f9ae9192228c60bcc3920487ffb4125dc1e815cd5644ef9de497f2dc1f9255ae_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f9ae9192228c60bcc3920487ffb4125dc1e815cd5644ef9de497f2dc1f9255ae_JaffaCakes118
Size

23.0MB
MD5

cfc78bb93491aef1b9b5a1737648ed32
SHA1

7600adb5db31bb46bb296ff60a0c938c7ac9fbed
SHA256

f9ae9192228c60bcc3920487ffb4125dc1e815cd5644ef9de497f2dc1f9255ae
SHA512

d547cd61e85c826aacc37ba65b02c741c6f201efae3d383ca8e747d637b6bfc53782135293e3da47a7be4bd06f276110ccf64763b7e6ab70c56b603801e41cce
SSDEEP

393216:SDK2BtyEcwROqvt3RQVAUd/4tYiiwTheeUGtW0yDwYeiKv647n+YlmYpP28sfUep:SnBUEcwRdv9RQuUOZUGtADwYSvegmmPC

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$R0
unpack001/Codec/rtvcvfw32.dll
unpack001/RTFC.dll
unpack001/RTMUI.dll
unpack001/RTUI.dll

Files

f9ae9192228c60bcc3920487ffb4125dc1e815cd5644ef9de497f2dc1f9255ae_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6e7f9a29f2c85394521a08b9f31f6275

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:41:25:7e:66:2b:31:db:5b:7d:1b:47:51:28:95:07
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

25/02/2022, 00:00

Not After

25/02/2024, 23:59

Subject

CN=Alexey Nicolaychuk,O=Alexey Nicolaychuk,ST=Rostovskaya oblast',C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e0:a1:72:e2:2c:6a:54:c3:b8:3b:c0:9f:53:ae:a0:52:70:68:c1:7a
Signer

Actual PE Digest

e0:a1:72:e2:2c:6a:54:c3:b8:3b:c0:9f:53:ae:a0:52:70:68:c1:7a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
SetWindowPos
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
CreateFileW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersion
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
ExitProcess
CopyFileW
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 176KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

3e8d18bb71c7ebbda2ddc2a4bb03547b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenW
GlobalFree
lstrcpynW
lstrcmpW
GlobalAlloc
MulDiv
GetModuleHandleW
lstrcpyW

user32

DialogBoxParamW
SetDlgItemTextW
SendDlgItemMessageW
EndDialog
SetWindowTextW
LoadIconW
ShowWindow
SendMessageW
GetDC

gdi32

GetDeviceCaps
CreateFontIndirectW
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 681B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

80469f6834e579db68a646d49780b9d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatW
FindClose
FindNextFileW
lstrcmpW
GetModuleHandleW
lstrcmpiW
MulDiv
lstrcpynW
GlobalAlloc
lstrcpyW
FindFirstFileW
GlobalFree

user32

GetMessageW
TranslateMessage
PostMessageW
DispatchMessageW
GetDlgItem
GetWindowLongW
CheckDlgButton
ShowWindow
LoadIconW
GetClientRect
MoveWindow
DestroyWindow
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextW
SendMessageW
IsDlgButtonChecked
GetWindowTextW
CreateDialogParamW
SetWindowLongW
wsprintfW
ScreenToClient
IsDialogMessageW
CallWindowProcW

gdi32

GetTextMetricsW
SelectObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

CoTaskMemFree

Exports

Exports

Init
Select
Show

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 578B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

6b5c4f7d679059f68f1269aad3a5cecd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
lstrcpyW
MulDiv
lstrlenW
HeapFree
GetCurrentDirectoryW
lstrcmpiW
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
SetCurrentDirectoryW
HeapAlloc

user32

DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
GetPropW
CharPrevW
DrawFocusRect
GetWindowLongW
DrawTextW
GetClientRect
SetWindowLongW
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamW
MapDialogRect
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
CharNextW
SendMessageW
MapWindowPoints
RemovePropW
GetWindowTextW

