bddfcf8f663db6fd7dbfa1fe524c08b5

Sharing

Copy URL

Twitter E-mail

General

Target

bddfcf8f663db6fd7dbfa1fe524c08b5
Size

3.9MB
MD5

bddfcf8f663db6fd7dbfa1fe524c08b5
SHA1

2812201da970e1e2ec86ce4ddc9dacf242035c3b
SHA256

d0b77f1bd1cab9f64366fc2f5d13d0d168e60d1384b2995c43aa98b22f626fbd
SHA512

52806437e2e4343a976f5a91c6a34c9ea548b9657bb8a4da402889a7326c5042d67ef45ad60f94632f219c68d79249efcec4a6de2c5060dd6bf7c664691ef21e
SSDEEP

98304:mtLPIAEdfai9HtaPqryrLa+JNWmjEV+LMHO8Wl7sYLvu1BQy0L3:EPIAExakmqryf0Os9XEJvICy0L3

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/NSISdl.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/poco_plugins.dll
unpack002/pdi.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
static1/unpack001/poco2007_installer_20080820_TIANKONG.exe	nsis_installer_1

Files

bddfcf8f663db6fd7dbfa1fe524c08b5
.rar
poco2007_installer_20080820_TIANKONG.exe
.exe windows:4 windows x86 arch:x86

b2a0d9368ec1be7deb968a920e5c993e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:2c:0a:9c:f2:0f:b4:8f:ca:a5:1a:17:6e:98:05:17
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

14/07/2008, 00:00

Not After

14/07/2009, 23:59

Subject

CN=Guangzhou ShuLian Software Technology Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=tech,O=Guangzhou ShuLian Software Technology Ltd,L=guangzhou,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
SetFileTime
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
ExitProcess

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsisFirewall.dll
.dll windows:4 windows x86 arch:x86

668ee366fb5b7f916e44ba8830cd1caf

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:44:ca:5f:e1:1b:91:0e:c3:dd:1c:a9:29:d7:29:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

04/07/2007, 00:00

Not After

03/07/2008, 23:59

Subject

CN=Guangzhou ShuLian Software Technology Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technology,O=Guangzhou ShuLian Software Technology Ltd,L=guangzhou,ST=guangzhou,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedExchange
MultiByteToWideChar
WideCharToMultiByte
GetLastError
lstrlenA
InterlockedDecrement
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
LocalFree
HeapAlloc
HeapFree
RaiseException
HeapReAlloc
VirtualAlloc
GetProcAddress
GetModuleHandleA
RtlUnwind
GetCurrentThreadId
GetCommandLineA
GetProcessHeap
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
HeapDestroy
HeapCreate
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
InitializeCriticalSection
LoadLibraryA
GetCPInfo

ole32

OleRun
CLSIDFromString
CoUninitialize
CoInitialize
CLSIDFromProgID
CoCreateInstance

oleaut32

SysFreeString
GetErrorInfo
SysAllocString
VariantClear

Exports

Exports

AddAuthorizedApplication
RemoveAuthorizedApplication

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/plugins.bmp
$PLUGINSDIR/poco_plugins.dll
.dll windows:4 windows x86 arch:x86

04b366a6e4b8ef46b08a3c61848c729b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\安装包\安装包文档\browserhelper\release\browserhelper.pdb

Imports

kernel32

LoadResource
LockResource
SizeofResource
FindResourceA
FindResourceExA
lstrlenA
InterlockedDecrement
CloseHandle
GetLastError
CreateToolhelp32Snapshot
Process32First
OpenProcess
Process32Next
CreateDirectoryA
GetLocalTime
GetTempPathA
GetTempFileNameA
TerminateProcess
GetExitCodeProcess
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryA
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
LocalFree
VirtualAlloc
GetProcAddress
GetModuleHandleA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RtlUnwind
HeapCreate
VirtualFree
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCPInfo
GetOEMCP
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime

user32

UnregisterClassA
wsprintfA

advapi32

SetEntriesInAclA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
SetNamedSecurityInfoA

shell32

SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

iphlpapi

GetAdaptersInfo

urlmon

URLDownloadToFileA

Exports

Exports

D
E
G
K
KP
M
P
T
X
X2

Sections

.text
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FileExt.inf
FileManager.dll
.dll regsvr32 windows:4 windows x86 arch:x86

d508aaef9c9314ed4c771c768d22ee34

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:44:ca:5f:e1:1b:91:0e:c3:dd:1c:a9:29:d7:29:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

04/07/2007, 00:00

Not After

03/07/2008, 23:59

Subject

CN=Guangzhou ShuLian Software Technology Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technology,O=Guangzhou ShuLian Software Technology Ltd,L=guangzhou,ST=guangzhou,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\My_Application_2005\Source_in_Vss\PocoManager\Release\FileManager.pdb

Imports

kernel32

GetModuleFileNameA
GetModuleHandleA
lstrlenA
SystemTimeToFileTime
GetLocalTime
ReadFile
GetFileTime
GetFileSize
CreateFileA
CloseHandle
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
CreateDirectoryW
GetModuleFileNameW
WritePrivateProfileStringW
SetThreadLocale
GetThreadLocale
DeleteFileW
GetLastError
lstrcmpiA
IsDBCSLeadByte
FreeLibrary
LoadLibraryExA
InterlockedExchange
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
CopyFileW
MultiByteToWideChar
WideCharToMultiByte
FindResourceExA
FindResourceA
LoadResource
LockResource
lstrlenW
SizeofResource
LoadLibraryA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStringTypeW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetACP
GetLocaleInfoA
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
VirtualProtect
VirtualAlloc
GetProcAddress
GetSystemInfo
VirtualQuery
GetCurrentThreadId
GetCommandLineA
GetCPInfo
GetOEMCP
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LCMapStringA
LCMapStringW
VirtualFree
HeapCreate
ExitProcess
WriteFile
GetStdHandle
Sleep
SetHandleCount
GetFileType
GetStringTypeA

user32

KillTimer
CharNextA
SetTimer
UnregisterClassA

advapi32

RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA

shell32

SHGetSpecialFolderPathW

ole32

StgCreateDocfile
StgOpenStorage
CoCreateGuid
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CLSIDFromString

oleaut32

LoadTypeLi
LoadRegTypeLi
SysStringLen
VarUI4FromStr
SysFreeString
VariantCopy
SysAllocString
VariantClear

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GdiPlus.dll
.dll windows:5 windows x86 arch:x86

2ace81ae239dd5867a499e7debe900d2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:44:ca:5f:e1:1b:91:0e:c3:dd:1c:a9:29:d7:29:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

04/07/2007, 00:00

Not After

03/07/2008, 23:59

Subject

CN=Guangzhou ShuLian Software Technology Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technology,O=Guangzhou ShuLian Software Technology Ltd,L=guangzhou,ST=guangzhou,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

gdiplus.pdb

Imports

kernel32

ReadFile
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
InterlockedCompareExchange
HeapAlloc
GetProcessHeap
InterlockedExchange
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
DisableThreadLibraryCalls
HeapFree
RaiseException
HeapReAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
CloseHandle
WriteFile
CreateFileA
WaitForSingleObject
SetEvent
lstrcmpiA
CreateThread
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCPInfo
VirtualQuery
RtlUnwind
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
GetCommandLineA
GetSystemInfo
VirtualAlloc
IsValidLocale
ConvertDefaultLocale
GetLocaleInfoW
GetModuleFileNameW
GetModuleFileNameA
FindResourceA
LoadResource
LockResource
GetProfileIntA
GetProfileStringA
lstrcmpiW
IsDBCSLeadByteEx
LocalReAlloc
MulDiv
SetLastError
LocalAlloc
LocalFree
GetFileTime
SearchPathW
SearchPathA
GetOEMCP
SetEndOfFile
SetFilePointer
InterlockedIncrement
UnlockFile
GetFileInformationByHandle
LockFile
FlushFileBuffers
CreateSemaphoreA
CreateFileW
LoadLibraryW
GetSystemDirectoryA
CreateFileMappingW
ReleaseSemaphore
GetProfileSectionA
GetLastError
VirtualFree
GlobalAlloc
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GlobalLock
GlobalSize
GlobalUnlock
GlobalFree
HeapCreate
GetModuleHandleA
GetModuleHandleW
FreeLibrary
HeapDestroy
LoadLibraryA
GetProcAddress
GetSystemDirectoryW
GetWindowsDirectoryA
GetVersionExA
GetACP
GetSystemDefaultLCID
MultiByteToWideChar
WideCharToMultiByte
CreateEventA

user32

MsgWaitForMultipleObjects
LoadBitmapW
LoadBitmapA
wsprintfW
ReleaseDC
GetDC
wsprintfA
GetSysColor
UnregisterClassA
DestroyWindow
GetSystemMetrics
DefWindowProcA
CreateWindowExA
RegisterWindowMessageA
RegisterClassA
DispatchMessageA
TranslateMessage
PeekMessageA
GetClientRect
GetDesktopWindow
GetWindowRect
WindowFromDC
ClientToScreen
wvsprintfA
CreateIconIndirect
GetIconInfo
GetDCEx
GetWindowLongA
GetClassLongA
SystemParametersInfoA

