21f73f50fda8fb7a60f8bd78145c9211ed69a4fa4db02c295d43d5c61abf7dad

Sharing

Copy URL Twitter E-mail

General

Target

21f73f50fda8fb7a60f8bd78145c9211ed69a4fa4db02c295d43d5c61abf7dad
Size

8.3MB
MD5

950570c46a9a9abd94b8c96213d70b39
SHA1

cbf12ed0320e3b5e7570000b9992bad3965733ae
SHA256

21f73f50fda8fb7a60f8bd78145c9211ed69a4fa4db02c295d43d5c61abf7dad
SHA512

25d1e26ec0e974f597d4f4c987db7c5ac7db9f6e84b8a4c8f5e2287d9c25856e3ec5fb49376cbe81e03f00d03f07922e257731ae265c474412586308deae6abe
SSDEEP

196608:4vvxKrr12jN7mULFAV0Svcf69m0oncKdGjQ66:4sr6s0kcf6UncKU6

Score

3^/10

Malware Config

Signatures

Unsigned PE 21 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$SYSDIR/ClPolicy.dll
unpack001/$SYSDIR/DSTSCl.dll
unpack001/$SYSDIR/EtCertVal.DLL
unpack001/$SYSDIR/EtDecr.dll
unpack001/$SYSDIR/EtEncr.dll
unpack001/$SYSDIR/EtSign.DLL
unpack001/$SYSDIR/EtTransportClient.DLL
unpack001/$SYSDIR/EtValVSP.dll
unpack001/$SYSDIR/EtValutil.dll
unpack001/$SYSDIR/EtWBUtil.dll
unpack001/$SYSDIR/PDFEncr.dll
unpack001/$SYSDIR/PDFSignVerify.dll
unpack001/$SYSDIR/TSTOKEN.dll
unpack001/$SYSDIR/asnutil.dll
unpack001/$SYSDIR/atl.dll
unpack001/$SYSDIR/etidef.dll
unpack001/$SYSDIR/etlicense.dll
unpack001/$SYSDIR/etnetsign.dll
unpack001/$SYSDIR/msvcp60.dll
unpack001/$SYSDIR/msvcrt.dll
unpack001/$SYSDIR/vctoolkit.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

21f73f50fda8fb7a60f8bd78145c9211ed69a4fa4db02c295d43d5c61abf7dad
.exe windows:4 windows x86 arch:x86

3abe302b6d9a1256e6a915429af4ffd2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

62:33:a2:33:ab:ae:b5:60:c1:b8:87:3a
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

23/04/2018, 08:18

Not After

23/04/2020, 08:18

Subject

CN=Timeless Learning Technologies Private Limited,O=Timeless Learning Technologies Private Limited,L=Pune,ST=Maharashtra,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:07:2c:e7:d5:b9:f6:a3:70:b4:75:35:ae:d8:92:47:e5:ba:a7:26:63:47:cd:7b:59:1f:e5:88:0a:54:2c:34
Signer

Actual PE Digest

0e:07:2c:e7:d5:b9:f6:a3:70:b4:75:35:ae:d8:92:47:e5:ba:a7:26:63:47:cd:7b:59:1f:e5:88:0a:54:2c:34

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
Sleep
GetTickCount
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GetWindowsDirectoryA
SetCurrentDirectoryA
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
CompareFileTime
SetFileAttributesA
GetFileAttributesA
GetShortPathNameA
MoveFileA
GetFullPathNameA
SetFileTime
SearchPathA
CloseHandle
lstrcmpiA
CreateThread
GlobalLock
lstrcmpA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$SYSDIR/ClPolicy.dll
.dll regsvr32 windows:4 windows x86 arch:x86

4a94fd602a0ca3e379cb0b768b7e0690

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FormatMessageA
LocalFree
GetLastError
lstrlenW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DisableThreadLibraryCalls
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
GetCurrentThreadId
CreateSemaphoreA
WaitForSingleObject
ReleaseSemaphore
CloseHandle
GetTempPathA
GetTempFileNameA

user32

wsprintfA
LoadStringA

advapi32

RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey

oleaut32

SysStringByteLen
SysAllocStringByteLen
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
VariantInit
SafeArrayCreate
SafeArrayPutElement
VariantClear
SysAllocString
SysStringLen
LoadRegTypeLi
SysFreeString

msvcrt

isspace
malloc
??3@YAXPAX@Z
memcpy
memset
??2@YAPAXI@Z
__CxxFrameHandler
_EH_prolog
memcmp
sprintf
free
strlen
calloc
strcpy
wcscmp
vsprintf
realloc
_strdup
atoi
_pctype
__mb_cur_max
_isctype
_setjmp3
fclose
fputs
fopen
_vsnprintf
_snprintf
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
__dllonexit
_onexit
_close
_read
_open
_stat
_unlink
_write
_lseek
wcslen
_CxxThrowException
longjmp
_purecall
??1type_info@@UAE@XZ

atl

ord32
ord57
ord18
ord15
ord16
ord21
ord30
ord23
ord58

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/DESKSIGN.DLL
.dll regsvr32 windows:5 windows x86 arch:x86

2c342274855a39a76cb393d2797de7c6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

62:33:a2:33:ab:ae:b5:60:c1:b8:87:3a
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

23/04/2018, 08:18

Not After

23/04/2020, 08:18

Subject

CN=Timeless Learning Technologies Private Limited,O=Timeless Learning Technologies Private Limited,L=Pune,ST=Maharashtra,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:78:21:11:2d:46:3e:dc:ed:b1:75:6a:e5:89:aa:c1:60:fd:90:15:7f:0d:2b:78:49:a8:41:6c:82:51:b4:d8
Signer

Actual PE Digest

0b:78:21:11:2d:46:3e:dc:ed:b1:75:6a:e5:89:aa:c1:60:fd:90:15:7f:0d:2b:78:49:a8:41:6c:82:51:b4:d8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

GetUrlCacheEntryInfoA

crypt32

CertOpenStore
PFXImportCertStore
CryptDecodeObject
CertFindExtension
CryptMsgCalculateEncodedLength
CryptMsgOpenToEncode
CertGetNameStringA
CertEnumCertificatesInStore
CryptAcquireCertificatePrivateKey
CertGetCertificateContextProperty
CertGetIntendedKeyUsage
CryptMsgOpenToDecode
CryptMsgUpdate
CryptMsgControl
CryptMsgGetParam
CryptMsgClose
CertGetNameStringW
PFXIsPFXBlob
CertRDNValueToStrW
CertStrToNameW
CertVerifyTimeValidity
CertNameToStrW
CertNameToStrA
CryptGetMessageSignerCount
CertCloseStore
CertFreeCertificateContext
CertDuplicateCertificateContext
CertCreateCertificateContext
CryptEncodeObject

asnutil

ord2
ord3
ord9
ord27
ord11
ord23
ord58
ord10
ord8
ord43
ord13
ord29
ord40
ord45
ord32
ord14
ord34
ord36

etidef

ord2009
ord2012
ord2011
ord2010
ord2017

kernel32

InitializeCriticalSection
DisableThreadLibraryCalls
MultiByteToWideChar
lstrlenW
InterlockedIncrement
lstrlenA
GetModuleFileNameA
FileTimeToSystemTime
FileTimeToLocalFileTime
CopyFileA
MoveFileA
LocalFree
GetTimeFormatA
GetDateFormatA
GetLocalTime
FormatMessageA
HeapFree
GetProcessHeap
FreeLibrary
HeapReAlloc
HeapAlloc
LoadLibraryA
GetSystemDirectoryA
GetFileAttributesA
GetWindowsDirectoryA
GetVersionExA
WaitForSingleObject
FlushFileBuffers
SetFilePointer
WideCharToMultiByte
SystemTimeToFileTime
GetSystemTime
MoveFileExA
GetTimeFormatW
GetDateFormatW
ReleaseSemaphore
CreateSemaphoreA
GetCurrentThreadId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
Sleep
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
GetFileSize
FindResourceA
LoadResource
LockResource
GlobalAlloc
GlobalLock
GlobalUnlock
SetLastError
InterlockedDecrement
GetCurrentProcess
FlushInstructionCache
GetModuleHandleW
GetProcAddress
DeleteFileA
GetTempPathA
GetTempFileNameA
GetLastError
CreateFileA
WriteFile
CloseHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
ReadFile

user32

CharNextW
LoadCursorA
MessageBoxA
SetCursor
LoadStringW
MessageBoxW
GetWindowTextA
SetForegroundWindow
GetClientRect
ShowWindow
GetActiveWindow
SendMessageW
EnableWindow
LoadStringA
DestroyWindow
MapDialogRect
SetWindowContextHelpId
GetWindow
SetWindowPos
CreateWindowExA
EndDialog
GetDlgItem
SetDlgItemTextA
CheckDlgButton
SetFocus
SetActiveWindow
SetWindowTextA
SendMessageA
SetWindowLongA
UnregisterClassA

gdi32

CreateFontA

advapi32

RegCloseKey
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
GetUserNameA
RegEnumKeyExA
CryptGetProvParam
CryptSetProvParam
CryptAcquireContextA
CryptReleaseContext
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteExA

ole32

CreateStreamOnHGlobal
CoCreateInstance

oleaut32

SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
VariantCopy
VariantInit
VariantClear
SafeArrayCreate
SafeArrayPutElement
LoadTypeLi
LoadRegTypeLi
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
SysAllocString
RegisterTypeLi
UnRegisterTypeLi
SysFreeString
SysStringLen

atl90

ord61
ord58
ord64
ord60
ord48
ord42
ord36
ord44
ord43
ord49
ord56
ord68
ord32
ord23
ord15
ord31

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

msvcr90

_encode_pointer
strstr
fopen_s
fprintf
fclose
strchr
wcscat_s
realloc
memmove_s
_heapchk
strcmp
_stricmp
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_errno
_purecall
_resetstkoflw
strcat_s
wcslen
memcpy_s
??0exception@std@@QAE@ABV01@@Z
__dllonexit
strlen
__CxxFrameHandler3
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??2@YAPAXI@Z
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
calloc
strtoul
_ultoa_s
_unlock
_except_handler4_common
?terminate@@YAXXZ
_vsnprintf_s
fputs
wcsnlen
fseek
fwrite
_strlwr
_time64
strrchr
_invalid_parameter_noinfo
sscanf
??3@YAXPAX@Z
memcmp
_CxxThrowException
wcsncpy_s
sprintf_s
free
_strdup
strcpy_s
memset
??_V@YAXPAX@Z
malloc
strnlen
_itoa_s

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/DSTSCl.dll
.dll regsvr32 windows:4 windows x86 arch:x86

4e377e5170703319424052c8c850b335

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
ReleaseMutex
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
GetCurrentThreadId
CreateMutexA
DisableThreadLibraryCalls
GetTempPathA
GetTempFileNameA
SystemTimeToFileTime
GetLastError
CreateFileA
GetFileSize
CreateSemaphoreA
ReleaseSemaphore
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
InitializeCriticalSection
ReadFile
CloseHandle
DeleteFileA
FormatMessageA
InterlockedDecrement
LocalFree

user32

LoadStringA

ole32

CoCreateFreeThreadedMarshaler
CoCreateInstance
CoTaskMemFree

oleaut32

SysStringByteLen
VariantInit
VariantClear
SysAllocString
SysStringLen
SysAllocStringByteLen
SysFreeString

asnutil

ord10
ord31
ord33
ord38
ord42
ord52
ord29
ord43
ord45
ord34
ord14
ord32
ord41
ord36
ord13
ord40
ord8
ord39
ord44

crypt32

CryptMsgCalculateEncodedLength
CryptMsgOpenToEncode
CryptMsgUpdate
CryptMsgClose
CryptMsgGetParam

atl

ord21
ord16
ord15
ord57
ord18
ord23
ord30
ord32

msvcrt

??1type_info@@UAE@XZ
??3@YAXPAX@Z
_heapchk
memset
__CxxFrameHandler
_CxxThrowException
free
memcpy
??2@YAPAXI@Z
_strdup
sprintf
malloc
realloc
strcmp
fclose
fwrite
fopen
calloc
strcpy
strlen
time
_tzset
_purecall
wcslen
fputs
_vsnprintf
_snprintf
_initterm
_adjust_fdiv
__dllonexit
_onexit

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/DeskDecr.dll
.dll regsvr32 windows:4 windows x86 arch:x86

3db5760f87e4837b1e9233af6f16270d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

62:33:a2:33:ab:ae:b5:60:c1:b8:87:3a
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

23/04/2018, 08:18

Not After

23/04/2020, 08:18

Subject

CN=Timeless Learning Technologies Private Limited,O=Timeless Learning Technologies Private Limited,L=Pune,ST=Maharashtra,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6b:c6:72:78:ff:44:86:a2:4d:9f:0c:df:1b:d7:22:80:c8:28:51:67:57:a8:c4:72:dc:cd:29:0b:aa:9b:80:86
Signer

Actual PE Digest

6b:c6:72:78:ff:44:86:a2:4d:9f:0c:df:1b:d7:22:80:c8:28:51:67:57:a8:c4:72:dc:cd:29:0b:aa:9b:80:86

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetCurrentThreadId
WideCharToMultiByte
WaitForSingleObject
ReleaseSemaphore
CloseHandle
GetWindowsDirectoryA
GetFileAttributesA
LoadLibraryA
GetProcAddress
HeapReAlloc
GetLastError
FreeLibrary
GetProcessHeap
HeapFree
FormatMessageA
lstrcpynA
lstrlenA
GetLocalTime
GetDateFormatA
GetTimeFormatA
LocalFree
GetCurrentProcess
FlushInstructionCache
DeleteFileA
lstrlenW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DisableThreadLibraryCalls
HeapCreate
GetVersionExA
GetSystemInfo
HeapAlloc
CreateSemaphoreA

user32

SetWindowLongA
EndDialog
GetActiveWindow
LoadStringA
wsprintfA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegOpenKeyExA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptDecrypt
GetUserNameA
CryptReleaseContext
CryptDestroyKey
CryptAcquireContextA

ole32

CoCreateInstance

oleaut32

VariantClear
SysFreeString
LoadRegTypeLi
SysStringLen
SysAllocStringByteLen
SysStringByteLen
SysAllocString

asnutil

ord13
ord2
ord36
ord10
ord29
ord14

etidef

ord2010
ord2011
ord2017
ord2009
ord2012

atl

ord44
ord36
ord30
ord58
ord32
ord57
ord18
ord15
ord16
ord21
ord43
ord23

msvcrt

_ultoa
_CxxThrowException
wcslen
_onexit
__dllonexit
_vsnprintf
fputs
_snprintf
strlen
fread
fwrite
_except_handler3
strchr
fopen
??3@YAXPAX@Z
memset
memcpy
_purecall
??2@YAPAXI@Z
memcmp
malloc
_strdup
free
_heapchk
sprintf
strcpy
sscanf
calloc
strtoul
strcat
??1type_info@@UAE@XZ
_itoa
fclose
fprintf

