GetCurrentDirectoryA
GetWindowsDirectoryA
CopyFileA
DeleteFileA
CreateFileA
CloseHandle
SetFilePointer
ReadFile
GetLastError
FormatMessageA
WaitForSingleObject
LocalAlloc
IsBadReadPtr
GetProfileStringA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
WriteFile
GetCurrentProcess
DuplicateHandle
lstrcpynA
MulDiv
SetLastError
GlobalAlloc
lstrcmpA
GetCurrentThread
GetThreadLocale
GetModuleFileNameA
LocalFree
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GetModuleHandleA
GetProcAddress
IsBadCodePtr
GetFileType
SetEnvironmentVariableA
GetExitCodeProcess

user32

RegisterClipboardFormatA
InvalidateRect
PostThreadMessageA
SetRect
CopyAcceleratorTableA
LoadStringA
GetSysColorBrush
LoadCursorA
GetDesktopWindow
PtInRect
GetClassNameA
DestroyMenu
CharUpperA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
MapDialogRect
SetWindowContextHelpId
GetDC
ReleaseDC
GetMessageA
ValidateRect
GetCursorPos
SetCursor
PostQuitMessage
CharNextA
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
ShowWindow
GetNextDlgGroupItem
IsDialogMessageA
SetDlgItemTextA
GetDlgItemTextA
PostMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
GetFocus
SetFocus
CopyRect
GetTopWindow
MessageBoxA
IsChild
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
DefWindowProcA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
MessageBeep
InflateRect
MoveWindow
SetWindowTextA
IsWindowVisible
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetParent
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetSystemMenu
AppendMenuA
PeekMessageA
TranslateMessage
DispatchMessageA
IsIconic
GetSystemMetrics
DrawIcon
LoadImageA
LoadIconA
SendMessageA
KillTimer
SetTimer
GetClientRect
EnableWindow
GetWindowRect
ClientToScreen
ScreenToClient
AdjustWindowRectEx
LoadBitmapA
DrawFocusRect
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DefDlgProcA
IsWindowUnicode

gdi32

DeleteObject
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
DPtoLP
LPtoDP
GetMapMode
CreateDIBitmap
CreateCompatibleDC
BitBlt
GetTextExtentPointA
ScaleWindowExtEx
SetWindowExtEx
SetViewportExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
SetMapMode
SetViewportOrgEx
SetBkMode
SelectObject
RestoreDC
DeleteDC
SaveDC
PatBlt
GetStockObject
GetBkColor
GetTextColor
GetDeviceCaps
GetObjectA
SetBkColor
CreateBitmap
SetTextColor
GetClipBox
IntersectClipRect

comdlg32

GetFileTitleA
GetOpenFileNameA
GetSaveFileNameA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

shell32

ShellExecuteA

comctl32

ord17

oledlg

ord8

ole32

CoTaskMemAlloc
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CreateILockBytesOnHGlobal
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoTaskMemFree
StgCreateDocfileOnILockBytes

olepro32

ord253

oleaut32

SysFreeString
VariantTimeToSystemTime
SysAllocStringByteLen
SysStringLen
VariantCopy
SysAllocString
VariantClear
VariantChangeType
SysAllocStringLen

Sections

.text
Size: 176KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_B5EDDF658AF449BFB3D5BB050CEE3E59
_B63632C1AB474CB3A3F5A893F1EA4424
_B9C9BB124E1F4B5B9D01A86A8BFA974C
_BB70252F51E14BACA577394601518551
_BBCA55E33AF34A9780F85F92C57DC336
.dll regsvr32 windows:5 windows x86 arch:x86

a54f5f32094867d71f38152da5912e90

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
SetEvent
DeleteCriticalSection
ResetEvent
WideCharToMultiByte
GetCurrentProcessId
IsBadReadPtr
IsBadWritePtr
lstrlenW
FreeLibraryAndExitThread
FreeLibrary
GetLastError
WaitForMultipleObjects
SetThreadPriority
CreateThread
CreateEventA
LoadLibraryA
GetTickCount
lstrcmpiA
ReadFileEx
DuplicateHandle
GetCurrentProcess
MultiByteToWideChar
GetVersion
Sleep
ReleaseMutex
WaitForSingleObject
MulDiv
DeviceIoControl
LocalAlloc
LocalReAlloc
SleepEx
ResumeThread
GetProcAddress
DisableThreadLibraryCalls
UnmapViewOfFile
IsBadCodePtr
CompareFileTime
lstrcpyA
lstrcmpA
lstrcpyW
EnterCriticalSection
SystemTimeToFileTime
GetLocalTime
lstrcmpW
MapViewOfFile
CreateFileMappingA
CreateMutexA
LoadResource
FindResourceA
CreateProcessA
InitializeCriticalSection
GetVersionExA
GetCommandLineA
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
HeapAlloc
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
RtlUnwind
VirtualProtect
GetSystemInfo
VirtualQuery
GetLocaleInfoA
GetCurrentThreadId
lstrlenA
GetSystemTimeAsFileTime
CreateFileA
ReadFile
SetFilePointer
GetFileSize
CloseHandle
GetModuleHandleA
GetModuleFileNameA
GetFullPathNameA
InterlockedExchange
LocalFree
InterlockedDecrement
WriteFileEx
InterlockedIncrement

advapi32

RegCreateKeyExA
RegEnumKeyExA
GetUserNameA
RegCreateKeyA
RegOpenKeyA
RegDeleteKeyA
RegQueryValueA
RegDeleteValueA
RegQueryInfoKeyA
RegEnumKeyA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey

user32

PostMessageA
wsprintfA
CharUpperA
UnhookWindowsHookEx
GetWindowThreadProcessId
IsIconic
GetForegroundWindow
GetWindowLongA
CallNextHookEx
SetWindowsHookExA
PostThreadMessageA
MsgWaitForMultipleObjects
DispatchMessageA
TranslateMessage
PeekMessageA
GetInputState
SystemParametersInfoA
IntersectRect
GetWindowRect
GetDesktopWindow
MapWindowPoints
GetClientRect
ReleaseCapture
SetCursorPos
mouse_event
GetAsyncKeyState
SetCapture
ClipCursor
ShowCursor
GetMessageTime
SendNotifyMessageA
GetCursorPos
GetSystemMetrics
MapVirtualKeyA
LoadStringA
keybd_event
GetKeyboardType
IsRectEmpty
SubtractRect
SendMessageA
RegisterWindowMessageA
FindWindowA
SetWindowLongA
DefWindowProcA
GetPropA
SetPropA
RemovePropA
CallWindowProcA
IsWindow
ToAsciiEx
MapVirtualKeyExA
GetKeyboardLayout
GetActiveWindow
GetKeyNameTextA
GetKeyNameTextW