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R0
.dll windows:5 windows x86 arch:x86

b680f9b10ce901a068c1d08f94242b90

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

DefDriverProc

kernel32

lstrcmpiA
SetStdHandle
WriteConsoleW
ReadFile
GetEnvironmentStringsW
RtlUnwind
GetCurrentThreadId
GetCommandLineA
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetLastError
HeapFree
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
CreateFileA
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleA
WriteFile
LoadLibraryA
InitializeCriticalSectionAndSpinCount
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
MultiByteToWideChar
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
CloseHandle
WriteConsoleA
GetConsoleOutputCP

user32

GetDesktopWindow

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyA

Exports

Exports

Configure
DriverProc

Sections

.text
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codec/rtvcvfw32.dll
.dll windows:5 windows x86 arch:x86

b680f9b10ce901a068c1d08f94242b90

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

DefDriverProc

kernel32

lstrcmpiA
SetStdHandle
WriteConsoleW
ReadFile
GetEnvironmentStringsW
RtlUnwind
GetCurrentThreadId
GetCommandLineA
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetLastError
HeapFree
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
CreateFileA
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleA
WriteFile
LoadLibraryA
InitializeCriticalSectionAndSpinCount
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
MultiByteToWideChar
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
CloseHandle
WriteConsoleA
GetConsoleOutputCP

user32

GetDesktopWindow

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyA

Exports

Exports

Configure
DriverProc

Sections

.text
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DesktopOverlayHost.exe
.exe windows:5 windows x86 arch:x86

4686a9ec78ead8fbe9bea7dc620e9273

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:41:25:7e:66:2b:31:db:5b:7d:1b:47:51:28:95:07
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

25/02/2022, 00:00

Not After

25/02/2024, 23:59

Subject

CN=Alexey Nicolaychuk,O=Alexey Nicolaychuk,ST=Rostovskaya oblast',C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

f9:92:d0:0d:9f:61:69:54:34:06:9f:3c:82:37:de:f7:d4:80:d3:66
Signer

Actual PE Digest

f9:92:d0:0d:9f:61:69:54:34:06:9f:3c:82:37:de:f7:d4:80:d3:66

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

winmm

timeKillEvent
timeSetEvent

d3d9

Direct3DCreate9

opengl32

wglCreateContext
wglDeleteContext
glViewport
glClearColor
glClear
wglMakeCurrent

mfc90

ord6559
ord300
ord1611
ord3213
ord305
ord2069
ord524
ord744
ord5167
ord4977
ord2899
ord4760
ord4727
ord2896
ord4384
ord340
ord2207
ord5615
ord4616
ord5151
ord5309
ord2208
ord1810
ord1809
ord1678
ord3344
ord6388
ord1496
ord3987
ord3228
ord4668
ord3489
ord4502
ord5152
ord3506
ord4617
ord798
ord2592
ord6557
ord310
ord820
ord1254
ord817
ord4516
ord6788
ord6786
ord2539
ord6584
ord4498
ord2282
ord3568
ord2130
ord1361
ord2591
ord6646
ord265
ord266
ord1252
ord6802
ord5761
ord6791
ord1247
ord5750
ord3579
ord3940
ord4030
ord4113
ord1934
ord1938
ord1937
ord1137
ord1108
ord772
ord595
ord796
ord3638
ord4895
ord3277
ord3135
ord5633
ord1728
ord1792
ord5608
ord1446
ord3218
ord6356
ord5389
ord3671
ord6782
ord4160
ord6784
ord1644
ord2368
ord2375
ord4116
ord2607
ord2605
ord2623
ord2635
ord2612
ord2628
ord2633
ord2616
ord2618
ord2620
ord2614
ord2630
ord2610
ord969
ord965
ord967
ord963
ord958
ord5666
ord5668
ord6446
ord1729
ord4688
ord5139
ord3732
ord5647
ord4589
ord6780
ord5497
ord2074
ord5585
ord4650
ord1497
ord4331
ord1752
ord1755
ord6391
ord3346
ord1717
ord1782
ord601
ord316
ord639
ord374
ord12384
ord13174
ord9952
ord10437
ord10284
ord13116
ord12145
ord12597
ord7746
ord9945
ord4434
ord4409
ord6783
ord4159
ord6781
ord4733
ord2251
ord2206
ord6018
ord4165
ord1046
ord5533
ord6721
ord5813
ord4199
ord2087
ord3209
ord5657
ord5659
ord4333
ord4981
ord5663
ord5646
ord6001
ord2766
ord2978
ord3107
ord4714
ord2961
ord3110
ord2769
ord2888
ord2759
ord4066
ord4067
ord4057
ord2886
ord4334
ord4890
ord4667
ord9252
ord8432
ord1276
ord6740
ord6456
ord2625
ord2139
ord1222
ord1791
ord1098
ord4197
ord7312
ord7118
ord4029
ord4952
ord800
ord4993
ord5636