gdi32

GetDIBColorTable
FillRgn
SetMiterLimit
CreateSolidBrush
StrokePath
GetGraphicsMode
SetPolyFillMode
FillPath
StrokeAndFillPath
PolyPolyline
GetNearestPaletteIndex
ExtTextOutA
GetTextCharsetInfo
TranslateCharsetInfo
PolylineTo
Polyline
LineTo
GetCurrentPositionEx
ArcTo
SetArcDirection
SelectClipPath
GetPath
CloseFigure
AbortPath
FlattenPath
WidenPath
BeginPath
Ellipse
AngleArc
PolyBezierTo
PolyBezier
RoundRect
PolyDraw
Pie
Chord
Arc
EndPath
OffsetClipRgn
GetRgnBox
CombineRgn
SetPaletteEntries
ResizePalette
ExcludeClipRect
MoveToEx
PlayEnhMetaFile
GetWinMetaFileBits
PlgBlt
BitBlt
OffsetViewportOrgEx
StretchBlt
ScaleViewportExtEx
ScaleWindowExtEx
CombineTransform
SetMapperFlags
CreatePen
CreateDIBitmap
CreatePatternBrush
ExtSelectClipRgn
GetBkMode
GetTextAlign
ModifyWorldTransform
ExtCreateRegion
CreateCompatibleBitmap
GetNearestColor
SetStretchBltMode
StretchDIBits
SetTextAlign
SetTextJustification
PolyPolygon
PlayMetaFileRecord
ExtCreatePen
GetWorldTransform
GetROP2
SetROP2
Rectangle
Polygon
IntersectClipRect
SetBrushOrgEx
GetClipRgn
SelectClipRgn
GetBkColor
GetTextColor
CreatePenIndirect
GetObjectW
DPtoLP
CreateDIBPatternBrushPt
ExtTextOutW
SetBitmapBits
SetDIBColorTable
CreateEnhMetaFileW
GdiComment
GetMetaFileW
GetMetaFileA
SaveDC
SetWindowOrgEx
SetViewportOrgEx
SetGraphicsMode
SetWorldTransform
GetEnhMetaFileW
GetEnhMetaFileA
GetEnhMetaFileBits
CopyEnhMetaFileA
CopyMetaFileA
DeleteMetaFile
GetEnhMetaFileHeader
SetMetaFileBitsEx
SetEnhMetaFileBits
CreateEnhMetaFileA
SetMapMode
SetViewportExtEx
SetWindowExtEx
PlayMetaFile
CloseEnhMetaFile
DeleteEnhMetaFile
SetMetaRgn
GetMetaFileBitsEx
EnumMetaFile
EnumEnhMetaFile
PlayEnhMetaFileRecord
RestoreDC
GetStockObject
CreateBitmap
SetTextColor
SetBkColor
SetBkMode
SetDIBits
CreatePalette
GetSystemPaletteEntries
GetSystemPaletteUse
GetDeviceCaps
ExtEscape
GetObjectType
GetPixel
DeleteObject
SelectPalette
GetTextFaceA
GetTextMetricsA
GetTextFaceW
GetTextMetricsW
EnumFontFamiliesExA
EnumFontFamiliesExW
SelectObject
CreateFontIndirectW
CreateFontIndirectA
GetRegionData
DeleteDC
CreateDCA
CreateICA
CreateRectRgn
GetRandomRgn
LPtoDP
GetWindowExtEx
GetViewportExtEx
GetWindowOrgEx
GetViewportOrgEx
GetMapMode
SetICMMode
Escape
GetDCOrgEx
GetObjectA
GetCurrentObject
GetDIBits
CreateCompatibleDC
CreateDIBSection
RealizePalette
GetPaletteEntries
GdiFlush
PatBlt
CreateBrushIndirect

ole32

CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal

advapi32

RegOpenKeyW
RegOpenKeyA
RegCloseKey
RegEnumValueW
RegQueryInfoKeyA
RegOpenKeyExA
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExA
RegQueryValueExW
RegEnumKeyExA
RegEnumKeyExW
RegCreateKeyExA
RegSetValueExW
RegSetValueExA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
RegEnumValueA

Exports

Exports

GdipAddPathArc
GdipAddPathArcI
GdipAddPathBezier
GdipAddPathBezierI
GdipAddPathBeziers
GdipAddPathBeziersI
GdipAddPathClosedCurve
GdipAddPathClosedCurve2
GdipAddPathClosedCurve2I
GdipAddPathClosedCurveI
GdipAddPathCurve
GdipAddPathCurve2
GdipAddPathCurve2I
GdipAddPathCurve3
GdipAddPathCurve3I
GdipAddPathCurveI
GdipAddPathEllipse
GdipAddPathEllipseI
GdipAddPathLine
GdipAddPathLine2
GdipAddPathLine2I
GdipAddPathLineI
GdipAddPathPath
GdipAddPathPie
GdipAddPathPieI
GdipAddPathPolygon
GdipAddPathPolygonI
GdipAddPathRectangle
GdipAddPathRectangleI
GdipAddPathRectangles
GdipAddPathRectanglesI
GdipAddPathString
GdipAddPathStringI
GdipAlloc
GdipBeginContainer
GdipBeginContainer2
GdipBeginContainerI
GdipBitmapGetPixel
GdipBitmapLockBits
GdipBitmapSetPixel
GdipBitmapSetResolution
GdipBitmapUnlockBits
GdipClearPathMarkers
GdipCloneBitmapArea
GdipCloneBitmapAreaI
GdipCloneBrush
GdipCloneCustomLineCap
GdipCloneFont
GdipCloneFontFamily
GdipCloneImage
GdipCloneImageAttributes
GdipCloneMatrix
GdipClonePath
GdipClonePen
GdipCloneRegion
GdipCloneStringFormat
GdipClosePathFigure
GdipClosePathFigures
GdipCombineRegionPath
GdipCombineRegionRect
GdipCombineRegionRectI
GdipCombineRegionRegion
GdipComment
GdipCreateAdjustableArrowCap
GdipCreateBitmapFromDirectDrawSurface
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromGdiDib
GdipCreateBitmapFromGraphics
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromHICON
GdipCreateBitmapFromResource
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateCachedBitmap
GdipCreateCustomLineCap
GdipCreateFont
GdipCreateFontFamilyFromName
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipCreateFontFromLogfontW
GdipCreateFromHDC
GdipCreateFromHDC2
GdipCreateFromHWND
GdipCreateFromHWNDICM
GdipCreateHBITMAPFromBitmap
GdipCreateHICONFromBitmap
GdipCreateHalftonePalette
GdipCreateHatchBrush
GdipCreateImageAttributes
GdipCreateLineBrush
GdipCreateLineBrushFromRect
GdipCreateLineBrushFromRectI
GdipCreateLineBrushFromRectWithAngle
GdipCreateLineBrushFromRectWithAngleI
GdipCreateLineBrushI
GdipCreateMatrix
GdipCreateMatrix2
GdipCreateMatrix3
GdipCreateMatrix3I
GdipCreateMetafileFromEmf
GdipCreateMetafileFromFile
GdipCreateMetafileFromStream
GdipCreateMetafileFromWmf
GdipCreateMetafileFromWmfFile
GdipCreatePath
GdipCreatePath2
GdipCreatePath2I
GdipCreatePathGradient
GdipCreatePathGradientFromPath
GdipCreatePathGradientI
GdipCreatePathIter
GdipCreatePen1
GdipCreatePen2
GdipCreateRegion
GdipCreateRegionHrgn
GdipCreateRegionPath
GdipCreateRegionRect
GdipCreateRegionRectI
GdipCreateRegionRgnData
GdipCreateSolidFill
GdipCreateStreamOnFile
GdipCreateStringFormat
GdipCreateTexture
GdipCreateTexture2
GdipCreateTexture2I
GdipCreateTextureIA
GdipCreateTextureIAI
GdipDeleteBrush
GdipDeleteCachedBitmap
GdipDeleteCustomLineCap
GdipDeleteFont
GdipDeleteFontFamily
GdipDeleteGraphics
GdipDeleteMatrix
GdipDeletePath
GdipDeletePathIter
GdipDeletePen
GdipDeletePrivateFontCollection
GdipDeleteRegion
GdipDeleteStringFormat
GdipDisposeImage
GdipDisposeImageAttributes
GdipDrawArc
GdipDrawArcI
GdipDrawBezier
GdipDrawBezierI
GdipDrawBeziers
GdipDrawBeziersI
GdipDrawCachedBitmap
GdipDrawClosedCurve
GdipDrawClosedCurve2
GdipDrawClosedCurve2I
GdipDrawClosedCurveI
GdipDrawCurve
GdipDrawCurve2
GdipDrawCurve2I
GdipDrawCurve3
GdipDrawCurve3I
GdipDrawCurveI
GdipDrawDriverString
GdipDrawEllipse
GdipDrawEllipseI
GdipDrawImage
GdipDrawImageI
GdipDrawImagePointRect
GdipDrawImagePointRectI
GdipDrawImagePoints
GdipDrawImagePointsI
GdipDrawImagePointsRect
GdipDrawImagePointsRectI
GdipDrawImageRect
GdipDrawImageRectI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipDrawLine
GdipDrawLineI
GdipDrawLines
GdipDrawLinesI
GdipDrawPath
GdipDrawPie
GdipDrawPieI
GdipDrawPolygon
GdipDrawPolygonI
GdipDrawRectangle
GdipDrawRectangleI
GdipDrawRectangles
GdipDrawRectanglesI
GdipDrawString
GdipEmfToWmfBits
GdipEndContainer
GdipEnumerateMetafileDestPoint
GdipEnumerateMetafileDestPointI
GdipEnumerateMetafileDestPoints
GdipEnumerateMetafileDestPointsI
GdipEnumerateMetafileDestRect
GdipEnumerateMetafileDestRectI
GdipEnumerateMetafileSrcRectDestPoint
GdipEnumerateMetafileSrcRectDestPointI
GdipEnumerateMetafileSrcRectDestPoints
GdipEnumerateMetafileSrcRectDestPointsI
GdipEnumerateMetafileSrcRectDestRect
GdipEnumerateMetafileSrcRectDestRectI
GdipFillClosedCurve
GdipFillClosedCurve2
GdipFillClosedCurve2I
GdipFillClosedCurveI
GdipFillEllipse
GdipFillEllipseI
GdipFillPath
GdipFillPie
GdipFillPieI
GdipFillPolygon
GdipFillPolygon2
GdipFillPolygon2I
GdipFillPolygonI
GdipFillRectangle
GdipFillRectangleI
GdipFillRectangles
GdipFillRectanglesI
GdipFillRegion
GdipFlattenPath
GdipFlush
GdipFree
GdipGetAdjustableArrowCapFillState
GdipGetAdjustableArrowCapHeight
GdipGetAdjustableArrowCapMiddleInset
GdipGetAdjustableArrowCapWidth
GdipGetAllPropertyItems
GdipGetBrushType
GdipGetCellAscent
GdipGetCellDescent
GdipGetClip
GdipGetClipBounds
GdipGetClipBoundsI
GdipGetCompositingMode
GdipGetCompositingQuality
GdipGetCustomLineCapBaseCap
GdipGetCustomLineCapBaseInset
GdipGetCustomLineCapStrokeCaps
GdipGetCustomLineCapStrokeJoin
GdipGetCustomLineCapType
GdipGetCustomLineCapWidthScale
GdipGetDC
GdipGetDpiX
GdipGetDpiY
GdipGetEmHeight
GdipGetEncoderParameterList
GdipGetEncoderParameterListSize
GdipGetFamily
GdipGetFamilyName
GdipGetFontCollectionFamilyCount
GdipGetFontCollectionFamilyList
GdipGetFontHeight
GdipGetFontHeightGivenDPI
GdipGetFontSize
GdipGetFontStyle
GdipGetFontUnit
GdipGetGenericFontFamilyMonospace
GdipGetGenericFontFamilySansSerif
GdipGetGenericFontFamilySerif
GdipGetHatchBackgroundColor
GdipGetHatchForegroundColor
GdipGetHatchStyle
GdipGetHemfFromMetafile
GdipGetImageAttributesAdjustedPalette
GdipGetImageBounds
GdipGetImageDecoders
GdipGetImageDecodersSize
GdipGetImageDimension
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipGetImageFlags
GdipGetImageGraphicsContext
GdipGetImageHeight
GdipGetImageHorizontalResolution
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageRawFormat
GdipGetImageThumbnail
GdipGetImageType
GdipGetImageVerticalResolution
GdipGetImageWidth
GdipGetInterpolationMode
GdipGetLineBlend
GdipGetLineBlendCount
GdipGetLineColors
GdipGetLineGammaCorrection
GdipGetLinePresetBlend
GdipGetLinePresetBlendCount
GdipGetLineRect
GdipGetLineRectI
GdipGetLineSpacing
GdipGetLineTransform
GdipGetLineWrapMode
GdipGetLogFontA
GdipGetLogFontW
GdipGetMatrixElements
GdipGetMetafileDownLevelRasterizationLimit
GdipGetMetafileHeaderFromEmf
GdipGetMetafileHeaderFromFile
GdipGetMetafileHeaderFromMetafile
GdipGetMetafileHeaderFromStream
GdipGetMetafileHeaderFromWmf
GdipGetNearestColor
GdipGetPageScale
GdipGetPageUnit
GdipGetPathData
GdipGetPathFillMode
GdipGetPathGradientBlend
GdipGetPathGradientBlendCount
GdipGetPathGradientCenterColor
GdipGetPathGradientCenterPoint
GdipGetPathGradientCenterPointI
GdipGetPathGradientFocusScales
GdipGetPathGradientGammaCorrection
GdipGetPathGradientPath
GdipGetPathGradientPointCount
GdipGetPathGradientPresetBlend
GdipGetPathGradientPresetBlendCount
GdipGetPathGradientRect
GdipGetPathGradientRectI
GdipGetPathGradientSurroundColorCount
GdipGetPathGradientSurroundColorsWithCount
GdipGetPathGradientTransform
GdipGetPathGradientWrapMode
GdipGetPathLastPoint
GdipGetPathPoints
GdipGetPathPointsI
GdipGetPathTypes
GdipGetPathWorldBounds
GdipGetPathWorldBoundsI
GdipGetPenBrushFill
GdipGetPenColor
GdipGetPenCompoundArray
GdipGetPenCompoundCount
GdipGetPenCustomEndCap
GdipGetPenCustomStartCap
GdipGetPenDashArray
GdipGetPenDashCap197819
GdipGetPenDashCount
GdipGetPenDashOffset
GdipGetPenDashStyle
GdipGetPenEndCap
GdipGetPenFillType
GdipGetPenLineJoin
GdipGetPenMiterLimit
GdipGetPenMode
GdipGetPenStartCap
GdipGetPenTransform
GdipGetPenUnit
GdipGetPenWidth
GdipGetPixelOffsetMode
GdipGetPointCount
GdipGetPropertyCount
GdipGetPropertyIdList
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipGetPropertySize
GdipGetRegionBounds
GdipGetRegionBoundsI
GdipGetRegionData
GdipGetRegionDataSize
GdipGetRegionHRgn
GdipGetRegionScans
GdipGetRegionScansCount
GdipGetRegionScansI
GdipGetRenderingOrigin
GdipGetSmoothingMode
GdipGetSolidFillColor
GdipGetStringFormatAlign
GdipGetStringFormatDigitSubstitution
GdipGetStringFormatFlags
GdipGetStringFormatHotkeyPrefix
GdipGetStringFormatLineAlign
GdipGetStringFormatMeasurableCharacterRangeCount
GdipGetStringFormatTabStopCount
GdipGetStringFormatTabStops
GdipGetStringFormatTrimming
GdipGetTextContrast
GdipGetTextRenderingHint
GdipGetTextureImage
GdipGetTextureTransform
GdipGetTextureWrapMode
GdipGetVisibleClipBounds
GdipGetVisibleClipBoundsI
GdipGetWorldTransform
GdipGraphicsClear
GdipImageForceValidation
GdipImageGetFrameCount
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageRotateFlip
GdipImageSelectActiveFrame
GdipInvertMatrix
GdipIsClipEmpty
GdipIsEmptyRegion
GdipIsEqualRegion
GdipIsInfiniteRegion
GdipIsMatrixEqual
GdipIsMatrixIdentity
GdipIsMatrixInvertible
GdipIsOutlineVisiblePathPoint
GdipIsOutlineVisiblePathPointI
GdipIsStyleAvailable
GdipIsVisibleClipEmpty
GdipIsVisiblePathPoint
GdipIsVisiblePathPointI
GdipIsVisiblePoint
GdipIsVisiblePointI
GdipIsVisibleRect
GdipIsVisibleRectI
GdipIsVisibleRegionPoint
GdipIsVisibleRegionPointI
GdipIsVisibleRegionRect
GdipIsVisibleRegionRectI
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipMeasureCharacterRanges
GdipMeasureDriverString
GdipMeasureString
GdipMultiplyLineTransform
GdipMultiplyMatrix
GdipMultiplyPathGradientTransform
GdipMultiplyPenTransform
GdipMultiplyTextureTransform
GdipMultiplyWorldTransform
GdipNewInstalledFontCollection
GdipNewPrivateFontCollection
GdipPathIterCopyData
GdipPathIterEnumerate
GdipPathIterGetCount
GdipPathIterGetSubpathCount
GdipPathIterHasCurve
GdipPathIterIsValid
GdipPathIterNextMarker
GdipPathIterNextMarkerPath
GdipPathIterNextPathType
GdipPathIterNextSubpath
GdipPathIterNextSubpathPath
GdipPathIterRewind
GdipPlayMetafileRecord
GdipPrivateAddFontFile
GdipPrivateAddMemoryFont
GdipRecordMetafile
GdipRecordMetafileFileName
GdipRecordMetafileFileNameI
GdipRecordMetafileI
GdipRecordMetafileStream
GdipRecordMetafileStreamI
GdipReleaseDC
GdipRemovePropertyItem
GdipResetClip
GdipResetImageAttributes
GdipResetLineTransform
GdipResetPageTransform
GdipResetPath
GdipResetPathGradientTransform
GdipResetPenTransform
GdipResetTextureTransform
GdipResetWorldTransform
GdipRestoreGraphics
GdipReversePath
GdipRotateLineTransform
GdipRotateMatrix
GdipRotatePathGradientTransform
GdipRotatePenTransform
GdipRotateTextureTransform
GdipRotateWorldTransform
GdipSaveAdd
GdipSaveAddImage
GdipSaveGraphics
GdipSaveImageToFile
GdipSaveImageToStream
GdipScaleLineTransform
GdipScaleMatrix
GdipScalePathGradientTransform
GdipScalePenTransform
GdipScaleTextureTransform
GdipScaleWorldTransform
GdipSetAdjustableArrowCapFillState
GdipSetAdjustableArrowCapHeight
GdipSetAdjustableArrowCapMiddleInset
GdipSetAdjustableArrowCapWidth
GdipSetClipGraphics
GdipSetClipHrgn
GdipSetClipPath
GdipSetClipRect
GdipSetClipRectI
GdipSetClipRegion
GdipSetCompositingMode
GdipSetCompositingQuality
GdipSetCustomLineCapBaseCap
GdipSetCustomLineCapBaseInset
GdipSetCustomLineCapStrokeCaps
GdipSetCustomLineCapStrokeJoin