Exports

Exports

DirectInput8Create
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
_BE6EB32AB5EE4F619921C0EA80456FD5
_BF225E81F769424C8DA7B69512D90C79
_BFB0590AE69E45348D8866350AB2D11A
_C08703C940514779981825843BA829E8
_C3241E6F1B3D4589A07444A9A748D4B0
_C392B538BA3E414587FABD294797C2DE
_C6B43C0FBD434143A8A7C5D402A7AECA
.chm
_C6DA8CF1764C451DA83C7550C35AF086
_CB6F64C253E3483F9B3B0128D6331678
.exe windows:4 windows x86 arch:x86

7bed2d9ff43dae455945edd2f8b7c3fd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_GetImageInfo
ImageList_Draw
ImageList_GetIconSize
_TrackMouseEvent

kernel32

GetModuleHandleA
lstrcpynA
CreateProcessA
GlobalUnlock
GetTickCount
GetProfileStringA
WriteProfileStringA
FindNextFileA
FindClose
WritePrivateProfileStringA
GetPrivateProfileIntA
OpenFileMappingA
CreateFileA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CloseHandle
OpenMutexA
CreateMutexA
ReleaseMutex
WaitForSingleObject
FindFirstFileA
GetSystemDefaultLangID
GetPrivateProfileStringA
GetModuleFileNameA
CopyFileA
DeleteFileA
GetWindowsDirectoryA
GetSystemDirectoryA
GetCurrentDirectoryA
lstrcpyA
LoadLibraryA
GetProcAddress
FreeLibrary
lstrcatA
GetVersion
MulDiv
GlobalAlloc
GlobalLock
GetStartupInfoA

user32

DestroyCursor
DestroyIcon
GetWindowLongA
GetNextDlgTabItem
SetCursor
DestroyMenu
GetClientRect
EnableWindow
ClientToScreen
PostMessageA
TrackPopupMenuEx
GetSubMenu
DrawFocusRect
OffsetRect
WindowFromPoint
GetActiveWindow
GetSysColor
CopyRect
DrawStateA
FillRect
CreateIconIndirect
GetIconInfo
LoadMenuA
WinHelpA
GetDesktopWindow
KillTimer
PtInRect
GetCursorPos
SetRect
GetFocus
FindWindowA
GetWindowRect
InflateRect
FrameRect
InvalidateRect
SendMessageA
SetTimer
GetMenuItemID
GrayStringA
DrawTextA
TabbedTextOutA
IsIconic
AppendMenuA
ModifyMenuA
CallWindowProcA
ShowWindow
MoveWindow
GetWindowDC
SetWindowRgn
CopyImage
DrawIconEx
IsWindow
SetWindowPos
SetWindowLongA
MapWindowPoints
GetAsyncKeyState
RedrawWindow
LoadBitmapA
GetSysColorBrush
GetSystemMenu
ScreenToClient
UpdateWindow
GetDC
GetMenuItemCount
SystemParametersInfoA
SetRectEmpty
GetParent
SetWindowsHookExA
MessageBoxA
UnhookWindowsHookEx
GetSystemMetrics
CallNextHookEx
LoadImageA
ReleaseDC

gdi32

GetObjectA
CreateCompatibleDC
BitBlt
StretchBlt
DeleteDC
DeleteObject
SelectObject
CreateCompatibleBitmap
GetStockObject
SetBkColor
CreateBitmap
SetPixel
GetPixel
GetDeviceCaps
GetTextExtentPoint32A
CreateSolidBrush
PatBlt
RealizePalette
SelectPalette
ExtCreateRegion
GetDIBits
CreateICA
EnumFontFamiliesA
GetTextCharsetInfo
CreateRectRgnIndirect
Polygon
StretchDIBits
SetWindowOrgEx
CombineRgn
CreateRectRgn
PtVisible
RectVisible
CreateFontIndirectA
TextOutA
ExtTextOutA
Escape

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegQueryValueExA
RegOpenKeyA
RegCloseKey
RegSetValueA
RegSetValueExA

shell32

ShellExecuteExA
SHGetPathFromIDListA
DragQueryFileA
SHBrowseForFolderA
ShellExecuteA
SHGetMalloc
DragFinish

ole32

CreateStreamOnHGlobal
CoInitializeEx
CoUninitialize

oleaut32

OleLoadPicture

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

transdll

?Transform@CExportTransform@@QAEHU_MOVIE_Info@@@Z
?OnGraphNotify@CExportTransform@@QAEXXZ
??0CExportTransform@@QAE@PAVCWnd@@PAD@Z
?GetMovieTime@CExportTransform@@QAEKU_MOVIE_Info@@@Z
??1CExportTransform@@UAE@XZ
?GetCurrentPosition@CExportTransform@@QAEXPAN@Z
?PausePlay@CExportTransform@@QAEXXZ
?SetCurrentPosition@CExportTransform@@QAEXH@Z
?FullScreen@CExportTransform@@QAEXXZ
?Play@CExportTransform@@QAEHU_MOVIE_Info@@PAUHWND__@@@Z
resize
?StopPlay@CExportTransform@@QAEXH@Z
?RestoreScreen@CExportTransform@@QAEXXZ
?SetStop@CExportTransform@@QAEXH@Z
run_log
?GetFileTime@CExportTransform@@QAEHXZ
?GetTotalTime@CExportTransform@@QAEHXZ

