dialog
initDialog
show
Overview
overview
7Static
static
3TSPSetup_U...20.exe
windows7-x64
7TSPSetup_U...20.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3$SYSDIR/framedyn.dll
windows7-x64
3$SYSDIR/framedyn.dll
windows10-2004-x64
3Drv/amd64/TSPUNI.dll
windows7-x64
1Drv/amd64/TSPUNI.dll
windows10-2004-x64
1Drv/i386/TSPUNI.dll
windows7-x64
3Drv/i386/TSPUNI.dll
windows10-2004-x64
3OfficeBatchPrint.exe
windows7-x64
1OfficeBatchPrint.exe
windows10-2004-x64
1TSPExt.dll
windows7-x64
1TSPExt.dll
windows10-2004-x64
1TSPExtLoader.exe
windows7-x64
1TSPExtLoader.exe
windows10-2004-x64
1TSPProInst.exe
windows7-x64
1TSPProInst.exe
windows10-2004-x64
1TSPSVC.exe
windows7-x64
1TSPSVC.exe
windows10-2004-x64
1TSPSet.exe
windows7-x64
1TSPSet.exe
windows10-2004-x64
1TSReader.exe
windows7-x64
1TSReader.exe
windows10-2004-x64
1TSReader.exe
windows7-x64
1TSReader.exe
windows10-2004-x64
1Static task
static1
2 signatures
Behavioral task
behavioral1
Sample
TSPSetup_Unnoo2.2.20.exe
Resource
win7-20240221-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
TSPSetup_Unnoo2.2.20.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240220-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral5
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral6
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240215-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20231129-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral11
Sample
$SYSDIR/framedyn.dll
Resource
win7-20240220-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral12
Sample
$SYSDIR/framedyn.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral13
Sample
Drv/amd64/TSPUNI.dll
Resource
win7-20240221-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral14
Sample
Drv/amd64/TSPUNI.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral15
Sample
Drv/i386/TSPUNI.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral16
Sample
Drv/i386/TSPUNI.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral17
Sample
OfficeBatchPrint.exe
Resource
win7-20240221-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral18
Sample
OfficeBatchPrint.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral19
Sample
TSPExt.dll
Resource
win7-20240215-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral20
Sample
TSPExt.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral21
Sample
TSPExtLoader.exe
Resource
win7-20231129-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral22
Sample
TSPExtLoader.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral23
Sample
TSPProInst.exe
Resource
win7-20240221-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral24
Sample
TSPProInst.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral25
Sample
TSPSVC.exe
Resource
win7-20240221-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral26
Sample
TSPSVC.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral27
Sample
TSPSet.exe
Resource
win7-20240221-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral28
Sample
TSPSet.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral29
Sample
TSReader.exe
Resource
win7-20240221-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral30
Sample
TSReader.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral31
Sample
TSReader.exe
Resource
win7-20240221-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral32
Sample
TSReader.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
f083c2bb88fa219a1aecba556513568a_JaffaCakes118
-
Size
2.2MB
-
MD5
f083c2bb88fa219a1aecba556513568a
-
SHA1
d3f0a0abbf01c875c5a3736447b403f56b0a598c
-
SHA256
08bb3c1deb4b9686cbc0fe270aa5ecc5db2a919b90e55bda1578cbdb7b42ef80
-
SHA512
2ff29aaf738f6975f534181d068e5321df64744284224e7a4221ab5bb07fd276a5d15927edb960e90a814d291b4f01971d2ef51dd2dd7a0d947e55312a88186b
-
SSDEEP
49152:SDbV7oiHjFYr3NpTGVpsTD6TAjDsnNlL5tOdjxioE5f5deI+:SDbV7oiDFcDapkinXteM7Z2h
Score
3/10
Malware Config
Signatures
-
Unsigned PE 10 IoCs
Checks for missing Authenticode signature.
resource unpack001/TSPSetup_Unnoo2.2.20.exe unpack002/$PLUGINSDIR/InstallOptions.dll unpack002/$PLUGINSDIR/LangDLL.dll unpack002/$PLUGINSDIR/System.dll unpack002/$PLUGINSDIR/nsExec.dll unpack002/$SYSDIR/framedyn.dll unpack002/TSReader.dat unpack002/TSReader.exe unpack002/uninst.exe unpack003/$PLUGINSDIR/nsExec.dll -
NSIS installer 4 IoCs
resource yara_rule static1/unpack001/TSPSetup_Unnoo2.2.20.exe nsis_installer_1 static1/unpack001/TSPSetup_Unnoo2.2.20.exe nsis_installer_2 static1/unpack002/uninst.exe nsis_installer_1 static1/unpack002/uninst.exe nsis_installer_2
Files
-
f083c2bb88fa219a1aecba556513568a_JaffaCakes118.rar
-
TSPSetup_Unnoo2.2.20.exe.exe windows:4 windows x86 arch:x86
1c042238f43557c055fca8642de8a074
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA
user32
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow
gdi32
SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject
shell32
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation
advapi32
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
comctl32
ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create
ole32
CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Sections
.text Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 252KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 328KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/InstallOptions.dll.dll windows:4 windows x86 arch:x86
0b51ce6ce6bf8d5c68b3ea9f3ac1bf2c
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc
user32
MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
MessageBoxA
CallWindowProcA
PostMessageA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect
gdi32
SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject
shell32
SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA
comdlg32
GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError
ole32
CoTaskMemFree
Exports
Exports
Sections
.text Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 152B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/LangDLL.dll.dll windows:4 windows x86 arch:x86
d23fbd09100caad5e10f17163f511668
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GlobalFree
lstrcpynA
GlobalAlloc
lstrcmpA
lstrlenA
GetModuleHandleA
MulDiv
lstrcpyA
GetACP
user32
SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC
gdi32
CreateFontIndirectA
GetDeviceCaps
DeleteObject
Exports
Exports
LangDialog
Sections
.text Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 697B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 352B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 292B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/System.dll.dll windows:4 windows x86 arch:x86
4ec328f99bdd944fc98d8a5cf11f7a62
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect
user32
wsprintfA
ole32
StringFromGUID2
CLSIDFromString
Exports
Exports
Alloc
Call
Copy
Free
Get
Int64Op
Store
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 784B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 92B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 446B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/ioSpecial.ini
-
$PLUGINSDIR/modern-wizard.bmp
-
$PLUGINSDIR/nsExec.dll.dll windows:4 windows x86 arch:x86
d83f71e61ee459ee63ca3e829966a9dc
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
lstrcpyA
lstrcpynA
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
GetModuleHandleA
DeleteFileA
lstrcmpiA
lstrlenA
lstrcatA
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
GetProcAddress
GlobalLock
GetCurrentProcess
user32
SendMessageA
OemToCharBuffA
CharNextA
wsprintfA
CharPrevA
FindWindowExA
advapi32
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
Exports
Exports
Exec
ExecToLog
ExecToStack
Sections
.text Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 386B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$SYSDIR/framedyn.dll.dll windows:5 windows x86 arch:x86
0c10fb1bd6a6e762649940d2116ecd8f
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
framedyn.pdb
Imports
msvcrt
_onexit
_except_handler3
_wcsicmp
wcscoll
__CxxFrameHandler
_purecall
