ed691d649191f436ba3dc24f9ee93570_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ed691d649191f436ba3dc24f9ee93570_JaffaCakes118
Size

6.0MB
MD5

ed691d649191f436ba3dc24f9ee93570
SHA1

e8a57f5db1033e22dfb930de33c24ff64dddeb25
SHA256

040a1381528d9ca2d668c8d795256bf924aa8ccaed7f895cb46e763e9fb09d43
SHA512

f3a0204d5742e787badaa47a1c92e0e0a74cee3d26e331254031722c4fcb712561bb607e111a1a03b93341c98edc656b6a79f4df53aaff852ba04b997d474bf3
SSDEEP

98304:KYiZyl1Am2QvgQTuKS0qoOA8J004TjkJM5OSY+iPq4MRhInF9Ic7wqQEjTOeg90:6+GUvjTuK7kpJ004T35OB1qhhkVQEWed

Score

3^/10

Malware Config

Signatures

Unsigned PE 27 IoCs

Checks for missing Authenticode signature.

resource
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/NSISdl.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/ghost_win2k.sys
unpack002/$PLUGINSDIR/ghost_winxp.sys
unpack002/$PLUGINSDIR/poco_plugins.dll
unpack003/$PLUGINSDIR/InstallOptions.dll
unpack003/$PLUGINSDIR/NSISdl.dll
unpack003/$PLUGINSDIR/System.dll
unpack003/$PLUGINSDIR/poco_plugins.dll
unpack002/PImage.dll
unpack002/PhotoBeautify.dll
unpack002/PhotoCertificate.dll
unpack002/PhotoCutter.dll
unpack002/PhotoExport.dll
unpack002/PhotoFace.dll
unpack002/PhotoFaceSimpleness.dll
unpack002/PhotoPlateFrame.dll
unpack002/PhotoQQHead.dll
unpack002/PhotoSticker.dll
unpack002/PhotoWallpaper.dll
unpack002/PictureShow.exe
unpack002/Resource.dll
unpack004/$PLUGINSDIR/InstallOptions.dll
unpack004/$PLUGINSDIR/NSISdl.dll
unpack004/$PLUGINSDIR/System.dll
unpack004/$PLUGINSDIR/poco_plugins.dll

NSIS installer 3 IoCs

installer

resource	yara_rule
static1/unpack001/PICer_installer_pocoweb.exe	nsis_installer_1
static1/unpack002/$_14_/Uninstall.exe	nsis_installer_1
static1/unpack002/Uninstall.exe	nsis_installer_1

Files

ed691d649191f436ba3dc24f9ee93570_JaffaCakes118
.rar
PICer_installer_pocoweb.exe
.exe windows:4 windows x86 arch:x86

b2a0d9368ec1be7deb968a920e5c993e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:2c:0a:9c:f2:0f:b4:8f:ca:a5:1a:17:6e:98:05:17
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

14/07/2008, 00:00

Not After

14/07/2009, 23:59

Subject

CN=Guangzhou ShuLian Software Technology Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=tech,O=Guangzhou ShuLian Software Technology Ltd,L=guangzhou,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
SetFileTime
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
ExitProcess

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/driver.exe
.exe windows:4 windows x86 arch:x86

67d358789fa6d1e6811d2250f3d2baae

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:44:ca:5f:e1:1b:91:0e:c3:dd:1c:a9:29:d7:29:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

04/07/2007, 00:00

Not After

03/07/2008, 23:59

Subject

CN=Guangzhou ShuLian Software Technology Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technology,O=Guangzhou ShuLian Software Technology Ltd,L=guangzhou,ST=guangzhou,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\myrootkit\driver_load\release\driver_load.pdb

Imports

kernel32

GlobalAlloc
GlobalFree
InterlockedExchange
MultiByteToWideChar
WideCharToMultiByte
GetLastError
LoadResource
LockResource
SizeofResource
FindResourceA
FindResourceExA
CloseHandle
CreateThread
SetEvent
WaitForSingleObject
GetFullPathNameA
LoadLibraryExA
FreeLibrary
CreateFileA
GetModuleHandleA
GetProcAddress
LoadLibraryA
GetCurrentThreadId
GetCommandLineW
WriteFile
GetCurrentProcessId
CreateEventA
ResumeThread
Sleep
OpenEventA
DeleteFileA
HeapAlloc
HeapFree
VirtualAlloc
HeapReAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
HeapDestroy
HeapCreate
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSection
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
HeapSize
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
GetThreadLocale
RaiseException

user32

PostMessageA
MessageBoxA
UnregisterClassA

shell32

CommandLineToArgvW

setupapi

InstallHinfSectionW

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ghost_win2k.sys
.sys windows:5 windows x86 arch:x86

7ed52853e80dcee3d4c55bf0d2b7f547

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\code\rootkit\load\objfre_w2K_x86\i386\myload.pdb

Imports

ntoskrnl.exe

ExFreePool
ZwClose
KeSetEvent
KeWaitForSingleObject
KeServiceDescriptorTable
ZwReadFile
ZwCreateFile
MmGetSystemRoutineAddress
KeInitializeEvent
IoCreateNotificationEvent
RtlInitUnicodeString
ExAllocatePoolWithTag
KeQuerySystemTime
DbgPrint
PsGetCurrentProcessId
PsGetCurrentThreadId
KeTickCount

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 520B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 202B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ghost_winxp.sys
.sys windows:5 windows x86 arch:x86

333544fecb376ba97aba4b7c9140909e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\code\rootkit\load\objfre_wxp_x86\i386\myload.pdb

Imports

ntoskrnl.exe

ExFreePoolWithTag
ZwClose
KeSetEvent
KeWaitForSingleObject
KeServiceDescriptorTable
ZwReadFile
ZwCreateFile
MmGetSystemRoutineAddress
KeInitializeEvent
IoCreateNotificationEvent
RtlInitUnicodeString
ExAllocatePoolWithTag
KeQuerySystemTime
DbgPrint
PsGetCurrentProcessId
PsGetCurrentThreadId
KeTickCount

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 546B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 206B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsisFirewall.dll
.dll windows:4 windows x86 arch:x86

668ee366fb5b7f916e44ba8830cd1caf

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:44:ca:5f:e1:1b:91:0e:c3:dd:1c:a9:29:d7:29:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

04/07/2007, 00:00

Not After

03/07/2008, 23:59

Subject

CN=Guangzhou ShuLian Software Technology Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technology,O=Guangzhou ShuLian Software Technology Ltd,L=guangzhou,ST=guangzhou,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedExchange
MultiByteToWideChar
WideCharToMultiByte
GetLastError
lstrlenA
InterlockedDecrement
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
LocalFree
HeapAlloc
HeapFree
RaiseException
HeapReAlloc
VirtualAlloc
GetProcAddress
GetModuleHandleA
RtlUnwind
GetCurrentThreadId
GetCommandLineA
GetProcessHeap
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
HeapDestroy
HeapCreate
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
InitializeCriticalSection
LoadLibraryA
GetCPInfo

ole32

OleRun
CLSIDFromString
CoUninitialize
CoInitialize
CLSIDFromProgID
CoCreateInstance

oleaut32

SysFreeString
GetErrorInfo
SysAllocString
VariantClear

Exports

Exports

AddAuthorizedApplication
RemoveAuthorizedApplication

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/poco_plugins.dll
.dll windows:4 windows x86 arch:x86

04b366a6e4b8ef46b08a3c61848c729b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\安装包\安装包文档\browserhelper\release\browserhelper.pdb

Imports

kernel32

LoadResource
LockResource
SizeofResource
FindResourceA
FindResourceExA
lstrlenA
InterlockedDecrement
CloseHandle
GetLastError
CreateToolhelp32Snapshot
Process32First
OpenProcess
Process32Next
CreateDirectoryA
GetLocalTime
GetTempPathA
GetTempFileNameA
TerminateProcess
GetExitCodeProcess
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryA
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
LocalFree
VirtualAlloc
GetProcAddress
GetModuleHandleA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RtlUnwind
HeapCreate
VirtualFree
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCPInfo
GetOEMCP
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime

user32

UnregisterClassA
wsprintfA

advapi32

SetEntriesInAclA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
SetNamedSecurityInfoA

shell32

SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

iphlpapi

GetAdaptersInfo

urlmon

URLDownloadToFileA

Exports

Exports

D
E
G
K
KP
M
P
T
X
X2

Sections

.text
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_14_/FileExt.inf
$_14_/PictureShow.exe
.exe windows:4 windows x86 arch:x86

5f2bd9b2d68b7ffa9568c1bc0f866e49

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:44:ca:5f:e1:1b:91:0e:c3:dd:1c:a9:29:d7:29:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

04/07/2007, 00:00

Not After

03/07/2008, 23:59

Subject

CN=Guangzhou ShuLian Software Technology Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technology,O=Guangzhou ShuLian Software Technology Ltd,L=guangzhou,ST=guangzhou,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextFileA
FindClose
TerminateThread
GetFileAttributesA
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
FlushInstructionCache
SetLastError
GetCurrentThreadId
RaiseException
CreateDirectoryW
CreateDirectoryA
GetPrivateProfileStringW
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleFileNameA
CreateMutexA
GetCurrentProcessId
GetPrivateProfileIntA
ReleaseMutex
WritePrivateProfileStringA
GetPrivateProfileStringA
GetLocalTime
GetTempPathA
CreateFileA
WriteFile
CloseHandle
GetWindowsDirectoryA
GlobalAlloc
GlobalLock
GlobalUnlock
WinExec
SetFilePointer
ReadFile
GlobalSize
GlobalFree
Sleep
ResetEvent
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
FindFirstFileA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
SetHandleCount
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetOEMCP
GetCPInfo
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
HeapCreate
ExitProcess
RtlUnwind
GetStartupInfoA
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualQuery
GetSystemInfo
GetModuleHandleA
VirtualProtect
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
DeleteCriticalSection
InitializeCriticalSection
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetLongPathNameA
WaitForSingleObject
GetUserDefaultLCID
FindResourceExA
LoadResource
LockResource
SizeofResource
FindResourceA
GetLastError
CreateThread
CreateEventA
WideCharToMultiByte
SetEvent
GetTickCount
lstrlenA
InterlockedExchange
MultiByteToWideChar

user32

FrameRect
FillRect
LoadImageA
CloseClipboard
RegisterClipboardFormatA
SetClipboardData
EmptyClipboard
OpenClipboard
DrawTextA
IsWindowEnabled
EnableWindow
KillTimer
SetTimer
GetDC
ReleaseDC
SendMessageA
PostMessageA
GetSystemMetrics
PtInRect
InflateRect
InvalidateRect
IsWindowVisible
ShowWindow
LoadCursorA
RegisterClassExA
CreateWindowExA
BeginPaint
EndPaint
DefWindowProcA
UpdateWindow
SetWindowPos
LoadBitmapA
GetWindowRect
ClientToScreen
ReleaseCapture
GetDlgCtrlID
SystemParametersInfoA
GetCapture
SetCapture
DrawFocusRect
DrawEdge
GetParent
MoveWindow
CreatePopupMenu
DestroyMenu
SetWindowTextA
IsZoomed
PostQuitMessage
SetMenu
LoadIconA
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
LoadStringA
SendMessageTimeoutA
SetForegroundWindow
MessageBoxA
GetKeyboardState
SetCursor
DestroyWindow
GetClassInfoExA
SetWindowLongA
GetClientRect
AdjustWindowRectEx
GetWindowLongA
GetMenu
IsWindow
CallWindowProcA
TrackPopupMenu
AppendMenuA
UnregisterClassA

gdi32

SetStretchBltMode
SelectObject
DeleteObject
BitBlt
CreateCompatibleDC
DeleteDC
GetObjectA
SetTextColor
CreateFontIndirectA
CreateCompatibleBitmap
StretchBlt
SetBkMode
CreateSolidBrush
CreateDIBSection

advapi32

RegCreateKeyA
RegCloseKey
RegSetValueExA

shell32

ShellExecuteA
SHGetSpecialFolderPathA
ShellExecuteExA
DragQueryFileA
SHGetSpecialFolderPathW
SHFileOperationA

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
StringFromGUID2
GetHGlobalFromStream

oleaut32

SysAllocString
VariantClear

shlwapi

PathFindExtensionA
PathFindExtensionW

comctl32

ImageList_Create
ImageList_Add
ImageList_GetIconSize
ImageList_Destroy
ImageList_Draw
_TrackMouseEvent
ImageList_AddMasked

gdiplus

GdipImageRotateFlip
GdipSaveImageToStream
GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipSaveImageToFile
GdipImageSelectActiveFrame
GdipCreateBitmapFromStream
GdipCloneImage
GdipDisposeImage
GdipAlloc
GdipFree
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectRect
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipSetCompositingQuality
GdipSetCompositingMode
GdipDeleteGraphics
GdipCreateFromHDC

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Picture
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_14_/Uninstall.exe
.exe windows:4 windows x86 arch:x86

b2a0d9368ec1be7deb968a920e5c993e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:44:ca:5f:e1:1b:91:0e:c3:dd:1c:a9:29:d7:29:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

04/07/2007, 00:00

Not After

03/07/2008, 23:59

Subject

CN=Guangzhou ShuLian Software Technology Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technology,O=Guangzhou ShuLian Software Technology Ltd,L=guangzhou,ST=guangzhou,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
SetFileTime
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
ExitProcess

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsisFirewall.dll
.dll windows:4 windows x86 arch:x86

668ee366fb5b7f916e44ba8830cd1caf

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:44:ca:5f:e1:1b:91:0e:c3:dd:1c:a9:29:d7:29:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

04/07/2007, 00:00

Not After

03/07/2008, 23:59

Subject

CN=Guangzhou ShuLian Software Technology Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technology,O=Guangzhou ShuLian Software Technology Ltd,L=guangzhou,ST=guangzhou,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedExchange
MultiByteToWideChar
WideCharToMultiByte
GetLastError
lstrlenA
InterlockedDecrement
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
LocalFree
HeapAlloc
HeapFree
RaiseException
HeapReAlloc
VirtualAlloc
GetProcAddress
GetModuleHandleA
RtlUnwind
GetCurrentThreadId
GetCommandLineA
GetProcessHeap
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
HeapDestroy
HeapCreate
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
InitializeCriticalSection
LoadLibraryA
GetCPInfo

ole32

OleRun
CLSIDFromString
CoUninitialize
CoInitialize
CLSIDFromProgID
CoCreateInstance

oleaut32

SysFreeString
GetErrorInfo
SysAllocString
VariantClear

Exports

Exports

AddAuthorizedApplication
RemoveAuthorizedApplication

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/poco_plugins.dll
.dll windows:4 windows x86 arch:x86

04b366a6e4b8ef46b08a3c61848c729b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\安装包\安装包文档\browserhelper\release\browserhelper.pdb

Imports

kernel32

LoadResource
LockResource
SizeofResource
FindResourceA
FindResourceExA
lstrlenA
InterlockedDecrement
CloseHandle
GetLastError
CreateToolhelp32Snapshot
Process32First
OpenProcess
Process32Next
CreateDirectoryA
GetLocalTime
GetTempPathA
GetTempFileNameA
TerminateProcess
GetExitCodeProcess
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryA
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
LocalFree
VirtualAlloc
GetProcAddress
GetModuleHandleA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RtlUnwind
HeapCreate
VirtualFree
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCPInfo
GetOEMCP
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime

user32

UnregisterClassA
wsprintfA

advapi32

SetEntriesInAclA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
SetNamedSecurityInfoA

shell32

SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

iphlpapi

GetAdaptersInfo

urlmon

URLDownloadToFileA

Exports

Exports

D
E
G
K
KP
M
P
T
X
X2

Sections

.text
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_14_/UploadShell.dll
.dll regsvr32 windows:4 windows x86 arch:x86

af5fcab730308bf6abe5c28c32b11595

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:44:ca:5f:e1:1b:91:0e:c3:dd:1c:a9:29:d7:29:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