mfc42

ord5788
ord5651
ord3127
ord542
ord755
ord3596
ord5864
ord6061
ord5571
ord5579
ord5736
ord5678
ord5794
ord6021
ord6189
ord4330
ord6186
ord5756
ord6192
ord5759
ord3499
ord6111
ord6135
ord2044
ord5834
ord6215
ord6380
ord6378
ord4694
ord2645
ord4774
ord940
ord2448
ord3452
ord3998
ord6907
ord926
ord1158
ord4185
ord5628
ord909
ord696
ord394
ord3643
ord1949
ord3286
ord6007
ord6270
ord2713
ord2243
ord4299
ord6334
ord2642
ord2370
ord2289
ord2301
ord415
ord715
ord616
ord3582
ord4398
ord2578
ord4218
ord2023
ord2411
ord3766
ord3546
ord790
ord3716
ord3693
ord430
ord2504
ord1576
ord4716
ord4607
ord1176
ord4243
ord559
ord2614
ord693
ord812
ord3640
ord3370
ord4402
ord2515
ord4998
ord2841
ord682
ord2582
ord6282
ord6052
ord3630
ord2580
ord4235
ord5873
ord2450
ord6394
ord5450
ord6383
ord5440
ord2763
ord562
ord3619
ord1641
ord825
ord800
ord3626
ord2414
ord3663
ord535
ord537
ord939
ord941
ord2818
ord540
ord4277
ord858
ord2764
ord641
ord2452
ord613
ord640
ord5785
ord1640
ord323
ord823
ord289
ord1168
ord3402
ord6055
ord4078
ord1776
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3721
ord795
ord860
ord567
ord6880
ord2864
ord2859
ord4275
ord2860
ord5875
ord4278
ord5683
ord2971
ord470
ord2575
ord3571
ord4396
ord3574
ord809
ord609
ord556
ord4284
ord2379
ord2405
ord5053
ord5981
ord3874
ord4133
ord4297
ord6283
ord472
ord283
ord1146
ord2122
ord6358
ord1088
ord2567
ord1834
ord4229
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord5067
ord4635
ord3706
ord5781
ord4750
ord5016
ord5265
ord4375
ord4852
ord4400
ord5789
ord5731
ord1775
ord5280
ord4834
ord4425
ord802
ord4204
ord355
ord692
ord6567
ord924
ord922
ord5710
ord3301
ord3200
ord3092
ord6197
ord3907
ord4710
ord2915
ord2107
ord3616
ord665
ord1979
ord5442
ord3318
ord5186
ord350
ord354
ord2753
ord3610
ord656
ord4123
ord3698
ord765
ord3573
ord6172
ord3797
ord384
ord686
ord3293
ord6654
ord2862
ord3910
ord5787
ord3754
ord6888
ord6675
ord6762
ord538
ord6648
ord4615
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord4230
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord815
ord561
ord1200
ord2514
ord4159
ord6117
ord2621
ord1134
ord4376
ord4853
ord3597
ord324
ord2302
ord4234
ord6199
ord6241
ord2725
ord4224
ord4454
ord1803
ord2863
ord2455
ord4759
ord4220
ord2584
ord3654
ord2438
ord3815
ord1644
ord4497
ord5063
ord1175
ord816

msvcrt

exit
_mbsicoll
sscanf
_strdup
_mbsicmp
memmove
strchr
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_stricmp
_setmbcp
malloc
free
_mbscmp
_mbsnbcpy
_ftol
atoi
__CxxFrameHandler

Sections

.text
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 248KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_CD5B319D227841F9B96091798CE7FD6E
_CDEE7F99FB9443C281E67CFD14E14732
_CED7138B034741FB86D9FCA087F34849
.chm
_CF16A16523804598928277C6CFBF4341
_D0E8288CDAFD40A2B6AD599CBD54170E
.dll windows:4 windows x86 arch:x86

fb00003fe7562b67c69f30255f328b20

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TlsGetValue
LeaveCriticalSection
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
GetLastError
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
InitializeCriticalSection
ReadFile
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
RtlUnwind
CloseHandle
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
EnterCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
SetStdHandle
FlushFileBuffers
InterlockedDecrement
InterlockedIncrement
CreateFileA
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetEndOfFile
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Exports

Exports

AmvClose
AmvDecoder
AmvInforInit

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
_D39EA4E518FD42FD8531B35125F98719
.dll windows:4 windows x86 arch:x86

870933e0c8cc0fd3d98f2dfc8e7410a0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wmvcore

WMCreateSyncReader

mfc42

ord4274
ord6375
ord268
ord1567
ord4486
ord2512
ord5731
ord3922
ord1089
ord2554
ord5199
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2763
ord2396
ord6282
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord1871
ord3663
ord826
ord6283
ord4083
ord2764
ord2915
ord3953
ord4224
ord823
ord1176
ord535
ord940
ord354
ord4278
ord5186
ord922
ord939
ord5683
ord1979
ord665
ord537
ord4277
ord4204
ord924
ord540
ord860
ord2818
ord858
ord800
ord1116
ord1200
ord825
ord2982
ord3147
ord600
ord1578
ord6467
ord269
ord1253
ord1570
ord1255
ord1243
ord342
ord1197
ord1577
ord1168
ord1182
ord1575

msvcrt

free
fread
_ftol
sscanf
_mbsicmp
printf
malloc
ftell
sprintf
fopen
fwrite
fclose
fseek
_except_handler3
_purecall
_onexit
?terminate@@YAXXZ
__dllonexit
_adjust_fdiv
??1type_info@@UAE@XZ
_initterm
__CxxFrameHandler
_stricmp

kernel32

GetLastError
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetSystemDefaultLangID
FreeLibrary
FindFirstFileA
CreateMutexA
GetPrivateProfileStringA
DeleteFileA
GetSystemTime
CloseHandle
CreateFileA
ReadFile
GetFileType
GetFileSize
InterlockedIncrement
SetFilePointer
ReleaseMutex
WaitForSingleObject
InterlockedDecrement
CreateThread
MultiByteToWideChar
LocalFree
LocalAlloc
lstrlenA

user32

GetClientRect
PeekMessageA
TranslateMessage
SendMessageA
DispatchMessageA

ole32

CreateItemMoniker
CoCreateInstance
CoTaskMemFree
GetRunningObjectTable

Exports

Exports

??0CExportTransform@@QAE@ABV0@@Z
??0CExportTransform@@QAE@PAVCWnd@@PAD@Z
??1CExportTransform@@UAE@XZ
??4CExportTransform@@QAEAAV0@ABV0@@Z
??_7CExportTransform@@6B@
?FullScreen@CExportTransform@@QAEXXZ
?GetCurrentPosition@CExportTransform@@QAEXPAN@Z
?GetFileTime@CExportTransform@@QAEHXZ
?GetMovieTime@CExportTransform@@QAEKU_MOVIE_Info@@@Z
?GetSourceType@CExportTransform@@AAEHVCString@@@Z
?GetTotalTime@CExportTransform@@QAEHXZ
?Is_OverWrite@CExportTransform@@AAEHU_MOVIE_Info@@@Z
?Is_permit@CExportTransform@@AAEHU_MOVIE_Info@@@Z
?OnGraphNotify@CExportTransform@@QAEXXZ
?OnPlayFin@CExportTransform@@QAEXXZ
?PausePlay@CExportTransform@@QAEXXZ
?Play@CExportTransform@@QAEHU_MOVIE_Info@@PAUHWND__@@@Z
?PlayMovie@CExportTransform@@AAEHU_MOVIE_Info@@H@Z
?ReleaseResource@CExportTransform@@AAEXXZ
?RestoreScreen@CExportTransform@@QAEXXZ
?SetCurrentPosition@CExportTransform@@QAEXH@Z
?SetParent@CExportTransform@@QAEXPAVCWnd@@@Z
?SetStop@CExportTransform@@QAEXH@Z
?StopPlay@CExportTransform@@QAEXH@Z
?Transform@CExportTransform@@AAEHHVCString@@PAU_Transform_Info@@H@Z
?Transform@CExportTransform@@QAEHU_MOVIE_Info@@@Z
resize
run_log