_CxxThrowException
_wrename
_wunlink
_wtoi64
wcscmp
_wcsupr
wcscpy
malloc
__dllonexit
_wtol
wcspbrk
wcsrchr
wcsstr
_wcslwr
_wcsrev
memmove
vswprintf
iswdigit
wcsspn
wcscspn
swscanf
_vsnwprintf
mbstowcs
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
free
iswspace
wcsncpy
sprintf
atol
sscanf
wcscat
swprintf
wcschr
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_wtoi
_ui64tow
_i64tow
wcslen
kernel32
CompareFileTime
FormatMessageW
FormatMessageA
lstrlenA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTimeZoneInformation
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThread
CloseHandle
GetSystemTimeAsFileTime
GetFileSizeEx
WriteFile
SetFilePointer
WideCharToMultiByte
GetCurrentThreadId
SystemTimeToFileTime
CreateFileW
ReleaseMutex
WaitForSingleObject
GetLastError
SetLastError
GetModuleHandleW
MultiByteToWideChar
GetComputerNameA
GetComputerNameW
CreateMutexA
CreateMutexW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
ExitProcess
GetVersionExA
Sleep
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
CreateEventW
SetEvent
SetConsoleCtrlHandler
CreateThread
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
lstrlenW
LocalFree
DisableThreadLibraryCalls
LCMapStringW
GetVersionExW
GetLocalTime
advapi32
ImpersonateSelf
RegOpenCurrentUser
RegEnumValueW
RegEnumValueA
RegEnumKeyW
RegEnumKeyA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExW
RegOpenKeyExA
RegDeleteKeyW
RegDeleteKeyA
RegDeleteValueW
RegDeleteValueA
RegQueryValueExW
RegQueryValueExA
RegSetValueExW
RegSetValueExA
RegCreateKeyExW
RegCreateKeyExA
RegCloseKey
InitiateSystemShutdownW
ImpersonateLoggedOnUser
OpenThreadToken
RevertToSelf
GetTokenInformation
user32
UnregisterClassW
RegisterClassW
CreateWindowExW
DefWindowProcW
SendMessageW
GetMessageW
TranslateMessage
DispatchMessageW
ExitWindowsEx
PostMessageW
oleaut32
SysAllocStringLen
VariantChangeTypeEx
SysStringLen
SafeArrayCreate
SafeArrayPutElement
SafeArrayCopy
VariantCopy
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayDestroy
VariantClear
SysFreeString
SysAllocString
SysAllocStringByteLen
SysStringByteLen
VariantInit
ole32
CoGetCallContext
StringFromGUID2
CoCreateInstance
OleRun
CoLockObjectExternal
secur32
GetUserNameExW
Exports
Exports
??0CAutoEvent@@QAE@XZ
??0CFrameworkQuery@@QAE@ABV0@@Z
??0CFrameworkQuery@@QAE@XZ
??0CFrameworkQueryEx@@QAE@ABV0@@Z
??0CFrameworkQueryEx@@QAE@XZ
??0CHPtrArray@@QAE@XZ
??0CHString@@QAE@ABV0@@Z
??0CHString@@QAE@GH@Z
??0CHString@@QAE@PBD@Z
??0CHString@@QAE@PBE@Z
??0CHString@@QAE@PBG@Z
??0CHString@@QAE@PBGH@Z
??0CHString@@QAE@XZ
??0CHStringArray@@QAE@XZ
??0CInstance@@QAE@ABV0@@Z
??0CInstance@@QAE@PAUIWbemClassObject@@PAVMethodContext@@@Z
??0CObjectPathParser@@QAE@W4ObjectParserFlags@@@Z
??0CRegistry@@QAE@ABV0@@Z
??0CRegistry@@QAE@XZ
??0CRegistrySearch@@QAE@ABV0@@Z
??0CRegistrySearch@@QAE@XZ
??0CThreadBase@@QAE@ABV0@@Z
??0CThreadBase@@QAE@W4THREAD_SAFETY_MECHANISM@0@@Z
??0CWbemGlueFactory@@QAE@ABV0@@Z
??0CWbemGlueFactory@@QAE@PAJ@Z
??0CWbemGlueFactory@@QAE@XZ
??0CWbemProviderGlue@@QAE@ABV0@@Z
??0CWbemProviderGlue@@QAE@PAJ@Z
??0CWbemProviderGlue@@QAE@XZ
??0CWinMsgEvent@@QAE@ABV0@@Z
??0CWinMsgEvent@@QAE@XZ
??0CreateMutexAsProcess@@QAE@PBG@Z
??0KeyRef@@QAE@PBGPBUtagVARIANT@@@Z
??0KeyRef@@QAE@XZ
??0MethodContext@@QAE@ABV0@@Z
??0MethodContext@@QAE@PAUIWbemContext@@PAVCWbemProviderGlue@@@Z
??0ParsedObjectPath@@QAE@XZ
??0Provider@@QAE@ABV0@@Z
??0Provider@@QAE@PBG0@Z
??0ProviderLog@@QAE@ABV0@@Z
??0ProviderLog@@QAE@XZ
??0WBEMTime@@QAE@ABJ@Z
??0WBEMTime@@QAE@ABU_FILETIME@@@Z
??0WBEMTime@@QAE@ABU_SYSTEMTIME@@@Z
??0WBEMTime@@QAE@ABUtm@@@Z
??0WBEMTime@@QAE@QAG@Z
??0WBEMTime@@QAE@XZ
??0WBEMTimeSpan@@QAE@ABJ@Z
??0WBEMTimeSpan@@QAE@ABU_FILETIME@@@Z
??0WBEMTimeSpan@@QAE@HHHHHHH@Z
??0WBEMTimeSpan@@QAE@QAG@Z
??0WBEMTimeSpan@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??1CAutoEvent@@QAE@XZ
??1CFrameworkQuery@@QAE@XZ
??1CFrameworkQueryEx@@QAE@XZ
??1CHPtrArray@@QAE@XZ
??1CHString@@QAE@XZ
??1CHStringArray@@QAE@XZ
??1CInstance@@UAE@XZ
??1CObjectPathParser@@QAE@XZ
??1CRegistry@@QAE@XZ
??1CRegistrySearch@@QAE@XZ
??1CThreadBase@@UAE@XZ
??1CWbemGlueFactory@@QAE@XZ
??1CWbemProviderGlue@@QAE@XZ
??1CWinMsgEvent@@QAE@XZ
??1CreateMutexAsProcess@@QAE@XZ
??1KeyRef@@QAE@XZ
??1MethodContext@@UAE@XZ
??1ParsedObjectPath@@QAE@XZ
??1Provider@@UAE@XZ
??1ProviderLog@@UAE@XZ
??1_Lockit@std@@QAE@XZ
??4CAutoEvent@@QAEAAV0@ABV0@@Z
??4CFrameworkQuery@@QAEAAV0@ABV0@@Z
??4CFrameworkQueryEx@@QAEAAV0@ABV0@@Z
??4CHPtrArray@@QAEAAV0@ABV0@@Z
??4CHString@@QAEABV0@ABV0@@Z
??4CHString@@QAEABV0@D@Z
??4CHString@@QAEABV0@G@Z
??4CHString@@QAEABV0@PAV0@@Z
??4CHString@@QAEABV0@PBD@Z
??4CHString@@QAEABV0@PBE@Z
??4CHString@@QAEABV0@PBG@Z
??4CHStringArray@@QAEAAV0@ABV0@@Z
??4CInstance@@QAEAAV0@ABV0@@Z
??4CObjectPathParser@@QAEAAV0@ABV0@@Z
??4CRegistry@@QAEAAV0@ABV0@@Z
??4CRegistrySearch@@QAEAAV0@ABV0@@Z
??4CThreadBase@@QAEAAV0@ABV0@@Z
??4CWbemGlueFactory@@QAEAAV0@ABV0@@Z
??4CWbemProviderGlue@@QAEAAV0@ABV0@@Z
??4CWinMsgEvent@@QAEAAV0@ABV0@@Z
??4CreateMutexAsProcess@@QAEAAV0@ABV0@@Z
??4KeyRef@@QAEAAU0@ABU0@@Z
??4MethodContext@@QAEAAV0@ABV0@@Z
??4ParsedObjectPath@@QAEAAU0@ABU0@@Z
??4Provider@@QAEAAV0@ABV0@@Z
??4ProviderLog@@QAEAAV0@ABV0@@Z
??4WBEMTime@@QAEAAV0@ABV0@@Z
??4WBEMTime@@QAEABV0@ABJ@Z
??4WBEMTime@@QAEABV0@ABU_FILETIME@@@Z
??4WBEMTime@@QAEABV0@ABU_SYSTEMTIME@@@Z
??4WBEMTime@@QAEABV0@ABUtm@@@Z
??4WBEMTime@@QAEABV0@QAG@Z
??4WBEMTimeSpan@@QAEAAV0@ABV0@@Z
??4WBEMTimeSpan@@QAEABV0@ABJ@Z
??4WBEMTimeSpan@@QAEABV0@ABU_FILETIME@@@Z
??4WBEMTimeSpan@@QAEABV0@QAG@Z
??4_Lockit@std@@QAEAAV01@ABV01@@Z
??8WBEMTime@@QBEHABV0@@Z
??8WBEMTimeSpan@@QBEHABV0@@Z
??9WBEMTime@@QBEHABV0@@Z
??9WBEMTimeSpan@@QBEHABV0@@Z
??ACHPtrArray@@QAEAAPAXH@Z
??ACHPtrArray@@QBEPAXH@Z
??ACHString@@QBEGH@Z
??ACHStringArray@@QAEAAVCHString@@H@Z
??ACHStringArray@@QBE?AVCHString@@H@Z
??BCHString@@QBEPBGXZ
??GWBEMTime@@QAE?AVWBEMTimeSpan@@ABV0@@Z
??GWBEMTime@@QBE?AV0@ABVWBEMTimeSpan@@@Z
??GWBEMTimeSpan@@QBE?AV0@ABV0@@Z
??H@YG?AVCHString@@ABV0@0@Z
??H@YG?AVCHString@@ABV0@G@Z
??H@YG?AVCHString@@ABV0@PBG@Z
??H@YG?AVCHString@@GABV0@@Z
??H@YG?AVCHString@@PBGABV0@@Z
??HWBEMTime@@QBE?AV0@ABVWBEMTimeSpan@@@Z
??HWBEMTimeSpan@@QBE?AV0@ABV0@@Z
??MWBEMTime@@QBEHABV0@@Z
??MWBEMTimeSpan@@QBEHABV0@@Z
??NWBEMTime@@QBEHABV0@@Z
??NWBEMTimeSpan@@QBEHABV0@@Z
??OWBEMTime@@QBEHABV0@@Z
??OWBEMTimeSpan@@QBEHABV0@@Z
??PWBEMTime@@QBEHABV0@@Z
??PWBEMTimeSpan@@QBEHABV0@@Z
??YCHString@@QAEABV0@ABV0@@Z
??YCHString@@QAEABV0@D@Z
??YCHString@@QAEABV0@G@Z
??YCHString@@QAEABV0@PBG@Z
??YWBEMTime@@QAEABV0@ABVWBEMTimeSpan@@@Z
??YWBEMTimeSpan@@QAEABV0@ABV0@@Z
??ZWBEMTime@@QAEABV0@ABVWBEMTimeSpan@@@Z
??ZWBEMTimeSpan@@QAEABV0@ABV0@@Z
??_7CFrameworkQueryEx@@6B@
??_7CInstance@@6B@
??_7CThreadBase@@6B@
??_7CWbemGlueFactory@@6B@
??_7CWbemProviderGlue@@6BIWbemProviderInit@@@
??_7CWbemProviderGlue@@6BIWbemServices@@@
??_7CWinMsgEvent@@6B@
??_7MethodContext@@6B@
??_7Provider@@6B@
??_7ProviderLog@@6B@
??_FCObjectPathParser@@QAEXXZ
??_FCThreadBase@@QAEXXZ
?Add@CHPtrArray@@QAEHPAX@Z
?Add@CHStringArray@@QAEHPBG@Z
?AddFlushPtr@CWbemProviderGlue@@AAEXPAX@Z
?AddKeyRef@ParsedObjectPath@@QAEHPAUKeyRef@@@Z
?AddKeyRef@ParsedObjectPath@@QAEHPBGPBUtagVARIANT@@@Z
?AddKeyRefEx@ParsedObjectPath@@QAEHPBGPBUtagVARIANT@@@Z
?AddNamespace@ParsedObjectPath@@QAEHPBG@Z
?AddProviderToMap@CWbemProviderGlue@@CGPAVProvider@@PBG0PAV2@@Z
?AddRef@CInstance@@QAEJXZ
?AddRef@CThreadBase@@QAEJXZ
?AddRef@CWbemGlueFactory@@UAGKXZ
?AddRef@CWbemProviderGlue@@UAGKXZ
?AddRef@MethodContext@@QAEJXZ
?AddToFactoryMap@CWbemProviderGlue@@KGXPBVCWbemGlueFactory@@PAJ@Z
?AllPropertiesAreRequired@CFrameworkQuery@@QAE_NXZ
?AllocBeforeWrite@CHString@@IAEXH@Z
?AllocBuffer@CHString@@IAEXH@Z
?AllocCopy@CHString@@IBEXAAV1@HHH@Z
?AllocSysString@CHString@@QBEPAGXZ
?Append@CHPtrArray@@QAEHABV1@@Z
?Append@CHStringArray@@QAEHABV1@@Z
?AssignCopy@CHString@@IAEXHPBG@Z
?BeginRead@CThreadBase@@QAEHK@Z
?BeginWrite@CThreadBase@@QAEHK@Z
?CancelAsyncCall@CWbemProviderGlue@@UAGJPAUIWbemObjectSink@@@Z
?CancelAsyncRequest@CWbemProviderGlue@@UAGJJ@Z
?CheckAndAddToList@CRegistrySearch@@AAEXPAVCRegistry@@VCHString@@1AAVCHPtrArray@@11H@Z