04/07/2007, 00:00

Not After

03/07/2008, 23:59

Subject

CN=Guangzhou ShuLian Software Technology Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technology,O=Guangzhou ShuLian Software Technology Ltd,L=guangzhou,ST=guangzhou,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetSetCookieA
InternetGetCookieA

kernel32

GlobalAlloc
GetTempPathA
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
SetLastError
GetTickCount
GetDateFormatA
CreateFileA
ReadFile
WriteFile
SetFilePointer
GetFileSize
MapViewOfFileEx
CreateFileMappingA
UnmapViewOfFile
DeleteFileA
GetTempFileNameA
TerminateThread
WaitForSingleObject
GetLocalTime
GetPrivateProfileStringA
CreateThread
SetEvent
CreateEventA
ResetEvent
GetFileAttributesA
MoveFileA
CopyFileA
GlobalFree
GlobalSize
CreateFileW
DeleteFileW
QueryPerformanceCounter
CreateDirectoryW
GlobalMemoryStatus
FindClose
FindFirstFileW
MapViewOfFile
CreateFileMappingW
SetEndOfFile
VirtualFree
VirtualAlloc
GetFileAttributesExW
Sleep
GetConsoleOutputCP
WriteConsoleA
GlobalLock
GetConsoleMode
GetConsoleCP
FreeLibrary
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetTimeZoneInformation
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetOEMCP
GetCPInfo
GetStdHandle
ExitProcess
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
GetTimeFormatA
GetSystemTimeAsFileTime
RtlUnwind
VirtualQuery
GetSystemInfo
GetModuleHandleA
VirtualProtect
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
GlobalUnlock
GetModuleFileNameW
GetThreadLocale
SetThreadLocale
WritePrivateProfileStringA
GetModuleFileNameA
CreateDirectoryA
InterlockedDecrement
InterlockedIncrement
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
FlushFileBuffers
EnterCriticalSection
RaiseException
GetVersionExA
CreateProcessA
CloseHandle
GetSystemDirectoryA
lstrlenA
CompareStringW
CompareStringA
lstrlenW
GetLastError
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
WriteConsoleW
SetStdHandle
HeapAlloc
HeapDestroy
GetLocaleInfoA
GetACP
SetEnvironmentVariableA
LocalFree
SetFileApisToOEM
FormatMessageA
FormatMessageW
FileTimeToLocalFileTime
OpenFileMappingA
OpenEventA
AreFileApisANSI
SystemTimeToFileTime
GetSystemTime
CompareFileTime
FileTimeToSystemTime
FindFirstFileA
FindNextFileA
FindNextFileW
SetFileAttributesA
ReleaseSemaphore
CreateSemaphoreA
WaitForMultipleObjects
LocalFileTimeToFileTime
DosDateTimeToFileTime
FileTimeToDosDateTime
SearchPathW
GetFullPathNameW
GetTempFileNameW
GetTempPathW
SearchPathA
GetCurrentDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryA
GetFullPathNameA
MoveFileW
RemoveDirectoryW
SetFileAttributesW
GetWindowsDirectoryW
GetWindowsDirectoryA
SetFileTime
SetCurrentDirectoryA
RemoveDirectoryA

user32

GetKeyState
CharLowerA
CharPrevExA
CharPrevA
CharNextA
GetDC
ReleaseDC
UnregisterClassA
FillRect
wsprintfA
CallWindowProcA
CreateWindowExA
RegisterClassExA
DefWindowProcA
DestroyWindow
LoadCursorA
GetClassInfoExA
SetWindowLongA
DialogBoxParamA
EndDialog
SetTimer
MessageBoxA
EnableWindow
SetWindowTextA
MoveWindow
ShowWindow
GetWindowTextA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetActiveWindow
SetFocus
GetWindowLongA
GetParent
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
KillTimer
GetDlgItem
SendMessageA
CharUpperW
CharUpperA
CharLowerW

gdi32

RealizePalette
GetDIBits
CreateDIBitmap
CreateICW
GetDeviceCaps
GetDIBColorTable
BitBlt
GetObjectW
SetStretchBltMode
CreateDIBSection
GetObjectA
StretchBlt
SetDIBColorTable
SelectObject
DeleteDC
CreateCompatibleDC
SetBkColor
SetBkMode
CreateSolidBrush
DeleteObject
CreateFontIndirectA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ole32

GetHGlobalFromStream
CreateStreamOnHGlobal
StringFromGUID2
CoCreateInstance
CoCreateGuid

oleaut32

VariantCopy
SysAllocStringLen
VariantClear
SysAllocString
SysFreeString
LoadTypeLi
LoadRegTypeLi
SysStringLen

shlwapi

PathFindExtensionA
PathFindExtensionW

gdiplus

GdipImageSelectActiveFrame
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDrawImageRectRectI
GdipSetInterpolationMode
GdipSetCompositingQuality
GdipCreateFromHDC
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipSaveImageToStream
GdipCloneImage
GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToFile
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree

psapi

GetProcessMemoryInfo

ws2_32

htons
WSASetLastError
WSAStartup
recv
shutdown
WSACleanup
WSAAsyncGetHostByName
WSAAsyncSelect
closesocket
send
WSAGetLastError
connect
socket

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 564KB - Virtual size: 563KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_14_/config.ini
$_14_/poco_plugins.dll
.dll windows:4 windows x86 arch:x86

04b366a6e4b8ef46b08a3c61848c729b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:44:ca:5f:e1:1b:91:0e:c3:dd:1c:a9:29:d7:29:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

04/07/2007, 00:00

Not After

03/07/2008, 23:59

Subject

CN=Guangzhou ShuLian Software Technology Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technology,O=Guangzhou ShuLian Software Technology Ltd,L=guangzhou,ST=guangzhou,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\安装包\安装包文档\browserhelper\release\browserhelper.pdb

Imports

kernel32

LoadResource
LockResource
SizeofResource
FindResourceA
FindResourceExA
lstrlenA
InterlockedDecrement
CloseHandle
GetLastError
CreateToolhelp32Snapshot
Process32First
OpenProcess
Process32Next
CreateDirectoryA
GetLocalTime
GetTempPathA
GetTempFileNameA
TerminateProcess
GetExitCodeProcess
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryA
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
LocalFree
VirtualAlloc
GetProcAddress
GetModuleHandleA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RtlUnwind
HeapCreate
VirtualFree
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCPInfo
GetOEMCP
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime

user32

UnregisterClassA
wsprintfA

advapi32

SetEntriesInAclA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
SetNamedSecurityInfoA

shell32

SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

iphlpapi

GetAdaptersInfo

urlmon

URLDownloadToFileA

Exports

Exports

D
E
G
K
KP
M
P
T
X
X2

Sections

.text
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_14_/update.exe
.exe windows:4 windows x86 arch:x86

78189dd0df726438a5e2d9d459e546a6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:44:ca:5f:e1:1b:91:0e:c3:dd:1c:a9:29:d7:29:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

04/07/2007, 00:00

Not After

03/07/2008, 23:59

Subject

CN=Guangzhou ShuLian Software Technology Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technology,O=Guangzhou ShuLian Software Technology Ltd,L=guangzhou,ST=guangzhou,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Downloader\Release\update.pdb

Imports

kernel32

WriteFile
SetFilePointer
MoveFileA
CloseHandle
GetFileAttributesA
CreateDirectoryA
FindResourceA
LoadResource
GetTickCount
RaiseException
SizeofResource
FindResourceExA
WideCharToMultiByte
LockResource
GetFileSize
ReadFile
MultiByteToWideChar
GetTempPathA
GetTempFileNameA
LocalFree
CreateProcessA
Sleep
GetPrivateProfileStringA
WritePrivateProfileStringA
GetModuleFileNameA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CreateToolhelp32Snapshot
Process32First
Process32Next
GetProcAddress
GetModuleHandleA
OpenProcess
VirtualAllocEx
CreateFileA
CreateRemoteThread
WaitForSingleObject
OpenFileMappingA
GetExitCodeProcess
TerminateProcess
GetPrivateProfileIntA
GetLocalTime
LoadLibraryA
FreeLibrary
InterlockedExchange
CreateEventA
CreateThread
ResumeThread
SetCurrentDirectoryA
GetPrivateProfileSectionNamesA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLastError
DeleteFileA
WriteProcessMemory
GetConsoleMode
GetConsoleCP
GetOEMCP
GetCPInfo
IsDebuggerPresent
GetCurrentProcess
InterlockedDecrement
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ExitProcess
VirtualFree
HeapCreate
LCMapStringW
LCMapStringA
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
GetACP
GetLocaleInfoA
GetThreadLocale
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
VirtualAlloc
VirtualQuery
GetCommandLineA
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetStringTypeA

user32

CharUpperA
UnregisterClassA
MessageBoxA
CharNextA

advapi32

RegCreateKeyA
RegQueryValueExA

shell32

ShellExecuteA
SHGetSpecialFolderPathA
CommandLineToArgvW

ole32

StringFromGUID2
CLSIDFromString
CoCreateGuid

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString

iphlpapi

GetAdaptersInfo

psapi

GetModuleFileNameExA

ws2_32

bind
htons
inet_addr
socket
closesocket
WSACleanup
gethostbyname
connect
send
recv
sendto
WSAStartup
WSAGetLastError
htonl

urlmon

URLDownloadToFileA

Sections

.text
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FileExt.inf
PImage.dll
.dll regsvr32 windows:4 windows x86 arch:x86

2a7b67d1667feeee9358e7e3c8e9f9ab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\My_Application_2005\Source_in_Vss\PictureProj\Release\PImage.pdb

Imports

kernel32

GetThreadLocale
lstrcmpiW
FreeLibrary
LoadLibraryExW
GetModuleHandleW
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
SetEndOfFile
SetFilePointer
GetFileAttributesExW
Sleep
SetFileAttributesW
SetThreadLocale
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
LoadLibraryA
GetStringTypeW
WritePrivateProfileStringW
InterlockedDecrement
InterlockedIncrement
RaiseException
GetModuleFileNameW
CreateDirectoryW
GetTickCount
FindNextFileW
VirtualFree
GetFileAttributesW
lstrlenA
lstrlenW
WideCharToMultiByte
DeleteFileW
GlobalSize
GlobalFree
WriteFile
GlobalAlloc
GlobalLock
GlobalUnlock
CreateFileW
ReadFile
CloseHandle
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
MultiByteToWideChar
InterlockedExchange
DeleteCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
CreateFileA
GetStringTypeA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetACP
LCMapStringA
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapCreate
GetOEMCP
GetCPInfo
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCommandLineA
GetCurrentThreadId
VirtualQuery
GetSystemInfo
GetModuleHandleA
GetProcAddress
VirtualProtect
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
GetVersionExA
GetLocaleInfoA
HeapDestroy

user32

InvalidateRect
KillTimer
SetTimer
CharNextW
DrawTextW
GetDC
ReleaseDC
RegisterClipboardFormatW
FillRect
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
UnregisterClassA
EmptyClipboard

gdi32

BeginPath
EndPath
ExtCreatePen
StrokePath
GetStockObject
SetTextColor
SetBkMode
GetObjectA
CreatePen
MoveToEx
LineTo
CreateSolidBrush
BitBlt
CreateICW
CreateDIBSection
GetObjectW
SetDIBColorTable
CreateCompatibleDC
SelectObject
GetDIBColorTable
DeleteDC
DeleteObject
GetDeviceCaps

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

SHGetSpecialFolderPathW
DragQueryFileW

ole32

GetHGlobalFromStream
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CreateStreamOnHGlobal

oleaut32

LoadRegTypeLi
SysStringLen
VarUI4FromStr
SysFreeString
LoadTypeLi

shlwapi

PathFindExtensionW

gdiplus

GdipSaveImageToFile
GdipDeleteGraphics
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipCloneImage
GdiplusShutdown
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipSaveImageToStream
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipAlloc
GdipFree
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipGetImageGraphicsContext
GdipDrawImageI
GdipCreateFromHDC
GdipSetCompositingQuality
GdipSetInterpolationMode
GdipCloneBrush
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipMeasureString
GdipDrawString
GdipSetWorldTransform
GdipSetTextRenderingHint
GdipCreateSolidFill
GdipScaleMatrix
GdipCreateMatrix
GdipDeleteFont
GdipDeleteBrush
GdipDeleteMatrix
GdipCreateBitmapFromFile
GdipDrawImageRectRectI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetFrameImgEx

Sections

.text
Size: 300KB - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PhotoBeautify.dll
.dll windows:4 windows x86 arch:x86

08c9ed47d24f8c86cd82315aef5180f5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\My_Application_2005\Source_in_Vss\PictureProj\Release\PhotoBeautify.pdb