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Movies.ico
PictureShow.exe
.exe windows:4 windows x86 arch:x86

346b0efba94b88c2dd8225133947a0de

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:44:ca:5f:e1:1b:91:0e:c3:dd:1c:a9:29:d7:29:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

04/07/2007, 00:00

Not After

03/07/2008, 23:59

Subject

CN=Guangzhou ShuLian Software Technology Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technology,O=Guangzhou ShuLian Software Technology Ltd,L=guangzhou,ST=guangzhou,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SizeofResource
LockResource
LoadResource
FindResourceExA
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
FlushInstructionCache
SetLastError
GetCurrentThreadId
RaiseException
CreateDirectoryW
CreateDirectoryA
GetPrivateProfileStringW
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleFileNameA
CreateMutexA
GetPrivateProfileIntA
ReleaseMutex
WritePrivateProfileStringA
GetPrivateProfileStringA
GetLocalTime
GetTempPathA
CreateFileA
WriteFile
CloseHandle
lstrcpyA
GetWindowsDirectoryA
GlobalAlloc
GlobalLock
GlobalUnlock
WinExec
SetFilePointer
ReadFile
GlobalFree
Sleep
ResetEvent
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
FindResourceA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
SetHandleCount
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetOEMCP
GetCPInfo
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
HeapCreate
ExitProcess
RtlUnwind
GetStartupInfoA
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualQuery
GetSystemInfo
GetModuleHandleA
VirtualProtect
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
DeleteCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetFileAttributesA
TerminateThread
FindClose
FindNextFileA
FindFirstFileA
GetLongPathNameA
WaitForSingleObject
GetUserDefaultLCID
GetLastError
CreateThread
WideCharToMultiByte
CreateEventA
SetEvent
GetTickCount
lstrlenA
InterlockedExchange
MultiByteToWideChar

user32

FillRect
FrameRect
LoadImageA
CloseClipboard
RegisterClipboardFormatA
SetClipboardData
EmptyClipboard
DrawTextA
IsWindowEnabled
EnableWindow
KillTimer
SetTimer
GetDC
ReleaseDC
SendMessageA
PostMessageA
GetSystemMetrics
PtInRect
InflateRect
InvalidateRect
IsWindowVisible
ShowWindow
LoadCursorA
RegisterClassExA
CreateWindowExA
BeginPaint
EndPaint
DefWindowProcA
UpdateWindow
SetWindowPos
LoadBitmapA
GetWindowRect
ClientToScreen
ReleaseCapture
GetDlgCtrlID
SystemParametersInfoA
GetCapture
SetCapture
DrawFocusRect
DrawEdge
GetParent
MoveWindow
OpenClipboard
DestroyMenu
SetWindowTextA
IsZoomed
PostQuitMessage
SetMenu
LoadIconA
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
LoadStringA
SendMessageTimeoutA
SetForegroundWindow
MessageBoxA
GetKeyboardState
SetCursor
DestroyWindow
GetClassInfoExA
SetWindowLongA
GetClientRect
AdjustWindowRectEx
GetWindowLongA
GetMenu
IsWindow
CallWindowProcA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
UnregisterClassA

gdi32

SetTextColor
CreateSolidBrush
SelectObject
DeleteObject
BitBlt
CreateCompatibleDC
DeleteDC
GetObjectA
CreateFontIndirectA
CreateCompatibleBitmap
StretchBlt
SetBkMode
SetStretchBltMode
CreateDIBSection

advapi32

RegSetValueExA
RegCreateKeyA
RegCloseKey
RegOpenKeyA

shell32

SHGetSpecialFolderPathW
DragQueryFileA
ShellExecuteA
ShellExecuteExA
SHGetSpecialFolderPathA
SHFileOperationA