?CheckFileSize@ProviderLog@@AAEXAAT_LARGE_INTEGER@@ABVCHString@@@Z
?CheckImpersonationLevel@CWbemProviderGlue@@CGJXZ
?Clear@WBEMTime@@QAEXXZ
?Clear@WBEMTimeSpan@@QAEXXZ
?ClearKeys@ParsedObjectPath@@QAEXXZ
?Close@CRegistry@@QAEXXZ
?CloseSubKey@CRegistry@@AAEXXZ
?Collate@CHString@@QBEHPBG@Z
?Commit@CInstance@@QAEJXZ
?Commit@Provider@@IAEJPAVCInstance@@_N@Z
?Compare@CHString@@QBEHPBG@Z
?CompareNoCase@CHString@@QBEHPBG@Z
?ConcatCopy@CHString@@IAEXHPBGH0@Z
?ConcatInPlace@CHString@@IAEXHPBG@Z
?Copy@CHPtrArray@@QAEXABV1@@Z
?Copy@CHStringArray@@QAEXABV1@@Z
?CopyBeforeWrite@CHString@@IAEXXZ
?CreateClassEnum@CWbemProviderGlue@@UAGJQAGJPAUIWbemContext@@PAPAUIEnumWbemClassObject@@@Z
?CreateClassEnumAsync@CWbemProviderGlue@@UAGJQAGJPAUIWbemContext@@PAUIWbemObjectSink@@@Z
?CreateInstance@CWbemGlueFactory@@UAGJPAUIUnknown@@ABU_GUID@@PAPAX@Z
?CreateInstanceEnum@CWbemProviderGlue@@UAGJQAGJPAUIWbemContext@@PAPAUIEnumWbemClassObject@@@Z
?CreateInstanceEnum@Provider@@AAEJPAVMethodContext@@J@Z
?CreateInstanceEnumAsync@CWbemProviderGlue@@UAGJQAGJPAUIWbemContext@@PAUIWbemObjectSink@@@Z
?CreateMsgProvider@CWinMsgEvent@@CGXXZ
?CreateMsgWindow@CWinMsgEvent@@CGPAUHWND__@@XZ
?CreateNewInstance@Provider@@IAEPAVCInstance@@PAVMethodContext@@@Z
?CreateOpen@CRegistry@@QAEJPAUHKEY__@@PBGPAGKKPAU_SECURITY_ATTRIBUTES@@PAK@Z
?CtrlHandlerRoutine@CWinMsgEvent@@CGHK@Z
?DecrementMapCount@CWbemProviderGlue@@KGJPAJ@Z
?DecrementMapCount@CWbemProviderGlue@@KGJPBVCWbemGlueFactory@@@Z
?DecrementObjectCount@CWbemProviderGlue@@SGJXZ
?DeleteClass@CWbemProviderGlue@@UAGJQAGJPAUIWbemContext@@PAPAUIWbemCallResult@@@Z
?DeleteClassAsync@CWbemProviderGlue@@UAGJQAGJPAUIWbemContext@@PAUIWbemObjectSink@@@Z
?DeleteCurrentKeyValue@CRegistry@@QAEKPAUHKEY__@@PBG@Z
?DeleteCurrentKeyValue@CRegistry@@QAEKPBG@Z
?DeleteInstance@CWbemProviderGlue@@UAGJQAGJPAUIWbemContext@@PAPAUIWbemCallResult@@@Z
?DeleteInstance@Provider@@AAEJPAUParsedObjectPath@@JPAVMethodContext@@@Z
?DeleteInstance@Provider@@MAEJABVCInstance@@J@Z
?DeleteInstanceAsync@CWbemProviderGlue@@UAGJQAGJPAUIWbemContext@@PAUIWbemObjectSink@@@Z
?DeleteKey@CRegistry@@QAEJPAVCHString@@@Z
?DeleteValue@CRegistry@@QAEJPBG@Z
?DestroyMsgWindow@CWinMsgEvent@@CGXXZ
?ElementAt@CHPtrArray@@QAEAAPAXH@Z
?ElementAt@CHStringArray@@QAEAAVCHString@@H@Z
?Empty@CHString@@QAEXXZ
?Empty@CObjectPathParser@@AAEXXZ
?EndRead@CThreadBase@@QAEXXZ
?EndWrite@CThreadBase@@QAEXXZ
?EnumerateAndGetValues@CRegistry@@QAEJAAKAAPAGAAPAE@Z
?EnumerateInstances@Provider@@MAEJPAVMethodContext@@J@Z
?ExecMethod@CWbemProviderGlue@@UAGJQAG0JPAUIWbemContext@@PAUIWbemClassObject@@PAPAU3@PAPAUIWbemCallResult@@@Z
?ExecMethod@Provider@@AAEJPAUParsedObjectPath@@PAGJPAVCInstance@@2PAVMethodContext@@@Z
?ExecMethod@Provider@@MAEJABVCInstance@@QAGPAV2@2J@Z
?ExecMethodAsync@CWbemProviderGlue@@UAGJQAG0JPAUIWbemContext@@PAUIWbemClassObject@@PAUIWbemObjectSink@@@Z
?ExecNotificationQuery@CWbemProviderGlue@@UAGJQAG0JPAUIWbemContext@@PAPAUIEnumWbemClassObject@@@Z
?ExecNotificationQueryAsync@CWbemProviderGlue@@UAGJQAG0JPAUIWbemContext@@PAUIWbemObjectSink@@@Z
?ExecQuery@CWbemProviderGlue@@UAGJQAG0JPAUIWbemContext@@PAPAUIEnumWbemClassObject@@@Z
?ExecQuery@Provider@@MAEJPAVMethodContext@@AAVCFrameworkQuery@@J@Z
?ExecQueryAsync@CWbemProviderGlue@@UAGJQAG0JPAUIWbemContext@@PAUIWbemObjectSink@@@Z
?ExecuteQuery@Provider@@AAEJPAVMethodContext@@AAVCFrameworkQuery@@J@Z
?FillInstance@CWbemProviderGlue@@SGJPAVCInstance@@PBG@Z
?FillInstance@CWbemProviderGlue@@SGJPAVMethodContext@@PAVCInstance@@@Z
?Find@CHString@@QBEHG@Z
?Find@CHString@@QBEHPBG@Z
?FindOneOf@CHString@@QBEHPBG@Z
?Flush@Provider@@MAEXXZ
?FlushAll@CWbemProviderGlue@@AAEXXZ
?Format@CHString@@QAAXIZZ
?Format@CHString@@QAAXPBGZZ
?FormatMessageW@CHString@@QAAXIZZ
?FormatMessageW@CHString@@QAAXPBGZZ
?FormatV@CHString@@QAEXPBGPAD@Z
?FrameworkLogin@CWbemProviderGlue@@SGXPBGPAVProvider@@0@Z
?FrameworkLoginDLL@CWbemProviderGlue@@SGHPBG@Z
?FrameworkLoginDLL@CWbemProviderGlue@@SGHPBGPAJ@Z
?FrameworkLogoff@CWbemProviderGlue@@SGXPBG0@Z
?FrameworkLogoffDLL@CWbemProviderGlue@@SGHPBG@Z
?FrameworkLogoffDLL@CWbemProviderGlue@@SGHPBGPAJ@Z
?Free@CObjectPathParser@@QAEXPAUParsedObjectPath@@@Z
?FreeExtra@CHPtrArray@@QAEXXZ
?FreeExtra@CHString@@QAEXXZ
?FreeExtra@CHStringArray@@QAEXXZ
?FreeSearchList@CRegistrySearch@@QAEHHAAVCHPtrArray@@@Z
?GetAllDerivedInstances@CWbemProviderGlue@@SGJPBGPAV?$TRefPointerCollection@VCInstance@@@@PAVMethodContext@@0@Z
?GetAllDerivedInstancesAsynch@CWbemProviderGlue@@SGJPBGPAVProvider@@P6GJ1PAVCInstance@@PAVMethodContext@@PAX@Z034@Z
?GetAllInstances@CWbemProviderGlue@@SGJPBGPAV?$TRefPointerCollection@VCInstance@@@@0PAVMethodContext@@@Z
?GetAllInstancesAsynch@CWbemProviderGlue@@SGJPBGPAVProvider@@P6GJ1PAVCInstance@@PAVMethodContext@@PAX@Z034@Z
?GetAllocLength@CHString@@QBEHXZ
?GetAt@CHPtrArray@@QBEPAXH@Z
?GetAt@CHString@@QBEGH@Z
?GetAt@CHStringArray@@QBE?AVCHString@@H@Z
?GetBSTR@WBEMTime@@QBEPAGXZ
?GetBSTR@WBEMTimeSpan@@QBEPAGXZ
?GetBuffer@CHString@@QAEPAGH@Z
?GetBufferSetLength@CHString@@QAEPAGH@Z
?GetByte@CInstance@@QBE_NPBGAAE@Z
?GetCHString@CInstance@@QBE_NPBGAAVCHString@@@Z
?GetCSDVersion@CWbemProviderGlue@@SGPBGXZ
?GetClassNameW@CRegistry@@QAEPAGXZ
?GetClassObjectInterface@CInstance@@QAEPAUIWbemClassObject@@XZ
?GetClassObjectInterface@Provider@@AAEPAUIWbemClassObject@@PAVMethodContext@@@Z
?GetComputerNameW@CWbemProviderGlue@@CGXAAVCHString@@@Z
?GetCurrentBinaryKeyValue@CRegistry@@QAEKPAUHKEY__@@PBGPAEPAK@Z
?GetCurrentBinaryKeyValue@CRegistry@@QAEKPBGAAVCHString@@@Z
?GetCurrentBinaryKeyValue@CRegistry@@QAEKPBGPAEPAK@Z
?GetCurrentKeyValue@CRegistry@@QAEKPAUHKEY__@@PBGAAK@Z
?GetCurrentKeyValue@CRegistry@@QAEKPAUHKEY__@@PBGAAVCHString@@@Z
?GetCurrentKeyValue@CRegistry@@QAEKPAUHKEY__@@PBGAAVCHStringArray@@@Z
?GetCurrentKeyValue@CRegistry@@QAEKPBGAAK@Z
?GetCurrentKeyValue@CRegistry@@QAEKPBGAAVCHString@@@Z
?GetCurrentKeyValue@CRegistry@@QAEKPBGAAVCHStringArray@@@Z
?GetCurrentRawKeyValue@CRegistry@@AAEKPAUHKEY__@@PBGPAXPAK3@Z
?GetCurrentRawSubKeyValue@CRegistry@@AAEKPBGPAXPAK2@Z
?GetCurrentSubKeyCount@CRegistry@@QAEKXZ
?GetCurrentSubKeyName@CRegistry@@QAEKAAVCHString@@@Z
?GetCurrentSubKeyPath@CRegistry@@QAEKAAVCHString@@@Z
?GetCurrentSubKeyValue@CRegistry@@QAEKPBGAAK@Z
?GetCurrentSubKeyValue@CRegistry@@QAEKPBGAAVCHString@@@Z
?GetCurrentSubKeyValue@CRegistry@@QAEKPBGPAXPAK@Z
?GetDMTF@WBEMTime@@QBEPAGH@Z
?GetDMTFNonNtfs@WBEMTime@@QBEPAGXZ
?GetDOUBLE@CInstance@@QBE_NPBGAAN@Z
?GetDWORD@CInstance@@QBE_NPBGAAK@Z
?GetData@CHPtrArray@@QAEPAPAXXZ
?GetData@CHPtrArray@@QBEPAPBXXZ
?GetData@CHString@@IBEPAUCHStringData@@XZ
?GetData@CHStringArray@@QAEPAVCHString@@XZ
?GetData@CHStringArray@@QBEPBVCHString@@XZ
?GetDateTime@CInstance@@QBE_NPBGAAVWBEMTime@@@Z
?GetEmbeddedObject@CInstance@@QBE_NPBGPAPAV1@PAVMethodContext@@@Z
?GetEmptyInstance@CWbemProviderGlue@@SGJPAVMethodContext@@PBGPAPAVCInstance@@1@Z
?GetEmptyInstance@CWbemProviderGlue@@SGJPBGPAPAVCInstance@@0@Z
?GetFILETIME@WBEMTime@@QBEHPAU_FILETIME@@@Z
?GetFILETIME@WBEMTimeSpan@@QBEHPAU_FILETIME@@@Z
?GetIWBEMContext@MethodContext@@UAEPAUIWbemContext@@XZ
?GetInstanceByPath@CWbemProviderGlue@@SGJPBGPAPAVCInstance@@PAVMethodContext@@@Z
?GetInstanceFromCIMOM@CWbemProviderGlue@@CGJPBG0PAVMethodContext@@PAPAVCInstance@@@Z
?GetInstanceKeysByPath@CWbemProviderGlue@@SGJPBGPAPAVCInstance@@PAVMethodContext@@@Z
?GetInstancePropertiesByPath@CWbemProviderGlue@@SGJPBGPAPAVCInstance@@PAVMethodContext@@AAVCHStringArray@@@Z
?GetInstancesByQuery@CWbemProviderGlue@@SGJPBGPAV?$TRefPointerCollection@VCInstance@@@@PAVMethodContext@@0@Z
?GetInstancesByQueryAsynch@CWbemProviderGlue@@SGJPBGPAVProvider@@P6GJ1PAVCInstance@@PAVMethodContext@@PAX@Z034@Z
?GetKeyString@ParsedObjectPath@@QAEPAGXZ
?GetLength@CHString@@QBEHXZ
?GetLocalComputerName@Provider@@IAEABVCHString@@XZ
?GetLocalInstancePath@Provider@@IAE_NPBVCInstance@@AAVCHString@@@Z
?GetLocalOffsetForDate@WBEMTime@@SGJABJ@Z
?GetLocalOffsetForDate@WBEMTime@@SGJPBU_FILETIME@@@Z
?GetLocalOffsetForDate@WBEMTime@@SGJPBU_SYSTEMTIME@@@Z
?GetLocalOffsetForDate@WBEMTime@@SGJPBUtm@@@Z
?GetLongestClassStringSize@CRegistry@@QAEKXZ