Imports

kernel32

RaiseException
RtlUnwind
HeapSize
ExitProcess
ExitThread
CreateThread
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
GetACP
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
GetProcessHeap
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
InterlockedCompareExchange
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapAlloc
HeapReAlloc
HeapFree
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
FlushFileBuffers
SetFilePointer
ReadFile
GetThreadLocale
GetOEMCP
GetCPInfo
InterlockedIncrement
GlobalFlags
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
TlsGetValue
LocalAlloc
GetCurrentProcessId
SuspendThread
ResumeThread
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
InterlockedDecrement
GetModuleFileNameW
FormatMessageA
LocalFree
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GetUserDefaultLCID
GetProfileIntA
GetCurrentProcess
FlushInstructionCache
GlobalMemoryStatus
GetCurrentThreadId
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
GetVersionExA
GetPrivateProfileIntA
WritePrivateProfileStringA
lstrcpyA
MulDiv
CreateEventA
DeleteCriticalSection
InitializeCriticalSection
ResetEvent
WaitForSingleObject
SetEvent
CloseHandle
WriteFile
CreateFileA
FreeResource
FreeLibrary
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
GetFileAttributesA
SetLastError
GetTempPathA
GetTickCount
LoadLibraryA
GetProcAddress
GetModuleHandleA
LockResource
Sleep
SizeofResource
IsProcessorFeaturePresent
LoadResource
FindResourceA
GetLastError
WideCharToMultiByte
InterlockedExchange
MultiByteToWideChar
GetVersion
CompareStringA
FreeEnvironmentStringsW
lstrlenA

user32

SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetSubMenu
GetMenuItemID
GetClassInfoExA
AdjustWindowRectEx
DeferWindowPos
SetScrollInfo
GetDlgCtrlID
GetWindowPlacement
GetWindow
IntersectRect
SetWindowTextA
RegisterClassA
GetWindowDC
GetDCEx
DestroyMenu
TrackPopupMenu
ShowWindow
RegisterClassExA
UnregisterClassA
CallWindowProcA
CallNextHookEx
EqualRect
UnhookWindowsHookEx
SetWindowsHookExA
GetMenuItemRect
GetClassNameA
SetMenuItemInfoA
GetSystemMenu
GetMenuItemCount
IsMenu
GetMenu
RemovePropA
DrawStateA
DestroyIcon
SystemParametersInfoA
GetMenuItemInfoA
GetSysColorBrush
DrawIconEx
SetWindowRgn
IsZoomed
GetForegroundWindow
DestroyCursor
GetDC
FrameRect
GetActiveWindow
WindowFromPoint
GetNextDlgTabItem
GetWindowLongA
IsRectEmpty
EnableMenuItem
DefFrameProcA
ClientToScreen
SetRectEmpty
TranslateMessage
GetLastActivePopup
LoadStringA
LoadAcceleratorsA
LoadImageA
LoadIconA
LoadBitmapA
KillTimer
InflateRect
AppendMenuA
CreatePopupMenu
MessageBoxA
IsWindowVisible
IsIconic
LoadCursorA
MoveWindow
SetTimer
GetSystemMetrics
ScreenToClient
UpdateWindow
GetWindowRect
GetCursorPos
EndPaint
BeginPaint
DefWindowProcA
SetCursor
GetPropA
SetWindowLongA
SetPropA
IsWindow
OffsetRect
CopyRect
SendMessageA
SetWindowPos
CreateWindowExA
TrackMouseEvent
DestroyWindow
SetScrollPos
GetScrollPos
GetScrollRange
PtInRect
SetRect
GetSysColor
UnpackDDElParam
ReuseDDElParam
LoadMenuA
DrawFocusRect
InsertMenuItemA
BringWindowToTop
SetMenu
TranslateAcceleratorA
GetCapture
ReleaseDC
FillRect
DispatchMessageA
GetMessageA
EnableWindow
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetKeyState
GetWindowTextA
GetParent
PostMessageA
SetCapture
GetClientRect
ReleaseCapture
InvalidateRect
RedrawWindow
TranslateMDISysAccel
DrawMenuBar
PeekMessageA
DefMDIChildProcA
GetDesktopWindow
CreateDialogIndirectParamA
EndDialog
GetWindowThreadProcessId
ShowOwnedPopups
ValidateRect
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
GetMenuState
CheckMenuItem
IsWindowEnabled
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetClassLongA
GetFocus
SetFocus
InsertMenuA
GetWindowTextLengthA
GetClassInfoA

gdi32

CreateRectRgnIndirect
CreateFontA
SetBkColor
SetBkMode
SetTextColor
DeleteObject
DeleteDC
CreateDIBSection
StretchBlt
GetDIBColorTable
CreateFontIndirectA
MoveToEx
AngleArc
GetDeviceCaps
SetPixel
CreateRectRgn
CreateRoundRectRgn
CombineRgn
RoundRect
GetTextExtentPoint32A
GetClipBox
GetCurrentObject
GetTextMetricsA
Ellipse
GetBitmapBits
CreateBitmapIndirect
SetBitmapBits
CreateDCA
SetMapMode
SetROP2
CreatePatternBrush
UnrealizeObject
PatBlt
EnumFontFamiliesA
LineTo
SaveDC
RestoreDC
CreateSolidBrush
ExcludeClipRect
SelectClipRgn
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SetRectRgn
Rectangle
CreatePen
GetStockObject
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetPixel
CreateBitmap
GetObjectA
GetBkColor
BitBlt
DPtoLP
GetViewportExtEx
GetWindowExtEx
GetMapMode
CreateCompatibleBitmap
CreateCompatibleDC
LPtoDP

msimg32

AlphaBlend
TransparentBlt

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA

shell32

DragQueryFileA
ShellExecuteExA
ShellExecuteA
DragFinish

comctl32

ImageList_AddMasked
_TrackMouseEvent
ImageList_GetIcon
InitCommonControlsEx
ImageList_Draw

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantChangeType
VariantClear
VariantInit
SysAllocString

gdiplus

GdiplusShutdown

Exports

Exports

CreatePlugin

Sections

.text
Size: 380KB - Virtual size: 378KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PhotoCertificate.dll
.dll windows:4 windows x86 arch:x86

2a1350e3e9fcd079a674016e8e30a724

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\My_Application_2005\Source_in_Vss\PictureProj\Release\PhotoCertificate.pdb

Imports

kernel32

GetCommandLineA
GetProcessHeap
RtlUnwind
RaiseException
ExitProcess
ExitThread
CreateThread
HeapSize
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
GetACP
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsDebuggerPresent
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetDriveTypeA
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
InterlockedCompareExchange
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapAlloc
HeapReAlloc
HeapFree
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetCurrentDirectoryA
GetOEMCP
GetCPInfo
GlobalFlags
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
TlsGetValue
LocalAlloc
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetThreadLocale
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
GetFileTime
GetFileSize
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentProcessId
SuspendThread
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
InterlockedDecrement
GetModuleFileNameW
FormatMessageA
LocalFree
GetUserDefaultLCID
GetProfileIntA
GetCurrentProcess
FlushInstructionCache
GlobalMemoryStatus
GetCurrentThreadId
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
GetVersionExA
GetExitCodeThread
lstrcpynA
DeleteFileA
FindClose
FindNextFileA
FindFirstFileA
CreateDirectoryA
GetTickCount
ResumeThread
InterlockedIncrement
MulDiv
CreateEventA
DeleteCriticalSection
InitializeCriticalSection
ResetEvent
SetEvent
CloseHandle
WriteFile
CreateFileA
FreeResource
FreeLibrary
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
WritePrivateProfileStringA
GetLocalTime
LockResource
GetFileAttributesA
GetPrivateProfileIntA
GetPrivateProfileStringA
lstrcpyA
Sleep
SetLastError
LoadLibraryA
GetProcAddress
GetModuleHandleA
SizeofResource
LoadResource
FindResourceA
GetModuleFileNameA
GetLastError
WideCharToMultiByte
InterlockedExchange
MultiByteToWideChar
IsProcessorFeaturePresent
GetVersion
CompareStringW
CompareStringA
QueryPerformanceCounter
lstrlenA

user32

GetMessageTime
GetMessagePos
MapWindowPoints
GetClassInfoExA
GetClassInfoA
AdjustWindowRectEx
DeferWindowPos
GetDlgCtrlID
IntersectRect
GetWindowPlacement
GetWindow
GetMenuState
GetMenuItemID
GetSubMenu
SetWindowTextA
RegisterClassA
GetWindowDC
GetSysColorBrush
SetCapture
GetCapture
DestroyMenu
TrackPopupMenu
EndPaint
BeginPaint
ShowWindow
MoveWindow
RegisterClassExA
DefWindowProcA
UnregisterClassA
GetMessageA
CallWindowProcA
CallNextHookEx
EqualRect
SetWindowLongA
UnhookWindowsHookEx
SetWindowsHookExA
GetMenuItemRect
GetClassNameA
SetMenuItemInfoA
GetSystemMenu
GetMenuItemCount
IsMenu
GetMenu
GetPropA
RemovePropA
SetPropA
DrawStateA
DestroyIcon
SystemParametersInfoA
GetMenuItemInfoA
TrackMouseEvent
MsgWaitForMultipleObjects
IsRectEmpty
InsertMenuA
UnpackDDElParam
ReleaseCapture
GetCursorPos
DestroyWindow
SetWindowPos
GetTopWindow
TranslateMessage
PeekMessageA
DispatchMessageA
UnionRect
SetRectEmpty
LoadStringA
LoadAcceleratorsA
LoadIconA
LoadBitmapA
DestroyCursor
LoadImageA
ReleaseDC
GetDC
DrawFocusRect
GetSysColor
GetActiveWindow
WindowFromPoint
ClientToScreen
GetNextDlgTabItem
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FrameRect
DrawIconEx
SetWindowRgn
GetWindowLongA
IsZoomed
PostMessageA
GetForegroundWindow
IsWindow
InvalidateRect
InflateRect
MessageBoxA
SetTimer
GetKeyState
SetCursor
PtInRect
GetFocus
ReuseDDElParam
LoadMenuA
InsertMenuItemA
CharUpperA
BringWindowToTop
SetMenu
TranslateAcceleratorA
GetWindowThreadProcessId
EnableMenuItem
AppendMenuA
CreatePopupMenu
KillTimer
IsIconic
SendMessageA
CopyRect
OffsetRect
SetRect
GetParent
GetSystemMetrics
GetWindowRect
ScreenToClient
EnableWindow
FillRect
GetDlgItem
LoadCursorA
IsWindowVisible
GetClientRect
RedrawWindow
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
CreateWindowExA
DefFrameProcA
ShowOwnedPopups
ValidateRect
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
CheckMenuItem
IsDialogMessageA
GetDesktopWindow
CreateDialogIndirectParamA
IsWindowEnabled
EndDialog
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetClassLongA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetLastActivePopup
SetActiveWindow
BeginDeferWindowPos
UpdateWindow
EndDeferWindowPos
SetForegroundWindow

gdi32

DeleteDC
GetPixel
SetPixel
GetTextExtentPoint32A
GetDeviceCaps
RoundRect
Rectangle
CreateFontIndirectA
MoveToEx
AngleArc
StretchBlt
GetDIBColorTable
SetDIBColorTable
SetStretchBltMode
SetBrushOrgEx
SetBkMode
GetClipBox
GetCurrentObject
GetTextMetricsA
Ellipse
GetBitmapBits
CreateBitmapIndirect
SetBitmapBits
CreateDCA
SetMapMode
SetROP2
DPtoLP
CreateFontA
CreatePatternBrush
UnrealizeObject
PatBlt
EnumFontFamiliesA
Polygon
LineTo
SaveDC
RestoreDC
SetPolyFillMode
ExcludeClipRect
SetTextColor
SelectClipRgn
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
SetRectRgn
SetBkColor
CreateBitmap
GetObjectA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreatePen
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CombineRgn
CreateRoundRectRgn
CreateRectRgn
CreateDIBSection
DeleteObject
GetStockObject
CreateSolidBrush

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA

shell32

DragFinish
DragQueryFileA
ShellExecuteExA
ShellExecuteA

comctl32

ImageList_Draw
ImageList_AddMasked
InitCommonControlsEx
_TrackMouseEvent
ImageList_GetIcon

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree

oleaut32

VariantChangeType
SysAllocString
VariantClear
VariantInit

gdiplus

GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipGetImagePixelFormat
GdiplusShutdown
GdipFree

Exports

Exports

CreatePlugin

Sections

.text
Size: 424KB - Virtual size: 421KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PhotoCutter.dll
.dll windows:4 windows x86 arch:x86

66e84b2efdda4e6ba7a95c45f5c24d54

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\My_Application_2005\Source_in_Vss\PictureProj\Release\PhotoCutter.pdb

Imports

kernel32

GetProcessHeap
RtlUnwind
RaiseException
ExitProcess
ExitThread
CreateThread
HeapSize
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
GetACP
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetDriveTypeA
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
InterlockedCompareExchange
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapAlloc
HeapReAlloc
HeapFree
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetOEMCP
GetCPInfo
GlobalFlags
GetCurrentDirectoryA
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
TlsGetValue
LocalAlloc
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetThreadLocale
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
GetFileTime
GetFileSize
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetCurrentProcessId
GlobalAddAtomA
SuspendThread
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GlobalDeleteAtom
InterlockedDecrement
GetModuleFileNameW
FormatMessageA
LocalFree
GetProfileIntA
GetCurrentProcess
FlushInstructionCache
GlobalMemoryStatus
GetCurrentThreadId
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
GetVersionExA
MulDiv
CreateEventA
DeleteCriticalSection
InitializeCriticalSection
ResetEvent
SetEvent
GetUserDefaultLCID
GetExitCodeThread
lstrcpynA
lstrcpyA
DeleteFileA
FindClose
FindNextFileA
FindFirstFileA
GetPrivateProfileStringA
CreateDirectoryA
GetTickCount
ResumeThread
InterlockedIncrement
GetPrivateProfileIntA
WritePrivateProfileStringA
CloseHandle
WriteFile
CreateFileA
FreeResource
FreeLibrary
WaitForSingleObject
LockResource
GetFileAttributesA
Sleep
SetLastError
LoadLibraryA
GetProcAddress
GetModuleHandleA
SizeofResource
LoadResource
FindResourceA
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
GetLastError
WideCharToMultiByte
InterlockedExchange
MultiByteToWideChar
GetVersion
IsProcessorFeaturePresent
CompareStringW
CompareStringA
QueryPerformanceCounter
lstrlenA

user32

GetClassInfoExA
GetClassInfoA
AdjustWindowRectEx
DeferWindowPos
IntersectRect
GetWindowPlacement
GetWindow
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
ShowOwnedPopups
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
ModifyMenuA
CheckMenuItem
PostQuitMessage
GetMenuState
GetMenuItemID
GetSubMenu
SetWindowTextA
RegisterClassA
GetWindowDC
GetSysColorBrush
SetCapture
GetCapture
DestroyMenu
TrackPopupMenu
EndPaint
BeginPaint
ShowWindow
MoveWindow
RegisterClassExA
DefWindowProcA
UnregisterClassA
GetMessageA
CallWindowProcA
CallNextHookEx
EqualRect
UnhookWindowsHookEx
SetWindowsHookExA
GetMenuItemRect
GetClassNameA
SetMenuItemInfoA
GetSystemMenu
GetMenuItemCount
IsMenu
GetMenu
GetPropA
RemovePropA
SetPropA
DrawStateA
DestroyIcon
SystemParametersInfoA
GetMenuItemInfoA
TrackMouseEvent
DrawFocusRect
UnpackDDElParam
WindowFromPoint
GetNextDlgTabItem
GetSysColor
UnionRect
SetForegroundWindow
UpdateWindow
ReleaseCapture
DestroyWindow
ClientToScreen
SetWindowPos
CreateWindowExA
InflateRect
ReleaseDC
GetDC
TranslateMessage
PeekMessageA
MsgWaitForMultipleObjects
DispatchMessageA
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FrameRect
DrawIconEx
SetWindowRgn
IsZoomed
PostMessageA
GetForegroundWindow
IsIconic
LoadStringA
LoadAcceleratorsA
LoadImageA
LoadIconA
LoadBitmapA
EnableWindow
IsWindow
OffsetRect
EnableMenuItem
SetTimer
GetParent
AppendMenuA
CreatePopupMenu
KillTimer
MessageBoxA
GetKeyState
SetCursor
ReuseDDElParam
LoadMenuA
InsertMenuItemA
CharUpperA
BringWindowToTop
SetMenu
TranslateAcceleratorA
IsDialogMessageA
PtInRect
InvalidateRect
CopyRect
SetRect
GetCursorPos
IsWindowVisible
FillRect
IsRectEmpty
SendMessageA
SetWindowLongA
GetSystemMetrics
GetWindowLongA
SetRectEmpty
DestroyCursor
LoadCursorA
GetWindowRect
GetClientRect
ScreenToClient
RedrawWindow
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
InsertMenuA
DefFrameProcA
GetDesktopWindow
CreateDialogIndirectParamA
EndDialog
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetClassLongA
SetFocus
GetWindowTextLengthA
GetWindowTextA
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
GetActiveWindow
GetDlgCtrlID

gdi32

GetDIBColorTable
SetStretchBltMode
SetBrushOrgEx
SetBkMode
RoundRect
CreateFontIndirectA
MoveToEx
AngleArc
GetDeviceCaps
GetTextExtentPoint32A
Rectangle
CreateBitmap
SetBkColor
SetTextColor
GetPixel
SetPixel
GetTextMetricsA
Polygon
GetClipBox
GetCurrentObject
Ellipse
GetBitmapBits
CreateBitmapIndirect
SetBitmapBits
CreateDCA
SetMapMode
SetROP2
DPtoLP
CreateFontA
CreatePatternBrush
UnrealizeObject
PatBlt
EnumFontFamiliesA
LineTo
SaveDC
RestoreDC
SetPolyFillMode
ExcludeClipRect
StretchBlt
SelectClipRgn
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
SetRectRgn
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreatePen
BitBlt
CreateCompatibleBitmap
CombineRgn
CreateRoundRectRgn
CreateRectRgn
GetStockObject
CreateSolidBrush
SetDIBColorTable
SelectObject
DeleteObject
CreateDIBSection
CreateCompatibleDC
GetObjectA
DeleteDC