msvcr90

?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
_except_handler4_common
_crt_debugger_hook
?terminate@@YAXXZ
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
_CxxThrowException
memset
_setmbcp
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
memcpy_s
_encode_pointer
__dllonexit
_unlock
_access
strcat_s
_purecall
strcpy_s
sscanf_s
sprintf_s
__set_app_type
__CxxFrameHandler3

kernel32

TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
RaiseException
InterlockedExchange
LocalAlloc
GetProcessHeap
HeapFree
MultiByteToWideChar
FreeLibrary
GetProcAddress
LoadLibraryA
GetCurrentProcessId
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
SetEnvironmentVariableA
GetCurrentProcess
UnhandledExceptionFilter
GetModuleHandleA
Sleep
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetSystemDirectoryA
SetUnhandledExceptionFilter
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleFileNameA
IsDebuggerPresent
GetLastError
CreateFileMappingA
CloseHandle

user32

GetCursorPos
MonitorFromPoint
GetMonitorInfoA
SetLayeredWindowAttributes
SetCursor
GetAsyncKeyState
CopyRect
MessageBeep
LoadMenuA
LoadImageA
GetSubMenu
CheckMenuItem
ReleaseCapture
GetDC
ReleaseDC
PeekMessageA
EnumDisplayMonitors
MonitorFromWindow
EqualRect
PtInRect
GetWindowRect
IsIconic
ClientToScreen
SendMessageA
LoadIconA
EnableWindow
MessageBoxA
SetForegroundWindow
SetCapture
GetSysColor
RedrawWindow
DrawIcon
GetClientRect
InsertMenuA
GetSystemMetrics
PostMessageA
FindWindowA
ModifyMenuA
RegisterWindowMessageA
LoadCursorA

gdi32

SetPixelFormat
SwapBuffers
ChoosePixelFormat
DeleteObject
CreateSolidBrush

shell32

Shell_NotifyIconA

comctl32

InitCommonControlsEx

shlwapi

PathRenameExtensionA

ole32

CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EncoderServer.cfg
EncoderServer.exe
.exe windows:5 windows x86 arch:x86

a15f293c7bf86619273cc75e9fe57307

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:41:25:7e:66:2b:31:db:5b:7d:1b:47:51:28:95:07
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

25/02/2022, 00:00

Not After

25/02/2024, 23:59

Subject

CN=Alexey Nicolaychuk,O=Alexey Nicolaychuk,ST=Rostovskaya oblast',C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ab:1b:5b:ca:c8:c9:e7:86:d4:c8:14:5d:e3:bd:64:d5:fc:58:36:fd
Signer

Actual PE Digest

ab:1b:5b:ca:c8:c9:e7:86:d4:c8:14:5d:e3:bd:64:d5:fc:58:36:fd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\RTSS734\EncoderServer\EncoderServer\Release\EncoderServer.pdb

Imports

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

mfc90

ord265
ord316
ord2539
ord1611
ord3213
ord305
ord266
ord9252
ord4890
ord3110
ord6001
ord5646
ord5663
ord4981
ord4333
ord5659
ord5657
ord3209
ord2087
ord4199
ord5813
ord6721
ord5533
ord1046
ord4165
ord6018
ord2206
ord2251
ord820
ord6781
ord4159
ord6783
ord4409
ord4434
ord9945
ord7746
ord12597
ord12145
ord13116
ord10284
ord10437
ord9952
ord13174
ord12384
ord5924
ord341
ord617
ord3579
ord3939
ord593
ord795
ord2448
ord3980
ord6002
ord4982
ord5660
ord447
ord699
ord4463
ord904
ord310
ord2447
ord1222
ord601
ord5552
ord4197
ord7312
ord7118
ord4029
ord4952
ord3346
ord6391
ord1755
ord1752
ord4331
ord1497
ord4650
ord5585
ord5497
ord6780
ord4589
ord5647
ord3732
ord5139
ord4688
ord1729
ord6446
ord5668
ord5666
ord958
ord963
ord967
ord965
ord969
ord2610
ord2630
ord2614
ord2620
ord2618
ord2616
ord2633
ord2628
ord2612
ord2635
ord2623
ord2605
ord2607
ord2625
ord2375
ord2368
ord1644
ord6784
ord4160
ord6782
ord3671
ord5389
ord6356
ord3218
ord1446
ord5608
ord2139
ord1792
ord1791
ord1728
ord5633
ord2766
ord2978
ord3107
ord4714
ord2961
ord3135
ord2769
ord2888
ord2759
ord4066
ord4067
ord4057
ord2886
ord4334
ord4895
ord4667
ord3663
ord1884
ord798
ord4760
ord2069
ord2074
ord4030
ord796
ord595
ord1276
ord1137
ord800
ord4733