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/DeskEncr.dll
.dll regsvr32 windows:4 windows x86 arch:x86

96e84d7759d47fdd34997ed5e3e6fef2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

62:33:a2:33:ab:ae:b5:60:c1:b8:87:3a
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

23/04/2018, 08:18

Not After

23/04/2020, 08:18

Subject

CN=Timeless Learning Technologies Private Limited,O=Timeless Learning Technologies Private Limited,L=Pune,ST=Maharashtra,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:fc:3a:1a:df:4a:1f:2f:6a:46:1d:ac:b6:e9:ca:e7:91:c0:e3:83:d5:5f:33:de:be:73:57:73:d0:16:98:49
Signer

Actual PE Digest

2e:fc:3a:1a:df:4a:1f:2f:6a:46:1d:ac:b6:e9:ca:e7:91:c0:e3:83:d5:5f:33:de:be:73:57:73:d0:16:98:49

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetWindowsDirectoryA
GetFileAttributesA
HeapReAlloc
GetProcessHeap
HeapFree
FormatMessageA
lstrcpynA
lstrlenA
GetLocalTime
GetDateFormatA
GetTimeFormatA
LocalFree
GetCurrentProcess
FlushInstructionCache
GetTempPathA
GetTempFileNameA
SystemTimeToTzSpecificLocalTime
CopyFileA
CreateFileA
GetFileSize
ReadFile
CloseHandle
DeleteFileA
LoadLibraryA
GetProcAddress
FreeLibrary
GetLastError
lstrlenW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
FileTimeToSystemTime
WideCharToMultiByte
MultiByteToWideChar
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreA
DisableThreadLibraryCalls
MoveFileA
InterlockedDecrement
InitializeCriticalSection
HeapCreate
GetVersionExA
GetSystemInfo
HeapAlloc
GetCurrentThreadId

user32

LoadStringA
GetActiveWindow
wsprintfA
SetWindowLongA
EndDialog

advapi32

RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyA
GetUserNameA
CryptReleaseContext
CryptDestroyKey
CryptEncrypt
CryptDestroyHash
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextA
RegCloseKey

asnutil

ord10
ord13
ord7
ord39
ord34
ord29
ord3
ord45
ord17
ord36
ord11
ord14
ord2
ord9

etidef

ord2017
ord2011
ord2009
ord2010
ord2012

crypt32

CertFindExtension
CryptDecodeObject
CertOpenSystemStoreA
CertEnumCertificatesInStore
CertVerifyTimeValidity
CertGetIntendedKeyUsage
CertGetNameStringA
CertFreeCertificateContext

atl

ord44
ord43
ord36
ord30
ord58
ord23
ord21
ord16
ord15
ord18
ord32
ord57

ole32

CoCreateInstance

oleaut32

SysAllocStringLen
VariantClear
VariantInit
SafeArrayCreate
SafeArrayPutElement
SafeArrayDestroy
SysAllocStringByteLen
SysAllocString
SysStringByteLen
SysStringLen
LoadRegTypeLi
SysFreeString

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??_7out_of_range@std@@6B@
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z

msvcrt

strstr
_snprintf
time
srand
rand
fputs
fwrite
_except_handler3
strchr
fopen
fprintf
fclose
_vsnprintf
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
_strlwr
fread
_heapchk
memset
memcpy
_purecall
??2@YAPAXI@Z
__CxxFrameHandler
memcmp
strcpy
strlen
malloc
free
_strdup
strcmp
wcslen
sprintf
calloc
_CxxThrowException
_stricmp
sscanf
??0exception@@QAE@ABV0@@Z
strtoul
strcat
_ultoa
_itoa

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/DeskLicense.dll
.dll regsvr32 windows:4 windows x86 arch:x86

1608927bd5feb23c88224a88a80d482b

Code Sign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:a1:54:33:d8:10:17:7a:4f:6e:d8:c3:1d:66:b4:4a:2b
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2015, 12:48

Not After

20/02/2016, 12:48

Subject

CN=Timeless Learning Technologies Pvt. Ltd.,OU=E-Lock,O=Timeless Learning Technologies Pvt. Ltd.,L=Pune,ST=Maharashtra,C=IN,1.2.840.113549.1.9.1=#0c0d616e6940656c6f636b2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

12:4b:ce:fa:2a:47:2c:e7:3d:7a:04:0e:04:df:e8:11:e4:47:1d:2d
Signer

Actual PE Digest

12:4b:ce:fa:2a:47:2c:e7:3d:7a:04:0e:04:df:e8:11:e4:47:1d:2d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crypt32

CertCreateCertificateContext
CertGetNameStringA
CryptHashCertificate
CertFreeCertificateContext
PFXIsPFXBlob
PFXImportCertStore
CertEnumCertificatesInStore
CryptAcquireCertificatePrivateKey

kernel32

GetLastError
GetFileSize
FindFirstFileA
GetTempPathA
DisableThreadLibraryCalls
WaitForSingleObject
HeapDestroy
GetShortPathNameA
GetModuleHandleA
InterlockedIncrement
ReleaseMutex
CreateMutexA
WriteFile
SetFilePointer
ReleaseSemaphore
CreateSemaphoreA
GetCurrentThreadId
GetTempFileNameA
LocalFree
GetSystemDirectoryA
InitializeCriticalSection
DeleteCriticalSection
GetFileAttributesA
GetModuleFileNameA
lstrlenW
WideCharToMultiByte
lstrcatA
MultiByteToWideChar
lstrcpyA
LoadLibraryA
GetProcAddress
FreeLibrary
DeleteFileA
OpenProcess
TerminateProcess
Sleep
CreateFileA
ReadFile
GetCurrentThread
lstrlenA
CloseHandle
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection

user32

MessageBoxA
LoadStringA
wsprintfA
CharNextA

advapi32

RegCloseKey
RegOpenKeyExA
SetThreadToken
RevertToSelf
OpenThreadToken
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegQueryInfoKeyA
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
GetUserNameA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyA
RegEnumValueA
RegCreateKeyA
RegQueryValueExA

shell32

ShellExecuteExA

ole32

CoCreateInstance

oleaut32

SysAllocStringLen
SysAllocString
SysFreeString
VariantClear
SysStringByteLen
LoadTypeLi
SysStringLen
SysAllocStringByteLen
LoadRegTypeLi
RegisterTypeLi

etidef

ord2017
ord2014
ord10026
ord10030
ord2009

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

psapi

EnumProcesses
GetModuleBaseNameA

mfc42

ord803
ord825
ord543
ord3584
ord823

msvcrt

_stricmp
_stat
_CxxThrowException
_write
_lseek
_onexit
__dllonexit
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_strcmpi
_except_handler3
longjmp
_setjmp3
_strdup
vsprintf
realloc
_vsnprintf
fputs
calloc
strcmp
wcslen
_itoa
_unlink
_open
_read
?terminate@@YAXXZ
_close
strcpy
strcat
strlen
sscanf
_snprintf
malloc
__CxxFrameHandler
strncpy
memset
strchr
strstr
rand
srand
time
free
sprintf
memcmp
atoi
strcspn
strtok
memcpy
fclose
fwrite
fopen
memmove
qsort
fread
ftell
fseek
rewind
bsearch

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/DeskVerf.dll
.dll regsvr32 windows:4 windows x86 arch:x86

a967bc7c5648c9eb0161ad3f387547c2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

62:33:a2:33:ab:ae:b5:60:c1:b8:87:3a
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

23/04/2018, 08:18

Not After

23/04/2020, 08:18

Subject

CN=Timeless Learning Technologies Private Limited,O=Timeless Learning Technologies Private Limited,L=Pune,ST=Maharashtra,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

25:18:c8:a2:15:75:06:60:71:90:71:ea:b4:a3:a8:01:74:83:ec:31:ef:c5:93:47:9e:48:c7:ee:d7:57:7e:e9
Signer

Actual PE Digest

25:18:c8:a2:15:75:06:60:71:90:71:ea:b4:a3:a8:01:74:83:ec:31:ef:c5:93:47:9e:48:c7:ee:d7:57:7e:e9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crypt32

CertGetIntendedKeyUsage
CertFindCertificateInCRL
CertCreateCRLContext
CertAddEncodedCRLToStore
CertVerifyCRLTimeValidity
CertIsValidCRLForCertificate
CertFindCRLInStore
CertCompareCertificateName
CertOpenSystemStoreA
CryptMsgControl
CertVerifyTimeValidity
CertFreeCertificateChain
CertCreateCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChainEngine
CertNameToStrW
CertGetNameStringW
CryptImportPublicKeyInfo
CertGetCertificateContextProperty
CryptGetMessageSignerCount
CryptMsgOpenToDecode
CryptMsgUpdate
CryptVerifyDetachedMessageSignature
CertFreeCertificateContext
CryptVerifyMessageSignature
CryptMsgGetParam
CertOpenStore
CertGetSubjectCertificateFromStore
CertCloseStore
CertNameToStrA
CryptMsgClose
CertCreateCertificateContext
CertFreeCRLContext

asnutil

ord36
ord3
ord2
ord32
ord10
ord34
ord45
ord8
ord29
ord13
ord43
ord14
ord40

cryptnet

CryptGetObjectUrl
CryptRetrieveObjectByUrlA

kernel32

GetTimeFormatA
GetDateFormatA
GetLocalTime
lstrcpynA
HeapReAlloc
GetVersionExA
GetWindowsDirectoryA
GetCurrentProcess
FlushInstructionCache
MultiByteToWideChar
LocalFree
FindFirstFileA
MoveFileExA
CompareFileTime
GetSystemTime
LocalFileTimeToFileTime
GetCurrentThreadId
CreateSemaphoreA
WaitForSingleObject
ReleaseSemaphore
GetProcessHeap
FindClose
HeapFree
FormatMessageA
lstrcatA
lstrcpyA
ExpandEnvironmentStringsA
GetFileAttributesA
SetLastError
lstrlenA
lstrlenW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InterlockedIncrement
InitializeCriticalSection
DisableThreadLibraryCalls
SetFilePointer
WideCharToMultiByte
ReadFile
GetFileSize
MoveFileA
CopyFileA
FileTimeToLocalFileTime
SystemTimeToFileTime
FileTimeToSystemTime
InterlockedDecrement
GetCurrentThread
HeapAlloc
DeleteFileA
CloseHandle
WriteFile
CreateFileA
GetLastError
GetTempFileNameA
GetTempPathA
FreeLibrary
GetProcAddress
LoadLibraryA

user32

SetWindowLongA
EndDialog
LoadStringA
GetActiveWindow
wsprintfA

advapi32

CryptHashData
RegQueryValueExA
RegOpenKeyA
SetThreadToken
RevertToSelf
OpenThreadToken
CryptReleaseContext
CryptDestroyHash
CryptVerifySignatureA
CryptCreateHash
RegOpenKeyExA
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
AdjustTokenPrivileges
LookupPrivilegeValueA
RegUnLoadKeyA
RegLoadKeyA
GetTokenInformation
GetUserNameA
CryptGetHashParam
RegQueryValueExW
CryptAcquireContextA
RegCloseKey

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SafeArrayPutElement
SysAllocStringLen
SafeArrayCreate
SysFreeString
SysAllocString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
VariantInit
VariantClear
LoadRegTypeLi

etidef

ord2009
ord2017
ord2010
ord2011
ord2012

wininet

GetUrlCacheEntryInfoA

atl

ord57
ord18
ord15
ord58
ord21
ord16
ord23
ord32
ord44
ord43
ord36
ord30

msvcrt

_purecall
_stricmp
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_onexit
__dllonexit
?terminate@@YAXXZ
_CxxThrowException
wcslen
_vsnprintf
fputs
mktime
qsort
??3@YAXPAX@Z
free
malloc
_strdup
strcpy
__CxxFrameHandler
??2@YAPAXI@Z
memset
_snprintf
realloc
strncmp
fwrite
memcpy
fclose
fopen
strcat
sprintf
memcmp
strcmp
calloc
strlen
_strlwr
sscanf
strtoul
_ultoa
_itoa
_except_handler3
fprintf
strchr
strtok
isspace
strrchr
strncpy
strstr

msvcp60

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPADII@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/EtCertVal.DLL
.dll regsvr32 windows:4 windows x86 arch:x86

9acecfe7554414a4dce268f5e17b5fa3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
FileTimeToSystemTime
SystemTimeToFileTime
GetSystemTime
LoadLibraryA
CreateSemaphoreA
WaitForSingleObject
ReleaseSemaphore
WideCharToMultiByte
lstrcatA
lstrcpyA
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleA
GetShortPathNameA
lstrlenA
MultiByteToWideChar
lstrlenW
DeleteCriticalSection
InitializeCriticalSection
lstrcmpA
FreeLibrary
LoadLibraryExA
CloseHandle
GetLastError
GetProcAddress
CreateFileA
GetFileSize
ReadFile
GetCurrentThreadId

user32

CharNextA

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

ole32

CoCreateInstance

oleaut32

LoadTypeLi
SysFreeString
RegisterTypeLi
SysAllocString

asnutil

ord48
ord30
ord9
ord20
ord11
ord45
ord32
ord46
ord34
ord31
ord6
ord44
ord26
ord40
ord23
ord10
ord14
ord29

msvcrt

_adjust_fdiv
_initterm
memcmp
memcpy
malloc
strcat
strcpy
calloc
memset
_heapchk
__CxxFrameHandler
??2@YAPAXI@Z
free
_strdup
strlen
strcmp
sprintf
strncmp
atoi
_purecall
fclose
fputs
fopen
_vsnprintf
_snprintf

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/EtDecr.dll
.dll regsvr32 windows:4 windows x86 arch:x86

4b95f5d1774ed51750f95f56482fc9db

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

CryptReleaseContext
CryptAcquireContextA
RegQueryValueExA
RegEnumKeyExA
RegCloseKey
RegOpenKeyExA
CryptGetProvParam
CryptExportKey
CryptDestroyKey
CryptDecrypt
CryptSetKeyParam
CryptImportKey
CryptGetUserKey
RegEnumValueA
ImpersonateLoggedOnUser
LogonUserA
GetUserNameA
CryptGenKey
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenThreadToken
RegUnLoadKeyA
RegLoadKeyA
GetTokenInformation
LookupAccountNameA

crypt32

CryptExportPublicKeyInfo
CertFreeCertificateContext
CertGetCertificateContextProperty
CertAlgIdToOID
CertGetSubjectCertificateFromStore
CertCloseStore
CertOpenStore
CryptImportPublicKeyInfo
CryptFindOIDInfo
CryptDecodeObject
CertCreateCertificateContext

asnutil

ord43
ord13
ord10
ord31
ord36
ord40
ord29
ord14

mfc42

ord1131
ord6467
ord537
ord6283
ord6282
ord2915
ord1116
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord2725
ord3953
ord815
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord823
ord540
ord860
ord800
ord825
ord3081

msvcrt

??1type_info@@UAE@XZ
_strcmpi
__CxxFrameHandler
memcpy
_purecall
_adjust_fdiv
_initterm
_onexit
__dllonexit
?terminate@@YAXXZ
_snprintf
_vsnprintf
fopen
fputs
fclose
_except_handler3
strlen
strstr
memset
_mbsicmp
strcpy
_heapchk
strcmp
_strdup
free
malloc
_stricmp

kernel32

HeapAlloc
HeapFree
GetCurrentThread
lstrcatA
lstrcpyA
ExpandEnvironmentStringsA
GetFileAttributesA
lstrlenA
GetProcessHeap
CreateFileA
GetFileSize
ReadFile
WriteFile
CloseHandle
GetTempPathA
GetTempFileNameA
GetLastError
DeleteFileA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
LocalFree
InterlockedDecrement
InitializeCriticalSection
SetLastError
LocalAlloc
FreeLibrary
GetProcAddress
LoadLibraryA
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreA
GetCurrentThreadId
GetVersion

user32

wsprintfA

oleaut32

SysFreeString

atl

ord16
ord21
ord15
ord18
ord57
ord32
ord23

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/EtEncr.dll
.dll regsvr32 windows:4 windows x86 arch:x86