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA

shell32

DragFinish
DragQueryFileA
ShellExecuteExA
ShellExecuteA

comctl32

ImageList_AddMasked
InitCommonControlsEx
ImageList_Draw
_TrackMouseEvent
ImageList_GetIcon

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree

oleaut32

VariantChangeType
SysAllocString
VariantClear
VariantInit

gdiplus

GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipGetImagePaletteSize
GdipFree
GdipAlloc

Exports

Exports

CreatePlugin

Sections

.text
Size: 412KB - Virtual size: 411KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PhotoExport.dll
.dll windows:4 windows x86 arch:x86

9f73a4f9c83afec8553b087d12dfc651

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\My_Application_2005\Source_in_Vss\PictureProj\Release\PhotoExport.pdb

Imports

kernel32

GetSystemInfo
VirtualQuery
HeapReAlloc
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetProcessHeap
RtlUnwind
ExitProcess
ExitThread
CreateThread
HeapSize
GetACP
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
LCMapStringA
LCMapStringW
SetHandleCount
VirtualAlloc
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
VirtualProtect
HeapAlloc
GetOEMCP
GetCPInfo
GetTickCount
GlobalFlags
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GetFileTime
GetFileAttributesA
FileTimeToLocalFileTime
SuspendThread
ResumeThread
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
FormatMessageA
LocalFree
GetCurrentProcessId
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GetVersionExA
InterlockedDecrement
GetModuleFileNameW
InterlockedIncrement
FileTimeToSystemTime
GetThreadLocale
GlobalMemoryStatus
GetUserDefaultLCID
GetProfileIntA
Sleep
CreateEventA
DeleteCriticalSection
InitializeCriticalSection
ResetEvent
WaitForSingleObject
SetEvent
LeaveCriticalSection
EnterCriticalSection
SetLastError
CloseHandle
WriteFile
CreateFileA
lstrcpyA
MulDiv
FreeResource
GetTempPathA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetModuleHandleA
DeleteFileA
GetVersion
InterlockedExchange
CompareStringW
CompareStringA
GetLastError
lstrlenW
MultiByteToWideChar
RaiseException
WideCharToMultiByte
FreeLibrary
GetProcAddress
LoadLibraryA
lstrlenA
GetModuleFileNameA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FindResourceA
LoadResource
LockResource
GetFileType
SizeofResource

user32

MessageBeep
GetNextDlgGroupItem
RegisterClipboardFormatA
DestroyMenu
ValidateRect
PostQuitMessage
CreateDialogIndirectParamA
EndDialog
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
CheckMenuItem
GetMenuState
GetWindowThreadProcessId
SetWindowContextHelpId
MapDialogRect
MoveWindow
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetLastActivePopup
SetActiveWindow
GetTopWindow
GetMessageTime
MapWindowPoints
TrackPopupMenu
SetForegroundWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetClassInfoExA
GetClassInfoA
CallWindowProcA
SetWindowLongA
GetWindowPlacement
UnhookWindowsHookEx
SetFocus
GetDesktopWindow
GetFocus
InvalidateRgn
IntersectRect
IsWindowEnabled
CopyAcceleratorTableA
GetDlgItem
GetDlgCtrlID
GetWindow
CharNextA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
UnregisterClassA
ShowWindow
RegisterClassA
DefWindowProcA
EndPaint
BeginPaint
GetWindowDC
TrackMouseEvent
GetSysColorBrush
EqualRect
GetMessageA
SetCapture
GetCapture
SystemParametersInfoA
IsRectEmpty
EnableMenuItem
InsertMenuA
AppendMenuA
CreatePopupMenu
UpdateWindow
GetClientRect
EnableWindow
IsWindow
SendMessageA
GetParent
PostMessageA
KillTimer
SetTimer
ReleaseCapture
GetCursorPos
GetKeyState
DestroyWindow
ScreenToClient
SetWindowPos
CreateWindowExA
SetRectEmpty
TranslateMessage
PeekMessageA
DispatchMessageA
GrayStringA
TabbedTextOutA
PostThreadMessageA
SetRect
DrawIconEx
SetWindowRgn
IsZoomed
AdjustWindowRectEx
CharUpperA
InvalidateRect
FillRect
GetSystemMetrics
IsWindowVisible
DrawTextExA
GetWindowLongA
GetNextDlgTabItem
SetCursor
ClientToScreen
WindowFromPoint
GetActiveWindow
FrameRect
InflateRect
GetSysColor
OffsetRect
DrawTextA
DrawFocusRect
GetWindowRect
CopyRect
GetDC
ReleaseDC
LoadImageA
MessageBoxA
LoadBitmapA
LoadIconA
LoadCursorA
IsIconic
PtInRect
GetForegroundWindow
GetMessagePos

gdi32

GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
SetRectRgn
GetMapMode
DPtoLP
RestoreDC
SaveDC
SelectClipRgn
SetMapMode
SetROP2
CreateSolidBrush
GetClipBox
GetRgnBox
CreateRectRgnIndirect
GetTextColor
GetBkColor
LineTo
EnumFontFamiliesA
PatBlt
UnrealizeObject
Rectangle
CreatePatternBrush
AngleArc
MoveToEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreatePen
CombineRgn
CreateRoundRectRgn
CreateRectRgn
SetPixel
GetPixel
CreateCompatibleBitmap
DeleteDC
SetTextColor
BitBlt
SetBkColor
SelectObject
CreateCompatibleDC
CreateBitmap
GetObjectA
DeleteObject
CreateFontIndirectA
GetDeviceCaps
GetStockObject
CreateFontA
SetBkMode

msimg32

AlphaBlend

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegEnumKeyA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueA
RegCloseKey
RegDeleteKeyA
RegOpenKeyA
RegSetValueExA
RegQueryValueExA

shell32

ShellExecuteA
ShellExecuteExA

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathIsUNCA
PathFindExtensionA
PathStripToRootA
PathFindFileNameA

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CLSIDFromProgID
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CreateStreamOnHGlobal
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysFreeString
VarBstrCmp
VariantCopy
VariantChangeType
SysAllocString
VariantInit
VariantClear
SysAllocStringByteLen
SysAllocStringLen
OleLoadPicture
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
OleCreateFontIndirect
DispCallFunc
LoadRegTypeLi

Exports

Exports

CreateExport

Sections

.text
Size: 336KB - Virtual size: 335KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PhotoFace.dll
.dll windows:4 windows x86 arch:x86

2f2385971ad86c7052d52eb51b2b5ab2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\My_Application_2005\Source_in_Vss\PictureProj\Release\PhotoFace.pdb

Imports

kernel32

GetCommandLineA
GetProcessHeap
RtlUnwind
RaiseException
ExitProcess
ExitThread
CreateThread
HeapSize
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
GetACP
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsDebuggerPresent
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetDriveTypeA
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
InterlockedCompareExchange
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapAlloc
HeapReAlloc
HeapFree
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetCurrentDirectoryA
GetOEMCP
GetCPInfo
GlobalFlags
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
TlsGetValue
LocalAlloc
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetThreadLocale
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
GetFileTime
GetFileSize
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentProcessId
SuspendThread
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
InterlockedDecrement
GetModuleFileNameW
FormatMessageA
LocalFree
GetProfileIntA
GetCurrentProcess
FlushInstructionCache
GlobalMemoryStatus
GetCurrentThreadId
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
GetVersionExA
GetExitCodeThread
lstrcpynA
lstrcpyA
DeleteFileA
CopyFileA
FindClose
FindNextFileA
FindFirstFileA
GetPrivateProfileStringA
CreateDirectoryA
ResumeThread
InterlockedIncrement
GetUserDefaultLCID
MulDiv
CreateEventA
DeleteCriticalSection
InitializeCriticalSection
ResetEvent
SetEvent
CloseHandle
WriteFile
CreateFileA
FreeResource
FreeLibrary
GetPrivateProfileIntA
WritePrivateProfileStringA
GetModuleFileNameA
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
LockResource
GetFileAttributesA
GetLocalTime
Sleep
SetLastError
GetTickCount
LoadLibraryA
GetProcAddress
GetModuleHandleA
SizeofResource
LoadResource
FindResourceA
GetLastError
WideCharToMultiByte
InterlockedExchange
MultiByteToWideChar
IsProcessorFeaturePresent
GetVersion
CompareStringW
CompareStringA
QueryPerformanceCounter
lstrlenA

user32

SetForegroundWindow
GetClassInfoExA
GetClassInfoA
AdjustWindowRectEx
DeferWindowPos
GetDlgCtrlID
IntersectRect
GetWindowPlacement
GetWindow
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
GetDlgItem
IsWindowEnabled
EndDialog
GetMenuState
GetMenuItemID
GetSubMenu
SetWindowTextA
RegisterClassA
GetWindowDC
GetSysColorBrush
SetCapture
GetCapture
DestroyMenu
TrackPopupMenu
EndPaint
BeginPaint
ShowWindow
MoveWindow
RegisterClassExA
DefWindowProcA
UnregisterClassA
GetMessageA
CallWindowProcA
CallNextHookEx
EqualRect
SetWindowLongA
UnhookWindowsHookEx
SetWindowsHookExA
GetMenuItemRect
GetClassNameA
SetMenuItemInfoA
GetSystemMenu
GetMenuItemCount
IsMenu
GetMenu
GetPropA
RemovePropA
SetPropA
DrawStateA
DestroyIcon
SystemParametersInfoA
GetMenuItemInfoA
TrackMouseEvent
MsgWaitForMultipleObjects
IsRectEmpty
InsertMenuA
UnpackDDElParam
ReleaseCapture
DestroyWindow
SetWindowPos
CreateWindowExA
PeekMessageA
DispatchMessageA
UnionRect
LoadStringA
LoadAcceleratorsA
LoadIconA
LoadBitmapA
DestroyCursor
LoadImageA
ReleaseDC
DrawFocusRect
GetSysColor
InflateRect
GetActiveWindow
WindowFromPoint
ClientToScreen
GetNextDlgTabItem
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FrameRect
SetRect
DrawIconEx
SetWindowRgn
GetWindowLongA
IsZoomed
PostMessageA
GetForegroundWindow
IsWindow
GetCursorPos
EnableMenuItem
OffsetRect
GetDC
GetKeyState
SetCursor
GetParent
AppendMenuA
CreatePopupMenu
ReuseDDElParam
LoadMenuA
InsertMenuItemA
CharUpperA
BringWindowToTop
SetMenu
TranslateAcceleratorA
GetWindowThreadProcessId
SetFocus
PtInRect
SetTimer
MessageBoxA
SetRectEmpty
KillTimer
CopyRect
IsIconic
InvalidateRect
GetSystemMetrics
GetWindowRect
ScreenToClient
EnableWindow
FillRect
IsWindowVisible
SendMessageA
LoadCursorA
GetClientRect
RedrawWindow
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
TranslateMessage
DefFrameProcA
ShowOwnedPopups
ValidateRect
PostQuitMessage
IsDialogMessageA
SetDlgItemTextA
SetDlgItemInt
GetDlgItemInt
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetClassLongA
GetFocus
GetWindowTextLengthA
GetWindowTextA
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
UpdateWindow

gdi32

DeleteDC
GetPixel
SetPixel
GetTextExtentPoint32A
GetDeviceCaps
RoundRect
Rectangle
CreateFontIndirectA
MoveToEx
AngleArc
GetTextMetricsA
Polygon
StretchBlt
GetDIBColorTable
SetDIBColorTable
SetStretchBltMode
SetBrushOrgEx
SetBkMode
GetClipBox
GetCurrentObject
Ellipse
GetBitmapBits
CreateBitmapIndirect
SetBitmapBits
CreateDCA
SetMapMode
SetROP2
DPtoLP
CreateFontA
CreatePatternBrush
UnrealizeObject
PatBlt
EnumFontFamiliesA
LineTo
SaveDC
RestoreDC
SetPolyFillMode
ExcludeClipRect
SetTextColor
SelectClipRgn
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
SetRectRgn
SetBkColor
CreateBitmap
GetObjectA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreatePen
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CombineRgn
CreateRoundRectRgn
CreateRectRgn
CreateDIBSection
DeleteObject
CreateSolidBrush
GetStockObject

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA

shell32

DragFinish
DragQueryFileA
ShellExecuteExA
ShellExecuteA

comctl32

ImageList_Draw
InitCommonControlsEx
_TrackMouseEvent
ImageList_GetIcon

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree

oleaut32

VariantChangeType
SysAllocString
VariantClear
VariantInit

gdiplus

GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipGetImagePixelFormat
GdiplusShutdown
GdipFree

Exports

Exports

CreatePlugin

Sections

.text
Size: 448KB - Virtual size: 445KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PhotoFaceSimpleness.dll
.dll windows:4 windows x86 arch:x86

f9548fdc22ab404b2086f9e3b154c51c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\My_Application_2005\Source_in_Vss\PictureProj\Release\PhotoFaceSimpleness.pdb