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
StringFromGUID2

oleaut32

SysAllocString
VariantClear

shlwapi

PathFindExtensionA
PathFindExtensionW

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Add
ImageList_GetIconSize
ImageList_Destroy
ImageList_Draw
_TrackMouseEvent

gdiplus

GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipSaveImageToFile
GdipImageRotateFlip
GdipImageSelectActiveFrame
GdipCreateBitmapFromStream
GdipCloneImage
GdipDisposeImage
GdipAlloc
GdipFree
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectRect
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipSetCompositingQuality
GdipSetCompositingMode
GdipDeleteGraphics
GdipCreateFromHDC

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Picture
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Poco2007.exe
.exe windows:4 windows x86 arch:x86

aa7a886bc9cb44c3605ba0d445af5fb6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:44:ca:5f:e1:1b:91:0e:c3:dd:1c:a9:29:d7:29:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

04/07/2007, 00:00

Not After

03/07/2008, 23:59

Subject

CN=Guangzhou ShuLian Software Technology Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technology,O=Guangzhou ShuLian Software Technology Ltd,L=guangzhou,ST=guangzhou,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\My_Application_2005\Source_in_Vss\PocoManager\Release\Poco2007.pdb

Imports

kernel32

FindResourceA
FindResourceExA
lstrlenW
lstrlenA
GetUserDefaultLCID
CloseHandle
WriteFile
CreateFileA
ReadFile
CreateDirectoryA
GetFileAttributesA
CreateDirectoryW
GetProcAddress
FreeLibrary
LoadLibraryW
GetPrivateProfileStringW
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetPrivateProfileIntW
WritePrivateProfileStringW
GetTempPathA
GetLocalTime
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleFileNameA
GetModuleHandleA
GetTickCount
EnterCriticalSection
LoadResource
InterlockedIncrement
InterlockedDecrement
SetUnhandledExceptionFilter
DeleteFileA
SetEvent
Module32Next
Module32First
CreateToolhelp32Snapshot
LoadLibraryA
MoveFileExA
SetFilePointer
ReleaseMutex
GetCurrentProcessId
CreateMutexW
GetCommandLineW
LockResource
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SizeofResource
GetLastError
WideCharToMultiByte
MultiByteToWideChar
LeaveCriticalSection
InterlockedExchange
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
Sleep
LCMapStringW
LCMapStringA
GetOEMCP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
ExitProcess
HeapCreate
GetStartupInfoA
GetCommandLineA
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
VirtualQuery
VirtualProtect
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
GlobalMemoryStatus
GetSystemInfo
SetLastError
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache

user32

MessageBoxA
GetActiveWindow
SetTimer
PeekMessageA
DispatchMessageA
TranslateMessage
PostQuitMessage
GetMessageA
LoadAcceleratorsA
SendMessageTimeoutA
SetForegroundWindow
ShowWindow
KillTimer
SetWindowLongA
FindWindowA
GetClassInfoExA
LoadCursorA
DestroyWindow
TranslateAcceleratorA
RegisterClassExA
CreateWindowExA
GetWindowLongA
CallWindowProcA
DefWindowProcA
UnregisterClassA
PostMessageA

advapi32

RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyA

shell32

SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
ShellExecuteA
CommandLineToArgvW

ole32

StringFromGUID2
CoCreateGuid
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CLSIDFromString
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
VariantClear
SysAllocStringLen
SysAllocString
VariantCopy
OleCreatePropertyFrame
VariantInit
LoadTypeLi
SysStringLen
LoadRegTypeLi

quartz

AMGetErrorTextA

ws2_32

WSAAsyncSelect
WSAAsyncGetHostByName
closesocket
recvfrom
accept
select
WSASetLastError
WSAGetLastError
htons
recv
sendto
inet_addr
socket
inet_ntoa
ntohs
send
connect
bind
htonl
WSAStartup

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 196KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PocoIM.dll
.dll regsvr32 windows:4 windows x86 arch:x86

fef86ab89a6c68b742d8e8728b114dd8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:44:ca:5f:e1:1b:91:0e:c3:dd:1c:a9:29:d7:29:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

04/07/2007, 00:00

Not After

03/07/2008, 23:59

Subject

CN=Guangzhou ShuLian Software Technology Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technology,O=Guangzhou ShuLian Software Technology Ltd,L=guangzhou,ST=guangzhou,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Poco2007\Release\PocoIm.pdb

Imports

ws2_32

inet_ntoa
inet_addr
WSAAsyncGetHostByName
WSASetLastError
htonl
htons
ntohl
ntohs
socket
WSAStartup
WSACleanup
WSAAsyncSelect
gethostname
gethostbyname
WSAGetLastError
setsockopt
getsockopt
getsockname
getpeername
sendto
send
recvfrom
recv
listen
connect
shutdown
closesocket
bind
accept

kernel32

GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
SetFilePointer
QueryPerformanceCounter
GetVersionExA
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
FileTimeToSystemTime
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
CreateDirectoryA
GetModuleFileNameA
WritePrivateProfileStringA
SetThreadLocale
GetThreadLocale
InterlockedExchange
MultiByteToWideChar
lstrlenW
GetLastError
lstrlenA
lstrcmpiA
IsDBCSLeadByte
FreeLibrary
LoadLibraryExA
GetModuleHandleA
GetPrivateProfileIntA
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
IsBadReadPtr
IsBadCodePtr
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetStdHandle
WriteFile
HeapCreate
HeapDestroy
VirtualFree
ExitProcess
HeapSize
CreateFileA
CloseHandle
FlushFileBuffers
GetModuleFileNameW
Sleep
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetProcessHeap
GetCommandLineA
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
GetProcAddress
VirtualAlloc
VirtualProtect
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
HeapAlloc
HeapFree

user32

DestroyWindow
SetTimer
KillTimer
DefWindowProcA
CharNextA
UnregisterClassA
RegisterClassExA
CreateWindowExA
SetWindowLongA
GetWindowLongA

advapi32

RegCreateKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA

shell32

SHGetSpecialFolderPathA

ole32

CoTaskMemRealloc
CoTaskMemFree
CLSIDFromString
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance

oleaut32

VarUI4FromStr
SysStringLen
SysAllocString
VariantCopy
VariantClear
VariantInit
LoadTypeLi
LoadRegTypeLi
SysFreeString

iphlpapi

GetIpAddrTable

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PocoUI.dll
.dll regsvr32 windows:4 windows x86 arch:x86

9283e22a951ecc2a2b6fd20bfc55e6ff

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:44:ca:5f:e1:1b:91:0e:c3:dd:1c:a9:29:d7:29:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

04/07/2007, 00:00

Not After

03/07/2008, 23:59

Subject

CN=Guangzhou ShuLian Software Technology Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technology,O=Guangzhou ShuLian Software Technology Ltd,L=guangzhou,ST=guangzhou,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Poco2007\Release\CoPocoUI.pdb

Imports

winmm

timeKillEvent
timeSetEvent

kernel32

CompareFileTime
FindFirstFileW
FindNextFileW
SetCurrentDirectoryA
SetFileTime
CreateFileW
GetWindowsDirectoryW
SetFileAttributesW
RemoveDirectoryW
MoveFileW
CreateDirectoryW
DeleteFileW
GetFullPathNameA
GetCurrentDirectoryA
SetCurrentDirectoryW
GetCurrentDirectoryW
SearchPathA
GetTempPathW
GetTempFileNameA
GetTempFileNameW
GetFullPathNameW
SearchPathW
GetStdHandle
FileTimeToDosDateTime
DosDateTimeToFileTime
LocalFileTimeToFileTime
VirtualAlloc
VirtualFree
QueryPerformanceCounter
WaitForMultipleObjects
CreateSemaphoreA
ReleaseSemaphore
TerminateThread
MapViewOfFileEx
CreateFileMappingA
GlobalMemoryStatus
GetFileAttributesExW
LocalAlloc
GetSystemTime
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
VirtualProtect
VirtualQuery
ExitThread
GetCommandLineA
RtlUnwind
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
GetCPInfo
GetACP
GetOEMCP
SystemTimeToFileTime
GetSystemInfo
UnmapViewOfFile
AreFileApisANSI
OpenEventA
MapViewOfFile
OpenFileMappingA
FormatMessageW
FormatMessageA
LocalFree
SetFileApisToOEM
GetDriveTypeA
GetModuleFileNameW
SetThreadLocale
GetThreadLocale
GetProcessHeap
HeapFree
HeapAlloc
TerminateProcess
OutputDebugStringA
RemoveDirectoryA
MoveFileA
GlobalSize
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
GetFileSize
SetFileAttributesA
GetSystemDirectoryA
CreateProcessA
SetEndOfFile
SetFilePointer
ReadFile
DeleteCriticalSection
InitializeCriticalSection
GetVersionExA
LoadLibraryA
GetWindowsDirectoryA
WinExec
lstrcatA
FreeLibrary
LoadLibraryExA
GetTimeZoneInformation
HeapDestroy
HeapCreate
SetHandleCount
GetFileType
GetStartupInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetStdHandle
GetLocaleInfoW
Sleep
CreateDirectoryA
lstrcmpA
ResetEvent
SetEvent
ResumeThread
CreateEventA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
InterlockedCompareExchange
IsProcessorFeaturePresent
FreeResource
GetDiskFreeSpaceA
GetModuleHandleA
GetProcAddress
WriteFile
CreateFileA
MulDiv
lstrcpynA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetVersion
CompareStringA
lstrcmpiA
lstrlenW
CompareStringW
GetModuleFileNameA
GetCurrentProcessId
FindClose
CloseHandle
WaitForSingleObject
CreateThread
GetLogicalDrives
FileTimeToLocalFileTime
InterlockedIncrement
InterlockedDecrement
SetLastError
WideCharToMultiByte
GetCurrentThreadId
MultiByteToWideChar
LockResource
LoadResource
FindResourceA
FlushInstructionCache
GetCurrentProcess
GetTempPathA
GetLastError
CopyFileA
DeleteFileA
FindNextFileA
FindFirstFileA
WritePrivateProfileStringA
GetLocalTime
GetPrivateProfileIntA
GetPrivateProfileStringA
InterlockedExchange
FindResourceExA
SizeofResource
LeaveCriticalSection
EnterCriticalSection
lstrcpyA
lstrlenA
FileTimeToSystemTime
GetTickCount
RaiseException
GetFileAttributesA
CreateFileMappingW