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
_D3EECCCF247C4BDE98AEA72ED9E739BC
_D68DD5478970438997C6CE082828801E
_D7D183EA43024C78B7FF52617857CEE7
_D87C9D5A53ED486C8B09B3159E5C8EA2
_D8F5B16AC1764E87A74E7990FEC322C2
_DADAA14AB49947D9BFF94E51AD040861
_DD68C44D012B452C9F290C8A39A80311
_E093DD5D70C549C49A8E7DB625AE3CA6
_E0A18A0B51DD479383FB76F94AFCFE3F
_E10B2A80EE2140B6ABEB9F910C6AD8C1
_E8F8BE264F3E4AD585D3357FF314CBE5
_E9650FD734E64CF4BE842B4E990550F9
_E9B310DB31B141ECA9D91559763180F2
.exe windows:4 windows x86 arch:x86

dcf852a06a456982df6179165d5d4cfd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dinput8

DirectInput8Create

probatch

GetFmVersion
DownFimware
Initial
GetTotalNumber
ReSetUdisk
GetFirmwareInfo
GetDeviceInfo

mfc42

ord941
ord2818
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord535
ord825
ord924
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord641
ord715
ord795
ord609
ord692
ord2514
ord823
ord2621
ord1134
ord765
ord6055
ord1776
ord5290
ord3402
ord3721
ord5265
ord4376
ord4853
ord4998
ord3081
ord3830
ord1775
ord4407
ord2976
ord540
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord567
ord324
ord2302
ord2915
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord2575
ord4396
ord3574
ord1146
ord1168
ord415
ord2645
ord4129
ord5683
ord3499
ord355
ord4224
ord1768
ord6215
ord2086
ord2642
ord6199
ord4160
ord2863
ord4710
ord2379
ord755
ord470
ord1979
ord996
ord5442
ord665
ord5186
ord354
ord1081
ord3873
ord6385
ord3698
ord1105
ord5572
ord5861
ord860
ord541
ord6282
ord801
ord537
ord2763
ord6283
ord4204
ord800
ord4277
ord858
ord5241
ord2764
ord2385
ord6052
ord4078
ord4234
ord1576

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
_setmbcp
?terminate@@YAXXZ
_except_handler3
_mbscmp
__CxxFrameHandler
sscanf
__dllonexit
_controlfp

kernel32

OpenFile
_lclose
GetLocalTime
GetModuleFileNameA
GetWindowsDirectoryA
CopyFileA
DeleteFileA
GetVersionExA
GetSystemDefaultLangID
CreateEventA
GetStartupInfoA
GetModuleHandleA
CreateProcessA
FindFirstFileA
FreeLibrary
GetPrivateProfileStringA
GetProcAddress
LoadLibraryA
GetVersion
Sleep

user32

LoadCursorA
GetTopWindow
DispatchMessageA
TranslateMessage
PeekMessageA
GetSystemMetrics
LoadIconA
UpdateWindow
SetCursor
GetWindow
AppendMenuA
GetSystemMenu
DrawIcon
GetClientRect
IsIconic
EnableWindow
PostMessageA
SetTimer
KillTimer
GetWindowTextA
SendMessageA

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_EA32331F007148BC820326A1E3F494A9
_EA587C2890314A87BCBFFE1D34E69D10
_EBD9BD6D78814B55BFFA7BE84B2D61C5
_F1ED78B7B19B421F8A13F3366739F9B9
_F209496E6EAE43709193AF6A06F11B87
_F3F13946532643CC976CCE3A3C6E5636
.chm
_F4AB2821047245CC86B438CFEE4BC215
_FE5AB69278B644CA9A74A482666D9C76
_FF329A019EB3479FBB8943DC6AF7E021
.exe windows:5 windows x86 arch:x86

757f4c258b8ec261233fe458784f5dee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetLengthSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
SetThreadToken
OpenThreadToken
FreeSid
RegCloseKey
RegSetValueExA
RegDeleteKeyA
RegEnumKeyA
CloseServiceHandle
CreateServiceA
OpenSCManagerA
MakeSelfRelativeSD
GetSecurityDescriptorLength
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetAce
AddAccessAllowedAce
InitializeAcl
RegQueryValueExA
RegDeleteValueA
MakeAbsoluteSD
RevertToSelf
DeleteService
QueryServiceStatus
ControlService
OpenServiceA
RegEnumKeyExA
SetServiceStatus
GetSecurityDescriptorOwner
RegGetKeySecurity
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA

kernel32

lstrcatA
lstrlenA
lstrcpyA
lstrcmpiA
GetLastError
CloseHandle
GetCurrentProcess
Sleep
GetVersionExA
GetCurrentThread
GetEnvironmentVariableA
GetProcAddress
LoadLibraryA
MultiByteToWideChar
lstrcmpA
lstrcpynA
SetUnhandledExceptionFilter
ExitProcess
FreeLibrary
FormatMessageA
GetSystemDefaultLangID
LoadLibraryExA
SetLastError
GlobalAlloc
GlobalFree
GetModuleFileNameA
WriteFile
GetACP
UnhandledExceptionFilter
WaitForSingleObject
CreateProcessA
SetCurrentDirectoryA
OutputDebugStringA
OpenProcess
CreateEventA
OpenEventA
GetFileType
GetStdHandle
GetCommandLineA
SetConsoleCtrlHandler
CreateThread
GetUserDefaultLangID
GetSystemDirectoryA
GetModuleHandleA
WriteProcessMemory
ReadProcessMemory
WideCharToMultiByte
lstrlenW
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
DeleteCriticalSection
TlsFree
GetCurrentThreadId
TlsSetValue
TlsGetValue
TlsAlloc
HeapDestroy
HeapCreate
VirtualFree
HeapFree
LeaveCriticalSection
EnterCriticalSection
GetOEMCP
GetCPInfo
HeapAlloc
InitializeCriticalSection
VirtualAlloc
HeapReAlloc
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualProtect
GetSystemInfo
VirtualQuery

user32

CharNextA
wsprintfA
PostThreadMessageA
IsCharAlphaNumericA
GetMessageA
PeekMessageA
DispatchMessageA
TranslateMessage
MsgWaitForMultipleObjects
PostQuitMessage

ole32

CoRevokeClassObject
CoInitialize
CoUninitialize
StgOpenStorage
CoRegisterClassObject

msi

ord222
ord174
ord183
ord130
ord87
ord5
ord8
ord198
ord196
ord168
ord136
ord148
ord77
ord189
ord67
ord141