Imports

kernel32

CreateThread
GetCommandLineA
GetProcessHeap
RtlUnwind
RaiseException
ExitProcess
HeapSize
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
GetACP
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
ExitThread
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetDriveTypeA
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
InterlockedCompareExchange
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapAlloc
HeapReAlloc
HeapFree
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetCurrentDirectoryA
GetOEMCP
GetCPInfo
GlobalFlags
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
TlsGetValue
LocalAlloc
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetThreadLocale
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
GetCurrentProcessId
SuspendThread
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
InterlockedDecrement
GetModuleFileNameW
FormatMessageA
LocalFree
GetProfileIntA
GetCurrentProcess
FlushInstructionCache
GlobalMemoryStatus
GetCurrentThreadId
GlobalReAlloc
GetVersionExA
GetUserDefaultLCID
DeleteCriticalSection
InitializeCriticalSection
GetExitCodeThread
lstrcpynA
lstrcpyA
DeleteFileA
CopyFileA
FindClose
FindNextFileA
FindFirstFileA
GetPrivateProfileStringA
CreateDirectoryA
InterlockedIncrement
WriteFile
CreateFileA
FreeLibrary
GetPrivateProfileIntA
WritePrivateProfileStringA
GetModuleFileNameA
ResetEvent
SetEvent
WaitForSingleObject
FreeResource
GlobalAlloc
ResumeThread
GlobalFree
MulDiv
GlobalUnlock
GlobalLock
CloseHandle
CreateEventA
LockResource
GetFileAttributesA
Sleep
SetLastError
GetTickCount
LoadLibraryA
GetProcAddress
GetModuleHandleA
SizeofResource
LoadResource
FindResourceA
LeaveCriticalSection
EnterCriticalSection
GetLastError
WideCharToMultiByte
InterlockedExchange
MultiByteToWideChar
GetVersion
CompareStringW
CompareStringA
IsProcessorFeaturePresent
QueryPerformanceCounter
lstrlenA

user32

SetForegroundWindow
GetClassInfoA
AdjustWindowRectEx
DeferWindowPos
GetDlgCtrlID
IntersectRect
GetWindowPlacement
GetWindow
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
GetDlgItem
IsWindowEnabled
EndDialog
GetMenuState
GetMenuItemID
GetSubMenu
SetWindowTextA
RegisterClassA
GetWindowDC
GetSysColorBrush
SetCapture
GetCapture
DestroyMenu
TrackPopupMenu
EndPaint
BeginPaint
ShowWindow
MoveWindow
RegisterClassExA
DefWindowProcA
UnregisterClassA
GetMessageA
CallWindowProcA
CallNextHookEx
EqualRect
SetWindowLongA
UnhookWindowsHookEx
SetWindowsHookExA
GetMenuItemRect
GetClassNameA
SetMenuItemInfoA
GetSystemMenu
GetMenuItemCount
IsMenu
GetMenu
GetPropA
RemovePropA
SetPropA
DrawStateA
DestroyIcon
SystemParametersInfoA
GetMenuItemInfoA
TrackMouseEvent
IsRectEmpty
InsertMenuA
UpdateWindow
ReleaseCapture
UnpackDDElParam
DestroyWindow
SetWindowPos
CreateWindowExA
UnionRect
LoadStringA
LoadAcceleratorsA
LoadIconA
LoadBitmapA
DestroyCursor
LoadImageA
DrawFocusRect
GetSysColor
InflateRect
GetActiveWindow
WindowFromPoint
GetNextDlgTabItem
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FrameRect
DrawIconEx
SetWindowRgn
GetWindowLongA
IsZoomed
PostMessageA
GetForegroundWindow
ReleaseDC
GetDC
SetRect
EnableMenuItem
IsWindow
OffsetRect
GetKeyState
SetCursor
AppendMenuA
CreatePopupMenu
PtInRect
SetTimer
MessageBoxA
SetRectEmpty
KillTimer
ReuseDDElParam
LoadMenuA
InsertMenuItemA
CharUpperA
BringWindowToTop
SetMenu
TranslateAcceleratorA
GetWindowThreadProcessId
CopyRect
IsIconic
InvalidateRect
GetSystemMetrics
GetWindowRect
ClientToScreen
ScreenToClient
TranslateMessage
PeekMessageA
DispatchMessageA
LockWindowUpdate
GetParent
EnableWindow
FillRect
IsWindowVisible
SendMessageA
LoadCursorA
GetClientRect
RedrawWindow
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
MsgWaitForMultipleObjects
DefFrameProcA
ShowOwnedPopups
ValidateRect
PostQuitMessage
IsDialogMessageA
SetDlgItemTextA
GetDlgItemInt
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetClassLongA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
GetCursorPos
GetClassInfoExA

gdi32

Escape
CreateBitmap
SetBkColor
SetTextColor
GetPixel
SetPixel
GetDIBColorTable
SetDIBColorTable
SetBrushOrgEx
SetBkMode
RoundRect
GetTextExtentPoint32A
Rectangle
CreateFontIndirectA
MoveToEx
AngleArc
GetTextMetricsA
Polygon
GetClipBox
GetCurrentObject
Ellipse
GetBitmapBits
CreateBitmapIndirect
SetBitmapBits
CreateDCA
SetMapMode
SetROP2
DPtoLP
CreateFontA
CreatePatternBrush
UnrealizeObject
PatBlt
EnumFontFamiliesA
LineTo
SaveDC
RestoreDC
SetPolyFillMode
ExcludeClipRect
ExtTextOutA
SelectClipRgn
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
SetRectRgn
TextOutA
RectVisible
PtVisible
CombineRgn
CreateRoundRectRgn
CreateRectRgn
CreateDIBSection
StretchBlt
SetStretchBltMode
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
DeleteDC
SelectObject
GetDeviceCaps
CreatePen
DeleteObject
GetObjectA
CreateSolidBrush
GetStockObject

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA

shell32

DragQueryFileA
ShellExecuteExA
ShellExecuteA
DragFinish

comctl32

ImageList_Draw
ImageList_AddMasked
InitCommonControlsEx
_TrackMouseEvent
ImageList_GetIcon

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree

oleaut32

VariantChangeType
SysAllocString
VariantClear
VariantInit
OleLoadPicture

gdiplus

GdipCloneImage
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromScan0
GdipFree
GdipAlloc
GdipDisposeImage

Exports

Exports

CreatePlugin

Sections

.text
Size: 440KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PhotoPlateFrame.dll
.dll windows:4 windows x86 arch:x86

d67fd4d45ebec7b4b8a2d95263782e27

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\My_Application_2005\Source_in_Vss\PictureProj\Release\PhotoPlateFrame.pdb

Imports

kernel32

GetProcessHeap
RtlUnwind
RaiseException
ExitProcess
ExitThread
CreateThread
HeapSize
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
GetACP
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCommandLineA
LCMapStringW
GetTimeZoneInformation
GetDriveTypeA
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
InterlockedCompareExchange
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapAlloc
HeapReAlloc
HeapFree
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetOEMCP
GetCPInfo
GlobalFlags
GetCurrentDirectoryA
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
TlsGetValue
LocalAlloc
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetThreadLocale
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
GetFileTime
GetFileSize
GetFileAttributesA
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetCurrentProcessId
GlobalAddAtomA
SuspendThread
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GlobalDeleteAtom
InterlockedDecrement
GetModuleFileNameW
FormatMessageA
LocalFree
GetProfileIntA
GetCurrentProcess
FlushInstructionCache
GlobalMemoryStatus
GetCurrentThreadId
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
GetVersionExA
GetExitCodeThread
lstrcpynA
lstrcpyA
DeleteFileA
CopyFileA
FindClose
FindNextFileA
FindFirstFileA
GetPrivateProfileStringA
CreateDirectoryA
GetTickCount
ResumeThread
InterlockedIncrement
GetUserDefaultLCID
MulDiv
CreateEventA
DeleteCriticalSection
InitializeCriticalSection
ResetEvent
SetEvent
GetPrivateProfileIntA
WritePrivateProfileStringA
CloseHandle
WriteFile
CreateFileA
FreeResource
FreeLibrary
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
LockResource
Sleep
SetLastError
LoadLibraryA
GetProcAddress
GetModuleHandleA
SizeofResource
LoadResource
FindResourceA
GetModuleFileNameA
GetLastError
WideCharToMultiByte
InterlockedExchange
MultiByteToWideChar
GetVersion
IsProcessorFeaturePresent
CompareStringW
CompareStringA
LCMapStringA
lstrlenA

user32

GetClassInfoExA
GetClassInfoA
AdjustWindowRectEx
DeferWindowPos
IntersectRect
GetWindowPlacement
GetWindow
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
ShowOwnedPopups
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
ModifyMenuA
CheckMenuItem
PostQuitMessage
GetMenuState
GetMenuItemID
GetSubMenu
SetWindowTextA
RegisterClassA
GetWindowDC
GetSysColorBrush
SetCapture
GetCapture
DestroyMenu
TrackPopupMenu
EndPaint
BeginPaint
ShowWindow
MoveWindow
RegisterClassExA
DefWindowProcA
UnregisterClassA
GetMessageA
CallWindowProcA
CallNextHookEx
EqualRect
SetWindowLongA
UnhookWindowsHookEx
SetWindowsHookExA
GetMenuItemRect
GetClassNameA
SetMenuItemInfoA
GetSystemMenu
GetMenuItemCount
IsMenu
GetMenu
GetPropA
RemovePropA
SetPropA
DrawStateA
DestroyIcon
SystemParametersInfoA
GetMenuItemInfoA
TrackMouseEvent
DestroyCursor
UnpackDDElParam
DrawFocusRect
GetActiveWindow
WindowFromPoint
GetNextDlgTabItem
SetForegroundWindow
GetDC
MsgWaitForMultipleObjects
IsRectEmpty
EnableMenuItem
InsertMenuA
ReleaseCapture
GetCursorPos
DestroyWindow
SetWindowPos
CreateWindowExA
TranslateMessage
PeekMessageA
DispatchMessageA
GetSysColor
UnionRect
SetRectEmpty
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FrameRect
DrawIconEx
SetWindowRgn
GetWindowLongA
IsZoomed
PostMessageA
GetForegroundWindow
LoadStringA
LoadAcceleratorsA
LoadImageA
LoadIconA
LoadBitmapA
EnableWindow
IsWindow
IsWindowVisible
InvalidateRect
InflateRect
LoadCursorA
AppendMenuA
CreatePopupMenu
UpdateWindow
ReuseDDElParam
LoadMenuA
InsertMenuItemA
CharUpperA
BringWindowToTop
SetMenu
TranslateAcceleratorA
GetKeyState
SetCursor
PtInRect
SetRect
CopyRect
MessageBoxA
OffsetRect
KillTimer
IsIconic
SendMessageA
SetTimer
GetParent
GetSystemMetrics
FillRect
GetWindowRect
GetClientRect
ClientToScreen
ScreenToClient
RedrawWindow
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
ReleaseDC
DefFrameProcA
IsDialogMessageA
GetDesktopWindow
CreateDialogIndirectParamA
EndDialog
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetClassLongA
SetFocus
GetWindowTextLengthA
GetWindowTextA
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
GetDlgCtrlID

gdi32

GetObjectA
CreateFontIndirectA
MoveToEx
AngleArc
DeleteDC
StretchBlt
GetDIBColorTable
SetDIBColorTable
SetStretchBltMode
SetBrushOrgEx
SetBkMode
CreateBitmap
SetBkColor
SetTextColor
GetPixel
SetPixel
GetClipBox
GetCurrentObject
GetTextMetricsA
Ellipse
GetBitmapBits
CreateBitmapIndirect
SetBitmapBits
CreateDCA
SetMapMode
SetROP2
DPtoLP
CreateFontA
CreatePatternBrush
UnrealizeObject
PatBlt
EnumFontFamiliesA
Polygon
LineTo
SaveDC
RestoreDC
SetPolyFillMode
ExcludeClipRect
Rectangle
SelectClipRgn
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
SetRectRgn
RoundRect
GetDeviceCaps
GetTextExtentPoint32A
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreatePen
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CombineRgn
CreateRoundRectRgn
CreateRectRgn
CreateDIBSection
GetStockObject
DeleteObject
CreateSolidBrush

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA

shell32

DragQueryFileA
ShellExecuteExA
ShellExecuteA
DragFinish

comctl32

ImageList_Draw
InitCommonControlsEx
_TrackMouseEvent
ImageList_GetIcon

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree

oleaut32

VariantChangeType
SysAllocString
VariantClear
VariantInit

gdiplus

GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipGetImagePixelFormat
GdiplusShutdown
GdipFree

Exports

Exports

CreatePlugin

Sections

.text
Size: 412KB - Virtual size: 411KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PhotoQQHead.dll
.dll windows:4 windows x86 arch:x86

9798b0d16a2cfa7b67ebbf7069b5e512

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\My_Application_2005\Source_in_Vss\PictureProj\Release\PhotoQQHead.pdb

Imports

kernel32

GetProcessHeap
RtlUnwind
RaiseException
ExitProcess
ExitThread
CreateThread
HeapSize
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
GetACP
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetDriveTypeA
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
InterlockedCompareExchange
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapAlloc
HeapReAlloc
HeapFree
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetCurrentDirectoryA
GetOEMCP
GetCPInfo
GlobalFlags
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
TlsGetValue
LocalAlloc
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetThreadLocale
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
GetFileTime
GetFileSize
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentProcessId
SuspendThread
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
InterlockedDecrement
GetModuleFileNameW
FormatMessageA
LocalFree
GetUserDefaultLCID
GetProfileIntA
GetCurrentProcess
FlushInstructionCache
GlobalMemoryStatus
GetCurrentThreadId
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
GetVersionExA
GetExitCodeThread
lstrcpynA
lstrcpyA
DeleteFileA
FindClose
FindNextFileA
FindFirstFileA
GetPrivateProfileStringA
CreateDirectoryA
GetTickCount
ResumeThread
InterlockedIncrement
MulDiv
CreateEventA
DeleteCriticalSection
InitializeCriticalSection
ResetEvent
SetEvent
CloseHandle
WriteFile
CreateFileA
FreeResource
FreeLibrary
GetPrivateProfileIntA
WritePrivateProfileStringA
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
LockResource
GetFileAttributesA
Sleep
SetLastError
LoadLibraryA
GetProcAddress
GetModuleHandleA
SizeofResource
LoadResource
FindResourceA
GetModuleFileNameA
GetLastError
WideCharToMultiByte
InterlockedExchange
MultiByteToWideChar
GetVersion
IsProcessorFeaturePresent
CompareStringW
CompareStringA
QueryPerformanceCounter
lstrlenA

user32

GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClassInfoExA
GetClassInfoA
AdjustWindowRectEx
DeferWindowPos
GetDlgCtrlID
IntersectRect
GetWindowPlacement
GetWindow
GetMenuState
GetMenuItemID
GetSubMenu
SetWindowTextA
RegisterClassA
GetWindowDC
GetSysColorBrush
SetCapture
GetCapture
DestroyMenu
TrackPopupMenu
EndPaint
BeginPaint
ShowWindow
MoveWindow
RegisterClassExA
DefWindowProcA
UnregisterClassA
GetMessageA
CallWindowProcA
CallNextHookEx
EqualRect
SetWindowLongA
UnhookWindowsHookEx
SetWindowsHookExA
GetMenuItemRect
GetClassNameA
SetMenuItemInfoA
GetSystemMenu
GetMenuItemCount
IsMenu
GetMenu
GetPropA
RemovePropA
SetPropA
DrawStateA
DestroyIcon
SystemParametersInfoA
GetMenuItemInfoA
TrackMouseEvent
MsgWaitForMultipleObjects
IsRectEmpty
InsertMenuA
UnpackDDElParam
ReleaseCapture
GetCursorPos
DestroyWindow
SetWindowPos
GetTopWindow
TranslateMessage
PeekMessageA
DispatchMessageA
UnionRect
SetRectEmpty
LoadStringA
LoadAcceleratorsA
LoadIconA
LoadBitmapA
DestroyCursor
LoadImageA
ReleaseDC
GetDC
DrawFocusRect
GetSysColor
GetActiveWindow
WindowFromPoint
ClientToScreen
GetNextDlgTabItem
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FrameRect
DrawIconEx
SetWindowRgn
GetWindowLongA
IsZoomed
PostMessageA
GetForegroundWindow
IsWindow
InvalidateRect
InflateRect
MessageBoxA
SetTimer
SetCursor
PtInRect
GetFocus
EnableMenuItem
ReuseDDElParam
LoadMenuA
InsertMenuItemA
CharUpperA
BringWindowToTop
SetMenu
TranslateAcceleratorA
GetWindowThreadProcessId
AppendMenuA
CreatePopupMenu
KillTimer
IsIconic
OffsetRect
CopyRect
SetRect
GetParent
GetSystemMetrics
GetWindowRect
ScreenToClient
EnableWindow
SendMessageA
FillRect
LoadCursorA
GetDlgItem
IsWindowVisible
GetKeyState
GetClientRect
RedrawWindow
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
CreateWindowExA
DefFrameProcA
ShowOwnedPopups
ValidateRect
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
CheckMenuItem
IsDialogMessageA
GetDesktopWindow
CreateDialogIndirectParamA
IsWindowEnabled
EndDialog
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetClassLongA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetLastActivePopup
SetActiveWindow
BeginDeferWindowPos
UpdateWindow
EndDeferWindowPos

gdi32

DeleteDC
GetPixel
SetPixel
GetTextExtentPoint32A
GetDeviceCaps
RoundRect
Rectangle
CreateFontIndirectA
MoveToEx
AngleArc
StretchBlt
GetDIBColorTable
SetDIBColorTable
SetStretchBltMode
SetBrushOrgEx
SetBkMode
GetClipBox
GetCurrentObject
GetTextMetricsA
Ellipse
GetBitmapBits
CreateBitmapIndirect
SetBitmapBits
CreateDCA
SetMapMode
SetROP2
DPtoLP
CreateFontA
CreatePatternBrush
UnrealizeObject
PatBlt
EnumFontFamiliesA
Polygon
LineTo
SaveDC
RestoreDC
SetPolyFillMode
ExcludeClipRect
SetTextColor
SelectClipRgn
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
SetRectRgn
SetBkColor
CreateBitmap
GetObjectA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreatePen
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CombineRgn
CreateRoundRectRgn
CreateRectRgn
CreateDIBSection
DeleteObject
GetStockObject
CreateSolidBrush