msvcr90

_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
__CxxFrameHandler3
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
strcpy_s
_setmbcp
memset
_splitpath_s
_stricmp
sprintf_s
_ismbblead
_controlfp_s
_invoke_watson
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
strcat_s

kernel32

GetModuleFileNameA
GetPrivateProfileIntA
CloseHandle
CreateFileMappingA
ResumeThread
OpenEventA
MapViewOfFile
UnmapViewOfFile
QueryPerformanceFrequency
GetLastError
WaitForMultipleObjects
QueryPerformanceCounter
CreateEventA
ResetEvent
SetEvent
WaitForSingleObject
CreateMutexA
OpenFile
ReleaseMutex
GetSystemTimeAsFileTime
GetTickCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
FreeLibrary
GetProcAddress
LoadLibraryA
_lclose
WriteFile
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
SetFilePointer
SetThreadPriority

user32

LoadCursorA
PostMessageA
FindWindowA
EnableWindow
PeekMessageA
KillTimer
SetTimer

comctl32

InitCommonControlsEx

shlwapi

PathRenameExtensionA
PathRemoveFileSpecA

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EncoderServer64.exe
.exe windows:5 windows x64 arch:x64

f0f8078b83e695b13dca006457894b45

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:41:25:7e:66:2b:31:db:5b:7d:1b:47:51:28:95:07
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

25/02/2022, 00:00

Not After

25/02/2024, 23:59

Subject

CN=Alexey Nicolaychuk,O=Alexey Nicolaychuk,ST=Rostovskaya oblast',C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:80:95:0a:b7:31:48:c0:f9:08:08:40:7c:80:a2:43:f3:41:51:80
Signer

Actual PE Digest

3a:80:95:0a:b7:31:48:c0:f9:08:08:40:7c:80:a2:43:f3:41:51:80

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\Projects\RTSS734\EncoderServer\EncoderServer\Release\EncoderServer.pdb

Imports

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

mfc90

ord798
ord265
ord316
ord2380
ord1523
ord3006
ord305
ord266
ord8878
ord4586
ord2907
ord5684
ord5333
ord5350
ord4677
ord4041
ord5346
ord5344
ord3002
ord1966
ord3923
ord5499
ord6348
ord5220
ord1023
ord3897
ord5701
ord2065
ord310
ord4429
ord6407
ord3892
ord6409
ord4112
ord4136
ord9571
ord7372
ord12223
ord11771
ord12742
ord9910
ord10063
ord9578
ord12800
ord12010
ord5609
ord340
ord604
ord3338
ord3685
ord581
ord773
ord2304
ord3726
ord5685
ord4678
ord5347
ord435
ord677
ord4165
ord882
ord2303
ord1188
ord589
ord5239
ord3921
ord6938
ord6744
ord3774
ord4648
ord3133
ord6041
ord1662
ord1659
ord4039
ord1434
ord4346
ord5272
ord5191
ord6406
ord4285
ord5334
ord3488
ord4833
ord4384
ord1636
ord6086
ord5355
ord5353
ord936
ord941
ord945
ord943
ord947
ord2455
ord2475
ord2459
ord2465
ord2463
ord2461
ord2478
ord2473
ord2457
ord2480
ord2468
ord2450
ord2452
ord2470
ord2233
ord2226
ord1556
ord6410
ord3893
ord6408
ord3430
ord5083
ord6012
ord3011
ord1393
ord5295
ord2010
ord1699
ord1698
ord1635
ord5320
ord2602
ord2797
ord2904
ord4410
ord2780
ord2932
ord2605
ord2711
ord2598
ord3809
ord3810
ord3800
ord2709
ord4042
ord4591
ord4363
ord3422
ord1786
ord776
ord4456
ord1949
ord1954
ord3775
ord774
ord1237
ord1103
ord583
ord778
ord2110

msvcr90

_exit
_XcptFilter
__getmainargs
memcpy
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__C_specific_handler
strcpy_s
_setmbcp
memset
__CxxFrameHandler3
_splitpath_s
_stricmp
sprintf_s
_ismbblead
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_cexit
strcat_s