8f16718e16a5b5e0fc69f069ffc476c2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

CryptReleaseContext
CryptAcquireContextA
RegQueryValueExA
RegEnumKeyExA
RegCloseKey
RegOpenKeyExA
CryptGetProvParam
CryptExportKey
RegEnumValueA
CryptDestroyKey
CryptSetKeyParam
CryptGenKey
CryptEncrypt
CryptGetKeyParam
CryptGenRandom
CryptImportKey

crypt32

CertDuplicateCertificateContext
CertFindRDNAttr
CertRDNValueToStrW
CryptExportPublicKeyInfo
CertEnumCertificatesInStore
CertAlgIdToOID
CertGetIntendedKeyUsage
CertGetPublicKeyLength
CertGetCertificateContextProperty
CertVerifyTimeValidity
CertFreeCertificateContext
CryptFindOIDInfo
CryptImportPublicKeyInfo
CertOpenSystemStoreA
CertCloseStore
CryptDecodeObject
CertCreateCertificateContext

asnutil

ord35
ord7
ord34
ord43
ord45
ord8
ord9
ord20
ord11
ord10
ord13
ord29
ord14

mfc42

ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord3953
ord2725
ord1131
ord6467
ord1116
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord815
ord4274
ord539
ord547
ord2819
ord2818
ord922
ord4160
ord2614
ord926
ord924
ord941
ord6282
ord6283
ord5683
ord4129
ord858
ord4277
ord2763
ord939
ord940
ord354
ord3790
ord665
ord540
ord537
ord860
ord535
ord2915
ord5572
ord823
ord800
ord825
ord2396

msvcrt

isspace
malloc
free
__dllonexit
?terminate@@YAXXZ
memset
_snprintf
_vsnprintf
fopen
fputs
fclose
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
_except_handler3
mktime
memcmp
strlen
_purecall
strcmp
_strdup
_mbsicmp
sprintf
strcpy
_mbscmp
__CxxFrameHandler
memcpy
_stricmp

kernel32

DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
LeaveCriticalSection
MoveFileA
CopyFileA
CreateFileA
GetFileSize
ReadFile
WriteFile
CloseHandle
GetTempPathA
GetTempFileNameA
DeleteFileA
GetLastError
WideCharToMultiByte
SetLastError
lstrcmpA
GetFileAttributesA
CreateDirectoryA
CreateSemaphoreA
GetCurrentThreadId
LocalFree
LocalAlloc
EnterCriticalSection
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
ReleaseSemaphore
InitializeCriticalSection
WaitForSingleObject

user32

wsprintfA

oleaut32

SysFreeString

atl

ord16
ord21
ord15
ord18
ord57
ord32
ord23

msvcp60

?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/EtSign.DLL
.dll regsvr32 windows:4 windows x86 arch:x86

1015350ad5dab65e049e886a05313cd6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

asnutil

ord45
ord34
ord10
ord13
ord29
ord8
ord14

crypt32

CertGetCertificateContextProperty
CertGetPublicKeyLength
CertGetIntendedKeyUsage
CertAlgIdToOID
CryptDecodeObject
CertCreateCertificateContext
CertRDNValueToStrW
CertFindRDNAttr
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertFreeCertificateContext
CertCloseStore
CertOpenSystemStoreA
CertOpenStore
CertGetSubjectCertificateFromStore
CertOIDToAlgId
CryptMsgCalculateEncodedLength
CryptMsgOpenToEncode
CryptMsgUpdate
CryptMsgGetParam
CertVerifyTimeValidity
CryptMsgClose

mfc42

ord4080
ord4622
ord4424
ord3738
ord561
ord3953
ord2725
ord1131
ord6467
ord4275
ord924
ord941
ord3079
ord4160
ord1116
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord858
ord939
ord540
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord815
ord4274
ord539
ord547
ord2819
ord2818
ord922
ord537
ord860
ord535
ord2915
ord5572
ord2614
ord926
ord823
ord800
ord825

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_onexit
memcpy
__CxxFrameHandler
__dllonexit
_snprintf
_vsnprintf
fopen
fputs
fclose
free
_stricmp
malloc
memset
calloc
strlen
_heapchk
_strdup
_purecall
sprintf
strcpy
_mbscmp

kernel32

LocalFree
GetCurrentThreadId
CreateSemaphoreA
WaitForSingleObject
ReleaseSemaphore
GetSystemTime
SystemTimeToFileTime
MoveFileExA
CopyFileA
WriteFile
GetTempPathA
GetTempFileNameA
DeleteFileA
CreateFileA
GetFileSize
CloseHandle
ReadFile
lstrlenA
lstrcpyA
lstrlenW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
GetLastError
WideCharToMultiByte
SetLastError
lstrcmpA
LocalAlloc

advapi32

RegCloseKey
CryptImportKey
CryptCreateHash
CryptSetHashParam
CryptHashData
CryptGetHashParam
CryptDestroyKey
RegEnumKeyExA
RegQueryValueExA
CryptAcquireContextA
CryptReleaseContext
RegOpenKeyExA
CryptGetProvParam

atl

ord57
ord18
ord15
ord21
ord16
ord23
ord32

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/EtTransportClient.DLL
.dll regsvr32 windows:4 windows x86 arch:x86

ea540372d80125a8ede5a41c088396f6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

gethostbyname
htons
connect
closesocket
select
getsockopt
ntohl
htonl
send
recv
WSAStartup
socket
WSACleanup

wininet

InternetCrackUrlA

mfc42

ord5808
ord1074
ord941
ord2817
ord5204
ord2683
ord4274
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5356
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord3953
ord2725
ord1131
ord1116
ord5353
ord823
ord389
ord6426
ord2393
ord6467
ord540
ord860
ord800
ord825
ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord5289

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
_snprintf
_vsnprintf
fopen
fputs
fclose
realloc
calloc
_purecall
memset
__CxxFrameHandler
printf
memcpy
_heapchk
malloc
free

kernel32

LocalFree
GetCurrentThreadId
CreateSemaphoreA
WaitForSingleObject
ReleaseSemaphore
CloseHandle
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLastError
InitializeCriticalSection
LocalAlloc
InterlockedIncrement
InterlockedDecrement

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

atl

ord15
ord23
ord18
ord57
ord16
ord21
ord32

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/EtValVSP.dll
.dll windows:4 windows x86 arch:x86

fc04953baa7336a1b1460e70a6c19ef9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

etvalutil

displayProxyBasicAuthDialog
displayMesg
DisplayCertValOnlinePrompt
validateCertUI

vctoolkit

Vtk_CertStoreAddCert
Vtk_CertStoreDelete
Vtk_CloseLog
Vtk_CertStoreNew
Vtk_CtxtNew
Vtk_CtxtDelete
Vtk_CtxtAddCerts
Vtk_CtxtSetDefaultVa
Vtk_OpenLog
Vtk_Finish
Vtk_Init
Vtk_CertGetIssuer
Vtk_CtxtSetVaInfo
Vtk_ValidationAddCert
Vtk_CertDelete
Vtk_ErrorToString
Vtk_ValidationValidate
Vtk_CtxtSetOption
Vtk_ValidationDelete
Vtk_ValidationNew
Vtk_CertExport
Vtk_BufferDelete
Vtk_ValidationAddCertificateChain
Vtk_CertInit
Vtk_CertNew
Vtk_CertStoreAddCertRaw

kernel32

ReleaseSemaphore
GetLastError
WaitForSingleObject
GetTempFileNameA
GetTempPathA
GetCurrentThreadId
CreateDirectoryA
CloseHandle
ReadFile
GetFileSize
CreateFileA
lstrcmpiA
lstrcatA
FindClose
FindFirstFileA
lstrcpyA
FindNextFileA
MoveFileExA
RemoveDirectoryA
DeleteFileA
InitializeCriticalSection
DeleteCriticalSection
TlsGetValue
LeaveCriticalSection
EnterCriticalSection
TlsFree
TlsSetValue
TlsAlloc
lstrlenA
FileTimeToSystemTime
SystemTimeToFileTime
GetSystemTime
CreateSemaphoreA
CopyFileA

user32

wsprintfA
LoadStringA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

ole32

CoCreateInstance

asnutil

ord23
ord58
ord26
ord2
ord39
ord52
ord38
ord53
ord57
ord33
ord32
ord8
ord45
ord17
ord34
ord29
ord13
ord10
ord46
ord44
ord40
ord9
ord20
ord11
ord31
ord36
ord14

msvcp60

?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Xlen@std@@YAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z

msvcrt

_heapchk
__CxxFrameHandler
calloc
_itoa
isalpha
strstr
free
??2@YAPAXI@Z
sprintf
printf
strchr
fclose
fputs
fopen
_vsnprintf
_snprintf
__dllonexit
_onexit
_initterm
_adjust_fdiv
_strdup
malloc
_stricmp
_strlwr

Exports

Exports

EtVSP_FreeCertChain
EtVSP_FreeResponse
EtVSP_Initialize
EtVSP_UnInitialize
EtVSP_ValidateCert

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/EtValutil.dll
.dll windows:4 windows x86 arch:x86

09ee4a83b96f504aee22eda8427216cc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord800
ord641
ord4160
ord860
ord540
ord324
ord825
ord2370
ord4234
ord2379
ord3092
ord4710
ord2575
ord6055
ord1776
ord4396
ord5290
ord3402
ord4424
ord3574
ord609
ord941
ord939
ord567
ord2301
ord2302
ord6334
ord6215
ord2864
ord6467
ord1175
ord1168
ord1775
ord2648
ord537
ord823
ord940
ord858
ord4129
ord2614
ord6662
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord4622
ord3738
ord561
ord815
ord1228
ord2393
ord665
ord1979
ord6385
ord5355
ord353
ord5356
ord5808
ord5204
ord3229
ord389
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord4078
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord535
ord4407
ord6052
ord2514
ord4998
ord4853
ord4376
ord2915
ord5265
ord1116

msvcrt

__CxxFrameHandler
free
malloc
atoi
fclose
fputs
fopen
_vsnprintf
_snprintf
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit

kernel32

GetCurrentThreadId
CreateSemaphoreA
WaitForSingleObject
ReleaseSemaphore
CloseHandle
GetLastError
FormatMessageA
LocalFree
MultiByteToWideChar
LocalAlloc

user32

EnableWindow
PostMessageA
SetCursor
LoadCursorA
SetWindowTextW
SendMessageA
GetActiveWindow
LoadStringW
MessageBoxW

gdi32

CreateFontA

advapi32

RegCloseKey
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA

Exports

Exports

?DownLoadIssuerCert@@YAJPBD0@Z
DisplayCertValOnlinePrompt
displayMesg
displayProxyBasicAuthDialog
getLdapParams
validateCertUI

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/EtWBUtil.dll
.dll regsvr32 windows:4 windows x86 arch:x86

2ffb630963eacd796dd19e1fd8dcfbe9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crypt32

CertOIDToAlgId
CertGetSubjectCertificateFromStore
CertCreateCertificateContext
CertFindCertificateInStore
CertVerifyTimeValidity
CertOpenSystemStoreA
CertEnumCTLsInStore
CertFindSubjectInCTL
CertFreeCTLContext
CertFindRDNAttr
CryptMsgGetParam
CertGetCertificateContextProperty
CertGetIntendedKeyUsage
CertGetPublicKeyLength
CryptDecodeObject
CertOpenStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertGetIssuerCertificateFromStore
CertCompareCertificate
CertFreeCertificateContext
CryptMsgUpdate
CryptMsgOpenToDecode
CertAddCertificateContextToStore
CertSetCertificateContextProperty
CertDeleteCertificateFromStore
CertAlgIdToOID
CertRDNValueToStrW
CertCloseStore

asnutil

ord45
ord8
ord13
ord43
ord40
ord14
ord9
ord28
ord11
ord10
ord29

mfc42

ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3402
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3639
ord692
ord641
ord567
ord324
ord2370
ord2302
ord4234
ord6334
ord539
ord2514
ord861
ord4853
ord3803
ord5450
ord6394
ord2841
ord2107
ord5440
ord6383
ord4274
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord1727
ord3738
ord561
ord3953
ord2725
ord1131
ord6467
ord2393
ord665
ord5583
ord1979
ord2803
ord6385
ord3318
ord353
ord6320
ord6215
ord6242
ord1168
ord3742
ord818
ord4275
ord1871
ord801
ord6143
ord541
ord2065
ord6883
ord5861
ord5065
ord3749
ord1116
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord4998
ord4376
ord5265
ord3663
ord1601
ord926
ord4160
ord2614
ord922
ord939
ord924
ord941
ord2817
ord2818
ord860
ord537
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4401
ord1776
ord4078
ord6055
ord2581
ord4219
ord2024
ord2413
ord6366
ord1771
ord3597
ord4425
ord5280
ord4407
ord1775
ord4622
ord6052
ord535
ord823
ord540
ord858
ord800
ord2915
ord5572
ord825
ord4710

msvcrt

memcpy
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
malloc
_itoa
_stricmp
calloc
memset
strcpy
memcmp
_purecall
_snprintf
_vsnprintf
fopen
fputs
fclose
strlen
mktime
wcslen
_heapchk
_mbscmp
free
__CxxFrameHandler
_strdup
sprintf
wcstombs
time
srand
rand
_CxxThrowException

kernel32

GetCurrentThreadId
CreateSemaphoreA
WaitForSingleObject
ReleaseSemaphore
CloseHandle
LocalFileTimeToFileTime
GetSystemTime
CreateProcessA
LoadLibraryA
GetProcAddress
FreeLibrary
SystemTimeToFileTime
lstrlenW
FormatMessageA
LocalFree
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
InitializeCriticalSection
InterlockedDecrement
lstrcmpA
FileTimeToLocalFileTime
FileTimeToSystemTime
WideCharToMultiByte
SetLastError
GetLastError
MultiByteToWideChar
lstrlenA
LocalAlloc

user32

DestroyWindow
wsprintfA
CreateWindowExA
EnableWindow
SendMessageA
MessageBoxA

advapi32

RegQueryValueExA
CryptImportKey
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptSetKeyParam
CryptGetKeyParam
CryptExportKey
CryptDestroyHash
CryptDestroyKey
RegEnumKeyExA
CryptAcquireContextA
CryptReleaseContext
CryptGetProvParam
RegOpenKeyExA
RegCloseKey

ole32

CoCreateGuid
StringFromGUID2

oleaut32

SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysFreeString
GetErrorInfo
SetErrorInfo
VariantChangeType
CreateErrorInfo
VariantClear
VariantInit

atl

ord57
ord18
ord15
ord21
ord16
ord23
ord32

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/HTransport.dll
.dll regsvr32 windows:4 windows x86 arch:x86