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA

shell32

DragFinish
DragQueryFileA
ShellExecuteExA
ShellExecuteA

comctl32

ImageList_Draw
ImageList_AddMasked
InitCommonControlsEx
_TrackMouseEvent
ImageList_GetIcon

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree

oleaut32

VariantChangeType
SysAllocString
VariantClear
VariantInit

gdiplus

GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipGetImagePixelFormat
GdiplusShutdown
GdipFree

Exports

Exports

CreatePlugin

Sections

.text
Size: 416KB - Virtual size: 415KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PhotoSticker.dll
.dll windows:4 windows x86 arch:x86

9585a3d02c957741ecab45405403f4ed

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\My_Application_2005\Source_in_Vss\PictureProj\Release\PhotoSticker.pdb

Imports

kernel32

GetProcessHeap
RtlUnwind
RaiseException
ExitProcess
ExitThread
CreateThread
HeapSize
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
GetACP
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCommandLineA
LCMapStringW
GetTimeZoneInformation
GetDriveTypeA
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
InterlockedCompareExchange
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapAlloc
HeapReAlloc
HeapFree
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetOEMCP
GetCPInfo
GlobalFlags
GetCurrentDirectoryA
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
TlsGetValue
LocalAlloc
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetThreadLocale
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
GetFileTime
GetFileSize
GetFileAttributesA
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetCurrentProcessId
GlobalAddAtomA
SuspendThread
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GlobalDeleteAtom
InterlockedDecrement
GetModuleFileNameW
FormatMessageA
LocalFree
GetProfileIntA
GetCurrentProcess
FlushInstructionCache
GlobalMemoryStatus
GetCurrentThreadId
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
GetVersionExA
GetExitCodeThread
lstrcpynA
lstrcpyA
DeleteFileA
CopyFileA
FindClose
FindNextFileA
FindFirstFileA
GetPrivateProfileStringA
CreateDirectoryA
GetTickCount
ResumeThread
InterlockedIncrement
GetUserDefaultLCID
MulDiv
CreateEventA
DeleteCriticalSection
InitializeCriticalSection
ResetEvent
SetEvent
GetPrivateProfileIntA
WritePrivateProfileStringA
CloseHandle
WriteFile
CreateFileA
FreeResource
FreeLibrary
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
LockResource
Sleep
SetLastError
LoadLibraryA
GetProcAddress
GetModuleHandleA
SizeofResource
LoadResource
FindResourceA
GetModuleFileNameA
GetLastError
WideCharToMultiByte
InterlockedExchange
MultiByteToWideChar
GetVersion
IsProcessorFeaturePresent
CompareStringW
CompareStringA
LCMapStringA
lstrlenA

user32

GetClassInfoExA
GetClassInfoA
AdjustWindowRectEx
DeferWindowPos
IntersectRect
GetWindowPlacement
GetWindow
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
ShowOwnedPopups
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
CheckMenuItem
PostQuitMessage
GetMenuState
GetMenuItemID
GetSubMenu
SetWindowTextA
RegisterClassA
GetWindowDC
GetSysColorBrush
SetCapture
GetCapture
DestroyMenu
TrackPopupMenu
EndPaint
BeginPaint
ShowWindow
MoveWindow
RegisterClassExA
DefWindowProcA
UnregisterClassA
GetMessageA
CallWindowProcA
CallNextHookEx
EqualRect
SetWindowLongA
UnhookWindowsHookEx
SetWindowsHookExA
GetMenuItemRect
GetClassNameA
SetMenuItemInfoA
GetSystemMenu
GetMenuItemCount
IsMenu
GetMenu
GetPropA
RemovePropA
SetPropA
DrawStateA
DestroyIcon
SystemParametersInfoA
GetMenuItemInfoA
TrackMouseEvent
DestroyCursor
UnpackDDElParam
GetActiveWindow
WindowFromPoint
GetNextDlgTabItem
ReleaseDC
SetForegroundWindow
MsgWaitForMultipleObjects
IsRectEmpty
InsertMenuA
ReleaseCapture
GetCursorPos
DestroyWindow
SetWindowPos
CreateWindowExA
TranslateMessage
PeekMessageA
DispatchMessageA
GetSysColor
UnionRect
SetRectEmpty
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FrameRect
DrawIconEx
SetWindowRgn
GetWindowLongA
IsZoomed
PostMessageA
GetForegroundWindow
LoadStringA
LoadAcceleratorsA
LoadImageA
LoadIconA
LoadBitmapA
IsWindow
EnableWindow
IsWindowVisible
InvalidateRect
InflateRect
LoadCursorA
GetFocus
EnableMenuItem
AppendMenuA
CreatePopupMenu
UpdateWindow
ReuseDDElParam
LoadMenuA
InsertMenuItemA
CharUpperA
BringWindowToTop
SetMenu
TranslateAcceleratorA
GetKeyState
SetCursor
PtInRect
CopyRect
MessageBoxA
SetTimer
KillTimer
IsIconic
SendMessageA
OffsetRect
SetRect
GetParent
GetSystemMetrics
FillRect
GetWindowRect
GetClientRect
ClientToScreen
ScreenToClient
RedrawWindow
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
GetDC
DefFrameProcA
IsDialogMessageA
GetDesktopWindow
CreateDialogIndirectParamA
EndDialog
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetClassLongA
SetFocus
GetWindowTextLengthA
GetWindowTextA
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
DrawFocusRect
GetDlgCtrlID

gdi32

GetObjectA
CreateFontIndirectA
MoveToEx
AngleArc
DeleteDC
StretchBlt
GetDIBColorTable
SetDIBColorTable
SetStretchBltMode
SetBrushOrgEx
SetBkMode
CreateBitmap
SetBkColor
SetTextColor
GetPixel
SetPixel
GetClipBox
GetCurrentObject
GetTextMetricsA
Ellipse
GetBitmapBits
CreateBitmapIndirect
SetBitmapBits
CreateDCA
SetMapMode
SetROP2
DPtoLP
CreateFontA
CreatePatternBrush
UnrealizeObject
PatBlt
EnumFontFamiliesA
Polygon
LineTo
SaveDC
RestoreDC
SetPolyFillMode
ExcludeClipRect
Rectangle
SelectClipRgn
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
SetRectRgn
RoundRect
GetDeviceCaps
GetTextExtentPoint32A
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreatePen
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CombineRgn
CreateRoundRectRgn
CreateRectRgn
CreateDIBSection
GetStockObject
DeleteObject
CreateSolidBrush

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA

shell32

DragQueryFileA
ShellExecuteExA
ShellExecuteA
DragFinish

comctl32

ImageList_Draw
ImageList_AddMasked
InitCommonControlsEx
_TrackMouseEvent
ImageList_GetIcon

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree

oleaut32

VariantChangeType
SysAllocString
VariantClear
VariantInit

gdiplus

GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipGetImagePixelFormat
GdiplusShutdown
GdipFree

Exports

Exports

CreatePlugin

Sections

.text
Size: 416KB - Virtual size: 415KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PhotoWallpaper.dll
.dll windows:4 windows x86 arch:x86

b287929957e291ff61d8188d1992ce1a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\My_Application_2005\Source_in_Vss\PictureProj\Release\PhotoWallpaper.pdb

Imports

kernel32

GetProcessHeap
RtlUnwind
RaiseException
ExitProcess
ExitThread
CreateThread
HeapSize
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
GetACP
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetDriveTypeA
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
InterlockedCompareExchange
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapAlloc
HeapReAlloc
HeapFree
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetCurrentDirectoryA
GetOEMCP
GetCPInfo
GlobalFlags
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
TlsGetValue
LocalAlloc
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetThreadLocale
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
GetFileTime
GetFileSize
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentProcessId
SuspendThread
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
InterlockedDecrement
GetModuleFileNameW
FormatMessageA
LocalFree
GetUserDefaultLCID
GetProfileIntA
GetCurrentProcess
FlushInstructionCache
GlobalMemoryStatus
GetCurrentThreadId
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
GetVersionExA
GetExitCodeThread
lstrcpynA
lstrcpyA
DeleteFileA
FindClose
FindNextFileA
FindFirstFileA
GetPrivateProfileStringA
CreateDirectoryA
GetTickCount
ResumeThread
InterlockedIncrement
MulDiv
CreateEventA
DeleteCriticalSection
InitializeCriticalSection
ResetEvent
SetEvent
CloseHandle
WriteFile
CreateFileA
FreeResource
FreeLibrary
GetPrivateProfileIntA
WritePrivateProfileStringA
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
LockResource
GetFileAttributesA
Sleep
SetLastError
LoadLibraryA
GetProcAddress
GetModuleHandleA
SizeofResource
LoadResource
FindResourceA
GetModuleFileNameA
GetLastError
WideCharToMultiByte
InterlockedExchange
MultiByteToWideChar
GetVersion
IsProcessorFeaturePresent
CompareStringW
CompareStringA
QueryPerformanceCounter
lstrlenA

user32

GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClassInfoExA
GetClassInfoA
AdjustWindowRectEx
DeferWindowPos
GetDlgCtrlID
IntersectRect
GetWindowPlacement
GetWindow
GetMenuState
GetMenuItemID
GetSubMenu
SetWindowTextA
RegisterClassA
GetWindowDC
GetSysColorBrush
SetCapture
GetCapture
DestroyMenu
TrackPopupMenu
EndPaint
BeginPaint
ShowWindow
MoveWindow
RegisterClassExA
DefWindowProcA
UnregisterClassA
GetMessageA
CallWindowProcA
CallNextHookEx
EqualRect
SetWindowLongA
UnhookWindowsHookEx
SetWindowsHookExA
GetMenuItemRect
GetClassNameA
SetMenuItemInfoA
GetSystemMenu
GetMenuItemCount
IsMenu
GetMenu
GetPropA
RemovePropA
SetPropA
DrawStateA
DestroyIcon
SystemParametersInfoA
GetMenuItemInfoA
TrackMouseEvent
MsgWaitForMultipleObjects
IsRectEmpty
InsertMenuA
UnpackDDElParam
ReleaseCapture
GetCursorPos
DestroyWindow
SetWindowPos
GetTopWindow
TranslateMessage
PeekMessageA
DispatchMessageA
UnionRect
SetRectEmpty
LoadStringA
LoadAcceleratorsA
LoadIconA
LoadBitmapA
DestroyCursor
LoadImageA
ReleaseDC
GetDC
DrawFocusRect
GetSysColor
GetActiveWindow
WindowFromPoint
ClientToScreen
GetNextDlgTabItem
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FrameRect
DrawIconEx
SetWindowRgn
GetWindowLongA
IsZoomed
PostMessageA
GetForegroundWindow
IsWindow
InvalidateRect
InflateRect
MessageBoxA
SetTimer
GetKeyState
SetCursor
PtInRect
GetFocus
ReuseDDElParam
LoadMenuA
InsertMenuItemA
CharUpperA
BringWindowToTop
SetMenu
TranslateAcceleratorA
GetWindowThreadProcessId
EnableMenuItem
AppendMenuA
CreatePopupMenu
KillTimer
IsIconic
SendMessageA
OffsetRect
CopyRect
SetRect
GetParent
GetSystemMetrics
GetWindowRect
ScreenToClient
EnableWindow
FillRect
GetDlgItem
LoadCursorA
IsWindowVisible
GetClientRect
RedrawWindow
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
CreateWindowExA
DefFrameProcA
ShowOwnedPopups
ValidateRect
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
CheckMenuItem
IsDialogMessageA
GetDesktopWindow
CreateDialogIndirectParamA
IsWindowEnabled
EndDialog
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetClassLongA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetLastActivePopup
SetActiveWindow
BeginDeferWindowPos
UpdateWindow
EndDeferWindowPos

gdi32

DeleteDC
GetPixel
SetPixel
GetTextExtentPoint32A
GetDeviceCaps
RoundRect
Rectangle
CreateFontIndirectA
MoveToEx
AngleArc
StretchBlt
GetDIBColorTable
SetDIBColorTable
SetStretchBltMode
SetBrushOrgEx
SetBkMode
GetClipBox
GetCurrentObject
GetTextMetricsA
Ellipse
GetBitmapBits
CreateBitmapIndirect
SetBitmapBits
CreateDCA
SetMapMode
SetROP2
DPtoLP
CreateFontA
CreatePatternBrush
UnrealizeObject
PatBlt
EnumFontFamiliesA
Polygon
LineTo
SaveDC
RestoreDC
SetPolyFillMode
ExcludeClipRect
SetTextColor
SelectClipRgn
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
SetRectRgn
SetBkColor
CreateBitmap
GetObjectA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreatePen
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CombineRgn
CreateRoundRectRgn
CreateRectRgn
CreateDIBSection
DeleteObject
GetStockObject
CreateSolidBrush

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA

shell32

DragFinish
DragQueryFileA
ShellExecuteExA
ShellExecuteA

comctl32

ImageList_Draw
ImageList_AddMasked
InitCommonControlsEx
_TrackMouseEvent
ImageList_GetIcon

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree

oleaut32

VariantChangeType
SysAllocString
VariantClear
VariantInit

gdiplus

GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipGetImagePixelFormat
GdiplusShutdown
GdipFree

Exports

Exports

CreatePlugin

Sections

.text
Size: 416KB - Virtual size: 414KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Picer.exe
.exe windows:4 windows x86 arch:x86

fc136baeffb39e7ad75ab827d20638ff

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:2c:0a:9c:f2:0f:b4:8f:ca:a5:1a:17:6e:98:05:17
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

14/07/2008, 00:00

Not After

14/07/2009, 23:59

Subject

CN=Guangzhou ShuLian Software Technology Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=tech,O=Guangzhou ShuLian Software Technology Ltd,L=guangzhou,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\project\pictureproj\release\Picer.pdb