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
msi.dll
.dll regsvr32 windows:5 windows x86 arch:x86

604de05252758c509710a903aa11a4c9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetLengthSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
SetThreadToken
OpenThreadToken
RegOpenKeyExA
FreeSid
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
MakeSelfRelativeSD
GetSecurityDescriptorLength
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetAce
AddAccessAllowedAce
InitializeAcl
RegFlushKey
RegQueryValueExA
RegQueryValueExW
RegEnumKeyExW
RegEnumKeyExA
RegEnumValueW
RegEnumValueA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExW
RegConnectRegistryA
RegSetValueExW
RegDeleteKeyW
SetTokenInformation
CloseServiceHandle
OpenServiceA
OpenSCManagerA
GetServiceDisplayNameA
QueryServiceStatus
ControlService
EnumDependentServicesA
SetFileSecurityA
IsValidSecurityDescriptor
QueryServiceConfigA
DeleteService
StartServiceA
ChangeServiceConfigA
CreateServiceA
RegEnumKeyA
GetUserNameA
MakeAbsoluteSD
GetFileSecurityA
CopySid
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
PrivilegeCheck
RegGetKeySecurity
RegSetKeySecurity
DeregisterEventSource
ReportEventA
RegisterEventSourceA
GetSidLengthRequired
GetSidSubAuthorityCount
LookupAccountNameA
AddAccessDeniedAce
DuplicateToken

kernel32

GetEnvironmentVariableA
GetExitCodeThread
GetSystemDefaultLangID
GetSystemInfo
SetEnvironmentVariableA
GetACP
GetLocaleInfoA
FreeLibrary
LoadLibraryExA
FormatMessageA
SetLastError
GlobalAlloc
GlobalFree
MultiByteToWideChar
InitializeCriticalSection
DeleteFileA
ExpandEnvironmentStringsA
WideCharToMultiByte
GetTickCount
LockResource
LoadResource
FindResourceExA
CreateDirectoryA
GetTempPathA
TlsFree
GetCurrentThreadId
DisableThreadLibraryCalls
DeleteCriticalSection
lstrlenW
FileTimeToSystemTime
GetUserDefaultLCID
ExpandEnvironmentStringsW
GetFileAttributesW
GetFileAttributesA
GetEnvironmentVariableW
SetEnvironmentVariableW
LocalFileTimeToFileTime
SystemTimeToFileTime
FileTimeToLocalFileTime
lstrcpyW
lstrcmpW
GetFileSize
CreateFileW
CreateFileA
SetErrorMode
lstrcpynW
lstrcatW
LocalFree
GetLocalTime
lstrcmpiW
DeleteFileW
GetModuleFileNameA
LoadLibraryExW
InterlockedIncrement
UnhandledExceptionFilter
GetCurrentProcessId
LoadLibraryA
SetEvent
LeaveCriticalSection
EnterCriticalSection
GetSystemDirectoryA
InterlockedDecrement
CreateThread
InterlockedExchange
WaitForSingleObject
ResumeThread
TlsSetValue
TlsAlloc
CreateEventA
TerminateProcess
RemoveDirectoryA
CreateMutexA
GetShortPathNameA
FindClose
FindFirstFileA
GetPrivateProfileStringA
GetProfileStringA
MoveFileA
SetEndOfFile
SetFilePointer
UnmapViewOfFile
IsBadWritePtr
MapViewOfFile
CreateFileMappingA
MoveFileExA
WriteFile
FindNextFileA
GlobalAddAtomA
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTempFileNameA
DebugBreak
ExitThread
GetExitCodeProcess
CreateProcessA
MulDiv
SetUnhandledExceptionFilter
TerminateThread
RaiseException
GlobalDeleteAtom
GlobalGetAtomNameA
WaitForMultipleObjects
GetUserDefaultLangID
ReadFile
WriteProfileStringA
WritePrivateProfileStringA
GetComputerNameA
GlobalMemoryStatus
GetDateFormatA
GetTimeFormatA
OpenMutexA
ReleaseMutex
GetWindowsDirectoryA
SetFileAttributesA
GetVolumeInformationA
GetCurrentDirectoryA
TlsGetValue
GetModuleHandleA
WriteProcessMemory
ReadProcessMemory
OpenProcess
OutputDebugStringA
OutputDebugStringW
FormatMessageW
GetNumberFormatA
GetDriveTypeA
GetDiskFreeSpaceA
SetFileTime
GetFileTime
FileTimeToDosDateTime
CreateSemaphoreA
ReleaseSemaphore
DosDateTimeToFileTime
GlobalUnlock
GlobalLock
GlobalReAlloc
IsValidCodePage
GetSystemTimeAsFileTime
VirtualFree
VirtualAlloc
VirtualQuery
ResetEvent
OpenEventA
GetCommandLineA
ExitProcess
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
HeapDestroy
HeapCreate
HeapReAlloc
HeapSize
GetOEMCP
GetCPInfo
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualProtect
lstrcmpiA
lstrcmpA
lstrcpynA
lstrcpyA
lstrlenA
lstrcatA
GetCurrentThread
GetVersionExA
Sleep
GetCurrentProcess
CloseHandle
GetLastError
GetProcAddress