?GetLongestSubKeySize@CRegistry@@QAEKXZ
?GetLongestValueData@CRegistry@@QAEKXZ
?GetLongestValueName@CRegistry@@QAEKXZ
?GetMapCountPtr@CWbemProviderGlue@@KGPAJPBVCWbemGlueFactory@@@Z
?GetMethodContext@CInstance@@QBEPAVMethodContext@@XZ
?GetNamespace@CFrameworkQuery@@IAEABVCHString@@XZ
?GetNamespace@Provider@@IAEABVCHString@@XZ
?GetNamespaceConnection@CWbemProviderGlue@@SGPAUIWbemServices@@PBG@Z
?GetNamespaceConnection@CWbemProviderGlue@@SGPAUIWbemServices@@PBGPAVMethodContext@@@Z
?GetNamespacePart@ParsedObjectPath@@QAEPAGXZ
?GetOSMajorVersion@CWbemProviderGlue@@SGKXZ
?GetObject@CWbemProviderGlue@@UAGJQAGJPAUIWbemContext@@PAPAUIWbemClassObject@@PAPAUIWbemCallResult@@@Z
?GetObject@Provider@@AAEJPAUParsedObjectPath@@PAVMethodContext@@J@Z
?GetObject@Provider@@MAEJPAVCInstance@@J@Z
?GetObject@Provider@@MAEJPAVCInstance@@JAAVCFrameworkQuery@@@Z
?GetObjectAsync@CWbemProviderGlue@@UAGJQAGJPAUIWbemContext@@PAUIWbemObjectSink@@@Z
?GetParentNamespacePart@ParsedObjectPath@@QAEPAGXZ
?GetPlatform@CWbemProviderGlue@@SGKXZ
?GetPlatformID@CRegistry@@CGKXZ
?GetPropertyBitMask@CFrameworkQueryEx@@QAEXABVCHPtrArray@@PAX@Z
?GetProviderGlue@MethodContext@@AAEPAVCWbemProviderGlue@@XZ
?GetProviderName@Provider@@IAEABVCHString@@XZ
?GetQuery@CFrameworkQuery@@QAEABVCHString@@XZ
?GetQueryClassName@CFrameworkQuery@@QAEPAGXZ
?GetRelativePath@CObjectPathParser@@SGPAGPAG@Z
?GetRequiredProperties@CFrameworkQuery@@QAEXAAVCHStringArray@@@Z
?GetSYSTEMTIME@WBEMTime@@QBEHPAU_SYSTEMTIME@@@Z
?GetSize@CHPtrArray@@QBEHXZ
?GetSize@CHStringArray@@QBEHXZ
?GetStatus@CInstance@@QBE_NPBGAA_NAAG@Z
?GetStatusObject@CWbemProviderGlue@@CGPAUIWbemClassObject@@PAVMethodContext@@PBG@Z
?GetStatusObject@MethodContext@@QAEPAUIWbemClassObject@@XZ
?GetStringArray@CInstance@@QBE_NPBGAAPAUtagSAFEARRAY@@@Z
?GetStructtm@WBEMTime@@QBEHPAUtm@@@Z
?GetTime@WBEMTime@@QBE_KXZ
?GetTime@WBEMTimeSpan@@QBE_KXZ
?GetTimeSpan@CInstance@@QBE_NPBGAAVWBEMTimeSpan@@@Z
?GetUpperBound@CHPtrArray@@QBEHXZ
?GetUpperBound@CHStringArray@@QBEHXZ
?GetValueCount@CRegistry@@QAEKXZ
?GetValuesForProp@CFrameworkQuery@@QAEJPBGAAV?$vector@V_bstr_t@@V?$allocator@V_bstr_t@@@std@@@std@@@Z
?GetValuesForProp@CFrameworkQuery@@QAEJPBGAAVCHStringArray@@@Z
?GetValuesForProp@CFrameworkQueryEx@@QAEJPBGAAV?$vector@HV?$allocator@H@std@@@std@@@Z
?GetValuesForProp@CFrameworkQueryEx@@QAEJPBGAAV?$vector@V_variant_t@@V?$allocator@V_variant_t@@@std@@@std@@@Z
?GetVariant@CInstance@@QBE_NPBGAAUtagVARIANT@@@Z
?GetWBEMINT16@CInstance@@QBE_NPBGAAF@Z
?GetWBEMINT64@CInstance@@QBE_NPBGAAVCHString@@@Z
?GetWBEMINT64@CInstance@@QBE_NPBGAA_J@Z
?GetWBEMINT64@CInstance@@QBE_NPBGAA_K@Z
?GetWCHAR@CInstance@@QBE_NPBGPAPAG@Z
?GetWORD@CInstance@@QBE_NPBGAAG@Z
?Getbool@CInstance@@QBE_NPBGAA_N@Z
?GethKey@CRegistry@@QAEPAUHKEY__@@XZ
?Gettime_t@WBEMTime@@QBEHPAJ@Z
?Gettime_t@WBEMTimeSpan@@QBEHPAJ@Z
?IncrementMapCount@CWbemProviderGlue@@KGJPAJ@Z
?IncrementMapCount@CWbemProviderGlue@@KGJPBVCWbemGlueFactory@@@Z
?IncrementObjectCount@CWbemProviderGlue@@SGXXZ
?Init2@CFrameworkQuery@@QAEXPAUIWbemClassObject@@@Z
?Init@CFrameworkQuery@@QAEJPAUParsedObjectPath@@PAUIWbemContext@@PBGAAVCHString@@@Z
?Init@CFrameworkQuery@@QAEJQAG0JAAVCHString@@@Z
?Init@CHString@@IAEXXZ
?Init@CWbemProviderGlue@@CGXXZ
?InitComputerName@Provider@@CGXXZ
?InitEx@CFrameworkQueryEx@@UAEJQAG0JAAVCHString@@@Z
?Initialize@CWbemProviderGlue@@UAGJPAGJ00PAUIWbemServices@@PAUIWbemContext@@PAUIWbemProviderInitSink@@@Z
?InsertAt@CHPtrArray@@QAEXHPAV1@@Z
?InsertAt@CHPtrArray@@QAEXHPAXH@Z
?InsertAt@CHStringArray@@QAEXHPAV1@@Z
?InsertAt@CHStringArray@@QAEXHPBGH@Z
?InternalGetNamespaceConnection@CWbemProviderGlue@@AAGPAUIWbemServices@@PBG@Z
?Is3TokenOR@CFrameworkQueryEx@@QAEHPBG0AAUtagVARIANT@@1@Z
?IsClass@ParsedObjectPath@@QAEHXZ
?IsDerivedFrom@CWbemProviderGlue@@SG_NPBG0PAVMethodContext@@0@Z
?IsEmpty@CHString@@QBEHXZ
?IsExtended@CFrameworkQueryEx@@UAE_NXZ
?IsInList@CFrameworkQuery@@IAEKABVCHStringArray@@PBG@Z
?IsInstance@ParsedObjectPath@@QAEHXZ
?IsLocal@ParsedObjectPath@@QAEHPBG@Z
?IsLoggingOn@ProviderLog@@QAE?AW4LogLevel@1@PAVCHString@@@Z
?IsNTokenAnd@CFrameworkQueryEx@@QAEHAAVCHStringArray@@AAVCHPtrArray@@@Z
?IsNull@CInstance@@QBE_NPBG@Z
?IsObject@ParsedObjectPath@@QAEHXZ
?IsOk@WBEMTime@@QBE_NXZ
?IsOk@WBEMTimeSpan@@QBE_NXZ
?IsPropertyRequired@CFrameworkQuery@@QAE_NPBG@Z
?IsReference@CFrameworkQuery@@IAEHPBG@Z
?IsRelative@ParsedObjectPath@@QAEHPBG0@Z
?KeysOnly@CFrameworkQuery@@QAE_NXZ
?Left@CHString@@QBE?AV1@H@Z
?LoadStringW@CHString@@IAEHIPAGI@Z
?LoadStringW@CHString@@QAEHI@Z
?LocalLogMessage@ProviderLog@@QAAXPBGHW4LogLevel@1@0ZZ
?LocalLogMessage@ProviderLog@@QAEXPBG0HW4LogLevel@1@@Z
?LocateKeyByNameOrValueName@CRegistrySearch@@QAEHPAUHKEY__@@PBG1PAPBGKAAVCHString@@3@Z
?Lock@CThreadBase@@AAEXXZ
?LockBuffer@CHString@@QAEPAGXZ
?LockFactoryMap@CWbemProviderGlue@@CGXXZ
?LockProviderMap@CWbemProviderGlue@@CGXXZ
?LockServer@CWbemGlueFactory@@UAGJH@Z
?LogError@CInstance@@IBEXPBG00J@Z
?MakeLocalPath@Provider@@IAE?AVCHString@@ABV2@@Z
?MakeLower@CHString@@QAEXXZ
?MakeReverse@CHString@@QAEXXZ
?MakeUpper@CHString@@QAEXXZ
?Mid@CHString@@QBE?AV1@H@Z
?Mid@CHString@@QBE?AV1@HH@Z
?MsgWndProc@CWinMsgEvent@@CGJPAUHWND__@@IIJ@Z
?NextSubKey@CRegistry@@QAEKXZ
?NextToken@CObjectPathParser@@AAEHXZ
?NormalizePath@@YGKPBG00KAAVCHString@@@Z
?NullOutUnsetProperties@CWbemProviderGlue@@AAEJPAUIWbemClassObject@@PAPAU2@ABUtagVARIANT@@@Z
?OnFinalRelease@CThreadBase@@MAEXXZ
?Open@CRegistry@@QAEJPAUHKEY__@@PBGK@Z
?OpenAndEnumerateSubKeys@CRegistry@@QAEJPAUHKEY__@@PBGK@Z
?OpenCurrentUser@CRegistry@@QAEKPBGK@Z
?OpenLocalMachineKeyAndReadValue@CRegistry@@QAEJPBG0AAVCHString@@@Z
?OpenNamespace@CWbemProviderGlue@@UAGJQAGJPAUIWbemContext@@PAPAUIWbemServices@@PAPAUIWbemCallResult@@@Z
?OpenSubKey@CRegistry@@AAEKXZ
?Parse@CObjectPathParser@@QAEHPBGPAPAUParsedObjectPath@@@Z
?PreProcessPutInstanceParms@CWbemProviderGlue@@AAEJPAUIWbemClassObject@@PAPAU2@PAUIWbemContext@@@Z
?PrepareToReOpen@CRegistry@@AAEXXZ
?PutClass@CWbemProviderGlue@@UAGJPAUIWbemClassObject@@JPAUIWbemContext@@PAPAUIWbemCallResult@@@Z
?PutClassAsync@CWbemProviderGlue@@UAGJPAUIWbemClassObject@@JPAUIWbemContext@@PAUIWbemObjectSink@@@Z
?PutInstance@CWbemProviderGlue@@UAGJPAUIWbemClassObject@@JPAUIWbemContext@@PAPAUIWbemCallResult@@@Z
?PutInstance@Provider@@AAEJPAUIWbemClassObject@@JPAVMethodContext@@@Z
?PutInstance@Provider@@MAEJABVCInstance@@J@Z
?PutInstanceAsync@CWbemProviderGlue@@UAGJPAUIWbemClassObject@@JPAUIWbemContext@@PAUIWbemObjectSink@@@Z
?QueryInterface@CWbemGlueFactory@@UAGJABU_GUID@@PAPAX@Z
?QueryInterface@CWbemProviderGlue@@UAGJABU_GUID@@PAPAX@Z
?QueryObjectSink@CWbemProviderGlue@@UAGJJPAPAUIWbemObjectSink@@@Z
?QueryPostProcess@MethodContext@@UAEXXZ
?RegisterForMessage@CWinMsgEvent@@IAEXI@Z
?Release@CHString@@IAEXXZ
?Release@CHString@@KGXPAUCHStringData@@@Z
?Release@CInstance@@QAEJXZ
?Release@CThreadBase@@QAEJXZ
?Release@CWbemGlueFactory@@UAGKXZ
?Release@CWbemProviderGlue@@UAGKXZ
?Release@MethodContext@@QAEJXZ
?ReleaseBuffer@CHString@@QAEXH@Z
?RemoveAll@CHPtrArray@@QAEXXZ
?RemoveAll@CHStringArray@@QAEXXZ
?RemoveAt@CHPtrArray@@QAEXHH@Z
?RemoveAt@CHStringArray@@QAEXHH@Z
?RemoveFromFactoryMap@CWbemProviderGlue@@KGXPBVCWbemGlueFactory@@@Z
?Reset@CFrameworkQuery@@AAEXXZ
?ReverseFind@CHString@@QBEHG@Z
?RewindSubKeys@CRegistry@@QAEXXZ
?Right@CHString@@QBE?AV1@H@Z
?SafeStrlen@CHString@@KGHPBG@Z
?SearchAndBuildList@CRegistrySearch@@QAEHVCHString@@AAVCHPtrArray@@00HPAUHKEY__@@@Z
?SearchMapForProvider@CWbemProviderGlue@@CGPAVProvider@@PBG0@Z
?SetAt@CHPtrArray@@QAEXHPAX@Z
?SetAt@CHString@@QAEXHG@Z
?SetAt@CHStringArray@@QAEXHPBG@Z
?SetAtGrow@CHPtrArray@@QAEXHPAX@Z
?SetAtGrow@CHStringArray@@QAEXHPBG@Z
?SetByte@CInstance@@QAE_NPBGE@Z
?SetCHString@CInstance@@QAE_NPBG0@Z
?SetCHString@CInstance@@QAE_NPBGABVCHString@@@Z
?SetCHString@CInstance@@QAE_NPBGPBD@Z
?SetCHStringResourceHandle@@YGXPAUHINSTANCE__@@@Z
?SetCharSplat@CInstance@@QAE_NPBG0@Z
Sections
.text Size: 167KB - Virtual size: 167KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 1016B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Drv/TSPrinter.gpd
-
Drv/TSPrinter.inf
-