Imports

kernel32

GlobalMemoryStatus
CreateFileMappingW
GetFileAttributesExW
GetVersionExA
FreeResource
lstrcpyA
GlobalReAlloc
MulDiv
ResumeThread
GetProfileIntA
GetPrivateProfileStringW
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
lstrcmpA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
SetThreadPriority
SuspendThread
GetFileTime
GetThreadLocale
FlushFileBuffers
LockFile
UnlockFile
DuplicateHandle
GetVolumeInformationA
LocalAlloc
TlsGetValue
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetCPInfo
GetOEMCP
SetErrorMode
RtlUnwind
HeapAlloc
HeapFree
HeapReAlloc
VirtualProtect
VirtualQuery
GetSystemTimeAsFileTime
GetTimeFormatA
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetProcessHeap
GetStartupInfoA
ExitProcess
ExitThread
HeapSize
HeapDestroy
HeapCreate
GetACP
IsValidCodePage
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetConsoleCP
GetConsoleMode
GetDriveTypeA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GlobalSize
GlobalFree
IsProcessorFeaturePresent
InterlockedCompareExchange
CopyFileA
ReleaseMutex
TerminateThread
CreateFileMappingA
MapViewOfFileEx
GetDateFormatA
FlushInstructionCache
GetCurrentThreadId
QueryPerformanceCounter
ResetEvent
VirtualFree
VirtualAlloc
GetModuleFileNameW
LoadLibraryW
FileTimeToDosDateTime
GetStdHandle
GetFileSize
GetTempFileNameA
GetCurrentDirectoryA
GetFullPathNameA
DeleteFileW
CreateDirectoryW
CreateFileW
MoveFileA
FindFirstFileW
FileTimeToSystemTime
GetCurrentProcess
GetSystemInfo
UnmapViewOfFile
MapViewOfFile
FileTimeToLocalFileTime
FormatMessageA
LocalFree
SetEndOfFile
GlobalAlloc
GlobalLock
GlobalUnlock
CreateProcessA
GetSystemDirectoryA
GetPrivateProfileStringA
FindClose
SetFilePointer
ReadFile
GetTickCount
FindNextFileA
FindFirstFileA
GetWindowsDirectoryA
Sleep
GetPrivateProfileIntA
GetTempPathA
GetLocalTime
GetUserDefaultLCID
CreateMutexA
SetUnhandledExceptionFilter
GetCurrentProcessId
CreateThread
DeleteFileA
CreateEventA
LoadLibraryExA
InterlockedDecrement
InterlockedIncrement
IsDBCSLeadByte
SetEvent
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetLongPathNameA
FreeLibrary
SetLastError
LoadLibraryA
GetProcAddress
GetFileAttributesA
CreateDirectoryA
CreateFileA
WriteFile
CloseHandle
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
WritePrivateProfileStringA
GetModuleHandleA
GetModuleFileNameA
lstrlenA
lstrcmpiA
CompareStringW
CompareStringA
lstrlenW
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange

user32

DefFrameProcA
RegisterClipboardFormatA
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
ValidateRect
PostQuitMessage
IsDialogMessageA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
GetMenuState
CheckMenuItem
CreateDialogIndirectParamA
IsWindowEnabled
EndDialog
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetClassLongA
GetWindowTextLengthA
GetWindowTextA
GetLastActivePopup
EndDeferWindowPos
GetDlgItem
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
GetSubMenu
GetMenuItemID
GetClassInfoA
DeferWindowPos
GetDlgCtrlID
GetWindowPlacement
GetWindow
RegisterClassA
SetCapture
GetCapture
DestroyMenu
GetMessageA
TrackPopupMenu
EndPaint
BeginPaint
MoveWindow
UnregisterClassA
ReleaseCapture
InsertMenuA
PeekMessageA
DispatchMessageA
TrackMouseEvent
DefMDIChildProcA
SetWindowPos
DestroyIcon
SetMenuItemInfoA
CallNextHookEx
SetRectEmpty
GetSystemMenu
EqualRect
GetMenuItemCount
IsMenu
GetPropA
RemovePropA
SetPropA
GetMenuItemInfoA
UnhookWindowsHookEx
SetWindowsHookExA
GetMenuItemRect
DrawStateA
GetMenu
AdjustWindowRectEx
DrawEdge
LoadStringA
LoadAcceleratorsA
GetNextDlgTabItem
DrawFocusRect
GetActiveWindow
WindowFromPoint
DestroyCursor
GetSysColor
InflateRect
GrayStringA
DrawIconEx
DrawTextExA
TabbedTextOutA
GetForegroundWindow
IsZoomed
TranslateMessage
IntersectRect
GetDC
wsprintfA
PtInRect
FillRect
GetWindowRect
GetClientRect
DrawMenuBar
IsWindowVisible
CallWindowProcA
GetWindowLongA
GetWindowThreadProcessId
GetClassInfoExA
SetWindowLongA
DrawTextA
FrameRect
GetWindowDC
ReleaseDC
GetSysColorBrush
LoadImageA
SystemParametersInfoA
SetParent
GetDesktopWindow
PostThreadMessageA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
BringWindowToTop
SetActiveWindow
RedrawWindow
UpdateWindow
LoadBitmapA
EmptyClipboard
SetClipboardData
UnpackDDElParam
ReuseDDElParam
LoadMenuA
InsertMenuItemA
SetMenu
TranslateAcceleratorA
TranslateMDISysAccel
GetClassNameA
EnableWindow
LoadCursorA
SetCursor
ScreenToClient
CharUpperA
PostMessageA
SetWindowRgn
GetParent
SendMessageA
CharNextA
MessageBoxA
SendMessageTimeoutA
SetForegroundWindow
ShowWindow
IsIconic
CopyRect
IsRectEmpty
SetRect
OffsetRect
DrawIcon
CreatePopupMenu
AppendMenuA
EnableMenuItem
InvalidateRect
SetTimer
KillTimer
ClientToScreen
LoadIconA
SetFocus
GetFocus
GetSystemMetrics
GetKeyState
GetCursorPos
IsWindow
DefWindowProcA
CreateWindowExA
RegisterClassExA
DestroyWindow
OpenClipboard
SetWindowTextA
CloseClipboard
BeginDeferWindowPos

gdi32

ExcludeClipRect
SelectClipRgn
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SetRectRgn
GetMapMode
GetRgnBox
GetBkColor
Rectangle
GetTextColor
GetCurrentObject
RestoreDC
SaveDC
EnumFontFamiliesA
PatBlt
UnrealizeObject
CreatePatternBrush
DPtoLP
CreateDCA
SetBitmapBits
CreateBitmapIndirect
GetBitmapBits
SetROP2
SetMapMode
RoundRect
CreateFontA
SetBrushOrgEx
AngleArc
DeleteObject
GetTextMetricsA
GetTextExtentPoint32A
SetPixel
GetPixel
ExtTextOutA
TextOutA
PtVisible
Escape
SetTextColor
SetBkMode
RectVisible
CreateCompatibleBitmap
CreateBitmap
SetBkColor
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
RealizePalette
CreateDIBitmap
CreateICW
GetDeviceCaps
GetDIBColorTable
CreatePen
MoveToEx
LineTo
GetObjectW
SetStretchBltMode
CreateDIBSection
StretchBlt
SetDIBColorTable
DeleteDC
GetDIBits
CreateFontIndirectA
GetObjectA
BitBlt
SelectObject
CreateCompatibleDC
CombineRgn
CreateRoundRectRgn
CreateRectRgn
CreateSolidBrush
GetStockObject
Ellipse

msimg32

AlphaBlend

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegQueryValueExA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
RegCreateKeyA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA

shell32

ShellExecuteA
SHChangeNotify
DragQueryFileA
SHGetSpecialFolderPathA
CommandLineToArgvW
DragFinish
SHGetSpecialFolderPathW
ShellExecuteExA

comctl32

_TrackMouseEvent
ImageList_GetIcon
ImageList_Draw
InitCommonControlsEx
ImageList_AddMasked

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionW

oledlg

ord8

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoCreateGuid
CLSIDFromString
StringFromCLSID
CoUninitialize
CreateStreamOnHGlobal
GetHGlobalFromStream
CoInitialize
CLSIDFromProgID
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VarUI4FromStr
VariantClear
SysAllocString
SysAllocStringLen
VariantCopy
VariantInit
VariantChangeType
SysStringLen
SysAllocStringByteLen
DispCallFunc
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayCreate
SysFreeString
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect

gdiplus

GdipCreateBitmapFromStream
GdipDrawImageRectRectI
GdipSetInterpolationMode
GdipCreateBitmapFromStreamICM
GdipImageSelectActiveFrame
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipSaveImageToFile
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdiplusShutdown
GdipGetImageGraphicsContext
GdipDrawImageI
GdipCloneImage
GdipSaveImageToStream
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateFromHDC
GdipSetCompositingQuality

wininet

InternetGetCookieA
InternetSetCookieA
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

ws2_32

WSASetLastError
WSACleanup
WSAStartup
recv
send
select
htonl
bind
WSAAsyncSelect
ntohl
connect
WSAAsyncGetHostByName
setsockopt
closesocket
socket
gethostbyname
sendto
WSAGetLastError
htons
recvfrom
accept
inet_addr

psapi

GetProcessMemoryInfo

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 820KB - Virtual size: 817KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PictureP
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 460KB - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PictureShow.exe
.exe windows:4 windows x86 arch:x86

0604a4e5f30ba45df200d4ba79836cf8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextFileA
FindClose
TerminateThread
GetFileAttributesA
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
FlushInstructionCache
SetLastError
GetCurrentThreadId
RaiseException
CreateDirectoryW
CreateDirectoryA
GetPrivateProfileStringW
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleFileNameA
CreateMutexA
GetCurrentProcessId
GetPrivateProfileIntA
ReleaseMutex
WritePrivateProfileStringA
GetPrivateProfileStringA
GetLocalTime
GetTempPathA
CreateFileA
WriteFile
CloseHandle
lstrcpyA
GetWindowsDirectoryA
GlobalAlloc
GlobalLock
GlobalUnlock
WinExec
SetFilePointer
ReadFile
GlobalSize
GlobalFree
Sleep
ResetEvent
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
FindFirstFileA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
SetHandleCount
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetOEMCP
GetCPInfo
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
HeapCreate
ExitProcess
RtlUnwind
GetStartupInfoA
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualQuery
GetSystemInfo
GetModuleHandleA
VirtualProtect
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
DeleteCriticalSection
InitializeCriticalSection
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetLongPathNameA
WaitForSingleObject
GetUserDefaultLCID
FindResourceExA
LoadResource
LockResource
SizeofResource
FindResourceA
GetLastError
CreateThread
CreateEventA
WideCharToMultiByte
SetEvent
GetTickCount
lstrlenA
InterlockedExchange
MultiByteToWideChar

user32

FrameRect
FillRect
LoadImageA
CloseClipboard
RegisterClipboardFormatA
SetClipboardData
EmptyClipboard
OpenClipboard
DrawTextA
IsWindowEnabled
EnableWindow
KillTimer
SetTimer
GetDC
ReleaseDC
SendMessageA
PostMessageA
GetSystemMetrics
PtInRect
InflateRect
InvalidateRect
IsWindowVisible
ShowWindow
LoadCursorA
RegisterClassExA
CreateWindowExA
BeginPaint
EndPaint
DefWindowProcA
UpdateWindow
SetWindowPos
LoadBitmapA
GetWindowRect
ClientToScreen
ReleaseCapture
GetDlgCtrlID
SystemParametersInfoA
GetCapture
SetCapture
DrawFocusRect
DrawEdge
GetParent
MoveWindow
CreatePopupMenu
DestroyMenu
SetWindowTextA
IsZoomed
PostQuitMessage
SetMenu
LoadIconA
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
LoadStringA
SendMessageTimeoutA
SetForegroundWindow
MessageBoxA
GetKeyboardState
SetCursor
DestroyWindow
GetClassInfoExA
SetWindowLongA
GetClientRect
AdjustWindowRectEx
GetWindowLongA
GetMenu
IsWindow
CallWindowProcA
TrackPopupMenu
AppendMenuA
UnregisterClassA

gdi32

SetStretchBltMode
SelectObject
DeleteObject
BitBlt
CreateCompatibleDC
DeleteDC
GetObjectA
SetTextColor
CreateFontIndirectA
CreateCompatibleBitmap
StretchBlt
SetBkMode
CreateSolidBrush
CreateDIBSection

advapi32

RegCreateKeyA
RegCloseKey
RegSetValueExA

shell32

ShellExecuteA
SHGetSpecialFolderPathA
ShellExecuteExA
DragQueryFileA
SHGetSpecialFolderPathW
SHFileOperationA

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
StringFromGUID2
GetHGlobalFromStream

oleaut32

SysAllocString
VariantClear

shlwapi

PathFindExtensionA
PathFindExtensionW

comctl32

ImageList_Create
ImageList_Add
ImageList_GetIconSize
ImageList_Destroy
ImageList_Draw
_TrackMouseEvent
ImageList_AddMasked

gdiplus

GdipImageRotateFlip
GdipSaveImageToStream
GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipSaveImageToFile
GdipImageSelectActiveFrame
GdipCreateBitmapFromStream
GdipCloneImage
GdipDisposeImage
GdipAlloc
GdipFree
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectRect
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipSetCompositingQuality
GdipSetCompositingMode
GdipDeleteGraphics
GdipCreateFromHDC

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Picture
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Resource.dll
.dll windows:4 windows x86 arch:x86

9704c6413403804e79b3afc92396146e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\My_Application_2005\Source_in_Vss\PictureProj\Release\Resource.pdb

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uninstall.exe
.exe windows:4 windows x86 arch:x86

b2a0d9368ec1be7deb968a920e5c993e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:44:ca:5f:e1:1b:91:0e:c3:dd:1c:a9:29:d7:29:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

04/07/2007, 00:00

Not After

03/07/2008, 23:59

Subject

CN=Guangzhou ShuLian Software Technology Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technology,O=Guangzhou ShuLian Software Technology Ltd,L=guangzhou,ST=guangzhou,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
SetFileTime
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
ExitProcess

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsisFirewall.dll
.dll windows:4 windows x86 arch:x86

668ee366fb5b7f916e44ba8830cd1caf

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:44:ca:5f:e1:1b:91:0e:c3:dd:1c:a9:29:d7:29:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

04/07/2007, 00:00

Not After

03/07/2008, 23:59

Subject

CN=Guangzhou ShuLian Software Technology Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technology,O=Guangzhou ShuLian Software Technology Ltd,L=guangzhou,ST=guangzhou,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedExchange
MultiByteToWideChar
WideCharToMultiByte
GetLastError
lstrlenA
InterlockedDecrement
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
LocalFree
HeapAlloc
HeapFree
RaiseException
HeapReAlloc
VirtualAlloc
GetProcAddress
GetModuleHandleA
RtlUnwind
GetCurrentThreadId
GetCommandLineA
GetProcessHeap
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
HeapDestroy
HeapCreate
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
InitializeCriticalSection
LoadLibraryA
GetCPInfo

ole32

OleRun
CLSIDFromString
CoUninitialize
CoInitialize
CLSIDFromProgID
CoCreateInstance

oleaut32

SysFreeString
GetErrorInfo
SysAllocString
VariantClear

Exports

Exports

AddAuthorizedApplication
RemoveAuthorizedApplication

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/poco_plugins.dll
.dll windows:4 windows x86 arch:x86

04b366a6e4b8ef46b08a3c61848c729b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\安装包\安装包文档\browserhelper\release\browserhelper.pdb