user32

RegisterWindowMessageA
DialogBoxParamA
GetWindowTextA
SetUserObjectSecurity
GetWindowTextLengthA
GetWindowThreadProcessId
GetWindow
EnumWindows
SendDlgItemMessageA
GetFocus
DispatchMessageA
GetMessageA
DestroyWindow
UnregisterClassA
GetKeyState
PostQuitMessage
GetWindowLongA
SetFocus
DefWindowProcA
wsprintfA
CharNextA
GetSystemMenu
RemoveMenu
CopyRect
DrawTextA
MapWindowPoints
GetClientRect
EndDialog
CharLowerA
CharUpperA
FindWindowExA
SetWindowPos
SetWindowTextA
CreateDialogParamA
ShowWindow
SetForegroundWindow
LoadIconA
IsWindowVisible
IsWindowEnabled
SetCursor
EnableWindow
InvalidateRect
GetDlgItem
GetDlgItemTextA
SetDlgItemTextA
IsDialogMessageA
GetWindowRect
SystemParametersInfoA
PostMessageA
SendMessageTimeoutA
CharPrevA
ExitWindowsEx
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageA
GetActiveWindow
PostThreadMessageA
MessageBoxA
wsprintfW
IsCharLowerA
LoadStringA
LoadCursorA
RegisterClassA
GetSystemMetrics
CreateWindowExA
GetDC
ReleaseDC
MoveWindow
SetWindowLongA
SendMessageA

gdi32

GetTextExtentPoint32A
SelectObject
GetTextMetricsA
AddFontResourceA
RemoveFontResourceA
DeleteObject
GetTextFaceA
CreateFontIndirectA
GetDeviceCaps
EnumFontFamiliesExA
CreateFontA
GetStockObject

rpcrt4

NdrDllRegisterProxy
NdrCStdStubBuffer_Release
NdrDllGetClassObject
NdrSimpleTypeUnmarshall
NdrSimpleTypeMarshall
NdrConformantArrayUnmarshall
NdrConformantArrayBufferSize
NdrConformantArrayMarshall
NdrSimpleStructUnmarshall
NdrAllocate
NdrConformantStringBufferSize
NdrConformantStringMarshall
NdrSimpleStructMarshall
NdrConformantStringUnmarshall
NdrInterfacePointerUnmarshall
NdrInterfacePointerFree
NdrPointerFree
NdrInterfacePointerBufferSize
NdrInterfacePointerMarshall
NdrStubInitialize
NdrPointerUnmarshall
NdrStubGetBuffer
NdrProxyInitialize
NdrPointerBufferSize
NdrProxyGetBuffer
NdrPointerMarshall
NdrProxySendReceive
NdrConvert
RpcRaiseException
NdrProxyFreeBuffer
NdrClearOutParameters
NdrProxyErrorHandler
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrDllUnregisterProxy

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetVersion
DllRegisterServer
DllUnregisterServer
Migrate10CachedPackagesA
Migrate10CachedPackagesW
MsiAdvertiseProductA
MsiAdvertiseProductExA
MsiAdvertiseProductExW
MsiAdvertiseProductW
MsiAdvertiseScriptA
MsiAdvertiseScriptW
MsiApplyPatchA
MsiApplyPatchW
MsiCloseAllHandles
MsiCloseHandle
MsiCollectUserInfoA
MsiCollectUserInfoW
MsiConfigureFeatureA
MsiConfigureFeatureFromDescriptorA
MsiConfigureFeatureFromDescriptorW
MsiConfigureFeatureW
MsiConfigureProductA
MsiConfigureProductExA
MsiConfigureProductExW
MsiConfigureProductW
MsiCreateAndVerifyInstallerDirectory
MsiCreateRecord
MsiCreateTransformSummaryInfoA
MsiCreateTransformSummaryInfoW
MsiDatabaseApplyTransformA
MsiDatabaseApplyTransformW
MsiDatabaseCommit
MsiDatabaseExportA
MsiDatabaseExportW
MsiDatabaseGenerateTransformA
MsiDatabaseGenerateTransformW
MsiDatabaseGetPrimaryKeysA
MsiDatabaseGetPrimaryKeysW
MsiDatabaseImportA
MsiDatabaseImportW
MsiDatabaseIsTablePersistentA
MsiDatabaseIsTablePersistentW
MsiDatabaseMergeA
MsiDatabaseMergeW
MsiDatabaseOpenViewA
MsiDatabaseOpenViewW
MsiDecomposeDescriptorA
MsiDecomposeDescriptorW
MsiDeleteUserDataA
MsiDeleteUserDataW
MsiDoActionA
MsiDoActionW
MsiEnableLogA
MsiEnableLogW
MsiEnableUIPreview
MsiEnumClientsA
MsiEnumClientsW
MsiEnumComponentCostsA
MsiEnumComponentCostsW
MsiEnumComponentQualifiersA
MsiEnumComponentQualifiersW
MsiEnumComponentsA
MsiEnumComponentsW
MsiEnumFeaturesA
MsiEnumFeaturesW
MsiEnumPatchesA
MsiEnumPatchesW
MsiEnumProductsA
MsiEnumProductsW
MsiEnumRelatedProductsA
MsiEnumRelatedProductsW
MsiEvaluateConditionA
MsiEvaluateConditionW
MsiFormatRecordA
MsiFormatRecordW
MsiGetActiveDatabase
MsiGetComponentPathA
MsiGetComponentPathW
MsiGetComponentStateA
MsiGetComponentStateW
MsiGetDatabaseState
MsiGetFeatureCostA
MsiGetFeatureCostW
MsiGetFeatureInfoA
MsiGetFeatureInfoW
MsiGetFeatureStateA
MsiGetFeatureStateW
MsiGetFeatureUsageA
MsiGetFeatureUsageW
MsiGetFeatureValidStatesA
MsiGetFeatureValidStatesW
MsiGetFileHashA
MsiGetFileHashW
MsiGetFileSignatureInformationA
MsiGetFileSignatureInformationW
MsiGetFileVersionA
MsiGetFileVersionW
MsiGetLanguage
MsiGetLastErrorRecord
MsiGetMode
MsiGetPatchInfoA
MsiGetPatchInfoW
MsiGetProductCodeA
MsiGetProductCodeFromPackageCodeA
MsiGetProductCodeFromPackageCodeW
MsiGetProductCodeW
MsiGetProductInfoA
MsiGetProductInfoFromScriptA
MsiGetProductInfoFromScriptW
MsiGetProductInfoW
MsiGetProductPropertyA
MsiGetProductPropertyW
MsiGetPropertyA
MsiGetPropertyW
MsiGetShortcutTargetA
MsiGetShortcutTargetW
MsiGetSourcePathA
MsiGetSourcePathW
MsiGetSummaryInformationA
MsiGetSummaryInformationW
MsiGetTargetPathA
MsiGetTargetPathW
MsiGetUserInfoA
MsiGetUserInfoW
MsiInstallMissingComponentA
MsiInstallMissingComponentW
MsiInstallMissingFileA
MsiInstallMissingFileW
MsiInstallProductA
MsiInstallProductW
MsiInvalidateFeatureCache
MsiIsProductElevatedA
MsiIsProductElevatedW
MsiLoadStringA
MsiLoadStringW
MsiLocateComponentA
MsiLocateComponentW
MsiMessageBoxA
MsiMessageBoxW
MsiNotifySidChangeA
MsiNotifySidChangeW
MsiOpenDatabaseA
MsiOpenDatabaseW
MsiOpenPackageA
MsiOpenPackageExA
MsiOpenPackageExW
MsiOpenPackageW
MsiOpenProductA
MsiOpenProductW
MsiPreviewBillboardA
MsiPreviewBillboardW
MsiPreviewDialogA
MsiPreviewDialogW
MsiProcessAdvertiseScriptA
MsiProcessAdvertiseScriptW
MsiProcessMessage
MsiProvideAssemblyA
MsiProvideAssemblyW
MsiProvideComponentA
MsiProvideComponentFromDescriptorA
MsiProvideComponentFromDescriptorW
MsiProvideComponentW
MsiProvideQualifiedComponentA
MsiProvideQualifiedComponentExA
MsiProvideQualifiedComponentExW
MsiProvideQualifiedComponentW
MsiQueryFeatureStateA
MsiQueryFeatureStateFromDescriptorA
MsiQueryFeatureStateFromDescriptorW
MsiQueryFeatureStateW
MsiQueryProductStateA
MsiQueryProductStateW
MsiRecordClearData
MsiRecordDataSize
MsiRecordGetFieldCount
MsiRecordGetInteger
MsiRecordGetStringA
MsiRecordGetStringW
MsiRecordIsNull
MsiRecordReadStream
MsiRecordSetInteger
MsiRecordSetStreamA
MsiRecordSetStreamW
MsiRecordSetStringA
MsiRecordSetStringW
MsiReinstallFeatureA
MsiReinstallFeatureFromDescriptorA
MsiReinstallFeatureFromDescriptorW
MsiReinstallFeatureW
MsiReinstallProductA
MsiReinstallProductW
MsiSequenceA
MsiSequenceW
MsiSetComponentStateA
MsiSetComponentStateW
MsiSetExternalUIA
MsiSetExternalUIW
MsiSetFeatureAttributesA
MsiSetFeatureAttributesW
MsiSetFeatureStateA
MsiSetFeatureStateW
MsiSetInstallLevel
MsiSetInternalUI
MsiSetMode
MsiSetPropertyA
MsiSetPropertyW
MsiSetTargetPathA
MsiSetTargetPathW
MsiSourceListAddSourceA
MsiSourceListAddSourceW
MsiSourceListClearAllA
MsiSourceListClearAllW
MsiSourceListForceResolutionA
MsiSourceListForceResolutionW
MsiSummaryInfoGetPropertyA
MsiSummaryInfoGetPropertyCount
MsiSummaryInfoGetPropertyW
MsiSummaryInfoPersist
MsiSummaryInfoSetPropertyA
MsiSummaryInfoSetPropertyW
MsiUseFeatureA
MsiUseFeatureExA
MsiUseFeatureExW
MsiUseFeatureW
MsiVerifyDiskSpace
MsiVerifyPackageA
MsiVerifyPackageW
MsiViewClose
MsiViewExecute
MsiViewFetch
MsiViewGetColumnInfo
MsiViewGetErrorA
MsiViewGetErrorW
MsiViewModify