013a096e2949d72bb3c91051ea4b39cd

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

62:33:a2:33:ab:ae:b5:60:c1:b8:87:3a
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

23/04/2018, 08:18

Not After

23/04/2020, 08:18

Subject

CN=Timeless Learning Technologies Private Limited,O=Timeless Learning Technologies Private Limited,L=Pune,ST=Maharashtra,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ea:4b:54:dd:e3:80:71:15:08:f7:41:d4:87:bd:ff:3c:50:59:24:9f:7f:b1:43:1f:2b:ab:39:81:43:f6:66:5f
Signer

Actual PE Digest

ea:4b:54:dd:e3:80:71:15:08:f7:41:d4:87:bd:ff:3c:50:59:24:9f:7f:b1:43:1f:2b:ab:39:81:43:f6:66:5f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTempPathA
MapViewOfFile
CreateFileMappingA
GetFileInformationByHandle
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateFileA
GetTempFileNameA
WriteFile
FlushFileBuffers
DeleteFileA
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
GetCurrentThreadId
CreateSemaphoreA
WaitForSingleObject
ReleaseSemaphore
InterlockedIncrement
GetFileAttributesA
GetModuleHandleA
FormatMessageA
GetLastError
LocalFree
UnmapViewOfFile
CloseHandle
InterlockedDecrement
lstrlenW

user32

LoadStringA
MessageBoxA
GetDesktopWindow

oleaut32

LoadRegTypeLi
VariantClear
SysFreeString
SysStringByteLen
SysStringLen
SysAllocString
SysAllocStringByteLen

wininet

InternetOpenA
InternetCrackUrlA
HttpQueryInfoA
HttpAddRequestHeadersA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetErrorDlg
InternetReadFile
InternetCloseHandle
InternetSetOptionA
InternetCanonicalizeUrlA

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreate

atl

ord32
ord15
ord30
ord16
ord21
ord58
ord18
ord57
ord23

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

msvcrt

?terminate@@YAXXZ
_except_handler3
_CxxThrowException
wcslen
_initterm
fopen
fputs
fclose
_purecall
strchr
_adjust_fdiv
__dllonexit
_onexit
??1type_info@@UAE@XZ
_vsnprintf
strrchr
memcmp
strcat
strcpy
malloc
strlen
??2@YAPAXI@Z
_snprintf
__CxxFrameHandler
memcpy
free
sprintf
_stricmp
_itoa

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/PDFEncr.dll
.dll windows:4 windows x86 arch:x86

0c1cdf6e04f24bd7aed9cfa9e3318221

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedDecrement
CreateSemaphoreA
WaitForSingleObject
ReleaseSemaphore
CloseHandle
GetLastError
MultiByteToWideChar
DeleteFileA
LocalFree
WideCharToMultiByte
GetCurrentThreadId

advapi32

CryptCreateHash
RegQueryValueExA
RegOpenKeyExA
CryptAcquireContextA
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
RegCloseKey

ole32

CoCreateInstance
CoUninitialize
CoCreateGuid
StringFromGUID2
CoInitialize

oleaut32

SysAllocString
SysAllocStringByteLen
SysStringLen
SysFreeString
VariantClear

msvcrt

atoi
_purecall
exit
fputs
_vsnprintf
_snprintf
atof
?terminate@@YAXXZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
strcat
fwrite
??3@YAXPAX@Z
strstr
strchr
fopen
fclose
memset
??2@YAPAXI@Z
ftell
fflush
sprintf
isspace
isdigit
calloc
fseek
fread
memcmp
strncmp
__CxxFrameHandler
strcpy
realloc
free
strlen
malloc
_except_handler3
memcpy
_itoa
_stricmp
wcslen
_CxxThrowException
strncat
??1type_info@@UAE@XZ

msvcp60

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@JW4seekdir@ios_base@2@@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?close@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ

msvcirt

??6ostream@@QAEAAV0@PBD@Z
??6ostream@@QAEAAV0@E@Z
?get@istream@@QAEAAV1@AAD@Z
?cin@@3Vistream_withassign@@A
?cout@@3Vostream_withassign@@A
??1fstream@@UAE@XZ
??1ios@@UAE@XZ
??0fstream@@QAE@XZ
?openprot@filebuf@@2HB
?open@fstream@@QAEXPBDHH@Z
?write@ostream@@QAEAAV1@PBDH@Z
?close@fstream@@QAEXXZ
?seekg@istream@@QAEAAV1@JW4seek_dir@ios@@@Z
?read@istream@@QAEAAV1@PADH@Z
?clear@ios@@QAEXH@Z
?cerr@@3Vostream_withassign@@A

Exports

Exports

EncryptObject
EncryptPDFFile
SetEncrParams

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/PDFSignVerify.dll
.dll windows:4 windows x86 arch:x86

8c11860e4bd2fabd32d4a7b8c4aa3c17

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetDateFormatA
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
GetTimeFormatA
CloseHandle
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetTempPathA
GetTempFileNameA
MultiByteToWideChar
InterlockedDecrement
GetFileAttributesA
DeleteFileA
InitializeCriticalSection
DeleteCriticalSection
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
GetSystemTime
FreeLibrary
LocalFree
WideCharToMultiByte
GetWindowsDirectoryA
GetSystemTimeAsFileTime
GetCurrentThreadId
CreateSemaphoreA
WaitForSingleObject

user32

LoadStringA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegEnumValueA
RegCloseKey
RegCreateKeyExA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysAllocStringByteLen
SysStringLen
SysAllocString
SysFreeString
VariantClear

msvcrt

_onexit
__dllonexit
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
fopen
_flushall
_itoa
_vsnprintf
vsprintf
strncpy
_errno
fputs
toupper
sscanf
strchr
_ftol
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_CxxThrowException
strtol
_strdup
strrchr
_stricmp
exit
_purecall
isspace
isdigit
fclose
??2@YAPAXI@Z
calloc
fread
fseek
fwrite
ftell
fflush
strncmp
__CxxFrameHandler
realloc
free
malloc
??3@YAXPAX@Z
_strcmpi
wcslen

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??_7out_of_range@std@@6B@
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xlen@std@@YAXXZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?pubseekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@JW4seekdir@ios_base@2@H@Z
??1ios_base@std@@UAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_fstream@DU?$char_traits@D@std@@@std@@UAE@XZ
?close@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
??_7?$basic_fstream@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??_8?$basic_fstream@DU?$char_traits@D@std@@@std@@7B?$basic_ostream@DU?$char_traits@D@std@@@1@@
??_8?$basic_fstream@DU?$char_traits@D@std@@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?clear@ios_base@std@@QAEXH_N@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?_Fpz@std@@3_JB
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z

msvcirt

?unlock@ios@@QAAXXZ
??1fstream@@UAE@XZ
??0fstream@@QAE@XZ
?open@fstream@@QAEXPBDHH@Z
?get@istream@@IAEAAV1@PADHH@Z
?read@istream@@QAEAAV1@PADH@Z
_mtlock
_mtunlock
?close@ifstream@@QAEXXZ
??1ifstream@@UAE@XZ
??1ios@@UAE@XZ
??0ifstream@@QAE@XZ
?openprot@filebuf@@2HB
?open@ifstream@@QAEXPBDHH@Z
?seekg@istream@@QAEAAV1@JW4seek_dir@ios@@@Z
?tellg@istream@@QAEJXZ
?flush@ostream@@QAEAAV1@XZ
?close@fstream@@QAEXXZ
?cerr@@3Vostream_withassign@@A
??6ostream@@QAEAAV0@PBD@Z
??6ostream@@QAEAAV0@E@Z
?write@ostream@@QAEAAV1@PBDH@Z
?get@istream@@QAEAAV1@AAD@Z
?cin@@3Vistream_withassign@@A
?cout@@3Vostream_withassign@@A

Exports

Exports

ConfigSigBlock
FreePDFImageData
GetAdobeTBSData
GetPDFErrorInfo
GetPDFImageData
GetPDFSignatureInfo
GetSignOffset
GetSignatureCount
InitPDFHandle
PerformAdobeCompatibleTS
ReleasePDFHandle
ReleaseSignatureInfo
SetEncrParameters
SetPDFImageData
SetPDFSigningInfo
SetSigImageSize
SetSigningTimeInfo

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/TSTOKEN.dll
.dll regsvr32 windows:4 windows x86 arch:x86

cacae478817cc7b552028ac4f0ca1096

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FileTimeToSystemTime
GetDateFormatA
GetTimeFormatA
lstrlenA
GetCurrentThreadId
CreateSemaphoreA
WaitForSingleObject
CloseHandle
LocalFree
WideCharToMultiByte
GetLastError
MultiByteToWideChar
lstrlenW
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
ReleaseSemaphore
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls

oleaut32

SysAllocString
SysStringByteLen
SysAllocStringByteLen
SysStringLen
LoadRegTypeLi
SysFreeString
VariantClear

msvcrt

fopen
_vsnprintf
_snprintf
_initterm
_adjust_fdiv
__dllonexit
_onexit
??1type_info@@UAE@XZ
fputs
fclose
_CxxThrowException
wcslen
strcpy
free
memcmp
??2@YAPAXI@Z
_purecall
memcpy
??3@YAXPAX@Z
malloc
memset
strcat

atl

ord32
ord58
ord57
ord23
ord21
ord18
ord15
ord30
ord16

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/asnutil.dll
.dll windows:4 windows x86 arch:x86

aef4ecf4c2ed7a76dc50d615e0309bc8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
HeapReAlloc
WideCharToMultiByte
DeleteCriticalSection
InitializeCriticalSection
HeapDestroy
CloseHandle
WriteFile
CreateFileA
GetTempFileNameA
EnterCriticalSection
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetLastError
FileTimeToLocalFileTime
GetSystemTime
ReadFile
GetFileSize
SetFilePointer
HeapCreate
LeaveCriticalSection
GetTempPathA
GetCurrentThreadId
CreateSemaphoreA
WaitForSingleObject
ReleaseSemaphore
HeapAlloc

user32

LoadStringA
wsprintfA

msvcrt

_adjust_fdiv
_initterm
_onexit
_tzset
__dllonexit
_snprintf
_vsnprintf
fopen
fputs
fclose
longjmp
free
_setjmp3
remove
vsprintf
realloc
sscanf
__mb_cur_max
_isctype
_pctype
mktime
??2@YAPAXI@Z
_heapchk
sprintf
??3@YAXPAX@Z
__CxxFrameHandler
calloc
_strdup
malloc
isspace
_stat
_close
_read
atoi
_itoa
_unlink
_open

msvcp60

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xlen@std@@YAXXZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADPAD0@Z

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Exports

Exports

AU_AddCertToSignatureBlob
AU_Base64ToBin
AU_BinToBase64
AU_BitOff
AU_BitOn
AU_BitTest
AU_CertDisplayString
AU_CertDisplayString2
AU_CertInfo
AU_Convert2PE
AU_Convert2qb
AU_CreateCertContext
AU_DecodeObject
AU_DeepCopy
AU_DestroyCertContext
AU_DisplayString2oidstr
AU_EncodeObject
AU_EncodePrivateKey
AU_Free
AU_FreeLocalHeap
AU_GetATSPolicyExtFromCert
AU_GetAuthAttrsFromSignature
AU_GetCertExtValue
AU_GetCertExtValueAndCriticality
AU_GetCertSubjName
AU_GetCertSubjName2
AU_GetCertValues
AU_GetPublicKeyBlob
AU_GetPublicKeyBlob2
AU_GetRDNDisplayString
AU_GetSignerCertFromSignature
AU_GetSignerCertInfoFromCertificate
AU_IsCertExpired
AU_IsCertExpired2
AU_IsSameCert
AU_Malloc
AU_RDNFree
AU_ReleaseObject
AU_gen2tm
AU_oid2str
AU_oidCmp
AU_oidCopy
AU_oidFree
AU_oidstr2DisplayString
AU_pe2str
AU_peCmp
AU_peCopy
AU_peFree
AU_qb2strl
AU_qbCmp
AU_qbCopy
AU_qbFree
AU_str2gent
AU_str2oid
AU_str2utct
AU_tm2ut
AU_ut2tm
AU_utc2str

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/atl.dll
.dll regsvr32 windows:4 windows x86 arch:x86

8ef95172470b9f552734e3fd0e068e7e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalLock
MultiByteToWideChar
lstrlenA
lstrcpyA
GetACP
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
DeleteCriticalSection
lstrlenW
GetShortPathNameA
GetModuleHandleA
GetModuleFileNameA
lstrcatA
WideCharToMultiByte
FreeLibrary
GetProcAddress
LoadLibraryA
GetCurrentThreadId
FreeResource
GlobalFree
GlobalHandle
LockResource
LoadResource
FindResourceW
GlobalAlloc
FindResourceA
GlobalUnlock
WaitForSingleObject
DisableThreadLibraryCalls
OutputDebugStringA
GetVersionExA
HeapAlloc
GetSystemInfo
HeapCreate
InterlockedDecrement
InterlockedIncrement
lstrcmpA
FlushInstructionCache
GetCurrentProcess
SizeofResource
GetLastError
LoadLibraryExA
CloseHandle
ReadFile
GetFileSize
CreateFileA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
DebugBreak
HeapReAlloc
HeapFree
LocalAlloc
InterlockedExchange
RaiseException
LocalFree