user32

wsprintfA
ExitWindowsEx
FindWindowExA
EndDialog
ModifyMenuA
TrackPopupMenuEx
DrawEdge
CallNextHookEx
PeekMessageA
GetSysColorBrush
GetWindowThreadProcessId
MessageBeep
UnhookWindowsHookEx
SetWindowsHookExA
LoadMenuA
IsMenu
SetMenu
SetMenuItemInfoA
GetMenuItemInfoA
GetSubMenu
CheckMenuItem
LoadBitmapA
GetMonitorInfoA
MonitorFromPoint
EnableMenuItem
AppendMenuA
TrackPopupMenu
CreatePopupMenu
DestroyMenu
SetClipboardData
EmptyClipboard
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
CreateDialogIndirectParamA
FlashWindow
RegisterClipboardFormatA
GetScrollInfo
DrawFrameControl
FrameRect
GetComboBoxInfo
GetAsyncKeyState
GetWindowRgn
SetClassLongA
GetForegroundWindow
TranslateMessage
EnableWindow
GetClassLongA
GetScrollPos
GetScrollRange
ScrollWindow
SetScrollPos
InvalidateRgn
CreateAcceleratorTableA
DestroyAcceleratorTable
GetMenuItemCount
WindowFromPoint
RegisterClassA
GetClassInfoA
LoadStringA
CopyIcon
DrawIconEx
RegisterWindowMessageA
SetScrollInfo
GetCursor
DispatchMessageA
GetMessageA
GetKeyState
IsChild
GetActiveWindow
SetParent
IsIconic
IntersectRect
GetMessagePos
CreateIconIndirect
CopyRect
DrawStateA
IsDialogMessageA
GetPropA
wvsprintfA
WindowFromDC
UnregisterClassA
SetDlgItemTextA
CharPrevA
CharPrevExA
IsRectEmpty
GetDC
ScreenToClient
GetSysColor
CharNextA
DrawFocusRect
SetFocus
CharUpperA
CharLowerW
CharLowerA
CharUpperW
FillRect
InflateRect
AnimateWindow
ClientToScreen
MapWindowPoints
CallWindowProcA
PostMessageA
IsWindowEnabled
DestroyCursor
CreateWindowExA
DestroyWindow
IsWindowVisible
SetActiveWindow
BringWindowToTop
DrawAnimatedRects
EnumChildWindows
FindWindowA
GetWindow
GetClientRect
MoveWindow
SetWindowPos
MessageBoxA
SetForegroundWindow
PostQuitMessage
UnregisterHotKey
GetDoubleClickTime
GetCursorPos
DrawTextA
IsZoomed
AdjustWindowRectEx
ShowScrollBar
EnableScrollBar
SetScrollRange
SetPropA
GetIconInfo
LoadIconA
RedrawWindow
LockWindowUpdate
RegisterHotKey
SystemParametersInfoA
SetWindowLongA
GetWindowLongA
DestroyIcon
GetDesktopWindow
ReleaseDC
SetRect
SetRectEmpty
GetClassNameA
SetCursor
UpdateWindow
SetTimer
KillTimer
SetWindowTextA
GetDlgItem
GetMenu
GetParent
RegisterClassExA
LoadImageA
LoadCursorA
GetClassInfoExA
GetFocus
EqualRect
InvalidateRect
GetWindowTextA
GetWindowTextLengthA
EndPaint
BeginPaint
SetCapture
ShowWindow
SetWindowRgn
DefWindowProcA
OffsetRect
GetWindowRect
GetSystemMetrics
GetWindowDC
SendMessageA
GetDlgCtrlID
PtInRect
ReleaseCapture
GetCapture
RemovePropA
IsWindow

gdi32

SetPixel
GetTextMetricsA
SetTextJustification
FrameRgn
CreatePolygonRgn
PtInRegion
CreateEllipticRgn
OffsetWindowOrgEx
SetWindowOrgEx
PatBlt
CreatePenIndirect
CreateDIBitmap
SetRectRgn
CreateBitmapIndirect
IntersectClipRect
PlayEnhMetaFile
UnrealizeObject
GetBitmapBits
SetBitmapBits
CreateDCA
SetMapMode
SetROP2
GetStockObject
GetObjectW
CreateICW
GetPixel
RealizePalette
CreateBitmap
PathToRegion
EndPath
BeginPath
RoundRect
GetClipBox
CreateFontA
GetViewportOrgEx
CreateSolidBrush
StretchBlt
CreateDIBSection
CreateCompatibleDC
BitBlt
GetTextExtentPoint32A
ExtTextOutA
SetBkColor
DeleteDC
GetDIBColorTable
SetStretchBltMode
SetDIBColorTable
SetTextColor
SetBkMode
CreateCompatibleBitmap
OffsetRgn
RestoreDC
SaveDC
SelectClipRgn
SetBrushOrgEx
GetObjectType
GetDIBits
ExtCreateRegion
CreateRoundRectRgn
FillRgn
LineTo
MoveToEx
CreatePen
CreatePatternBrush
DPtoLP
GetDeviceCaps
SetTextAlign
TextOutA
CreateFontIndirectA
CreateRectRgnIndirect
CreateDCW
DeleteObject
CombineRgn
CreateRectRgn
SelectObject
SetViewportOrgEx
GetObjectA
Rectangle

comdlg32

GetSaveFileNameA
GetOpenFileNameA
ChooseFontA
ChooseColorA
CommDlgExtendedError

advapi32

RegCloseKey
RegQueryValueExA
RegQueryValueA
RegSetValueExA
RegDeleteValueA
RegOpenKeyExA

shell32

SHGetSpecialFolderLocation
SHGetDesktopFolder
SHBrowseForFolderA
ShellExecuteExA
SHGetPathFromIDListA
SHGetMalloc
SHGetFileInfoA
ShellExecuteA
SHGetSpecialFolderPathA
Shell_NotifyIconA

ole32

DoDragDrop
RegisterDragDrop
RevokeDragDrop
OleDuplicateData
ReleaseStgMedium
OleLockRunning
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
CoUninitialize
OleUninitialize
OleInitialize
CoInitialize
CoCreateInstance
StringFromGUID2
GetHGlobalFromStream
CoCreateGuid
CoTaskMemRealloc
CoTaskMemFree

oleaut32

SysAllocStringLen
VariantTimeToSystemTime
VarUdateFromDate
SystemTimeToVariantTime
OleLoadPicture
VariantInit
VarCmp
VarBstrCat
VariantChangeType
LoadRegTypeLi
LoadTypeLi
VariantClear
SysAllocString
VariantCopy
SysFreeString
SysStringLen

shlwapi

PathIsDirectoryA
PathFindExtensionA
PathFileExistsA
PathFindExtensionW

comctl32

ord17
ImageList_ReplaceIcon
ImageList_Add
ImageList_Remove
ImageList_Draw
ImageList_GetImageInfo
ImageList_GetIcon
ImageList_AddMasked
ImageList_GetImageCount
ImageList_Create
ImageList_GetIconSize
ImageList_Destroy
_TrackMouseEvent
ImageList_LoadImageA
ImageList_DrawEx
InitCommonControlsEx
ImageList_DrawIndirect
ImageList_SetBkColor
ImageList_Replace
ImageList_SetImageCount

msimg32

GradientFill
TransparentBlt
AlphaBlend

gdiplus

GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipSaveImageToStream
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDrawString
GdipSetStringFormatHotkeyPrefix
GdipSetStringFormatLineAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeletePen
GdipCreatePen1
GdipDrawLineI
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipGetPropertyItem
GdipCreateBitmapFromStreamICM
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipDeleteGraphics
GdiplusStartup
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipDrawImageI
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipSaveImageToFile
GdiplusShutdown
GdipDrawImageRectI
GdipCreateBitmapFromStream
GdipSetCompositingQuality
GdipImageSelectActiveFrame
GdipCreateFromHDC
GdipDrawImageRectRectI
GdipFree
GdipSetInterpolationMode

uxtheme

DrawThemeBackground
OpenThemeData

wininet

FindCloseUrlCache
FindFirstUrlCacheEntryA
InternetCanonicalizeUrlA
InternetSetCookieA
InternetGetCookieA
FindNextUrlCacheEntryA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

netapi32

Netbios

ws2_32

inet_ntoa
ntohs
connect
WSAAsyncGetHostByName
gethostbyname
sendto
getpeername
send
recv
WSACancelAsyncRequest
closesocket
bind
inet_addr
htonl
socket
getsockname
shutdown
WSAAsyncSelect
listen
accept
ioctlsocket
setsockopt
ntohl
select
recvfrom
WSASetLastError
WSACleanup
WSAGetLastError
htons
WSAStartup

psapi

GetProcessMemoryInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 592KB - Virtual size: 588KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 164KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PocoUpload.dll
.dll regsvr32 windows:4 windows x86 arch:x86

7f157a51ce25c30bbb07a1aa185975e9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:44:ca:5f:e1:1b:91:0e:c3:dd:1c:a9:29:d7:29:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

04/07/2007, 00:00

Not After

03/07/2008, 23:59

Subject

CN=Guangzhou ShuLian Software Technology Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technology,O=Guangzhou ShuLian Software Technology Ltd,L=guangzhou,ST=guangzhou,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\PocoUploadActiveX_1010\PocoUpload\Release\PocoUpload.pdb