Drv/TSPrinter.ini
-
Drv/amd64/TSPUNI.dll.dll windows:5 windows x64 arch:x64
5000e482649a7ee31518a169fb6c5acb
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
53:1d:93:1d:41:92:a0:ab:36:4c:3d:a6:96:46:0c:c5Certificate
IssuerCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USNot Before13/08/2010, 00:00Not After23/10/2011, 23:59SubjectCN=深圳市大成天下信息技术有限公司,O=深圳市大成天下信息技术有限公司,L=ShenZhen,ST=GuangDong,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate
IssuerCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
4d:f5:4c:a1:31:e2:e4:53:ad:2a:61:cc:97:72:b7:d9:0e:3b:0e:f9Signer
Actual PE Digest4d:f5:4c:a1:31:e2:e4:53:ad:2a:61:cc:97:72:b7:d9:0e:3b:0e:f9Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
e:\tspuni\amd64\TSPUNI.pdb
Imports
msvcrt
memset
swprintf
_initterm
??3@YAXPEAX@Z
malloc
free
wcsstr
??2@YAPEAX_K@Z
memcpy
ntdll
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
kernel32
FindFirstFileW
FindNextFileW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
WriteFile
CreateNamedPipeW
Sleep
ConnectNamedPipe
ReadFile
OutputDebugStringW
SetLastError
lstrcpyW
GetModuleFileNameW
FindClose
DeleteFileW
CloseHandle
winspool.drv
GetJobW
advapi32
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
Exports
Exports
DisableDriver
DllCanUnloadNow
DllGetClassObject
DllMain
EnableDriver
Sections
.text Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 504B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 872B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 174B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Drv/i386/TSPUNI.dll.dll windows:5 windows x86 arch:x86
2566b969bb085d21704d551d81335c7d
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
53:1d:93:1d:41:92:a0:ab:36:4c:3d:a6:96:46:0c:c5Certificate
IssuerCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USNot Before13/08/2010, 00:00Not After23/10/2011, 23:59SubjectCN=深圳市大成天下信息技术有限公司,O=深圳市大成天下信息技术有限公司,L=ShenZhen,ST=GuangDong,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate
IssuerCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
3b:a2:82:c0:a8:b9:51:12:d0:a7:9b:62:00:d5:dd:1e:bf:b6:da:f7Signer
Actual PE Digest3b:a2:82:c0:a8:b9:51:12:d0:a7:9b:62:00:d5:dd:1e:bf:b6:da:f7Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
d:\tsp2.0\drv\tspuni\i386\TSPUNI.pdb
Imports
msvcrt
_adjust_fdiv
_initterm
free
wcsstr
wcscpy
wcscat
swprintf
malloc
wcslen
??2@YAPAXI@Z
??3@YAXPAX@Z
kernel32
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
WriteFile
CreateNamedPipeW
ConnectNamedPipe
Sleep
ReadFile
OutputDebugStringW
InterlockedDecrement
InterlockedIncrement
SetLastError
lstrcpyW
GetModuleFileNameW
FindClose
DeleteFileW
FindNextFileW
FindFirstFileW
CloseHandle
winspool.drv
GetJobW
advapi32
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
Exports
Exports
DisableDriver
DllCanUnloadNow
DllGetClassObject
DllMain
EnableDriver
Sections
.text Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 872B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
OfficeBatchPrint.exe.exe windows:5 windows x86 arch:x86
5a7c03fcd17333893828565dae4452b1
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
53:1d:93:1d:41:92:a0:ab:36:4c:3d:a6:96:46:0c:c5Certificate
IssuerCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USNot Before13/08/2010, 00:00Not After23/10/2011, 23:59SubjectCN=深圳市大成天下信息技术有限公司,O=深圳市大成天下信息技术有限公司,L=ShenZhen,ST=GuangDong,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate
IssuerCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
7c:fb:de:33:36:27:1d:41:5a:6a:84:3a:fc:87:f9:f4:8e:97:32:7dSigner
Actual PE Digest7c:fb:de:33:36:27:1d:41:5a:6a:84:3a:fc:87:f9:f4:8e:97:32:7dDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
D:\TSP2.0\Src\OfficeBatchPrint\Release\OfficeBatchPrint.pdb
Imports
shlwapi
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathStripToRootW
StrStrIW
PathIsUNCW
PathFileExistsW
kernel32
IsDebuggerPresent
HeapFree
HeapAlloc
HeapReAlloc
RtlUnwind
RaiseException
ExitProcess
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
SetLastError
GetLastError
LoadLibraryW
SetUnhandledExceptionFilter
GetModuleHandleW
GetProcAddress
GetCommandLineW
CreateFileW
GetFileSize
CloseHandle
GetPrivateProfileStringW
GetPrivateProfileIntW
WritePrivateProfileStringW
CreateThread
WaitForSingleObject
lstrlenW
GetModuleFileNameW
FindResourceW
LoadResource
SizeofResource
FreeLibrary
LockResource
Sleep
GlobalAlloc
GlobalFree
WinExec
WideCharToMultiByte
MultiByteToWideChar
GetCurrentProcessId
GetModuleHandleA
MulDiv
GlobalUnlock
GlobalLock
LocalFree
FormatMessageW
GetVersionExA
lstrcmpW
LoadLibraryA
CompareStringW
GetVersionExW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GetCurrentThreadId
FreeResource
InterlockedDecrement
UnhandledExceptionFilter
TerminateProcess
InterlockedExchange
CompareStringA
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
GetStartupInfoW
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
GetTickCount
SetErrorMode
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedIncrement
FileTimeToSystemTime
GetThreadLocale
lstrlenA
user32
RegisterClipboardFormatW
PostThreadMessageW
CharUpperW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
CopyAcceleratorTableW
SetRect
IsRectEmpty
ReleaseCapture
SetCapture
UnregisterClassW
LoadCursorW
GetSysColorBrush
CharNextW
DestroyMenu
SetCursor
GetMessageW
TranslateMessage
ValidateRect
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
GetDlgItemTextW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
SetFocus
GetWindowTextW
GetForegroundWindow
SetActiveWindow
DispatchMessageW
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
TrackPopupMenu
GetKeyState
SetMenu
CopyRect
EnableWindow
SendMessageW
GetSystemMetrics
GetSysColor
DrawFocusRect
FillRect
LoadIconW
GetSystemMenu
AppendMenuW
IsIconic
GetClientRect
DrawIcon
CreatePopupMenu
SetForegroundWindow
IsWindowVisible
UpdateWindow
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
PtInRect
GetMenu
SetWindowLongW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetWindowRect
EnableMenuItem
GetCursorPos
LoadBitmapW
CheckMenuItem
GetMenuState
ModifyMenuW
GetParent
GetFocus
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
MessageBoxW
IsWindowEnabled
GetLastActivePopup
GetWindowLongW
GetWindowThreadProcessId
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
ClientToScreen
GetDC
ReleaseDC
GetWindowDC
BeginPaint
EndPaint
GetSubMenu
GetMenuItemCount
GetMenuItemID
gdi32
DeleteObject
GetObjectW
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
GetStockObject
GetDeviceCaps
CreateSolidBrush
CreateRectRgnIndirect
GetBkColor
GetTextColor
GetMapMode
GetRgnBox
GetClipBox
SetMapMode
SetTextColor
SetBkMode
SetBkColor
RestoreDC
CreateBitmap
SaveDC
comdlg32
GetFileTitleW
winspool.drv
ord203
ord204
EnumPrintersW
DocumentPropertiesW
EnumJobsW
OpenPrinterW
ClosePrinter
advapi32
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegSetValueExW
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
shell32
ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteExW
SHGetSpecialFolderPathW
DragQueryFileW
comctl32
InitCommonControlsEx
oledlg
OleUIBusyW
ole32
OleRun
CoInitializeEx
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
oleaut32
OleCreateFontIndirect
VariantClear
SysStringLen
SysFreeString
SysAllocStringLen
VariantChangeType
VariantInit
SysAllocString
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
Sections
.text Size: 245KB - Virtual size: 244KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 67KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 23KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
TSPExt.dll.dll regsvr32 windows:5 windows x86 arch:x86
404285a0ad0cc04ece5336a3a7f6f32a
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
53:1d:93:1d:41:92:a0:ab:36:4c:3d:a6:96:46:0c:c5Certificate
IssuerCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USNot Before13/08/2010, 00:00Not After23/10/2011, 23:59SubjectCN=深圳市大成天下信息技术有限公司,O=深圳市大成天下信息技术有限公司,L=ShenZhen,ST=GuangDong,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate
IssuerCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
f5:cf:e5:ce:c5:2a:ff:72:07:ec:a4:fa:71:61:0e:e8:ce:db:17:08Signer
Actual PE Digestf5:cf:e5:ce:c5:2a:ff:72:07:ec:a4:fa:71:61:0e:e8:ce:db:17:08Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
InterlockedDecrement
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
InterlockedIncrement
LoadLibraryExW
lstrcmpiW
FlushFileBuffers
CloseHandle
CreateFileA
FindResourceW
GetModuleFileNameW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
GlobalLock
GlobalUnlock
GetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
Sleep
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
SetEnvironmentVariableW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetCurrentThreadId
GetCommandLineA
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
HeapReAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
user32
InsertMenuW
MessageBoxW
LoadBitmapW
CharNextW
SetMenuItemBitmaps
gdi32
DeleteObject
winspool.drv
ClosePrinter
EnumJobsW
ord203
ord204
OpenPrinterW
advapi32
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegEnumKeyExW
shell32
ShellExecuteW
DragQueryFileW
ole32
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoInitialize
ReleaseStgMedium
CoTaskMemAlloc
CoTaskMemRealloc
CoUninitialize
oleaut32
SysFreeString
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
shlwapi
StrStrIW
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 69KB - Virtual size: 68KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
TSPExtLoader.exe.exe windows:5 windows x86 arch:x86
be18c21846773dd44d3502f15fc76247
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
53:1d:93:1d:41:92:a0:ab:36:4c:3d:a6:96:46:0c:c5Certificate
IssuerCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USNot Before13/08/2010, 00:00Not After23/10/2011, 23:59SubjectCN=深圳市大成天下信息技术有限公司,O=深圳市大成天下信息技术有限公司,L=ShenZhen,ST=GuangDong,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate
IssuerCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
8d:57:cb:b3:91:cf:09:13:4e:70:d4:47:3d:8a:59:a0:6d:80:71:83Signer
Actual PE Digest8d:57:cb:b3:91:cf:09:13:4e:70:d4:47:3d:8a:59:a0:6d:80:71:83Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
D:\TSP2.0\Src\Release\TSPExtLoader.pdb
Imports
shlwapi
PathFileExistsW
kernel32
GetCurrentProcessId
GetModuleFileNameW
MoveFileW
MoveFileExW
LoadLibraryW
GetProcAddress
FreeLibrary
GetCommandLineW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
CreateFileA
CloseHandle
FlushFileBuffers
user32
MessageBoxW
Sections
.text Size: 35KB - Virtual size: 35KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 436B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
TSPProInst.exe.exe windows:5 windows x86 arch:x86
e8a0975932a13aa7ea6cadd58d4336ef
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
53:1d:93:1d:41:92:a0:ab:36:4c:3d:a6:96:46:0c:c5Certificate
IssuerCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USNot Before13/08/2010, 00:00Not After23/10/2011, 23:59SubjectCN=深圳市大成天下信息技术有限公司,O=深圳市大成天下信息技术有限公司,L=ShenZhen,ST=GuangDong,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate
IssuerCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
ce:b6:e3:a5:3a:86:20:13:5b:cd:0f:49:8f:c1:51:49:d0:52:69:deSigner
Actual PE Digestce:b6:e3:a5:3a:86:20:13:5b:cd:0f:49:8f:c1:51:49:d0:52:69:deDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
D:\TSP2.0\Src\TSPProInst\Release\TSPProInst.pdb
Imports
kernel32
HeapSize
CreateFileA
CloseHandle
FlushFileBuffers
LocalFree
GetLastError
FormatMessageW
GetLocaleInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
user32
MessageBoxW
winspool.drv
ClosePrinter
XcvDataW
OpenPrinterW
Sections
.text Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 436B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
TSPSVC.exe.exe windows:5 windows x86 arch:x86
3c77133e850a3ca4511118017943db78
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
53:1d:93:1d:41:92:a0:ab:36:4c:3d:a6:96:46:0c:c5Certificate
IssuerCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USNot Before13/08/2010, 00:00Not After23/10/2011, 23:59SubjectCN=深圳市大成天下信息技术有限公司,O=深圳市大成天下信息技术有限公司,L=ShenZhen,ST=GuangDong,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate
IssuerCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
99:b6:e3:da:a9:2e:6a:16:b9:45:db:51:34:6d:28:8f:9b:cd:8b:3dSigner
Actual PE Digest99:b6:e3:da:a9:2e:6a:16:b9:45:db:51:34:6d:28:8f:9b:cd:8b:3dDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
D:\TSP2.0\Src\Release\TSPSVC.pdb
Imports
kernel32
CloseHandle
LocalFree
CreateToolhelp32Snapshot
lstrcmpiW
Process32NextW
CreateEventW
Process32FirstW
GetProcAddress
GetLastError
lstrlenW
CreateFileW
GetModuleFileNameW
ReadFile
FormatMessageW
Sleep
LoadLibraryW
OpenProcess
WriteFile
OutputDebugStringW
SetEvent
WaitForSingleObject
CreateThread
GetCommandLineW
CreateFileA
FlushFileBuffers
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
LoadLibraryA
HeapSize
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
user32
MessageBoxW
advapi32
InitializeSecurityDescriptor
ControlService
RegisterServiceCtrlHandlerW
SetServiceStatus
QueryServiceStatus
StartServiceW
LookupAccountSidW
SetSecurityDescriptorDacl
CreateServiceW
CreateProcessAsUserW
GetTokenInformation
OpenServiceW
StartServiceCtrlDispatcherW
OpenSCManagerW
DeleteService
OpenProcessToken
CloseServiceHandle
comctl32
InitCommonControlsEx
userenv
CreateEnvironmentBlock
DestroyEnvironmentBlock
Sections
.text Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 436B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
TSPSet.exe.exe windows:5 windows x86 arch:x86
1e7286e413c3d82bb9e3b9ce7bdc72b6
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
53:1d:93:1d:41:92:a0:ab:36:4c:3d:a6:96:46:0c:c5Certificate
IssuerCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USNot Before13/08/2010, 00:00Not After23/10/2011, 23:59SubjectCN=深圳市大成天下信息技术有限公司,O=深圳市大成天下信息技术有限公司,L=ShenZhen,ST=GuangDong,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate
IssuerCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
79:c3:81:37:fc:ee:a3:b0:43:b1:33:fb:e7:aa:d0:58:83:35:8e:f0Signer
Actual PE Digest79:c3:81:37:fc:ee:a3:b0:43:b1:33:fb:e7:aa:d0:58:83:35:8e:f0Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
comctl32
InitCommonControlsEx
ord17
shlwapi
PathFileExistsW
kernel32
CreateFileA
GetVersionExW
GetVolumeInformationA
GetWindowsDirectoryA
GetEnvironmentVariableA
WideCharToMultiByte
MultiByteToWideChar
GetSystemDirectoryW
FormatMessageW
GlobalFree
GlobalAlloc
CreateDirectoryA
CreateDirectoryW
SetFileTime
IsBadReadPtr
SetFilePointer
lstrcmpA
LocalFileTimeToFileTime
lstrlenA
lstrcpyA
SystemTimeToFileTime
lstrcmpiA
GetCurrentDirectoryA
SizeofResource
DuplicateHandle
GetCurrentProcess
GetFileInformationByHandle
FindClose
FindNextFileA
FindFirstFileA
FindNextFileW
FindFirstFileW
HeapFree
HeapAlloc
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
RaiseException
DeleteFileA
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
HeapCreate
VirtualFree
DeleteCriticalSection
OutputDebugStringA
VirtualAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
FlushFileBuffers
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapSize
LCMapStringA
LCMapStringW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetSystemTimeAsFileTime
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetEndOfFile
GetProcessHeap
DeviceIoControl
GetPrivateProfileStringW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcessId
OpenProcess
TerminateProcess
WritePrivateProfileStringW
lstrcmpiW
CreateEventW
CreateThread
WaitForSingleObject
OpenEventW
WriteFile
ReadFile
GetTickCount
CreateFileMappingW
GetFileSize
GetSystemInfo
MapViewOfFile
UnmapViewOfFile
OutputDebugStringW
lstrcpyW
LocalAlloc
GetCurrentThreadId
LocalFree
SetEvent
GetSystemDefaultLCID
GetModuleFileNameW
GetModuleFileNameA
WinExec
Sleep
GetLastError
MulDiv
FindResourceW
LoadResource
LockResource
lstrlenW
lstrcmpW
GetLocalTime
CopyFileW
CreateFileW
CloseHandle
GetFileTime
FileTimeToSystemTime
GetModuleHandleW
user32
SetClassLongW
CreateDialogParamW