Exports

Exports

AtlAdvise
AtlAxAttachControl
AtlAxCreateControl
AtlAxCreateControlEx
AtlAxCreateDialogA
AtlAxCreateDialogW
AtlAxDialogBoxA
AtlAxDialogBoxW
AtlAxGetControl
AtlAxGetHost
AtlAxWinInit
AtlComPtrAssign
AtlComQIPtrAssign
AtlCreateTargetDC
AtlDevModeW2A
AtlFreeMarshalStream
AtlGetObjectSourceInterface
AtlGetVersion
AtlHiMetricToPixel
AtlIPersistPropertyBag_Load
AtlIPersistPropertyBag_Save
AtlIPersistStreamInit_Load
AtlIPersistStreamInit_Save
AtlInternalQueryInterface
AtlMarshalPtrInProc
AtlModuleAddCreateWndData
AtlModuleAddTermFunc
AtlModuleExtractCreateWndData
AtlModuleGetClassObject
AtlModuleInit
AtlModuleLoadTypeLib
AtlModuleRegisterClassObjects
AtlModuleRegisterServer
AtlModuleRegisterTypeLib
AtlModuleRegisterWndClassInfoA
AtlModuleRegisterWndClassInfoW
AtlModuleRevokeClassObjects
AtlModuleTerm
AtlModuleUnRegisterTypeLib
AtlModuleUnregisterServer
AtlModuleUnregisterServerEx
AtlModuleUpdateRegistryFromResourceD
AtlPixelToHiMetric
AtlRegisterClassCategoriesHelper
AtlSetErrorInfo
AtlUnadvise
AtlUnmarshalPtr
AtlWaitWithMessageLoop
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/etidef.dll
.dll windows:4 windows x86 arch:x86

202cce0cc1674910bf8d21af2c503aaf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

_lclose
OpenFile
GetFileAttributesA
_lread
_llseek
DeleteFileA
SetFileAttributesA
CloseHandle
CreateFileA
_lwrite
FindClose
lstrcmpiA
FindFirstFileA
InitializeCriticalSection
DeleteCriticalSection
GetModuleFileNameA
GetTickCount
CreateProcessA
GetCurrentThreadId
CreateSemaphoreA
WaitForSingleObject
ReleaseSemaphore
lstrcmpA
GetLastError
MultiByteToWideChar
lstrcpynA
EnterCriticalSection
lstrlenA
LeaveCriticalSection
lstrcpyA
lstrcatA
FindNextFileA

user32

MessageBoxA
wsprintfA
MoveWindow
GetClientRect
ClientToScreen
SendMessageA
GetDlgItem
EndDialog
WinHelpA
GetDlgItemTextA
SetWindowTextA
GetWindowTextA
DialogBoxParamA
LoadStringA
MessageBeep
EnableWindow
WaitForInputIdle
FindWindowA
PostMessageA
GetWindowRect
GetParent
SetDlgItemTextA
SetFocus
SendDlgItemMessageA

advapi32

RegSetValueExA
RegDeleteValueA
RegEnumValueA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegQueryInfoKeyA
GetUserNameA
RegCloseKey

shell32

ShellExecuteA

wsock32

gethostname
WSAStartup
WSACleanup
gethostbyname

oleaut32

SysAllocString

msvcrt

memcpy
_ltoa
_itoa
_ultoa
_adjust_fdiv
_initterm
_snprintf
_vsnprintf
fopen
fputs
fclose
strcpy
_rmdir
_errno
_strupr
_mkdir
_stricmp
strncmp
toupper
localtime
strcmp
strlen
malloc
free
__mb_cur_max
_isctype
_pctype
strtol
strtoul
strncpy
memset
strcat
sprintf
atoi
_strdup
time
strchr

Exports

Exports

FTCDEF_10
FTCDEF_1000
FTCDEF_1001
FTCDEF_1002
FTCDEF_1003
FTCDEF_11
FTCDEF_12
FTCDEF_13
FTCDEF_14
FTCDEF_15
FTCDEF_16
FTCDEF_17
FTCDEF_18
FTCDEF_19
FTCDEF_2
FTCDEF_20
FTCDEF_2000
FTCDEF_2001
FTCDEF_2002
FTCDEF_2003
FTCDEF_2004
FTCDEF_2005
FTCDEF_2006
FTCDEF_2007
FTCDEF_2008
FTCDEF_2009
FTCDEF_2010
FTCDEF_2011
FTCDEF_2012
FTCDEF_2013
FTCDEF_2014
FTCDEF_2015
FTCDEF_2016
FTCDEF_2017
FTCDEF_2018
FTCDEF_21
FTCDEF_22
FTCDEF_23
FTCDEF_25
FTCDEF_26
FTCDEF_27
FTCDEF_28
FTCDEF_29
FTCDEF_3
FTCDEF_30
FTCDEF_31
FTCDEF_32
FTCDEF_33
FTCDEF_34
FTCDEF_35
FTCDEF_4
FTCDEF_5
FTCDEF_6
FTCDEF_7
FTCDEF_8
FTCDEF_9
_FTCDEF_1006@8
_SEC_AuthCheckEx@12
_SEC_AuthCheckEx_Web@16
_UserAndCompanyDlgProc@16

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/etlicense.dll
.dll windows:4 windows x86 arch:x86

413c6e64b6a8ee7ef40a0b2a51923c95

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

etidef

ord10030
ord2014
ord2016
ord35
ord2013
ord10025
ord2009
ord10026
ord2012
ord10023

mfc42

ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord1089
ord561
ord825
ord815
ord800
ord535
ord6467
ord939
ord941
ord4160
ord540
ord860
ord2915
ord5572
ord536
ord537
ord6877
ord858
ord4278
ord4129
ord2764
ord6283
ord600
ord823
ord826
ord269
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord1243
ord342
ord1182
ord1570
ord1197
ord1577
ord1168
ord1575
ord1176
ord1116
ord1578
ord1255
ord3738
ord6282
ord1253

msvcrt

_adjust_fdiv
??1type_info@@UAE@XZ
_onexit
__dllonexit
_snprintf
_vsnprintf
fputs
free
malloc
_CxxThrowException
_mbscmp
atoi
toupper
sscanf
strncpy
__CxxFrameHandler
strtol
sprintf
fopen
fprintf
fclose
isupper
isdigit
isxdigit
_strdup
_strcmpi
_itoa
_initterm

kernel32

LocalAlloc
LocalFree
GetCurrentThreadId
CreateSemaphoreA
WaitForSingleObject
ReleaseSemaphore
GetDateFormatA
CloseHandle

user32

MessageBoxA

advapi32

RegCloseKey
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA

Exports

Exports

CheckName
GetGeneratedKey
GetLicenseType
Install
SetState
Uninstall

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/etnetsign.dll
.dll regsvr32 windows:4 windows x86 arch:x86

9a1f6d91215b39f1e1fe4cbed2b283b6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

asnutil

ord18
ord11
ord17
ord9
ord8
ord4
ord33
ord42
ord35
ord26
ord10
ord40
ord14
ord29
ord31
ord36
ord45
ord7
ord13
ord34
ord43

kernel32

WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreA
GetCurrentThreadId
CopyFileA
DeleteFileA
LoadLibraryExA
GetFileSize
CloseHandle
ReadFile
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DisableThreadLibraryCalls
GetProcAddress
FreeLibrary
GetSystemTimeAsFileTime
CreateFileA
GetLastError

user32

EndDialog
SetDlgItemTextA
EnableWindow
DialogBoxParamA
MessageBoxA
GetDlgItemTextA

advapi32

CryptAcquireContextA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
RegEnumValueA
RegEnumKeyExA
RegCloseKey

atl

ord23
ord16
ord15
ord21
ord18
ord57
ord32

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcrt

strstr
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
malloc
calloc
strcmp
free
memset
strlen
__CxxFrameHandler
_strdup
memcpy
_purecall
??2@YAPAXI@Z
_heapchk
sprintf
memcmp
_CxxThrowException
_stricmp
vsprintf
fclose
fputs
fopen
_vsnprintf
_snprintf
__dllonexit
_onexit

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/msvcp60.dll
.dll windows:4 windows x86 arch:x86

1b1839992700df52b049b87961a724e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

memmove
__CxxFrameHandler
free
localeconv
_Gettnames
_Getdays
_Getmonths
__mb_cur_max
atan2
cos
exp
ldexp
log
pow
sin
sqrt
??2@YAPAXI@Z
strtoul
_errno
strtol
sprintf
strcspn
fclose
fwrite
fputc
ungetc
fgetc
fgetpos
fseek
fsetpos
setvbuf
memchr
memset
ungetwc
fgetwc
_Strftime
fopen
_iob
setlocale
malloc
realloc
__crtCompareStringA
__lc_collate_cp
_unlock
__lc_handle
_lock
__setlc_active
__unguarded_readlc_active
__crtLCMapStringA
__lc_codepage
towlower
towupper
strcmp
_pctype
_isctype
_ftol
strtod
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
memcmp
memcpy
strlen
_CxxThrowException
wcslen
??4exception@@QAEAAV0@ABV0@@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
fflush
?what@exception@@UBEPBDXZ
fputwc

kernel32

DisableThreadLibraryCalls
MultiByteToWideChar
DeleteCriticalSection
InterlockedExchange
LeaveCriticalSection
Sleep
EnterCriticalSection
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte

Exports

Exports

??0?$_Complex_base@M@std@@QAE@ABM0@Z
??0?$_Complex_base@N@std@@QAE@ABN0@Z
??0?$_Complex_base@O@std@@QAE@ABO0@Z
??0?$_Mpunct@D@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$_Mpunct@D@std@@QAE@I_N@Z
??0?$_Mpunct@G@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$_Mpunct@G@std@@QAE@I_N@Z
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PBDH@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PBDH@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PBDH@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@IIABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG0ABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGIABV?$allocator@G@1@@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$codecvt@DDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@DDH@std@@QAE@I@Z
??0?$codecvt@GDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@GDH@std@@QAE@I@Z
??0?$collate@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$collate@D@std@@QAE@I@Z
??0?$collate@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$collate@G@std@@QAE@I@Z
??0?$complex@M@std@@QAE@ABM0@Z
??0?$complex@M@std@@QAE@ABV?$complex@N@1@@Z
??0?$complex@M@std@@QAE@ABV?$complex@O@1@@Z
??0?$complex@N@std@@QAE@ABN0@Z
??0?$complex@N@std@@QAE@ABV?$complex@M@1@@Z
??0?$complex@N@std@@QAE@ABV?$complex@O@1@@Z
??0?$complex@O@std@@QAE@ABO0@Z
??0?$complex@O@std@@QAE@ABV?$complex@M@1@@Z
??0?$complex@O@std@@QAE@ABV?$complex@N@1@@Z
??0?$ctype@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@D@std@@QAE@PBF_NI@Z
??0?$ctype@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@G@std@@QAE@I@Z
??0?$messages@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$messages@D@std@@QAE@I@Z
??0?$messages@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$messages@G@std@@QAE@I@Z
??0?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$moneypunct@D$00@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@D$00@std@@QAE@I@Z
??0?$moneypunct@D$0A@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@D$0A@@std@@QAE@I@Z
??0?$moneypunct@G$00@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@G$00@std@@QAE@I@Z
??0?$moneypunct@G$0A@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@G$0A@@std@@QAE@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$numpunct@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$numpunct@D@std@@QAE@I@Z
??0?$numpunct@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$numpunct@G@std@@QAE@I@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0Init@ios_base@std@@QAE@XZ
??0_Locinfo@std@@QAE@ABV01@@Z
??0_Locinfo@std@@QAE@HPBD@Z
??0_Locinfo@std@@QAE@PBD@Z
??0_Lockit@std@@QAE@XZ
??0_Timevec@std@@QAE@ABV01@@Z
??0_Timevec@std@@QAE@PAX@Z
??0_Winit@std@@QAE@XZ
??0__non_rtti_object@std@@QAE@ABV01@@Z
??0__non_rtti_object@std@@QAE@PBD@Z
??0bad_alloc@std@@QAE@ABV01@@Z
??0bad_alloc@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??0bad_exception@std@@QAE@ABV01@@Z
??0bad_exception@std@@QAE@PBD@Z
??0bad_typeid@std@@QAE@ABV01@@Z
??0bad_typeid@std@@QAE@PBD@Z
??0codecvt_base@std@@QAE@I@Z
??0ctype_base@std@@QAE@I@Z
??0domain_error@std@@QAE@ABV01@@Z
??0domain_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0facet@locale@std@@IAE@I@Z
??0ios_base@std@@IAE@XZ
??0ios_base@std@@QAE@ABV01@@Z
??0length_error@std@@QAE@ABV01@@Z
??0length_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0locale@std@@AAE@PAV_Locimp@01@@Z
??0locale@std@@QAE@ABV01@0H@Z
??0locale@std@@QAE@ABV01@@Z
??0locale@std@@QAE@ABV01@PBDH@Z
??0locale@std@@QAE@PBDH@Z
??0locale@std@@QAE@W4_Uninitialized@1@@Z
??0locale@std@@QAE@XZ
??0logic_error@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0messages_base@std@@QAE@I@Z
??0money_base@std@@QAE@I@Z
??0ostrstream@std@@QAE@PADHH@Z
??0out_of_range@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0overflow_error@std@@QAE@ABV01@@Z
??0overflow_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0range_error@std@@QAE@ABV01@@Z
??0range_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0runtime_error@std@@QAE@ABV01@@Z
??0runtime_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0strstream@std@@QAE@PADHH@Z
??0time_base@std@@QAE@I@Z
??0underflow_error@std@@QAE@ABV01@@Z
??0underflow_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??1?$_Mpunct@D@std@@UAE@XZ
??1?$_Mpunct@G@std@@UAE@XZ
??1?$basic_filebuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_filebuf@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_fstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_fstream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ifstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ifstream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??1?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@UAE@XZ
??1?$basic_ofstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ofstream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??1?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??1?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??1?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@UAE@XZ
??1?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??1?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@UAE@XZ
??1?$codecvt@DDH@std@@UAE@XZ
??1?$codecvt@GDH@std@@UAE@XZ
??1?$collate@D@std@@UAE@XZ
??1?$collate@G@std@@UAE@XZ
??1?$ctype@D@std@@UAE@XZ
??1?$ctype@G@std@@UAE@XZ
??1?$messages@D@std@@UAE@XZ
??1?$messages@G@std@@UAE@XZ
??1?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
??1?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
??1?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
??1?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
??1?$moneypunct@D$00@std@@UAE@XZ
??1?$moneypunct@D$0A@@std@@UAE@XZ
??1?$moneypunct@G$00@std@@UAE@XZ
??1?$moneypunct@G$0A@@std@@UAE@XZ
??1?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
??1?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
??1?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
??1?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
??1?$numpunct@D@std@@UAE@XZ
??1?$numpunct@G@std@@UAE@XZ
??1?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
??1?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
??1?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
??1?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
??1Init@ios_base@std@@QAE@XZ
??1_Locinfo@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??1_Timevec@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1__non_rtti_object@std@@UAE@XZ
??1bad_alloc@std@@UAE@XZ
??1bad_cast@std@@UAE@XZ
??1bad_exception@std@@UAE@XZ
??1bad_typeid@std@@UAE@XZ
??1codecvt_base@std@@UAE@XZ
??1ctype_base@std@@UAE@XZ
??1domain_error@std@@UAE@XZ
??1facet@locale@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??1istrstream@std@@UAE@XZ
??1length_error@std@@UAE@XZ
??1locale@std@@QAE@XZ
??1logic_error@std@@UAE@XZ
??1messages_base@std@@UAE@XZ
??1money_base@std@@UAE@XZ
??1ostrstream@std@@UAE@XZ
??1out_of_range@std@@UAE@XZ
??1overflow_error@std@@UAE@XZ
??1range_error@std@@UAE@XZ
??1runtime_error@std@@UAE@XZ
??1strstream@std@@UAE@XZ
??1strstreambuf@std@@UAE@XZ
??1time_base@std@@UAE@XZ
??1underflow_error@std@@UAE@XZ
??4?$_Complex_base@M@std@@QAEAAV01@ABV01@@Z
??4?$_Complex_base@N@std@@QAEAAV01@ABV01@@Z
??4?$_Complex_base@O@std@@QAEAAV01@ABV01@@Z
??4?$_Ctr@M@std@@QAEAAV01@ABV01@@Z
??4?$_Ctr@N@std@@QAEAAV01@ABV01@@Z
??4?$_Ctr@O@std@@QAEAAV01@ABV01@@Z
??4?$allocator@X@std@@QAEAAV01@ABV01@@Z
??4?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_fstream@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_ios@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_ios@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_iostream@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_iostream@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??4?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??4?$char_traits@D@std@@QAEAAU01@ABU01@@Z
??4?$char_traits@G@std@@QAEAAU01@ABU01@@Z
??4?$complex@M@std@@QAEAAV01@ABM@Z
??4?$complex@M@std@@QAEAAV01@ABV01@@Z
??4?$complex@N@std@@QAEAAV01@ABN@Z
??4?$complex@N@std@@QAEAAV01@ABV01@@Z
??4?$complex@O@std@@QAEAAV01@ABO@Z
??4?$complex@O@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@C@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@D@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@E@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@F@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@G@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@H@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@I@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@J@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@K@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@M@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@N@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@O@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@_N@std@@QAEAAV01@ABV01@@Z
??4Init@ios_base@std@@QAEAAV012@ABV012@@Z
??4_Locinfo@std@@QAEAAV01@ABV01@@Z
??4_Lockit@std@@QAEAAV01@ABV01@@Z
??4_Num_base@std@@QAEAAU01@ABU01@@Z
??4_Num_float_base@std@@QAEAAU01@ABU01@@Z
??4_Num_int_base@std@@QAEAAU01@ABU01@@Z
??4_Timevec@std@@QAEAAV01@ABV01@@Z
??4_Winit@std@@QAEAAV01@ABV01@@Z
??4__non_rtti_object@std@@QAEAAV01@ABV01@@Z
??4bad_alloc@std@@QAEAAV01@ABV01@@Z
??4bad_cast@std@@QAEAAV01@ABV01@@Z
??4bad_exception@std@@QAEAAV01@ABV01@@Z
??4bad_typeid@std@@QAEAAV01@ABV01@@Z
??4domain_error@std@@QAEAAV01@ABV01@@Z
??4id@locale@std@@QAEAAV012@ABV012@@Z
??4ios_base@std@@QAEAAV01@ABV01@@Z
??4length_error@std@@QAEAAV01@ABV01@@Z
??4locale@std@@QAEAAV01@ABV01@@Z
??4logic_error@std@@QAEAAV01@ABV01@@Z
??4out_of_range@std@@QAEAAV01@ABV01@@Z
??4overflow_error@std@@QAEAAV01@ABV01@@Z
??4range_error@std@@QAEAAV01@ABV01@@Z
??4runtime_error@std@@QAEAAV01@ABV01@@Z
??4underflow_error@std@@QAEAAV01@ABV01@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAF@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAG@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAJ@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAK@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAO@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAPAX@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@DU?$char_traits@D@std@@@1@AAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAF@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAG@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAJ@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAK@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAN@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAO@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAPAX@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AA_N@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@GU?$char_traits@G@std@@@1@AAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAC@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAD@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAE@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@M@0@@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@N@0@@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@O@0@@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAC@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAD@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAE@Z
??5std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAG@Z
??5std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??5std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@M@0@@Z
??5std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@N@0@@Z
??5std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@O@0@@Z
??5std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@PAF@Z
??5std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@PAG@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@O@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@DU?$char_traits@D@std@@@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@O@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@GU?$char_traits@G@std@@@1@AAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_N@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@M@0@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@N@0@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@O@0@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@C@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@E@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBC@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBE@Z
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@M@0@@Z
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@N@0@@Z
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@O@0@@Z
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@G@Z
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@PBF@Z
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@PBG@Z
??7ios_base@std@@QBE_NXZ
??8locale@std@@QBE_NABV01@@Z
??8std@@YA_NABMABV?$complex@M@0@@Z
??8std@@YA_NABNABV?$complex@N@0@@Z
??8std@@YA_NABOABV?$complex@O@0@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??8std@@YA_NABV?$complex@M@0@0@Z
??8std@@YA_NABV?$complex@M@0@ABM@Z
??8std@@YA_NABV?$complex@N@0@0@Z
??8std@@YA_NABV?$complex@N@0@ABN@Z
??8std@@YA_NABV?$complex@O@0@0@Z
??8std@@YA_NABV?$complex@O@0@ABO@Z
??8std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??8std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??9locale@std@@QBE_NABV01@@Z
??9std@@YA_NABMABV?$complex@M@0@@Z
??9std@@YA_NABNABV?$complex@N@0@@Z
??9std@@YA_NABOABV?$complex@O@0@@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??9std@@YA_NABV?$complex@M@0@0@Z
??9std@@YA_NABV?$complex@M@0@ABM@Z