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 586KB - Virtual size: 586KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup.exe
.exe windows:4 windows x86 arch:x86

bfe908cf2d706514bce2a5f42ca1e92d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupCopyOEMInfA

msi

ord67

kernel32

GetTickCount
GetFileAttributesA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileSize
GetFileTime
GetFullPathNameA
RtlUnwind
ExitProcess
GetCommandLineA
RaiseException
GetVolumeInformationA
HeapReAlloc
GetACP
GetTimeZoneInformation
HeapAlloc
HeapFree
TerminateProcess
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
TlsFree
GetStartupInfoA
HeapSize
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
FindFirstFileA
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetCurrentProcess
DuplicateHandle
SetErrorMode
SizeofResource
GetThreadLocale
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
HeapDestroy
GlobalReAlloc
SetCurrentDirectoryA
FindResourceA
LoadResource
LockResource
lstrlenW
WideCharToMultiByte
Sleep
GetWindowsDirectoryA
GetSystemDirectoryA
lstrcatA
lstrcpyA
LoadLibraryA
GetProcAddress
FreeLibrary
LeaveCriticalSection
TlsAlloc
GlobalHandle
DeleteCriticalSection
FreeEnvironmentStringsA
lstrcpynA
InitializeCriticalSection
GetProfileStringA
LocalAlloc
GlobalUnlock
MulDiv
SetLastError
InterlockedDecrement
GlobalFree
MultiByteToWideChar
lstrlenA
InterlockedIncrement
LocalFree
GlobalLock
GetCurrentThread
GlobalAlloc
lstrcmpA
GlobalGetAtomNameA
GetVersion
GetCurrentThreadId
GlobalFindAtomA
lstrcmpiA
GlobalAddAtomA
CreateFileA
GlobalDeleteAtom
GetModuleHandleA
GetVersionExA
GetLastError
FormatMessageA
WaitForSingleObject
GetSystemDefaultLangID
CreateProcessA
DeleteFileA
CloseHandle
CopyFileA
FreeEnvironmentStringsW
GetModuleFileNameA
GetEnvironmentStrings
GetEnvironmentVariableA
IsBadReadPtr