Imports

winmm

timeKillEvent
timeSetEvent

kernel32

GetCurrentThreadId
Sleep
TerminateThread
SetEndOfFile
SetFilePointer
GetProcAddress
GetDriveTypeA
ReleaseSemaphore
CreateSemaphoreA
WaitForMultipleObjects
LocalFileTimeToFileTime
DosDateTimeToFileTime
FileTimeToDosDateTime
SearchPathW
GetFullPathNameW
GetTempFileNameW
GetTempFileNameA
GetTempPathW
SearchPathA
GetCurrentDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryA
GetFullPathNameA
DeleteFileW
CreateDirectoryW
MoveFileW
RemoveDirectoryW
SetFileAttributesW
GetWindowsDirectoryW
GetWindowsDirectoryA
CreateFileW
SetFileTime
SetCurrentDirectoryA
RemoveDirectoryA
MoveFileA
FindNextFileW
FindFirstFileW
FileTimeToSystemTime
CompareFileTime
GetSystemTime
SystemTimeToFileTime
UnmapViewOfFile
GetTickCount
OpenEventA
MapViewOfFile
CopyFileA
FileTimeToLocalFileTime
FormatMessageW
SetFileApisToOEM
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetModuleFileNameA
GetConsoleCP
SetStdHandle
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
HeapCreate
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
GetCommandLineA
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetLocaleInfoA
GetACP
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
GlobalSize
WriteFile
CreateFileA
DeleteFileA
FindClose
FindNextFileA
LocalFree
FormatMessageA
FindFirstFileA
GetLocalTime
SetFileAttributesA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
CreateThread
CreateDirectoryA
GetTempPathA
lstrcpynA
GetVersionExA
LoadLibraryA
FindResourceExA
GlobalHandle
SetLastError
lstrcmpA
HeapFree
GetProcessHeap
HeapAlloc
ReadFile
GetSystemDirectoryA
GetFileSize
OpenFile
FlushInstructionCache
GetCurrentProcess
GetFileAttributesA
CompareStringW
CompareStringA
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
IsDBCSLeadByte
lstrlenW
WideCharToMultiByte
RaiseException
DeleteCriticalSection
FreeLibrary
GetLastError
InitializeCriticalSection
lstrcmpiA
SetThreadLocale
GetThreadLocale
lstrlenA
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleA
LoadLibraryExA
OpenFileMappingA
GetCurrentProcessId
GlobalAlloc
ResumeThread
CreateEventA
GlobalFree
MulDiv
ResetEvent
SetEvent
WaitForSingleObject
GlobalUnlock
GlobalLock
CloseHandle
LockResource
SizeofResource
LoadResource
FindResourceA
AreFileApisANSI
GetConsoleMode

user32

MessageBoxA
KillTimer
SetWindowTextA
FillRect
GetDC
DestroyWindow
BeginPaint
CharPrevExA
CharPrevA
DrawIconEx
wsprintfA
ReleaseDC
EndPaint
SetWindowLongA
SetWindowPos
SetRect
GetWindowLongA
GetSysColor
InvalidateRect
CopyRect
DefWindowProcA
CallWindowProcA
DestroyCursor
SystemParametersInfoA
GetSystemMetrics
LoadCursorA
CharNextA
CharUpperW
CharLowerA
CharUpperA
CharLowerW
DestroyMenu
EnableMenuItem
EndDialog
CreateAcceleratorTableA
TrackPopupMenu
ShowWindow
MonitorFromPoint
SendMessageA
GetMonitorInfoA
GetNextDlgTabItem
ReleaseCapture
GetDesktopWindow
IsChild
GetClassInfoExA
GetClientRect
CopyAcceleratorTableA
GetFocus
IsDialogMessageA
GetParent
GetWindowTextA
DestroyAcceleratorTable
RegisterClassExA
SetFocus
InvalidateRgn
DrawTextA
GetKeyState
IsWindow
SetWindowContextHelpId
PtInRect
IntersectRect
UnionRect
EqualRect
ScreenToClient
GetWindowTextLengthA
OffsetRect
MoveWindow
SetWindowRgn
RegisterWindowMessageA
MapDialogRect
IsWindowVisible
SendDlgItemMessageA
GetClassNameA
GetWindowRect
DialogBoxIndirectParamA
FrameRect
GetAsyncKeyState
GetMessagePos
EnumChildWindows
RedrawWindow
CreateDialogIndirectParamA
GetWindow
LoadMenuA
GetDialogBaseUnits
GetCursorPos
GetSubMenu
CreateWindowExA
SetMenuItemInfoA
GetDlgItem
DeleteMenu
SetCapture
AppendMenuA
ClientToScreen
PostMessageA
DrawStateA
LoadImageA
GetWindowDC
SetRectEmpty
AdjustWindowRectEx
IsZoomed
SetTimer
GetActiveWindow
EnableWindow
GetScrollPos
SetScrollPos
SetScrollInfo
UpdateWindow
InflateRect
SetCursor
CreatePopupMenu
UnregisterClassA
SetParent
GetDlgCtrlID
IsRectEmpty

gdi32

CreateEllipticRgn
CreateFontA
SetBrushOrgEx
RoundRect
GetDIBits
ExtCreateRegion
GetTextExtentPoint32A
GetClipBox
GetObjectType
DPtoLP
SetBitmapBits
CreateBitmapIndirect
GetBitmapBits
SetROP2
FillRgn
CreatePen
LineTo
MoveToEx
CreateRoundRectRgn
SetStretchBltMode
CreateDIBSection
SetDIBColorTable
ExtTextOutA
OffsetRgn
CombineRgn
CreateRectRgn
StretchBlt
CreatePatternBrush
CreateDCA
GetTextMetricsA
GetTextExtentPointA
DeleteMetaFile
CloseMetaFile
ExcludeClipRect
RestoreDC
SetWindowExtEx
SetWindowOrgEx
SaveDC
CreateMetaFileA
CreateRectRgnIndirect
TextOutA
SetBkMode
SetTextColor
Rectangle
GetStockObject
SetViewportOrgEx
SetMapMode
SetBkColor
LPtoDP
GetObjectA
CreateFontIndirectA
DeleteObject
DeleteDC
SelectObject
GetDeviceCaps
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
CreateSolidBrush
CreateICA
SelectClipRgn
GetDIBColorTable

comdlg32

ChooseFontA
GetSaveFileNameA
GetOpenFileNameA

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegDeleteValueA
RegEnumKeyExA
RegQueryValueA
RegOpenKeyA
RegSetValueExA
RegQueryInfoKeyA
RegCloseKey
RegDeleteKeyA

shell32

SHGetSpecialFolderPathA
SHGetFileInfoA
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetMalloc
SHGetPathFromIDListA
ShellExecuteA

ole32

CreateStreamOnHGlobal
GetHGlobalFromStream
CoInitialize
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
OleUninitialize
CoGetClassObject
OleRegEnumVerbs
OleRegGetUserType
OleRegGetMiscStatus
OleLockRunning
CreateOleAdviseHolder
CLSIDFromProgID
CLSIDFromString
OleInitialize
OleLoadFromStream
CreateDataAdviseHolder
WriteClassStm
OleSaveToStream
StringFromCLSID
CoSetProxyBlanket
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoCreateGuid

oleaut32

SysAllocStringByteLen
SysStringByteLen
UnRegisterTypeLi
OleLoadPicture
SysStringLen
RegisterTypeLi
VarUI4FromStr
LoadTypeLi
VariantCopy
SysAllocString
SysAllocStringLen
OleTranslateColor
LoadRegTypeLi
OleCreateFontIndirect
OleCreatePropertyFrame
VariantChangeType
VariantClear
VariantInit
SysFreeString

shlwapi

PathFindExtensionW
PathFindExtensionA
PathIsDirectoryA

comctl32

ImageList_Remove
ImageList_GetImageCount
ImageList_Create
ImageList_Draw
ImageList_Destroy
ImageList_GetImageInfo
ImageList_SetBkColor
ImageList_SetImageCount
ImageList_Replace
_TrackMouseEvent
ImageList_Add

msimg32

GradientFill
AlphaBlend
TransparentBlt

gdiplus

GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipCreateFromHDC
GdipSaveImageToFile
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromFile
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipFree
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipSaveImageToStream
GdipCreateBitmapFromHBITMAP
GdiplusShutdown
GdipGetImageEncoders
GdipGetImageEncodersSize
GdiplusStartup

wininet

FindCloseUrlCache
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
GetUrlCacheEntryInfoA

ws2_32

recvfrom
setsockopt
select
accept
WSASetLastError
shutdown
getpeername
sendto
ntohs
inet_ntoa
WSACleanup
bind
htonl
gethostbyname
inet_addr
WSAStartup
WSAAsyncGetHostByName
recv
send
WSAAsyncSelect
closesocket
connect
socket
WSAGetLastError
htons

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 864KB - Virtual size: 860KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 232KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Search.dll
.dll regsvr32 windows:4 windows x86 arch:x86

0c2aca1fd2a8af83b059b9cde0ec19d7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:44:ca:5f:e1:1b:91:0e:c3:dd:1c:a9:29:d7:29:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

04/07/2007, 00:00

Not After

03/07/2008, 23:59

Subject

CN=Guangzhou ShuLian Software Technology Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technology,O=Guangzhou ShuLian Software Technology Ltd,L=guangzhou,ST=guangzhou,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\My_Application_2005\Source_in_Vss\PocoManager\Release\Search.pdb

Imports

kernel32

LockResource
LoadResource
FindResourceA
FindResourceExA
GetLastError
lstrlenA
lstrcmpiA
IsDBCSLeadByte
FlushInstructionCache
GetCurrentProcess
MulDiv
GetCurrentThreadId
SetLastError
FreeLibrary
LoadLibraryA
LoadLibraryExA
GetModuleHandleA
GetModuleFileNameA
GetTickCount
InterlockedExchange
WritePrivateProfileStringA
GetPrivateProfileIntA
SetFilePointer
CloseHandle
SizeofResource
CreateFileA
GetCPInfo
GetStdHandle
WriteFile
HeapCreate
ExitProcess
Sleep
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
GetProcAddress
InterlockedCompareExchange
GetVersionExA
GetLocaleInfoA
GetACP
GetProcessHeap
HeapSize
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetThreadLocale
SetThreadLocale
RaiseException
WritePrivateProfileStringW
GetModuleFileNameW
CreateDirectoryW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
HeapFree
FlushFileBuffers
HeapAlloc
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
HeapDestroy
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
GetOEMCP

user32

PostMessageA
CallWindowProcA
GetWindowLongA
CreateWindowExA
RegisterClassExA
DefWindowProcA
LoadCursorA
GetClassInfoExA
UnregisterClassA
GetDlgItem
SetWindowTextA
KillTimer
SetTimer
CreateDialogParamA
WinHelpA
IsWindow
GetDC
ReleaseDC
GetDialogBaseUnits
GetWindowTextLengthA
GetWindowTextA
SetWindowLongA
DestroyWindow
IsDialogMessageA
MoveWindow
ShowWindow
CharNextA

gdi32

CreateFontIndirectA
SelectObject
GetTextMetricsA
GetTextExtentPointA
DeleteObject
GetDeviceCaps

advapi32

RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA

shell32

SHGetSpecialFolderPathW

ole32

CLSIDFromString
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CoTaskMemRealloc

oleaut32

LoadTypeLi
LoadRegTypeLi
SysAllocString
SysAllocStringLen
SysStringLen
VarUI4FromStr
VariantCopy
VariantClear
VariantInit
SysFreeString

ws2_32

closesocket
accept
socket
select
WSAAsyncSelect
htonl
inet_addr
WSASetLastError
sendto
send
recvfrom
recv
connect
bind
WSAStartup
WSAGetLastError
htons
ntohs
inet_ntoa