Sections

.text
Size: 168KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/msvcrt.dll
.dll windows:4 windows x86 arch:x86

8d26773106ed39fbb89a157d19d8aa89

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetFilePointer
RtlUnwind
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
SetUnhandledExceptionFilter
GetModuleFileNameA
GetModuleFileNameW
ExitProcess
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
ResumeThread
CreateThread
TlsSetValue
ExitThread
CloseHandle
GetCurrentThreadId
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
HeapFree
HeapAlloc
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GetCommandLineW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetConsoleCtrlHandler
SetEnvironmentVariableW
InterlockedDecrement
InterlockedIncrement
FlushFileBuffers
RaiseException
SetStdHandle
Sleep
CompareStringA
CompareStringW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoW
GetTimeZoneInformation
SetEnvironmentVariableA
Beep
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDiskFreeSpaceA
GetLogicalDrives
SetErrorMode
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetDriveTypeA
GetCurrentProcessId
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
DeleteFileW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
MoveFileA
GetExitCodeProcess
WaitForSingleObject
FreeLibrary
CreateProcessA
CreateProcessW
HeapValidate
HeapCompact
HeapWalk
HeapSize
ReadConsoleA
SetConsoleMode
GetConsoleMode
SetEndOfFile
WriteConsoleA
DuplicateHandle
GetFileInformationByHandle
PeekNamedPipe
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
LockFile
UnlockFile
CreateFileA
CreatePipe
ReadFile
CreateFileW
GetSystemTimeAsFileTime
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetLocalTime
SetLocalTime
GetSystemTime

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@@QAE@ABV0@@Z
??0__non_rtti_object@@QAE@PBD@Z
??0bad_cast@@QAE@ABQBD@Z
??0bad_cast@@QAE@ABV0@@Z
??0bad_typeid@@QAE@ABV0@@Z
??0bad_typeid@@QAE@PBD@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1__non_rtti_object@@UAE@XZ
??1bad_cast@@UAE@XZ
??1bad_typeid@@UAE@XZ
??1exception@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??3@YAXPAX@Z
??4__non_rtti_object@@QAEAAV0@ABV0@@Z
??4bad_cast@@QAEAAV0@ABV0@@Z
??4bad_typeid@@QAEAAV0@ABV0@@Z
??4exception@@QAEAAV0@ABV0@@Z
??8type_info@@QBEHABV0@@Z
??9type_info@@QBEHABV0@@Z
??_7__non_rtti_object@@6B@
??_7bad_cast@@6B@
??_7bad_typeid@@6B@
??_7exception@@6B@
??_E__non_rtti_object@@UAEPAXI@Z
??_Ebad_cast@@UAEPAXI@Z
??_Ebad_typeid@@UAEPAXI@Z
??_Eexception@@UAEPAXI@Z
??_G__non_rtti_object@@UAEPAXI@Z
??_Gbad_cast@@UAEPAXI@Z
??_Gbad_typeid@@UAEPAXI@Z
??_Gexception@@UAEPAXI@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?before@type_info@@QBEHABV1@@Z
?name@type_info@@QBEPBDXZ
?raw_name@type_info@@QBEPBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?terminate@@YAXXZ
?unexpected@@YAXXZ
?what@exception@@UBEPBDXZ
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CxxThrowException
_EH_prolog
_Getdays
_Getmonths
_Gettnames
_HUGE
_Strftime
_XcptFilter
__CxxFrameHandler
__CxxLongjmpUnwind
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__argc
__argv
__badioinfo
__crtCompareStringA
__crtGetLocaleInfoW
__crtLCMapStringA
__dllonexit
__doserrno
__fpecode
__getmainargs
__initenv
__isascii
__iscsym
__iscsymf
__lc_codepage
__lc_collate_cp
__lc_handle
__lconv_init
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fileinfo
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__osver
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__winmajor
__p__winminor
__p__winver
__p__wpgmptr
__pioinfo
__pxcptinfoptrs
__set_app_type
__setlc_active
__setusermatherr
__threadhandle
__threadid
__toascii
__unDName
__unDNameEx
__unguarded_readlc_active
__wargv
__wgetmainargs
__winitenv
_abnormal_termination
_access
_acmdln
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_adjust_fdiv
_aexit_rtn
_amsg_exit
_assert
_atodbl
_atoi64
_atoldbl
_beep
_beginthread
_beginthreadex
_c_exit
_cabs
_callnewh
_cexit
_cgets
_chdir
_chdrive
_chgsign
_chkesp
_chmod
_chsize
_clearfp
_close
_commit
_commode
_control87
_controlfp
_copysign
_cprintf
_cputs
_creat
_cscanf
_ctype
_cwait
_daylight
_dstbias
_dup
_dup2
_ecvt
_endthread
_endthreadex
_environ
_eof
_errno
_except_handler2
_except_handler3
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fcloseall
_fcvt
_fdopen
_fgetchar
_fgetwchar
_filbuf
_fileinfo
_filelength
_filelengthi64
_fileno
_findclose
_findfirst
_findfirsti64
_findnext
_findnexti64
_finite
_flsbuf
_flushall
_fmode
_fpclass
_fpieee_flt
_fpreset
_fputchar
_fputwchar
_fsopen
_fstat
_fstati64
_ftime
_ftol
_fullpath
_futime
_gcvt
_get_osfhandle
_get_sbh_threshold
_getch
_getche
_getcwd
_getdcwd
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getws
_global_unwind2
_heapadd
_heapchk
_heapmin
_heapset
_heapused
_heapwalk
_hypot
_i64toa
_i64tow
_initterm
_inp
_inpd
_inpw
_iob
_isatty
_isctype
_ismbbalnum
_ismbbalpha
_ismbbgraph
_ismbbkalnum
_ismbbkana
_ismbbkprint
_ismbbkpunct
_ismbblead
_ismbbprint
_ismbbpunct
_ismbbtrail
_ismbcalnum
_ismbcalpha
_ismbcdigit
_ismbcgraph
_ismbchira
_ismbckata
_ismbcl0
_ismbcl1
_ismbcl2
_ismbclegal
_ismbclower
_ismbcprint
_ismbcpunct
_ismbcspace
_ismbcsymbol
_ismbcupper
_ismbslead
_ismbstrail
_isnan
_itoa
_itow
_j0
_j1
_jn
_kbhit
_lfind
_loaddll
_local_unwind2
_lock
_locking
_logb
_longjmpex
_lrotl
_lrotr
_lsearch
_lseek
_lseeki64
_ltoa
_ltow
_makepath
_mbbtombc
_mbbtype
_mbcasemap
_mbccpy
_mbcjistojms
_mbcjmstojis
_mbclen
_mbctohira
_mbctokata
_mbctolower
_mbctombb
_mbctoupper
_mbctype
_mbsbtype
_mbscat
_mbschr
_mbscmp
_mbscoll
_mbscpy
_mbscspn
_mbsdec
_mbsdup
_mbsicmp
_mbsicoll
_mbsinc
_mbslen
_mbslwr
_mbsnbcat
_mbsnbcmp
_mbsnbcnt
_mbsnbcoll
_mbsnbcpy
_mbsnbicmp
_mbsnbicoll
_mbsnbset
_mbsncat
_mbsnccnt
_mbsncmp
_mbsncoll
_mbsncpy
_mbsnextc
_mbsnicmp
_mbsnicoll
_mbsninc
_mbsnset
_mbspbrk
_mbsrchr
_mbsrev
_mbsset
_mbsspn
_mbsspnp
_mbsstr
_mbstok
_mbstrlen
_mbsupr
_memccpy
_memicmp
_mkdir
_mktemp
_msize
_nextafter
_onexit
_open
_open_osfhandle
_osver
_outp
_outpd
_outpw
_pclose
_pctype
_pgmptr
_pipe
_popen
_purecall
_putch
_putenv
_putw
_putws
_pwctype
_read
_rmdir
_rmtmp
_rotl
_rotr
_safe_fdiv
_safe_fdivr
_safe_fprem
_safe_fprem1
_scalb
_searchenv
_seh_longjmp_unwind
_set_error_mode
_set_sbh_threshold
_seterrormode
_setjmp
_setjmp3
_setmaxstdio
_setmbcp
_setmode
_setsystime
_sleep
_snprintf
_snwprintf
_sopen
_spawnl
_spawnle
_spawnlp
_spawnlpe
_spawnv
_spawnve
_spawnvp
_spawnvpe
_splitpath
_stat
_stati64
_statusfp
_strcmpi
_strdate
_strdup
_strerror
_stricmp
_stricoll
_strlwr
_strncoll
_strnicmp
_strnicoll
_strnset
_strrev
_strset
_strtime
_strupr
_swab
_sys_errlist
_sys_nerr
_tell
_telli64
_tempnam
_timezone
_tolower
_toupper
_tzname
_tzset
_ui64toa
_ui64tow
_ultoa
_ultow
_umask
_ungetch
_unlink
_unloaddll
_unlock
_utime
_vsnprintf
_vsnwprintf
_waccess
_wasctime
_wchdir
_wchmod
_wcmdln
_wcreat
_wcsdup
_wcsicmp
_wcsicoll
_wcslwr
_wcsncoll
_wcsnicmp
_wcsnicoll
_wcsnset
_wcsrev
_wcsset
_wcsupr

Sections

.text
Size: 180KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/npFBDeskSign.dll
.dll regsvr32 windows:5 windows x86 arch:x86

9cbfa79a354b112d3700807d8529142d

Code Sign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:a1:54:33:d8:10:17:7a:4f:6e:d8:c3:1d:66:b4:4a:2b
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2015, 12:48