Imports

kernel32

LoadResource
LockResource
SizeofResource
FindResourceA
FindResourceExA
lstrlenA
InterlockedDecrement
CloseHandle
GetLastError
CreateToolhelp32Snapshot
Process32First
OpenProcess
Process32Next
CreateDirectoryA
GetLocalTime
GetTempPathA
GetTempFileNameA
TerminateProcess
GetExitCodeProcess
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryA
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
LocalFree
VirtualAlloc
GetProcAddress
GetModuleHandleA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RtlUnwind
HeapCreate
VirtualFree
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCPInfo
GetOEMCP
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime

user32

UnregisterClassA
wsprintfA

advapi32

SetEntriesInAclA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
SetNamedSecurityInfoA

shell32

SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

iphlpapi

GetAdaptersInfo

urlmon

URLDownloadToFileA

Exports

Exports

D
E
G
K
KP
M
P
T
X
X2

Sections

.text
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uninstall.exe.nsis
images/Ȥζͼ/Ҷ2.png
.png
images/Ȥζͼ/Բ.png
.png
images/Ȥζͼ/Ի1.png
.png
images/Ȥζͼ/Ի2.png
.png
images/Ȥζͼ/.png
.png
images/Ȥζͼ/.png
.png
images/Ȥζͼ/Ҷ.png
.png
images/Ȥζͼ/.png
.png
images/Ȥζͼ/.png
.png
images/ͷ/MSNͷ(95x95).jpg
.jpg
images/ͷ/POCOռ(163x163).jpg
.jpg
images/ͷ/QQͷ(38x38).jpg
.jpg
images/ͷ/ͷ(139x139).jpg
.jpg
images/ͷ/̳ͷ(120x120).jpg
.jpg
images/ͷ/̳ͷ(144x226).jpg
.jpg
images/ͷ/̳ͷ(150x150).jpg
.jpg
images/ͷ/̳ͷ(96x96).jpg
.jpg
images/֤/Ǳˮ.png
.png
images/֤/֤.png
.png
images/֤/Ů֤.png
.png
images/֤/Ů֤.png
.png
images/ͷ//aq071110005.png
.png
images/ͷ//aq071110009.png
.png
images/ͷ//aq2007121707.png
.png
images/ͷ//aq2007121709.png
.png
images/ͷ//dc2007121706.png
.png
images/ͷ//dc2007121710.png
.png
images/ͷ//dm071110067.png
.png
images/ͷ//dm071110068.png
.png
images/ͷ/羰/fj2007121711.png
.png
images/ͷ/羰/zh-16.png
.png
images/ͷ//hb2007121703.png
.png
images/ͷ//hb2007121706.png
.png
images/ͷ//jif-132.png
.png
images/ͷ//jif-82.png
.png
images/ͷ//jr071110034.png
.png
images/ͷ//jr071110035.png
.png
images/ͷ//BV_2_a6.png
.png
images/ͷ//mx2007121707.png
.png
images/ͷ//xz2007121709.png
.png
images/ͷ//xz2007121713.png
.png
images/ֻֽ/LG/kg270=240x320.png
.png
images/ֻֽ/LG/kp200=128x128.png
.png
images/ֻֽ/LG/ku250=176x220.png
.png
images/ֻֽ/LG/ku580=240x320.png
.png
images/ֻֽ/LG/u300=176x220.png
.png
images/ֻֽ/blackberry/7100t=240x260.png
.png
images/ֻֽ/blackberry/7100v=240x320.png
.png
images/ֻֽ/blackberry/7130v=240x260.png
.png
images/ֻֽ/blackberry/7290=240x160.png
.png
images/ֻֽ/motorola/a1010=208x320.png
.png
images/ֻֽ/motorola/a1200=240x320.png
.png
images/ֻֽ/motorola/a728=320x240.png
.png
images/ֻֽ/motorola/e1060=320x240.png
.png
images/ֻֽ/motorola/rokrz6=240x320.png
.png
images/ֻֽ/motorola/slvrl7=176x220.png
.png
images/ֻֽ/nokia/3230=176x144.png
.png
images/ֻֽ/nokia/3250=176x208.png
.png
images/ֻֽ/nokia/5070=128x160.png
.png
images/ֻֽ/nokia/5200=128x160.png
.png
images/ֻֽ/nokia/5300=240x320.png
.png
images/ֻֽ/nokia/5700=240x320.png
.png
images/ֻֽ/nokia/6270=320x240.png
.png
images/ֻֽ/nokia/6300=240x320.png
.png
images/ֻֽ/nokia/7610=176x208.png
.png
images/ֻֽ/nokia/n70=176x208.png
.png
images/ֻֽ/nokia/n72=176x208.png
.png
images/ֻֽ/nokia/n73=240x320.png
.png
images/ֻֽ/nokia/n76=240x320.png
.png
images/ֻֽ/nokia/n91=176x208.png
.png
images/ֻֽ/nokia/ngage=176x220.png
.png
images/ֻֽ/samsung/e250=128x160 .png
.png
images/ֻֽ/samsung/e840=240x320.png
.png
images/ֻֽ/samsung/p310=176x220.png
.png
images/ֻֽ/samsung/u600=240x320.png
.png
images/ֻֽ/sonyericsson/j210i=128x128.png
.png
images/ֻֽ/sonyericsson/k310i=128x160.png
.png
images/ֻֽ/sonyericsson/k530i=176x220.png
.png
images/ֻֽ/sonyericsson/k550i=176x220.png
.png
images/ֻֽ/sonyericsson/w550i=176x220.png
.png
images/ֻֽ/sonyericsson/w580i=240x320.png
.png
images/ֻֽ/sonyericsson/w610i=176x220.png
.png
images/ֻֽ/sonyericsson/w800i=176x220.png
.png
images//DAD˷.png
.png
images//KA-POW.png
.png
images//kiss me.png
.png
images//ʥñ.png
.png
images//ˮī.png
.png
images//ѩ.png
.png
images//ݮ.png
.png
images//.png
.png
images//.png
.png
images/Ч/ct2007121709.gif
.gif
images/Ч/h2007112615.gif
.gif
images/Ч/hb2007121713.gif
.gif
images/Ч/wyd2007121703.gif
.gif
images/Ч/x2007112616.gif
.gif
images//ͯȤ/tq_20080109_1.mf
.jpg
images//ͯȤ/tq_20080109_3.mf
.jpg
images//ͯȤ/tq_20080109_5.mf
.jpg
images///aq_071225_01.mf
.jpg
images///aq_071225_02.mf
.jpg
images///aq_20071228_1.mf
.jpg
images//Ц/gx_20080109_1.mf
.jpg
images//Ц/gx_20080109_2.mf
.jpg
images//Ц/gx_20080109_3.mf
.jpg
images///hj_071225_01.mf
.jpg
images///hj_071225_02.mf
.jpg
images///hj_20071228_4.mf
.jpg
images//ͨ/kt_071225_01.mf
.jpg
images//ͨ/kt_20071228_3.mf
.jpg
images///qt_071225_01.mf
.jpg
images///qt_071225_02.mf
.jpg
images///qt_20071228_6.mf
.jpg
images///sy_20071228_2.mf
.jpg
images///sy_20071228_3.mf
.jpg
images///sy_20071228_4.mf
.jpg
update.exe
.exe windows:4 windows x86 arch:x86

78189dd0df726438a5e2d9d459e546a6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:44:ca:5f:e1:1b:91:0e:c3:dd:1c:a9:29:d7:29:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

04/07/2007, 00:00

Not After

03/07/2008, 23:59

Subject

CN=Guangzhou ShuLian Software Technology Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technology,O=Guangzhou ShuLian Software Technology Ltd,L=guangzhou,ST=guangzhou,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Downloader\Release\update.pdb

Imports

kernel32

WriteFile
SetFilePointer
MoveFileA
CloseHandle
GetFileAttributesA
CreateDirectoryA
FindResourceA
LoadResource
GetTickCount
RaiseException
SizeofResource
FindResourceExA
WideCharToMultiByte
LockResource
GetFileSize
ReadFile
MultiByteToWideChar
GetTempPathA
GetTempFileNameA
LocalFree
CreateProcessA
Sleep
GetPrivateProfileStringA
WritePrivateProfileStringA
GetModuleFileNameA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CreateToolhelp32Snapshot
Process32First
Process32Next
GetProcAddress
GetModuleHandleA
OpenProcess
VirtualAllocEx
CreateFileA
CreateRemoteThread
WaitForSingleObject
OpenFileMappingA
GetExitCodeProcess
TerminateProcess
GetPrivateProfileIntA
GetLocalTime
LoadLibraryA
FreeLibrary
InterlockedExchange
CreateEventA
CreateThread
ResumeThread
SetCurrentDirectoryA
GetPrivateProfileSectionNamesA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLastError
DeleteFileA
WriteProcessMemory
GetConsoleMode
GetConsoleCP
GetOEMCP
GetCPInfo
IsDebuggerPresent
GetCurrentProcess
InterlockedDecrement
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ExitProcess
VirtualFree
HeapCreate
LCMapStringW
LCMapStringA
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
GetACP
GetLocaleInfoA
GetThreadLocale
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
VirtualAlloc
VirtualQuery
GetCommandLineA
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetStringTypeA

user32

CharUpperA
UnregisterClassA
MessageBoxA
CharNextA

advapi32

RegCreateKeyA
RegQueryValueExA

shell32

ShellExecuteA
SHGetSpecialFolderPathA
CommandLineToArgvW

ole32

StringFromGUID2
CLSIDFromString
CoCreateGuid

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString

iphlpapi

GetAdaptersInfo

psapi

GetModuleFileNameExA

ws2_32

bind
htons
inet_addr
socket
closesocket
WSACleanup
gethostbyname
connect
send
recv
sendto
WSAStartup
WSAGetLastError
htonl

urlmon

URLDownloadToFileA

Sections

.text
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
wiaaut.dll
.dll regsvr32 windows:5 windows x86 arch:x86

c4d5288cc0f629fc5c7869b66bfe2953

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:44:ca:5f:e1:1b:91:0e:c3:dd:1c:a9:29:d7:29:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

04/07/2007, 00:00

Not After

03/07/2008, 23:59

Subject

CN=Guangzhou ShuLian Software Technology Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technology,O=Guangzhou ShuLian Software Technology Ltd,L=guangzhou,ST=guangzhou,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
malloc
realloc
free
_vsnwprintf
wcscmp

advapi32

RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW

gdi32

CreateDIBSection
DeleteObject
SelectClipRgn
CreateRectRgnIndirect
Rectangle
GetDeviceCaps
RestoreDC
DeleteDC
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SaveDC
LPtoDP
CreateDCW
DeleteMetaFile
CloseMetaFile
SetWindowExtEx
CreateMetaFileW

gdiplus

GdipDeleteGraphics
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertySize
GdipGetAllPropertyItems
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipFree
GdipCloneImage
GdipGetImageDecodersSize
GdipGetImageDecoders
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdiplusShutdown
GdipSaveImageToFile
GdipCreateBitmapFromScan0
GdipAlloc
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImageHorizontalResolution
GdipGetImageVerticalResolution
GdipBitmapSetResolution
GdipGetEncoderParameterList
GdipGetEncoderParameterListSize
GdipRemovePropertyItem
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipCreateBitmapFromGdiDib
GdipCloneBitmapAreaI
GdipGetImageFlags
GdipGetImageRawFormat
GdipImageRotateFlip
GdipSetPropertyItem
GdipSaveAddImage
GdipCreateHBITMAPFromBitmap
GdipGetImagePixelFormat

kernel32

GetCurrentProcess
FlushInstructionCache
HeapAlloc
GetShortPathNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
DisableThreadLibraryCalls
LoadLibraryW
GetProcAddress
FreeLibrary
HeapDestroy
GetModuleFileNameW
lstrcatW
GetWindowsDirectoryW
CreateMutexW
OpenFileMappingW
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
ReleaseMutex
FormatMessageW
LocalAlloc
LocalFree
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
GetLastError
GetTempFileNameW
GetTempPathW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
ReadFile
CloseHandle
GetFileSize
CreateFileW
lstrlenA
lstrcpyW
GetModuleHandleW
FileTimeToSystemTime
DeleteFileW
LeaveCriticalSection
EnterCriticalSection
lstrlenW
WideCharToMultiByte
SystemTimeToFileTime
CopyFileW
WriteFile
CompareStringW
lstrcpynW
GetTickCount
HeapFree
GetProcessHeap
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiW

ole32

CoAllowSetForegroundWindow
PropVariantClear
PropVariantCopy
CreateStreamOnHGlobal
CLSIDFromString
CoTaskMemFree
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
OleRegEnumVerbs
OleRegGetUserType
OleRegGetMiscStatus
CreateDataAdviseHolder
CreateOleAdviseHolder
OleLoadFromStream
WriteClassStm
OleSaveToStream

oleaut32

SysAllocStringByteLen
OleCreatePropertyFrame
SysStringByteLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
SafeArrayCreateVector
SafeArrayDestroy
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
OleCreatePictureIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
CreateErrorInfo
SetErrorInfo
VariantChangeType
VariantCopy
VariantClear
SysStringLen
SysAllocString
SysAllocStringLen
SysFreeString

shell32

ord155
ord28
ord18

shlwapi

PathFindFileNameW
PathRemoveExtensionW
StrCatW

user32

SetCursor
GetLastActivePopup
SetForegroundWindow
LoadStringW
ReleaseDC
GetDC
GetDesktopWindow
CharUpperBuffW
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
DestroyWindow
IsWindow
DefWindowProcW
DrawIcon
LoadIconW
GetWindowThreadProcessId
GetActiveWindow
CharNextW
PtInRect
UnionRect
SetWindowPos
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
SetWindowLongW
GetWindowLongW
CallWindowProcW
GetKeyState
DestroyAcceleratorTable
InvalidateRect
EndPaint
GetClientRect
BeginPaint
IsChild
GetFocus
RegisterClassExW
wsprintfW
LoadCursorW
GetClassInfoExW
CreateWindowExW
ShowWindow
SetFocus
GetParent

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

b2a0d9368ec1be7deb968a920e5c993e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

33:2c:0a:9c:f2:0f:b4:8f:ca:a5:1a:17:6e:98:05:17Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 52KB

.rsrc Size: 7KB - Virtual size: 7KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 25KB

.reloc Size: 1024B - Virtual size: 812B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

33:2c:0a:9c:f2:0f:b4:8f:ca:a5:1a:17:6e:98:05:17
Certificate

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 52KB

.rsrc
Size: 7KB - Virtual size: 7KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 25KB

.reloc
Size: 1024B - Virtual size: 812B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 496B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

75:44:ca:5f:e1:1b:91:0e:c3:dd:1c:a9:29:d7:29:40
Certificate

.text
Size: 52KB - Virtual size: 48KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 48KB - Virtual size: 47KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 256B - Virtual size: 184B

.data
Size: 128B - Virtual size: 12B

INIT
Size: 640B - Virtual size: 520B

.reloc
Size: 256B - Virtual size: 202B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 256B - Virtual size: 184B

.data
Size: 128B - Virtual size: 16B

INIT
Size: 640B - Virtual size: 546B

.reloc
Size: 256B - Virtual size: 206B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

75:44:ca:5f:e1:1b:91:0e:c3:dd:1c:a9:29:d7:29:40
Certificate