user32

CopyAcceleratorTableA
SetRect
GetNextDlgGroupItem
MessageBeep
CharNextA
InvalidateRect
CharUpperA
InflateRect
RegisterClipboardFormatA
PostThreadMessageA
GetSysColorBrush
GetDesktopWindow
PtInRect
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
MoveWindow
SetWindowTextA
IsDialogMessageA
EndDialog
CreateDialogIndirectParamA
MapDialogRect
SetWindowContextHelpId
GetMenuCheckMarkDimensions
GetMenuState
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetMessageA
GetCursorPos
IsWindowEnabled
PostQuitMessage
SendDlgItemMessageA
MapWindowPoints
GetSysColor
PeekMessageA
DispatchMessageA
GetFocus
SetActiveWindow
IsWindow
SetFocus
ScreenToClient
CopyRect
MessageBoxA
IsChild
GetParent
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetKeyState
DefWindowProcA
DestroyWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindowLongA
SetWindowLongA
RegisterWindowMessageA
ValidateRect
TranslateMessage
GetActiveWindow
DestroyMenu
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
UpdateWindow
LoadBitmapA
EnableWindow
LoadCursorA
SetCursor
GetWindow
GetTopWindow
ShowWindow
SetWindowPos
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
LoadIconA
GetClassNameA
GetWindowTextA
EnumWindows
LoadStringA
GetNextDlgTabItem
GetDlgCtrlID
PostMessageA
FindWindowA
GetDlgItem
SendMessageA
AdjustWindowRectEx
IsWindowVisible
ModifyMenuA
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
IsWindowUnicode

gdi32

BitBlt
CreateCompatibleDC
CreateDIBitmap
SetTextColor
GetClipBox
GetTextExtentPointA
DeleteObject
GetViewportExtEx
GetWindowExtEx
GetDeviceCaps
CreateSolidBrush
PtVisible
TextOutA
ExtTextOutA
RectVisible
GetTextColor
GetBkColor
Escape
LPtoDP
DPtoLP
GetMapMode
PatBlt
IntersectClipRect
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
SetBkColor
CreateBitmap
GetObjectA

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

shell32

ShellExecuteA

comctl32

ord17

oledlg

ord8

ole32

OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CoTaskMemFree
OleFlushClipboard
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoRegisterMessageFilter
CoRevokeClassObject
OleIsCurrentClipboard
CoTaskMemAlloc
CreateILockBytesOnHGlobal

olepro32

ord253

oleaut32

SysStringLen
SysFreeString
SysAllocStringByteLen
SysAllocString
VariantChangeType
VariantCopy
VariantTimeToSystemTime
VariantClear
SysAllocStringLen

Sections

.text
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
vcredist.exe
.exe windows:5 windows x86 arch:x86

b83464d8132ecd9f810820e192566e15

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
FreeSid
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

lstrcatA
GetFileAttributesA
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetCurrentProcess
lstrlenA
lstrcmpiA
lstrcpyA
GetModuleFileNameA
FreeLibrary
LocalAlloc
GetLastError
GetSystemDirectoryA
LoadLibraryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
_lclose
_llseek
_lopen
GetWindowsDirectoryA
GetProcAddress
RemoveDirectoryA
GlobalUnlock
GlobalLock
GlobalAlloc
ExitProcess
GetModuleHandleA
GetStartupInfoA
CloseHandle
LoadResource
FindResourceA
CreateMutexA
SetEvent
CreateEventA
SetCurrentDirectoryA
CreateThread
ResetEvent
TerminateThread
GetVersionExA
LocalFree
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
FreeResource
LockResource
SizeofResource
CreateFileA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetTempFileNameA
GetSystemInfo
GetDiskFreeSpaceA
GetDriveTypeA
lstrcpynA
GetVolumeInformationA
GetCurrentDirectoryA
LoadLibraryExA
GetCommandLineA
CreateDirectoryA
GlobalFree
FormatMessageA
IsDBCSLeadByte

gdi32

GetDeviceCaps

user32

EndDialog
wsprintfA
ExitWindowsEx
CharNextA
CharUpperA
GetDesktopWindow
SetWindowLongA
GetWindowLongA
CallWindowProcA
GetDlgItem
SetForegroundWindow
SetWindowTextA
SendDlgItemMessageA
EnableWindow
GetDlgItemTextA
SendMessageA
DispatchMessageA
LoadStringA
PeekMessageA
MessageBoxA
CharPrevA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
ShowWindow
DialogBoxIndirectParamA
SetDlgItemTextA
MessageBeep
MsgWaitForMultipleObjects

comctl32

ord17

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
转换说明.doc
.doc windows office2003

Sharing

General

Malware Config

Signatures

Files

1494de9b53e05fc1f40cb92afbdd6ce4

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6Certificate

Extended Key Usages

Key Usages

61:07:11:43:00:00:00:00:00:34Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

comctl32

version

Sections

.text Size: 33KB - Virtual size: 33KB

.data Size: 1024B - Virtual size: 6KB

.rsrc Size: 1.6MB - Virtual size: 1.6MB

1494de9b53e05fc1f40cb92afbdd6ce4

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6Certificate

Extended Key Usages

Key Usages

61:07:11:43:00:00:00:00:00:34Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

comctl32

version

Sections

.text Size: 33KB - Virtual size: 33KB

.data Size: 1024B - Virtual size: 6KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

c6e592e19acd0da69bdcb49a95a6f100

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

usbd.sys

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 288B - Virtual size: 264B

.data Size: 32B - Virtual size: 8B

.edata Size: 192B - Virtual size: 171B

INIT Size: 992B - Virtual size: 990B

.rsrc Size: 832B - Virtual size: 824B

.reloc Size: 480B - Virtual size: 454B

c834eb888cf1c9cb34c435b50ee39557

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:07:11:43:00:00:00:00:00:34
Certificate

.text
Size: 33KB - Virtual size: 33KB

.data
Size: 1024B - Virtual size: 6KB

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:07:11:43:00:00:00:00:00:34
Certificate

.text
Size: 33KB - Virtual size: 33KB

.data
Size: 1024B - Virtual size: 6KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 288B - Virtual size: 264B

.data
Size: 32B - Virtual size: 8B

.edata
Size: 192B - Virtual size: 171B

INIT
Size: 992B - Virtual size: 990B

.rsrc
Size: 832B - Virtual size: 824B

.reloc
Size: 480B - Virtual size: 454B

.text
Size: 136KB - Virtual size: 132KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 232KB - Virtual size: 231KB

.text
Size: 7KB - Virtual size: 7KB

.data
Size: 32B - Virtual size: 16B

.edata
Size: 192B - Virtual size: 172B

INIT
Size: 1024B - Virtual size: 1000B

.rsrc
Size: 832B - Virtual size: 832B

.reloc
Size: 416B - Virtual size: 386B

.text
Size: 15KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 396B

.rsrc
Size: 25KB - Virtual size: 25KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 288B - Virtual size: 264B

.data
Size: 32B - Virtual size: 8B

.edata
Size: 192B - Virtual size: 171B

INIT
Size: 992B - Virtual size: 990B

.rsrc
Size: 832B - Virtual size: 824B

.reloc
Size: 480B - Virtual size: 454B