Not After

20/02/2016, 12:48

Subject

CN=Timeless Learning Technologies Pvt. Ltd.,OU=E-Lock,O=Timeless Learning Technologies Pvt. Ltd.,L=Pune,ST=Maharashtra,C=IN,1.2.840.113549.1.9.1=#0c0d616e6940656c6f636b2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:1d:3d:93:38:92:af:c8:e2:15:fc:ce:00:10:fc:6b:52:b6:ea:d4
Signer

Actual PE Digest

4e:1d:3d:93:38:92:af:c8:e2:15:fc:ce:00:10:fc:6b:52:b6:ea:d4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpyA
SetThreadLocale
GetThreadLocale
WaitForSingleObject
GetCurrentThreadId
EnterCriticalSection
SetLastError
GetLastError
RaiseException
FlushInstructionCache
GlobalUnlock
lstrlenW
MultiByteToWideChar
CreateFileA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoW
GetModuleHandleA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
lstrcmpW
GetModuleFileNameW
MulDiv
LeaveCriticalSection
GetCurrentProcess
WideCharToMultiByte
GlobalAlloc
GlobalLock
CloseHandle
SetEvent
CreateEventA
GetStringTypeA
IsValidCodePage
GetOEMCP
GetACP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapReAlloc
HeapDestroy
HeapCreate
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
HeapSize
GetStringTypeW
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc
lstrlenA
FindResourceW
FreeLibrary
LoadResource
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
InitializeCriticalSection
SizeofResource
ReleaseSemaphore
GetSystemTimeAsFileTime
GetProcAddress
lstrcmpiW
DeleteCriticalSection
GetTickCount
DuplicateHandle
CreateSemaphoreA
InterlockedExchange
TlsAlloc
TlsFree
TlsGetValue
SetWaitableTimer
InterlockedCompareExchange
TlsSetValue
InitializeCriticalSectionAndSpinCount
WaitForMultipleObjects
SystemTimeToFileTime
OpenEventA
GetProcessHeap
HeapAlloc
ResetEvent
GetCurrentProcessId
HeapFree
Sleep
CreateWaitableTimerW
FormatMessageA
LocalFree
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree

user32

DefWindowProcW
CallWindowProcW
SetWindowTextW
SendMessageW
ReleaseCapture
EndPaint
ClientToScreen
DestroyWindow
GetWindowTextLengthW
DestroyAcceleratorTable
GetWindow
CharNextW
RegisterWindowMessageW
FillRect
IsChild
SetCapture
GetFocus
GetParent
InvalidateRgn
LoadCursorW
GetClientRect
CreateAcceleratorTableW
SetFocus
BeginPaint
EqualRect
ShowWindow
UnionRect
IntersectRect
OffsetRect
PtInRect
GetKeyState
SetWindowRgn
GetWindowRect
SetCursor
PostMessageW
UnregisterClassA
GetClassInfoExW
GetDC
RegisterClassExW
InvalidateRect
GetWindowLongW
GetWindowTextW
GetClassNameW
ReleaseDC
GetDlgItem
SetWindowLongW
CreateWindowExW
IsWindow
SetWindowPos
GetSysColor
GetDesktopWindow
RedrawWindow
MoveWindow
ScreenToClient

gdi32

GetStockObject
CreateSolidBrush
RestoreDC
SaveDC
SetMapMode
GetObjectW
CreateDCW
LPtoDP
SetWindowOrgEx
TextOutW
SetTextAlign
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
GetDeviceCaps
DeleteDC
BitBlt
CreateRectRgnIndirect
SetViewportOrgEx

ole32

OleLockRunning
CoCreateInstance
CreateOleAdviseHolder
CLSIDFromString
CreateStreamOnHGlobal
StringFromGUID2
OleInitialize
OleUninitialize
CoGetClassObject
CoTaskMemAlloc
CoTaskMemRealloc
OleRegGetUserType
OleRegEnumVerbs
CoTaskMemFree
CLSIDFromProgID
OleRegGetMiscStatus

oleaut32

VarUI4FromStr
VariantCopyInd
RegisterTypeLi
UnRegisterTypeLi
OleCreatePropertyFrame
VariantCopy
SafeArrayCopy
SysStringByteLen
SafeArrayGetVartype
SafeArrayLock
LoadRegTypeLi
SafeArrayGetUBound
SafeArrayPutElement
OleCreateFontIndirect
SafeArrayGetElement
SysAllocStringLen
VariantInit
SafeArrayCreate
SafeArrayDestroy
SysAllocStringByteLen
LoadTypeLi
VariantClear
SysStringLen
SysAllocString
SysFreeString
SafeArrayRedim
VariantChangeType
SafeArrayUnlock
SafeArrayGetLBound

ws2_32

WSAStartup
WSACleanup

advapi32

RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegCloseKey

wininet

InternetQueryOptionW

urlmon

CreateURLMonikerEx
CreateAsyncBindCtx
IsValidURL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 940KB - Virtual size: 940KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 85KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/uninstall.exe.nsis
$SYSDIR/vctoolkit.dll
.dll windows:4 windows x86 arch:x86

43698e660b5af692cd0adb7effedafcb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

inet_addr
connect
select
__WSAFDIsSet
inet_ntoa
setsockopt
shutdown
socket
WSAStartup
WSACleanup
htons
gethostbyname
gethostname
recv
ioctlsocket
bind
listen
send
getsockopt
WSASetLastError
WSAGetLastError
htonl
closesocket

secur32

FreeCredentialsHandle
AcquireCredentialsHandleA
FreeContextBuffer
QuerySecurityPackageInfoA
CompleteAuthToken
InitializeSecurityContextA
DeleteSecurityContext

kernel32

GetVersion
GetFileType
GetStdHandle
FlushConsoleInputBuffer
FreeLibrary
LoadLibraryA
GetProcAddress
Sleep
CreateMutexA
GetLastError
WaitForSingleObject
ReleaseMutex
TerminateThread
GetExitCodeThread
SetLastError
GetCurrentThreadId
GetModuleHandleA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
FindNextFileA
FindFirstFileA
FindClose
GlobalMemoryStatus
GetVersionExA
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
CloseHandle
InterlockedExchange
InterlockedCompareExchange

user32

LoadStringA
GetProcessWindowStation
GetDesktopWindow
MessageBoxA
GetUserObjectInformationW

msvcr80

_errno
atoi
strncpy
getenv
malloc
_stat64i32
fread
fclose
fwrite
fopen
fprintf
fscanf
strchr
fflush
strftime
rewind
ftell
fseek
realloc
tolower
qsort
strcmp
memcpy
wcsstr
_vsnprintf
vfprintf
__iob_func
ferror
_setmode
_fileno
feof
fgets
memchr
isxdigit
isupper
strrchr
_localtime64
fputs
signal
_getch
calloc
_close
isprint
strerror
_ftime64
_difftime64
_mktime64
_beginthreadex
_endthreadex
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_unlock
__dllonexit
_lock
_onexit
_crt_debugger_hook
__clean_type_info_names_internal
_except_handler4_common
abort
free
strtok
isdigit
_gmtime64
strncmp
memset
_time64
isspace
sscanf
toupper
strstr
sprintf
_strdup
_mkdir
_stricmp
_strnicmp
_chmod
__sys_errlist
__sys_nerr
_read
_write
strtoul
memmove

advapi32

DeregisterEventSource
RegisterEventSourceA
ReportEventA

Exports

Exports

Vtk_BufferDelete
Vtk_CertCopy
Vtk_CertDelete
Vtk_CertExport
Vtk_CertGetExtensions
Vtk_CertGetInfo
Vtk_CertGetIssuer
Vtk_CertGetIssuerInChain
Vtk_CertHdlDelete
Vtk_CertInfoDelete
Vtk_CertInit
Vtk_CertIsCa
Vtk_CertLoadFromFile
Vtk_CertNew
Vtk_CertOfflineVerify
Vtk_CertPathValidation
Vtk_CertStoreAddCert
Vtk_CertStoreAddCertRaw
Vtk_CertStoreAddCerts
Vtk_CertStoreAddCertsRaw
Vtk_CertStoreCopy
Vtk_CertStoreDelete
Vtk_CertStoreDeleteCert
Vtk_CertStoreEnumCerts
Vtk_CertStoreGetCertByKeyHash
Vtk_CertStoreGetCertsByKeyHash
Vtk_CertStoreGetIssuer
Vtk_CertStoreLoadFromFile
Vtk_CertStoreNew
Vtk_CertStoreSaveToBuffer
Vtk_CertStoreSaveToFile
Vtk_CloseLog
Vtk_CtxtAddCert
Vtk_CtxtAddCerts
Vtk_CtxtDelete
Vtk_CtxtDownloadCrls
Vtk_CtxtGetCerts
Vtk_CtxtGetOption
Vtk_CtxtIsVaInfo
Vtk_CtxtNew
Vtk_CtxtOptionDeleteContent
Vtk_CtxtSetDefaultRevocationVa
Vtk_CtxtSetDefaultVa
Vtk_CtxtSetDefaultVaEx
Vtk_CtxtSetOption
Vtk_CtxtSetVaInfo
Vtk_CtxtSetVaInfoEx
Vtk_ErrorToString
Vtk_ErrorToString_r
Vtk_ExtensionDelete
Vtk_ExtensionGetByOid
Vtk_ExtensionGetOid
Vtk_ExtensionGetValue
Vtk_ExtensionInit
Vtk_ExtensionIsCritical
Vtk_ExtensionNew
Vtk_ExtensionsDelete
Vtk_ExtensionsGetCount
Vtk_ExtensionsGetith
Vtk_Finish
Vtk_GetCertificatePath
Vtk_GetNewCRL
Vtk_GetNewCoCrl
Vtk_GetNewVaCrl
Vtk_GetOcspDbFromVa
Vtk_Init
Vtk_ObjectIdentifierDelete
Vtk_ObjectIdentifierToString
Vtk_ObjectIdentifiersDelete
Vtk_ObjectIdentifiersGetCount
Vtk_ObjectIdentifiersGetith
Vtk_OpenLog
Vtk_RevocationAddCert
Vtk_RevocationAddCertRaw
Vtk_RevocationAddCertSerialNum
Vtk_RevocationAddReqExt
Vtk_RevocationDelete
Vtk_RevocationNew
Vtk_RevocationRevoke
Vtk_RevocationVaDataGetCount
Vtk_RevocationVaDataGetith
Vtk_StatusStringsDelete
Vtk_StatusToStrings
Vtk_VaConfigDataDelete
Vtk_VaConfigDelete
Vtk_VaConfigGetType
Vtk_VaConfigInitFromFile
Vtk_VaConfigInitFromVA
Vtk_VaConfigNew
Vtk_VaConfigSaveToFile
Vtk_VaDataDelete
Vtk_VaDataExceptionDelete
Vtk_VaDataExceptionGet
Vtk_VaDataHasRequest
Vtk_VaDataHasResponse
Vtk_VaDataInfoDelete
Vtk_VaDataInfoGet
Vtk_VaDataInfoSet
Vtk_VaDataNew
Vtk_VaDataPerformanceGet
Vtk_VaDataRequestGetHeader
Vtk_VaDataRequestGetRaw
Vtk_VaDataRequestInit
Vtk_VaDataRequestSingleDetailsCount
Vtk_VaDataRequestSingleDetailsGetith
Vtk_VaDataResponseGetHeader
Vtk_VaDataResponseGetRaw
Vtk_VaDataResponseInit
Vtk_VaDataResponseSingleDetailsCount
Vtk_VaDataResponseSingleDetailsGetith
Vtk_VaDataValidate
Vtk_VaExchangeValData
Vtk_ValHdlDelete
Vtk_ValHdlGetRevStatus
Vtk_ValPerformanceDataDelete
Vtk_ValPerformanceDataNew
Vtk_ValRequestDetailsDelete
Vtk_ValRequestSingleCertDetailsDelete
Vtk_ValRespDetailsDelete
Vtk_ValRespSingleCertDetailsDelete
Vtk_ValidationAddCert
Vtk_ValidationAddCertAux
Vtk_ValidationAddCertRaw
Vtk_ValidationAddCertSerialNum
Vtk_ValidationAddCertificateChain
Vtk_ValidationAddReqExt
Vtk_ValidationAddReqExtForSingleCert
Vtk_ValidationAddReqExtForSingleCertHdl
Vtk_ValidationDelete
Vtk_ValidationGetRevStatus
Vtk_ValidationGetValHdl
Vtk_ValidationInfoAdd
Vtk_ValidationInfoDelete
Vtk_ValidationInfoNew
Vtk_ValidationNew
Vtk_ValidationSetEventLogData
Vtk_ValidationSetOption
Vtk_ValidationStatusReport
Vtk_ValidationVaDataGetCount
Vtk_ValidationVaDataGetith
Vtk_ValidationValidate
Vtk_WriteLog
_Vtk_DefaultDelegatedCallback@16

Sections

.text
Size: 744KB - Virtual size: 743KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 216KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PDFEnhancerPatch.exe
.exe windows:4 windows x86 arch:x86

5a9b89741dd0eb9be8754b41c4d30c55

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:6d:10:d8:14:9d:f5:c8:f1:5b:d5:ea
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

03/03/2017, 12:09

Not After

04/03/2018, 12:09

Subject

CN=Timeless Learning Technologies Private Limited,O=Timeless Learning Technologies Private Limited,L=Pune,ST=Maharashtra,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4f:a6:c6:43:8a:e4:64:71:20:d6:6c:aa:e7:db:f6:94:9d:c7:cc:7a
Signer