GetParent
BringWindowToTop
DestroyWindow
KillTimer
SetTimer
LoadStringA
LoadStringW
MoveWindow
SetWindowTextW
SetWindowsHookExW
EndDialog
UnhookWindowsHookEx
PostQuitMessage
IsDialogMessageW
CallNextHookEx
GetDialogBaseUnits
SetWindowLongW
SetRectEmpty
OffsetRect
CopyRect
GetWindowRect
GetSystemMetrics
CreateDialogIndirectParamW
UpdateWindow
InvalidateRect
TranslateAcceleratorW
DefWindowProcW
LoadAcceleratorsW
BeginPaint
FillRect
EndPaint
GetDC
ReleaseDC
EnableWindow
SetWindowPos
TranslateMessage
DispatchMessageW
DialogBoxParamW
MessageBoxA
SetDlgItemTextA
GetDlgItemInt
SetDlgItemInt
GetDlgItemTextW
GetDlgItemTextA
SetDlgItemTextW
SetFocus
SendDlgItemMessageW
GetDlgItem
IsWindowEnabled
SendMessageW
MessageBoxW
CreatePopupMenu
AppendMenuW
GetCursorPos
EnableMenuItem
SetForegroundWindow
TrackPopupMenu
ShowWindow
LoadIconW
GetClientRect
GetMessageW
FindWindowW
GetWindowTextW
GetWindowLongW
gdi32
CreateRectRgn
SetBkMode
CreateSolidBrush
SelectClipRgn
CreateCompatibleBitmap
CreateCompatibleDC
SetTextColor
GetTextExtentPoint32W
SetGraphicsMode
SetTextAlign
CreatePen
BeginPath
ExtTextOutW
EndPath
StrokePath
BitBlt
GetCurrentObject
GetObjectW
GetDeviceCaps
CreateFontIndirectW
SelectObject
GetTextExtentExPointA
GetTextMetricsW
DeleteObject
TextOutA
Rectangle
EnumFontFamiliesExW
winspool.drv
GetPrinterW
ClosePrinter
OpenPrinterW
comdlg32
GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW
advapi32
RegDeleteValueW
InitializeSecurityDescriptor
GetUserNameW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetUserNameA
SetSecurityDescriptorDacl
shell32
ShellExecuteW
Shell_NotifyIconW
SHGetSpecialFolderPathW
oleaut32
VariantTimeToSystemTime
SystemTimeToVariantTime
Sections
.text Size: 242KB - Virtual size: 241KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 56KB - Virtual size: 55KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 49KB - Virtual size: 48KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
TSPrintRule.dat
-
TSP_v2.2.tsp
-
TSReader.dat.exe windows:5 windows x86 arch:x86
b787e8162d350ff12c14193cb59f2098
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
gdiplus
GdipDisposeImage
GdipAlloc
GdipCloneImage
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipMeasureString
GdipCreateFontFromDC
GdipCreateFontFromLogfontW
GdipDeleteFont
GdipCreateFromHDC
GdipDeleteGraphics
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCreateMatrix
GdipDeleteMatrix
GdipTranslateMatrix
GdipRotateMatrix
GdipSetWorldTransform
GdipResetWorldTransform
GdipSetTextRenderingHint
GdipSetCompositingMode
GdipSetSmoothingMode
GdipSetClipHrgn
GdipCreatePen1
GdipDeletePen
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipDeleteFontFamily
GdipGetFamily
GdipCreatePath
GdipDeletePath
GdiplusShutdown
GdiplusStartup
GdipGetImageWidth
GdipGetImageHeight
GdipReleaseDC
GdipDrawString
GdipDrawPath
GdipGetFontStyle
GdipGetFontSize
GdipAddPathString
GdipFree
shlwapi
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathFindFileNameW
PathFileExistsW
kernel32
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
FindClose
FindFirstFileW
GetVolumeInformationW
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetFileSizeEx
GetPrivateProfileIntW
lstrcmpA
InterlockedExchange
CompareStringA
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
ReadFile
GlobalGetAtomNameW
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GlobalFlags
InterlockedIncrement
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
GetTickCount
GetStartupInfoW
HeapAlloc
HeapFree
CreateDirectoryW
Sleep
ExitProcess
RtlUnwind
RaiseException
HeapReAlloc
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetUnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
SetStdHandle
LCMapStringA
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetProcessHeap
SetEnvironmentVariableA
GetThreadLocale
MoveFileW
InterlockedDecrement
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
MulDiv
GetModuleHandleA
GetDiskFreeSpaceW
GetFullPathNameW
GetFileTime
SetFileTime
GetFileAttributesW
LocalFree
FormatMessageW
WideCharToMultiByte
GetSystemDirectoryW
GetPrivateProfileStringW
OutputDebugStringA
DeviceIoControl
GetEnvironmentVariableA
GetVersionExW
GetVolumeInformationA
GetWindowsDirectoryA
CreateFileA
SetFileAttributesW
GetLocalTime
CloseHandle
GetCurrentProcessId
CreateFileW
GetTempFileNameW
GetModuleFileNameW
lstrlenW
WritePrivateProfileStringW
GetSystemDefaultLangID
GetModuleFileNameA
LockResource
DeleteFileW
FreeLibrary
lstrcpynW
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetLastError
SetLastError
MultiByteToWideChar
lstrlenA
FreeResource
GlobalUnlock
GlobalLock
GlobalAlloc
LoadResource
SizeofResource
FindResourceW
GlobalFree
user32
GetDlgItemInt
SetDlgItemInt
IsDialogMessageW
SetWindowTextW
MoveWindow
ShowWindow
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
GetActiveWindow
GetDesktopWindow
SetRectEmpty
WindowFromPoint
CharUpperW
PostQuitMessage
MapDialogRect
SetWindowContextHelpId
ValidateRect
TranslateMessage
GetMessageW
ShowOwnedPopups
IsZoomed
GetMenuItemInfoW
DestroyMenu
BringWindowToTop
InsertMenuItemW
LoadMenuW
ReuseDDElParam
UnpackDDElParam
GetSysColorBrush
UnregisterClassW
CharNextW
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatW
PostThreadMessageW
InflateRect
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
GetMenu
SetWindowPos
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
ReleaseCapture
AdjustWindowRectEx
PtInRect
SetCapture
UpdateWindow
SetWindowRgn
OffsetRect
IsRectEmpty
SystemParametersInfoW
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
GetParent
ModifyMenuW
GetMenuState
CheckMenuItem
IsWindowVisible
MessageBoxW
CreatePopupMenu
TranslateAcceleratorW
GetCursorPos
GetKeyState
SetCursor
GetWindowRect
DrawIcon
IsIconic
EnableMenuItem
LoadAcceleratorsW
AppendMenuW
GetSystemMenu
LoadIconW
SetTimer
KillTimer
PostMessageW
LoadBitmapW
GetSystemMetrics
LoadCursorW
FillRect
GetDlgItemTextA
SetDlgItemTextA
EnableWindow
SetRect
SetWindowLongW
GetWindowLongW
ReleaseDC
GetDC
InvalidateRect
GetClientRect
SendMessageW
TabbedTextOutW
gdi32
SetTextColor
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
GetObjectW
GetViewportExtEx
GetWindowExtEx
GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
ExtSelectClipRgn
SaveDC
CreatePatternBrush
GetStockObject
CreateEllipticRgn
LPtoDP
Ellipse
CreateRectRgnIndirect
ScaleWindowExtEx
GetMapMode
GetCharWidthW
CreateFontW
StretchDIBits
GetBkColor
GetTextMetricsW
GetTextExtentPoint32W
GetTextColor
GetRgnBox
SetBkMode
SetBkColor
RestoreDC
SetWindowExtEx
CreateBitmap
EndDoc
EndPage
GetDeviceCaps
StartPage
StartDocW
DeleteDC
Rectangle
CreateRectRgn
CreateSolidBrush
CreateFontIndirectW
DeleteObject
SelectObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
comdlg32
GetOpenFileNameW
CommDlgExtendedError
GetFileTitleW
winspool.drv
OpenPrinterW
DocumentPropertiesW
ClosePrinter
advapi32
RegQueryValueW
RegEnumKeyW
RegOpenKeyW
GetFileSecurityW
SetFileSecurityW
GetUserNameA
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
shell32
DragQueryFileW
ShellExecuteW
SHGetSpecialFolderPathW
DragFinish
comctl32
InitCommonControlsEx
oledlg
OleUIBusyW
ole32
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal
oleaut32
VariantTimeToSystemTime
SysAllocString
SystemTimeToVariantTime
SysStringLen
SysFreeString
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
VariantCopy
SafeArrayDestroy
OleCreateFontIndirect
Sections
.text Size: 361KB - Virtual size: 361KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 99KB - Virtual size: 98KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 37KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1.8MB - Virtual size: 1.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
TSReader.exe.exe windows:5 windows x86 arch:x86
45c82cd1869bf4ae1b9e4f4e308d5ee1
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetFileSizeEx
SetErrorMode
GetTickCount
GetStartupInfoW
RtlUnwind
HeapFree
HeapAlloc
Sleep
ExitProcess
DeleteFileA
RaiseException
HeapReAlloc
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetUnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetProcessHeap
SetEnvironmentVariableA
FileTimeToLocalFileTime
GetCurrentDirectoryW
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
GetShortPathNameW
GetVolumeInformationW
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
lstrcmpiW
GetThreadLocale
GetStringTypeExW
MoveFileW
GetDiskFreeSpaceW
GetFullPathNameW
GetTempFileNameW
GetFileTime
GetFileAttributesW
GetPrivateProfileIntW
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
InterlockedExchange
InterlockedDecrement
GetModuleHandleA
FreeResource
GetCurrentThreadId
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
FreeLibrary
lstrcmpW
GetVersionExA
MulDiv
GlobalGetAtomNameW
GlobalAddAtomW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FindFirstFileW
FindNextFileW
FindFirstFileA
FindNextFileA
FindClose
lstrlenW
GetFileInformationByHandle
GetFileSize
FileTimeToSystemTime
GetCurrentProcess
DuplicateHandle
GetCurrentDirectoryA
lstrcmpiA
SystemTimeToFileTime
lstrcpyA
lstrlenA
lstrcpyW
LocalFileTimeToFileTime
lstrcmpA
SetFilePointer
IsBadReadPtr
CreateFileW
WriteFile
SetFileTime
CreateDirectoryW
CreateDirectoryA
ReadFile
GetCurrentProcessId
FormatMessageW
LocalFree
GetPrivateProfileStringW
GetModuleFileNameW
GetSystemDirectoryW
WideCharToMultiByte
GetEnvironmentVariableA
GetWindowsDirectoryA
GetVolumeInformationA
GetVersionExW
CreateFileA
OutputDebugStringA
DeviceIoControl
MultiByteToWideChar
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetLocalTime
DeleteFileW
GetModuleFileNameA
GetSystemDefaultLangID
WritePrivateProfileStringW
CloseHandle
GetModuleHandleW
LoadLibraryW
GetProcAddress
GetLastError
SetLastError
FindResourceW
LoadResource
LockResource
QueryPerformanceCounter
SizeofResource
user32
CharNextW
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatW
PostThreadMessageW
MapDialogRect
ShowOwnedPopups
TranslateMessage
ValidateRect
PostQuitMessage
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetSystemMenu
DeleteMenu
IsZoomed
KillTimer
SetTimer
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageA
SetWindowsHookExW
CallNextHookEx
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
DeferWindowPos
GetScrollInfo
SetScrollInfo
DefWindowProcW
CallWindowProcW
DestroyIcon
GetWindowPlacement
GetMenuState
GetMenuStringW
AppendMenuW
InsertMenuW
GetWindowTextLengthW
GetWindowTextW
MoveWindow
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
GetClassNameW
UnpackDDElParam
ReuseDDElParam
LoadMenuW
DestroyMenu
WinHelpW
SetWindowPos
SetFocus
GetWindowThreadProcessId
GetActiveWindow
IsWindowEnabled
GetDlgItem
SetCursor
PeekMessageW
LoadAcceleratorsW
SetActiveWindow
IsIconic
InsertMenuItemW
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreatePopupMenu
GetClassInfoW
IntersectRect
GetMenu
GetLastActivePopup
BringWindowToTop
PostMessageW
SetMenu
GetDesktopWindow
ShowWindow
TranslateAcceleratorW
LoadStringW
LoadStringA
GetClassLongW
BeginDeferWindowPos
EndDeferWindowPos
wsprintfW
GetWindow
RedrawWindow
GetDCEx
IsRectEmpty
GetDlgCtrlID
ReleaseCapture
GetKeyState
GetSystemMetrics
WindowFromPoint
UnregisterClassW
LockWindowUpdate
TranslateMDISysAccel
DrawMenuBar
GetMessageW
DispatchMessageW
DefFrameProcW
SetWindowRgn
DrawIcon
SystemParametersInfoW
GetMenuItemInfoW
CharUpperW
SystemParametersInfoA
SetWindowContextHelpId
GetParent
LoadIconW
IsChild
SetCapture
GetCapture
IsWindowVisible
EqualRect
InflateRect
GetSysColorBrush
LoadCursorW
GetCursorPos
DrawIconEx
SetParent
ScreenToClient
CopyRect
PtInRect
ReleaseDC
GetDC
ClientToScreen
SetRect
MessageBoxW
UpdateWindow
IsWindow
GetWindowLongW
SetWindowLongW
GetClientRect
FillRect
LoadBitmapW
SetRectEmpty
GetDlgItemTextA
LoadImageW
GetSysColor
InvalidateRect
SendMessageW
EnableWindow
GetFocus
GetWindowRect
OffsetRect
gdi32
SetWindowExtEx
ScaleWindowExtEx
SetMapMode
ExtSelectClipRgn
CreatePatternBrush
OffsetViewportOrgEx
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
CreateEllipticRgn
LPtoDP
Ellipse
GetTextColor
GetRgnBox
ScaleViewportExtEx
SetViewportExtEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
MoveToEx
LineTo
IntersectClipRect
CreateSolidBrush
SetBkMode
RestoreDC
SaveDC
GetTextMetricsW
GetBkColor
CreateBitmap
CreateRectRgnIndirect
StretchDIBits
GetCharWidthW
SetBkColor
SetTextColor
GetClipBox
PatBlt
Polygon
CreatePen
GetTextExtentPoint32W
CreateCompatibleBitmap
BitBlt
StartDocW
StartPage
EndPage
EndDoc
DeleteDC
GetDeviceCaps
CreateCompatibleDC
CreateFontIndirectW
CreateRectRgn
GetObjectW
Rectangle
SelectObject
GetStockObject
DeleteObject
CreateFontW
ExcludeClipRect
comdlg32
CommDlgExtendedError
GetFileTitleW
winspool.drv
ClosePrinter
OpenPrinterW
DocumentPropertiesW
advapi32
RegCreateKeyExW
RegCreateKeyW
GetFileSecurityW
SetFileSecurityW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegSetValueW
RegDeleteKeyW
RegDeleteValueW
GetUserNameA
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
shell32
SHGetSpecialFolderPathW
DragFinish
DragQueryFileW
SHGetFileInfoW
ExtractIconW
DragAcceptFiles
comctl32
_TrackMouseEvent
shlwapi
PathFindExtensionW
PathRemoveExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFileExistsW
PathRemoveFileSpecW
oledlg
OleUIBusyW
ole32
CoCreateInstance
CoRegisterMessageFilter
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoUninitialize
CoInitializeEx
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
oleaut32
SysAllocString
OleCreateFontIndirect
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysFreeString
SysStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SystemTimeToVariantTime
gdiplus
GdipGetFontStyle
GdipGetFamily
GdipCreateFontFromLogfontW
GdipSetClipHrgn
GdipDrawImageRectI
GdipMeasureString
GdipDrawString
GdipDrawPath
GdipResetWorldTransform
GdipSetWorldTransform
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetCompositingMode
GdipReleaseDC
GdipGetFontSize
GdipAddPathString
GdipSetStringFormatFlags
GdipCreateSolidFill
GdipTranslateMatrix
GdipRotateMatrix
GdipCreateMatrix
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipLoadImageFromStream
GdipDeleteFont
GdipDeleteFontFamily
GdipDeleteGraphics
GdipDeletePath
GdipCreatePath
GdipDeleteStringFormat
GdipCloneBrush
GdipCloneImage
GdipCreateFromHDC
GdipFree
GdiplusShutdown
GdiplusStartup
GdipAlloc
GdipDeleteMatrix
GdipDeleteBrush
GdipCreatePen1
GdipDeletePen
GdipCreateStringFormat
Sections
.text Size: 489KB - Virtual size: 488KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 121KB - Virtual size: 121KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 15KB - Virtual size: 40KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 207KB - Virtual size: 206KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
UNN_TSPLang.lag
-
uninst.exe.exe windows:4 windows x86 arch:x86
1c042238f43557c055fca8642de8a074
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA
user32
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow
gdi32
SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject
shell32
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation
advapi32
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
comctl32
ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create
ole32
CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Sections
.text Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 252KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 328KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/nsExec.dll.dll windows:4 windows x86 arch:x86
d83f71e61ee459ee63ca3e829966a9dc
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
lstrcpyA
lstrcpynA
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
GetModuleHandleA
DeleteFileA
lstrcmpiA
lstrlenA
lstrcatA
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
GetProcAddress
GlobalLock
GetCurrentProcess
user32
SendMessageA
OemToCharBuffA
CharNextA
wsprintfA
CharPrevA
FindWindowExA
advapi32
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
Exports
Exports
Exec
ExecToLog
ExecToStack
Sections
.text Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 386B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
新云软件.url.url