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Search2.dll
.dll regsvr32 windows:4 windows x86 arch:x86

8e3a6ecbd2481722a9faf13402c8a168

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:44:ca:5f:e1:1b:91:0e:c3:dd:1c:a9:29:d7:29:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

04/07/2007, 00:00

Not After

03/07/2008, 23:59

Subject

CN=Guangzhou ShuLian Software Technology Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technology,O=Guangzhou ShuLian Software Technology Ltd,L=guangzhou,ST=guangzhou,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\My_Application_2005\Source_in_Vss\PocoManager\Release\Search2.pdb

Imports

kernel32

WritePrivateProfileStringW
SetThreadLocale
GetThreadLocale
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
GetLastError
lstrlenA
lstrcmpiA
SetEndOfFile
SetFilePointer
CloseHandle
GetFileSize
CreateFileA
IsDBCSLeadByte
FreeLibrary
LoadLibraryExA
GetModuleFileNameW
GetModuleFileNameA
GetTempFileNameA
GetTempPathA
DeleteFileA
WriteFile
CreateDirectoryA
GetFileAttributesA
ReadFile
InterlockedExchange
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
CreateDirectoryW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleA
RaiseException
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetOEMCP
GetCPInfo
GetStdHandle
HeapCreate
ExitProcess
Sleep
TlsFree
TlsSetValue
GetEnvironmentStringsW
TlsAlloc
TlsGetValue
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualProtect
IsDebuggerPresent
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetUnhandledExceptionFilter
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetPrivateProfileIntA
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
SetLastError
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetACP
GetLocaleInfoA
GetVersionExA
InterlockedCompareExchange
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
RtlUnwind
TerminateProcess
UnhandledExceptionFilter

user32

SetWindowLongA
DestroyWindow
DefWindowProcA
GetClassInfoExA
CreateWindowExA
GetWindowLongA
CallWindowProcA
PostMessageA
RegisterClassExA
LoadCursorA
CharNextA
UnregisterClassA

advapi32

RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA

shell32

SHGetSpecialFolderPathW

ole32

CoCreateInstance
CLSIDFromString
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2

oleaut32

VarUI4FromStr
SysFreeString
VariantInit
VariantClear
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysAllocString
VariantCopy

ws2_32

closesocket
accept
socket
select
WSAAsyncSelect
WSAAsyncGetHostByName
htonl
inet_addr
WSASetLastError
sendto
send
recvfrom
connect
bind
WSAStartup
WSAGetLastError
htons
recv

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 336KB - Virtual size: 333KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Share.dll
.dll regsvr32 windows:4 windows x86 arch:x86

7a96196ac635ea1d8896a562c2b47327

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:44:ca:5f:e1:1b:91:0e:c3:dd:1c:a9:29:d7:29:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

04/07/2007, 00:00

Not After

03/07/2008, 23:59

Subject

CN=Guangzhou ShuLian Software Technology Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technology,O=Guangzhou ShuLian Software Technology Ltd,L=guangzhou,ST=guangzhou,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\My_Application_2005\Source_in_Vss\PocoManager\Release\Share.pdb

Imports

kernel32

WritePrivateProfileStringW
SetThreadLocale
GetThreadLocale
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
GetLastError
lstrlenA
lstrcmpiA
IsDBCSLeadByte
FreeLibrary
LoadLibraryExA
GetModuleHandleA
GetModuleFileNameW
GetLocalTime
InterlockedExchange
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
CreateDirectoryW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameA
RaiseException
GetStartupInfoA
GetFileType
SetHandleCount
GetStdHandle
WriteFile
HeapCreate
ExitProcess
Sleep
LCMapStringW
LCMapStringA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetOEMCP
GetCPInfo
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualProtect
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
IsDebuggerPresent
GetStringTypeW
GetStringTypeA
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
SetLastError
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetACP
GetLocaleInfoA
GetVersionExA
InterlockedCompareExchange
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime

user32

SetWindowLongA
DestroyWindow
DefWindowProcA
GetClassInfoExA
CreateWindowExA
GetWindowLongA
CallWindowProcA
PostMessageA
RegisterClassExA
LoadCursorA
SetTimer
CharNextA
UnregisterClassA

advapi32

RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA

shell32

SHGetSpecialFolderPathW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CLSIDFromString

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString
LoadTypeLi
LoadRegTypeLi
SysStringLen
VarUI4FromStr
VariantCopy

ws2_32

closesocket
accept
socket
select
WSAAsyncSelect
htonl
inet_addr
WSASetLastError
sendto
send
recvfrom
recv
connect
bind
WSAStartup
WSAGetLastError
ntohl
inet_ntoa
ntohs
htons

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Transfer.dll
.dll regsvr32 windows:4 windows x86 arch:x86

7d771353855f133341aa0b9fb7fc1098

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:44:ca:5f:e1:1b:91:0e:c3:dd:1c:a9:29:d7:29:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

04/07/2007, 00:00

Not After

03/07/2008, 23:59

Subject

CN=Guangzhou ShuLian Software Technology Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technology,O=Guangzhou ShuLian Software Technology Ltd,L=guangzhou,ST=guangzhou,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\code\poco\Release\CComPnp2.pdb

Imports

kernel32

LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
GetModuleFileNameA
FlushInstructionCache
GetCurrentProcess
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
GetCurrentThreadId
SetLastError
LockResource
FindResourceExA
GetTickCount
LoadLibraryA
CloseHandle
CreateEventA
SetEvent
WaitForSingleObject
DeleteFileA
GetCurrentProcessId
TerminateThread
CreateThread
ResumeThread
GetPrivateProfileStringA
FindFirstFileA
FindNextFileA
FindClose
FormatMessageA
LocalFree
GetFileAttributesA
CreateDirectoryA
FileTimeToSystemTime
Sleep
GetProcAddress
GetLocalTime
SystemTimeToFileTime
CreateFileA
ReadFile
WriteFile
SetFilePointer
GetFileSize
SizeofResource
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetOEMCP
GetCPInfo
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
ExitProcess
HeapCreate
ExitThread
GetCommandLineA
IsDebuggerPresent
FreeLibrary
IsDBCSLeadByte
GetThreadLocale
SetThreadLocale
WritePrivateProfileStringW
GetModuleFileNameW
CreateDirectoryW
InterlockedDecrement
InterlockedIncrement
lstrlenA
lstrcmpiW
lstrcmpiA
lstrlenW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
MoveFileA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualQuery
VirtualProtect
InterlockedExchange
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetLocaleInfoA
GetACP
ResetEvent
GetVersionExA
GetSystemInfo
GetPrivateProfileIntA
WritePrivateProfileStringA
CancelIo
DeviceIoControl
SetEndOfFile
GetFileTime
HeapDestroy
GetProcessHeap
IsBadWritePtr
GetCurrentThread

user32

InvalidateRect
RegisterClassExA
IsChild
GetFocus
SetFocus
GetParent
CreateWindowExA
IsWindow
MoveWindow
IsDialogMessageA
CallWindowProcA
GetWindowTextA
GetDlgItem
WinHelpA
CreateDialogParamA
SetTimer
GetMessageA
DispatchMessageA
TranslateMessage
GetKeyState
SetWindowLongA
BeginPaint
GetClientRect
EndPaint
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
GetDC
ReleaseDC
LoadCursorA
GetClassInfoExA
ShowWindow
PostThreadMessageA
GetDialogBaseUnits
SendMessageA
PostMessageA
KillTimer
UnregisterClassA
UnionRect
CharNextA
DestroyWindow
DefWindowProcA
PtInRect
GetWindowLongA

gdi32

SelectObject
GetTextMetricsA
GetTextExtentPointA
DeleteObject
LPtoDP
SetMapMode
SetViewportOrgEx
DeleteDC
CreateDCA
CreateMetaFileA
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
GetDeviceCaps
CreateFontIndirectA

advapi32

RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA

shell32

SHGetSpecialFolderPathW

ole32

CoTaskMemFree
OleLoadFromStream
OleRegEnumVerbs
OleRegGetUserType
CreateDataAdviseHolder
CoTaskMemAlloc
WriteClassStm
OleSaveToStream
CLSIDFromString
CoCreateGuid
StringFromGUID2
CreateOleAdviseHolder
CoCreateInstance
OleRegGetMiscStatus
CoTaskMemRealloc

oleaut32

VariantInit
VariantClear
VariantCopy
SysAllocString
VarUI4FromStr
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
SysStringLen
LoadRegTypeLi
LoadTypeLi
OleCreatePropertyFrame
SysAllocStringLen
SysFreeString

ws2_32

htons
inet_ntoa
getsockopt
getsockname
getpeername
WSAAsyncSelect
WSARecvFrom
WSASendTo
WSARecv
WSASend
recvfrom
listen
shutdown
bind
accept
WSAStartup
ioctlsocket
gethostname
setsockopt
connect
send
recv
closesocket
WSACancelAsyncRequest
WSAAsyncGetHostByName
gethostbyname
WSASetLastError
WSAGetLastError
sendto
socket
htonl
ntohl
ntohs
inet_addr

iphlpapi

GetIpAddrTable
GetAdaptersInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 472KB - Virtual size: 469KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Transfer2.dll
.dll regsvr32 windows:4 windows x86 arch:x86

4bb8f615f0661e8c45c0c1ef36c29aa6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:44:ca:5f:e1:1b:91:0e:c3:dd:1c:a9:29:d7:29:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

04/07/2007, 00:00

Not After

03/07/2008, 23:59

Subject

CN=Guangzhou ShuLian Software Technology Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technology,O=Guangzhou ShuLian Software Technology Ltd,L=guangzhou,ST=guangzhou,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\code\poco\Release\CComp2sp.pdb