Actual PE Digest

4f:a6:c6:43:8a:e4:64:71:20:d6:6c:aa:e7:db:f6:94:9d:c7:cc:7a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
FormatMessageA
DeleteFileA
MulDiv
IsDBCSLeadByte
GetExitCodeProcess
CreateProcessA
GetTempFileNameA
GetSystemDefaultLCID
WaitForSingleObject
CompareStringA
Sleep
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
FreeLibrary
RemoveDirectoryA
FindNextFileA
WritePrivateProfileSectionA
GetStartupInfoA
WriteFile
ReadFile
SetFileAttributesA
LocalFree
LocalAlloc
LockResource
LoadResource
FindResourceA
SizeofResource
GetModuleHandleA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
MultiByteToWideChar
lstrcmpiA
GetDiskFreeSpaceA
HeapAlloc
GetProcessHeap
HeapFree
GetModuleFileNameA
ExitProcess
CreateFileA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
lstrcpynA
SetFilePointer
GetFileSize
FindFirstFileA
CreateDirectoryA
GetLastError
GetPrivateProfileStringA
FindClose
GetFileAttributesA
lstrcatA
lstrlenA
GetWindowsDirectoryA
lstrcpyA
GetSystemDirectoryA
GetTempPathA
GetPrivateProfileSectionA
LoadLibraryA
MoveFileExA
WritePrivateProfileStringA
GetShortPathNameA
FlushFileBuffers
CloseHandle
IsBadCodePtr
IsBadReadPtr
SetStdHandle
LCMapStringW
LCMapStringA
SetUnhandledExceptionFilter
GetStdHandle
SetHandleCount
GetFileType
GetEnvironmentStrings
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
FreeEnvironmentStringsW
TerminateProcess
GetStringTypeW
GetCurrentProcess
GetOEMCP
GetACP
GetStringTypeA
IsBadWritePtr
HeapReAlloc
GetCPInfo
VirtualFree
HeapCreate
VirtualAlloc
GetVersion
GetCommandLineA
HeapDestroy
RtlUnwind

user32

GetParent
GetDlgItem
SetFocus
SendDlgItemMessageA
EnableWindow
CheckRadioButton
GetWindowLongA
LoadStringA
LoadImageA
MessageBoxA
CharNextA
IsDlgButtonChecked
GetDlgItemTextA
CheckDlgButton
SetDlgItemTextA
ReleaseDC
GetDC
GetWindow
PostMessageA
SetWindowTextA
wsprintfA
GetDesktopWindow
GetWindowTextA
DestroyWindow
CreateDialogParamA
FillRect
GetSysColor
GetSysColorBrush
EndPaint
BeginPaint
DrawTextA
MoveWindow
GetClientRect
ScreenToClient
GetNextDlgTabItem
SetParent
MapDialogRect
IsWindow
GetWindowRect
CreateDialogIndirectParamA
ShowWindow
InvalidateRect
IsWindowEnabled
SetWindowPos
UpdateWindow
IsDialogMessageA
SetWindowLongA
GetActiveWindow
SetActiveWindow
LoadIconA
PeekMessageA
SendMessageA
DispatchMessageA
TranslateMessage

gdi32

CreateFontIndirectA
RealizePalette
SelectPalette
CreatePalette
GetObjectA
GetStockObject
CreateDIBitmap
GetTextExtentPointA
SelectObject
EnumFontFamiliesExA
DeleteDC
BitBlt
TextOutA
SetBkMode
SetBkColor
CreateCompatibleDC
CreateSolidBrush
SetTextColor
DeleteObject
GetDeviceCaps

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc

lz32

LZOpenFileA
LZCopy
LZClose

comctl32

ord17

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RegDrv.EXE
.exe windows:4 windows x86 arch:x86

79bf9fbce3475beb9a05d2c8db83905e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

62:33:a2:33:ab:ae:b5:60:c1:b8:87:3a
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

23/04/2018, 08:18

Not After

23/04/2020, 08:18

Subject

CN=Timeless Learning Technologies Private Limited,O=Timeless Learning Technologies Private Limited,L=Pune,ST=Maharashtra,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2b:b3:ca:38:41:1a:4a:07:61:ff:9d:8a:e3:3d:18:39:0d:fc:f3:99:dd:cc:9b:e1:d8:a3:b1:b0:48:6e:2f:c9
Signer

Actual PE Digest

2b:b3:ca:38:41:1a:4a:07:61:ff:9d:8a:e3:3d:18:39:0d:fc:f3:99:dd:cc:9b:e1:d8:a3:b1:b0:48:6e:2f:c9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExA
GetProcAddress
GetModuleFileNameA
FreeLibrary
GetLastError
ExitProcess
TerminateProcess
GetCurrentProcess
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
ReadFile
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
RtlUnwind
WriteFile
SetFilePointer
FlushFileBuffers
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
SetStdHandle
CloseHandle

advapi32

RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegDeleteValueA

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SignApp.exe
.exe windows:5 windows x86 arch:x86

0215275abe0162be88bcc1269e720adb

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

62:33:a2:33:ab:ae:b5:60:c1:b8:87:3a
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

23/04/2018, 08:18

Not After

23/04/2020, 08:18

Subject

CN=Timeless Learning Technologies Private Limited,O=Timeless Learning Technologies Private Limited,L=Pune,ST=Maharashtra,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4a:30:52:56:44:db:f0:6b:ad:80:53:ec:c1:6b:90:13:a9:54:17:c1:8c:3b:7b:46:cf:f1:0c:52:e2:c6:fc:22
Signer

Actual PE Digest

4a:30:52:56:44:db:f0:6b:ad:80:53:ec:c1:6b:90:13:a9:54:17:c1:8c:3b:7b:46:cf:f1:0c:52:e2:c6:fc:22

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

J:\eti\DeskSeal\SignApp\SSLRelease\SignApp.pdb

Imports

ws2_32

WSASetEvent
freeaddrinfo
getaddrinfo
getnameinfo
connect
WSACreateEvent
WSAAddressToStringW
getsockopt
WSAEventSelect
inet_addr
gethostbyname
WSACleanup
WSACloseEvent
WSAStartup
WSAIoctl
getprotobyname
ioctlsocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEnumNetworkEvents
closesocket
select
gethostname
accept
socket
setsockopt
listen
WSASetLastError
send
recv
getpeername
shutdown
htons
bind
WSAGetLastError
getsockname
ntohs

crypt32

CryptStringToBinaryW
CertFreeCertificateContext
CertGetNameStringW
CertCreateCertificateContext
CryptBinaryToStringA
CryptStringToBinaryA

psapi

EnumProcessModules
GetModuleBaseNameA
EnumProcesses

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
SetLastError
FlushConsoleInputBuffer
GetVersionExA
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
GetLastError
CreateEventA
SetEvent
WaitForSingleObject
CloseHandle
CreateFileW
GetFileSize
ReadFile
DeleteFileW
FormatMessageA
EnterCriticalSection
CreateFileA
GetTempPathA
GetTempFileNameA
DeleteFileA
LeaveCriticalSection
GetSystemTimeAsFileTime
GetModuleFileNameA
InitializeCriticalSection
DeleteCriticalSection
Sleep
GetCurrentProcessId
OpenProcess
TerminateProcess
GetModuleFileNameW
CreateProcessW
GetCurrentProcess
WriteFile
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
WideCharToMultiByte
MultiByteToWideChar
ReleaseSemaphore
CreateSemaphoreA
GetCurrentThreadId
GetWindowsDirectoryA
SetFilePointer
GetModuleHandleA
GetVersion
GetFileType
GetStdHandle
GetTickCount
QueryPerformanceCounter
GlobalMemoryStatus

user32

GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
GetWindowThreadProcessId
GetShellWindow
PostQuitMessage
EndPaint
BeginPaint
DefWindowProcA
DestroyWindow
DialogBoxParamA
GetWindowInfo
UpdateWindow
CreateWindowExA
SendMessageA
EnumWindows
RegisterClassExA
LoadCursorA
LoadIconA
MessageBoxA
LoadAcceleratorsA
LoadStringA
EndDialog
GetDlgItem
SetFocus
GetDlgCtrlID
SendDlgItemMessageA
SetDlgItemTextA
DispatchMessageA
TranslateMessage
IsDialogMessageA
TranslateAcceleratorA
GetMessageA
PeekMessageA
MsgWaitForMultipleObjects
ShowWindow
CreateDialogParamA
IsWindow

comdlg32

GetOpenFileNameA

advapi32

RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
OpenProcessToken
LookupPrivilegeValueA
DuplicateTokenEx
AdjustTokenPrivileges

shell32

ShellExecuteW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysStringByteLen
SysAllocStringByteLen
SysStringLen
SafeArrayPutElement
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
VariantClear
VariantInit
SysFreeString

msvcp90

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?uncaught_exception@std@@YA_NXZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??_D?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ

msvcr90

memcpy
strncpy
strerror
atoi
memset
_vsnprintf
strncmp
_localtime64
_vsnprintf_s
fopen_s
fputs
fclose
signal
_errno
strtol
wcscat_s
_strnicmp
sprintf
_stat64i32
memmove
_stricmp
rand
getenv
realloc
__daylight
__timezone
tolower
isspace
isdigit
_CxxThrowException
strtoul
wcsstr
vfprintf
_exit
raise
strcmp
qsort
isxdigit
ferror
fread
fwrite
fflush
fopen
_setmode
_fileno
ftell
feof
fseek
fgets
_wfopen
_gmtime32
isupper
_getch
_ftime32
?terminate@@YAXXZ
_amsg_exit
__getmainargs
_cexit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_invoke_watson
_controlfp_s
_stat32
__CxxFrameHandler3
_time32
??3@YAXPAX@Z
_time64
free
strcat_s
strcpy_s
_beginthreadex
_endthreadex
malloc
wcscpy_s
sscanf_s
_strdup
_ltoa_s
strstr
strchr
strnlen
strncpy_s
strncat_s
strrchr
sprintf_s
_tzset
memcpy_s
memmove_s
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
??_V@YAXPAX@Z
_invalid_parameter_noinfo
modf
sscanf
fprintf
__iob_func
abort
_finite
?what@exception@std@@UBEPBDXZ

Sections

.text
Size: 792KB - Virtual size: 791KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 246KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
c.bin
enableroots.js
install.bat
.bat .vbs
k.bin
reg.txt
root.bin
validate.exe
.exe windows:4 windows x86 arch:x86

2224e43fe7816ee17ed85489cd21afd7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:6d:10:d8:14:9d:f5:c8:f1:5b:d5:ea
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

03/03/2017, 12:09

Not After

04/03/2018, 12:09

Subject

CN=Timeless Learning Technologies Private Limited,O=Timeless Learning Technologies Private Limited,L=Pune,ST=Maharashtra,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a5:1e:ce:91:0b:af:9b:f3:7b:6e:f1:ce:80:00:7a:60:d7:05:18:ca
Signer

Actual PE Digest

a5:1e:ce:91:0b:af:9b:f3:7b:6e:f1:ce:80:00:7a:60:d7:05:18:ca

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

etlicense

ord1
ord4
ord3
ord2

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
_strdup
strchr
sprintf
??2@YAPAXI@Z
free
malloc
_CxxThrowException
_strcmpi
_itoa
_setmbcp
__CxxFrameHandler
??3@YAXPAX@Z
sscanf

mfc42

ord2621
ord2818
ord4376
ord4853
ord470
ord755
ord2379
ord6334
ord2915
ord5572
ord4710
ord6199
ord4234
ord2302
ord2370
ord324
ord567
ord1168
ord1146
ord3610
ord4627
ord3663
ord617
ord540
ord296
ord800
ord860
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord641
ord656
ord2514
ord858
ord1576
ord4160
ord5214
ord1134
ord5265
ord4998
ord6052
ord1775
ord5280
ord4425
ord3597
ord6055
ord4078
ord1776
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord3402

kernel32

GetModuleHandleA
GetStartupInfoA

user32

GetClientRect
DrawIcon
IsIconic
EnableWindow
LoadIconA
MessageBoxA
SendMessageA
GetSystemMetrics

advapi32

RegEnumValueA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA

shell32

ShellExecuteA

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
vcredist_x86.exe
.exe windows:5 windows x86 arch:x86

092eb6daba2f17cbda102fd1a32acd00

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:9f:10:fb:28:5b:a0:06:4b:55:37:02:3f:8b:c9:e0:6e:17:38:01
Signer

Actual PE Digest

0a:9f:10:fb:28:5b:a0:06:4b:55:37:02:3f:8b:c9:e0:6e:17:38:01

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

GetDriveTypeA
HeapFree
FormatMessageA
LeaveCriticalSection
DeleteFileA
EnterCriticalSection
TerminateProcess
WaitForMultipleObjects
CreateEventW
SetEvent
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
SetLastError
WriteFile
MoveFileA
ExitProcess
DeleteCriticalSection
FlushFileBuffers
GetVersionExA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateFileA
FindNextFileA
FindFirstFileA
CopyFileA
SetFileAttributesA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetCurrentDirectoryA
SetEndOfFile
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
ExpandEnvironmentStringsA
GetFileSize
CreateThread
CreateEventA
GetProcessHeap
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
CloseHandle
DeviceIoControl
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
SetErrorMode
GetTickCount
CreateDirectoryA
GetLastError
RemoveDirectoryA
MoveFileExA
SetFilePointer
FindClose
ReadFile

msvcrt

strchr
_strnicmp
_stricmp
strrchr
_strlwr
strncpy
strstr
_snprintf
sprintf

advapi32

AllocateAndInitializeSid
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
OpenProcessToken

user32

ShowWindow
SendDlgItemMessageA
SendMessageA
DialogBoxParamA
LoadStringA
EndDialog
SetParent
MessageBoxA

ntdll

NtShutdownSystem
NtAdjustPrivilegesToken
NtClose
NtOpenProcessToken

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.0MB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3abe302b6d9a1256e6a915429af4ffd2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

62:33:a2:33:ab:ae:b5:60:c1:b8:87:3aCertificate

Extended Key Usages

Key Usages

0e:07:2c:e7:d5:b9:f6:a3:70:b4:75:35:ae:d8:92:47:e5:ba:a7:26:63:47:cd:7b:59:1f:e5:88:0a:54:2c:34Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 149KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 12KB - Virtual size: 12KB

4a94fd602a0ca3e379cb0b768b7e0690

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

msvcrt

atl

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 36KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 15KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 3KB

2c342274855a39a76cb393d2797de7c6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

62:33:a2:33:ab:ae:b5:60:c1:b8:87:3aCertificate

Extended Key Usages

Key Usages

0b:78:21:11:2d:46:3e:dc:ed:b1:75:6a:e5:89:aa:c1:60:fd:90:15:7f:0d:2b:78:49:a8:41:6c:82:51:b4:d8Signer

Headers

File Characteristics

Imports

wininet

crypt32

asnutil

etidef

kernel32

user32

gdi32

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

62:33:a2:33:ab:ae:b5:60:c1:b8:87:3a
Certificate

0e:07:2c:e7:d5:b9:f6:a3:70:b4:75:35:ae:d8:92:47:e5:ba:a7:26:63:47:cd:7b:59:1f:e5:88:0a:54:2c:34
Signer

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 149KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 12KB - Virtual size: 12KB

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 3KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

62:33:a2:33:ab:ae:b5:60:c1:b8:87:3a
Certificate

0b:78:21:11:2d:46:3e:dc:ed:b1:75:6a:e5:89:aa:c1:60:fd:90:15:7f:0d:2b:78:49:a8:41:6c:82:51:b4:d8
Signer

.text
Size: 130KB - Virtual size: 129KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 22KB - Virtual size: 21KB

.reloc
Size: 14KB - Virtual size: 13KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 72KB - Virtual size: 71KB

.rsrc
Size: 12KB - Virtual size: 10KB

.reloc
Size: 12KB - Virtual size: 11KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

62:33:a2:33:ab:ae:b5:60:c1:b8:87:3a
Certificate

6b:c6:72:78:ff:44:86:a2:4d:9f:0c:df:1b:d7:22:80:c8:28:51:67:57:a8:c4:72:dc:cd:29:0b:aa:9b:80:86
Signer

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 6KB

.CRT
Size: 4KB - Virtual size: 12B