Imports

kernel32

WritePrivateProfileStringW
SetThreadLocale
GetThreadLocale
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
GetLastError
lstrlenA
lstrcmpiA
IsDBCSLeadByte
FreeLibrary
LoadLibraryExA
GetModuleHandleA
GetModuleFileNameA
InterlockedExchange
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
SetLastError
FindNextFileA
FindFirstFileA
CreateDirectoryA
GetProcAddress
CloseHandle
GetTickCount
CreateFileA
GetModuleFileNameW
WriteFile
SetFilePointer
SetEndOfFile
GetFileSize
LocalFree
FormatMessageA
GetFileAttributesA
DeleteFileA
LoadLibraryA
SystemTimeToFileTime
GetLocalTime
TerminateThread
ResumeThread
CreateThread
MoveFileA
lstrcpyA
GetTempFileNameA
GetTempPathA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
GetStringTypeW
CreateDirectoryW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
ReadFile
RaiseException
GetStringTypeA
LCMapStringW
LCMapStringA
GetOEMCP
GetCPInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetACP
GetLocaleInfoA
GetVersionExA
InterlockedCompareExchange
IsProcessorFeaturePresent
VirtualFree
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetStdHandle
HeapCreate
ExitProcess
Sleep
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
VirtualAlloc
HeapDestroy

user32

CharNextA
SetWindowLongA
SetTimer
KillTimer
GetClassInfoExA
LoadCursorA
DestroyWindow
DefWindowProcA
RegisterClassExA
CreateWindowExA
GetWindowLongA
CallWindowProcA
UnregisterClassA

advapi32

RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA

shell32

SHGetSpecialFolderPathW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CLSIDFromString
CoCreateInstance
StringFromGUID2

oleaut32

LoadTypeLi
LoadRegTypeLi
SysStringLen
VarUI4FromStr
SysAllocString
SysAllocStringLen
VariantCopy
VariantClear
VariantInit
SysFreeString

ws2_32

WSAAsyncSelect
inet_addr
ntohl
connect
WSASetLastError
select
WSAGetLastError
WSAStartup
socket
setsockopt
htons
bind
closesocket
gethostbyname
sendto
gethostname
accept
WSACancelAsyncRequest
WSAAsyncGetHostByName
htonl
recv
send
WSACleanup
inet_ntoa
ntohs
recvfrom
getsockname
listen

wininet

FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 276KB - Virtual size: 273KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uninstall.exe.nsis
Update.dll
.dll regsvr32 windows:4 windows x86 arch:x86

d57aebaa828e280b05993ded6dc8a705

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:44:ca:5f:e1:1b:91:0e:c3:dd:1c:a9:29:d7:29:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

04/07/2007, 00:00

Not After

03/07/2008, 23:59

Subject

CN=Guangzhou ShuLian Software Technology Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technology,O=Guangzhou ShuLian Software Technology Ltd,L=guangzhou,ST=guangzhou,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\My_Application_2005\Source_in_Vss\PocoManager\Release\Update.pdb

Imports

kernel32

GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
WriteFile
lstrcmpA
MulDiv
GetModuleFileNameA
GlobalUnlock
GlobalLock
SetLastError
FreeLibrary
LoadLibraryExA
GetModuleHandleA
GlobalFree
GlobalHandle
GetCommandLineW
CreateDirectoryW
GetModuleFileNameW
WritePrivateProfileStringW
SetThreadLocale
GetThreadLocale
lstrcpynA
CreateFileA
GetFileSize
DeleteFileA
CreateDirectoryA
GetFileAttributesA
GetSystemDirectoryA
MoveFileA
WritePrivateProfileStringA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetCurrentProcess
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
Sleep
LCMapStringW
LCMapStringA
GetOEMCP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
ExitProcess
HeapCreate
GetCommandLineA
RtlUnwind
VirtualQuery
GetSystemInfo
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
InterlockedCompareExchange
GetProcessHeap
HeapSize
FlushInstructionCache
lstrcmpiA
lstrlenA
CloseHandle
FindResourceExA
FindResourceA
LoadResource
LockResource
InterlockedExchange
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetLocaleInfoA
GetACP
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetFilePointer
SetEndOfFile

user32

SystemParametersInfoA
GetClientRect
MapWindowPoints
GetWindowRect
SetWindowPos
GetParent
DefWindowProcA
GetSysColor
MoveWindow
ClientToScreen
ScreenToClient
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
RedrawWindow
SetCapture
IsChild
GetWindowLongA
SetWindowLongA
CharNextA
GetWindow
GetWindowTextLengthA
LoadIconA
MessageBoxA
EnableWindow
KillTimer
SetTimer
ShowWindow
CreateDialogIndirectParamA
RegisterWindowMessageA
UnregisterClassA
GetWindowTextA
SetWindowTextA
CreateAcceleratorTableA
GetKeyState
SetWindowContextHelpId
SendDlgItemMessageA
MapDialogRect
CreateWindowExA
RegisterClassExA
LoadCursorA
GetClassInfoExA
IsWindow
SendMessageA
GetDesktopWindow
SetFocus
GetFocus
DestroyAcceleratorTable
BeginPaint
EndPaint
CallWindowProcA
DestroyWindow
FillRect
ReleaseCapture
GetClassNameA
GetDlgItem

gdi32

GetStockObject
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject
GetObjectA

advapi32

RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
Shell_NotifyIconA
CommandLineToArgvW

ole32

CoTaskMemAlloc
OleLockRunning
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoGetClassObject
CLSIDFromProgID
CoInitialize
CoUninitialize
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString

oleaut32

SysStringLen
VariantClear
VariantInit
SysStringByteLen
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysFreeString
SysAllocStringLen
SysAllocString

ws2_32

htonl
WSAAsyncSelect
WSAGetLastError
connect
htons
socket
ntohl
WSAAsyncGetHostByName
recv
send
closesocket

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pdi.exe
.exe windows:4 windows x86 arch:x86

3af80ef4df3810e9d6ad8537cd74e94a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

wvnsprintfA

kernel32

GetTempFileNameA
HeapAlloc
lstrcatA
lstrcatW
CreateProcessA
WaitForSingleObject
GetProcAddress
GetCommandLineW
GetModuleHandleA
GlobalAlloc
LoadLibraryExA
CreateProcessW
GlobalFree
FreeLibrary
GetTempPathA
GetProcessHeap
CreateFileA
WriteFile
DeviceIoControl
DeleteFileA
HeapFree
CreateDirectoryA
CloseHandle
CopyFileA
CreatePipe

shell32

SHGetSpecialFolderPathA
CommandLineToArgvW

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
pupdate.exe
.exe windows:4 windows x86 arch:x86

ebd871197c47ce071122a751f274b8ed

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:44:ca:5f:e1:1b:91:0e:c3:dd:1c:a9:29:d7:29:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

04/07/2007, 00:00

Not After

03/07/2008, 23:59

Subject

CN=Guangzhou ShuLian Software Technology Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technology,O=Guangzhou ShuLian Software Technology Ltd,L=guangzhou,ST=guangzhou,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedExchange
MultiByteToWideChar
WideCharToMultiByte
RaiseException
GetLastError
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
Sleep
GetModuleFileNameA
CreateDirectoryA
GetPrivateProfileStringA
CloseHandle
WriteFile
CreateFileA
GetTempFileNameA
GetTempPathA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
VirtualAlloc
GetProcAddress
GetModuleHandleA
GetCommandLineA
GetStartupInfoA
VirtualFree
HeapCreate
ExitProcess
GetStdHandle
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetOEMCP
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
LCMapStringA
LCMapStringW
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount

user32

UnregisterClassA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ole32

CoInitialize
CoUninitialize

iphlpapi

GetAdaptersInfo

ws2_32

recv
WSAStartup
WSACleanup
send
connect
gethostbyname
socket
htonl
inet_addr
bind
htons

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
update.exe
.exe windows:4 windows x86 arch:x86

ffd6473e17596d513e5b67f9d0234adc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:44:ca:5f:e1:1b:91:0e:c3:dd:1c:a9:29:d7:29:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

04/07/2007, 00:00

Not After

03/07/2008, 23:59

Subject

CN=Guangzhou ShuLian Software Technology Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technology,O=Guangzhou ShuLian Software Technology Ltd,L=guangzhou,ST=guangzhou,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\code\Update\Release\update.pdb

Imports

kernel32

GetLastError
DeleteFileA
CreateFileA
WriteFile
SetFilePointer
MoveFileA
CloseHandle
GetFileAttributesA
CreateDirectoryA
FindResourceA
LoadResource
GetTickCount
RaiseException
SizeofResource
FindResourceExA
WideCharToMultiByte
LockResource
GetFileSize
ReadFile
CreateProcessA
Sleep
GetTempPathA
GetTempFileNameA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetLocalTime
CreateToolhelp32Snapshot
Process32First
OpenProcess
TerminateProcess
Process32Next
LoadLibraryA
FreeLibrary
GetProcAddress
MultiByteToWideChar
InterlockedExchange
WaitForSingleObject
CreateEventA
CreateThread
ResumeThread
GetModuleFileNameA
SetCurrentDirectoryA
GetPrivateProfileSectionNamesA
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ExitProcess
HeapCreate
VirtualFree
FlushFileBuffers
WriteConsoleW
LCMapStringW
GetCurrentProcessId
LCMapStringA
GetStringTypeW
GetStringTypeA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetOEMCP
GetConsoleMode
GetConsoleCP
RtlUnwind
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
GetACP
GetLocaleInfoA
GetThreadLocale
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
VirtualAlloc
GetModuleHandleA
VirtualQuery
GetCommandLineA
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentProcess
IsDebuggerPresent
GetCPInfo

user32

MessageBoxA
CharNextA
CharUpperA
UnregisterClassA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ole32

CLSIDFromString
StringFromGUID2
CoCreateGuid

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen

psapi

GetModuleFileNameExA

ws2_32

bind
closesocket
WSACleanup
WSAStartup
sendto
recv
send
connect
inet_addr
gethostbyname
htons
htonl
socket

urlmon

URLDownloadToFileA

Sections

.text
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.txt
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

b2a0d9368ec1be7deb968a920e5c993e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

33:2c:0a:9c:f2:0f:b4:8f:ca:a5:1a:17:6e:98:05:17Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 72KB

.rsrc Size: 7KB - Virtual size: 7KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 25KB

.reloc Size: 1024B - Virtual size: 812B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

33:2c:0a:9c:f2:0f:b4:8f:ca:a5:1a:17:6e:98:05:17
Certificate

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 72KB

.rsrc
Size: 7KB - Virtual size: 7KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 25KB

.reloc
Size: 1024B - Virtual size: 812B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 496B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

75:44:ca:5f:e1:1b:91:0e:c3:dd:1c:a9:29:d7:29:40
Certificate

.text
Size: 46KB - Virtual size: 46KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 512B - Virtual size: 176B

.reloc
Size: 6KB - Virtual size: 5KB

.text
Size: 84KB - Virtual size: 82KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 8KB - Virtual size: 7KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

75:44:ca:5f:e1:1b:91:0e:c3:dd:1c:a9:29:d7:29:40
Certificate