kernel32

GetModuleFileNameA
GetPrivateProfileIntA
CloseHandle
CreateFileMappingA
ResumeThread
OpenEventA
MapViewOfFile
UnmapViewOfFile
QueryPerformanceFrequency
QueryPerformanceCounter
GetLastError
WaitForSingleObject
CreateEventA
WaitForMultipleObjects
ResetEvent
SetEvent
CreateMutexA
OpenFile
ReleaseMutex
SetFilePointer
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
Sleep
FreeLibrary
GetProcAddress
LoadLibraryA
_lclose
WriteFile
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
SetThreadPriority

user32

LoadCursorA
PostMessageA
FindWindowA
EnableWindow
PeekMessageA
KillTimer
SetTimer

comctl32

InitCommonControlsEx

shlwapi

PathRenameExtensionA
PathRemoveFileSpecA

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 766B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RTFC.dll
.dll windows:5 windows x86 arch:x86

47d7f8002684102e70a0ec49694a6f04

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

shlwapi

SHDeleteKeyA

kernel32

ReadFile
GetFileSize
OpenFile
CloseHandle
UnmapViewOfFile
GetLastError
SetLastError
MapViewOfFile
CreateFileMappingA
CreateFileA
ReleaseMutex
WritePrivateProfileStringA
WriteFile
GetCurrentProcessId
GetLocalTime
SetFilePointer
WaitForSingleObject
CreateMutexA
GetVersionExA
MultiByteToWideChar
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
InterlockedExchange
Sleep
_lclose
InterlockedCompareExchange
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetProcessHeap
HeapFree

advapi32

RegCreateKeyExA
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegDeleteValueA

ole32

CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

msvcr90

_onexit
_lock
__dllonexit
??3@YAXPAX@Z
strcpy_s
strlen
??2@YAPAXI@Z
_stricmp
__CxxFrameHandler3
memcpy
memset
sscanf_s
_unlock
_splitpath_s
_purecall
pow
strcat_s
sprintf_s
strstr
_strnicmp
_vsnprintf_s
_strupr_s
_strlwr_s
strncpy_s
strchr
wcscmp
fclose
feof
fgets
fseek
isdigit
_fdopen
_sopen_s
strpbrk
_CxxThrowException
?terminate@@YAXXZ
_except_handler4_common
_encode_pointer
_malloc_crt
free
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
strrchr

Exports

Exports

??0CCRC32@@QAE@ABV0@@Z
??0CCRC32@@QAE@XZ
??0CConfigCache@@QAE@ABV0@@Z
??0CConfigCache@@QAE@XZ
??0CFileVersion@@QAE@ABV0@@Z
??0CFileVersion@@QAE@XZ
??0CFormulaLexicalAnalyzer@@QAE@ABV0@@Z
??0CFormulaLexicalAnalyzer@@QAE@XZ
??0CFormulaTranslator@@QAE@ABV0@@Z
??0CFormulaTranslator@@QAE@XZ
??0CFormulaTranslatorVariableProvider@@QAE@ABV0@@Z
??0CFormulaTranslatorVariableProvider@@QAE@XZ
??0CLexicalAnalyzer@@QAE@ABV0@@Z
??0CLexicalAnalyzer@@QAE@XZ
??0CLog@@QAE@ABV0@@Z
??0CLog@@QAE@XZ
??0CMultiString@@QAE@ABV0@@Z
??0CMultiString@@QAE@PBD@Z
??0CMultiString@@QAE@XZ
??0COSVersion@@QAE@ABV0@@Z
??0COSVersion@@QAE@XZ
??0CPtrListLite@@QAE@ABV0@@Z
??0CPtrListLite@@QAE@XZ
??0CPtrStack@@QAE@ABV0@@Z
??0CPtrStack@@QAE@XZ
??0CRegValue@@QAE@ABV0@@Z
??0CRegValue@@QAE@XZ
??0CStringLite@@QAE@ABV0@@Z
??0CStringLite@@QAE@PBD@Z
??0CStringLite@@QAE@PBDH@Z
??0CStringLite@@QAE@XZ
??0CTaskSchedulerInterface@@QAE@ABV0@@Z
??0CTaskSchedulerInterface@@QAE@XZ
??0CTextFile@@QAE@ABV0@@Z
??0CTextFile@@QAE@XZ
??0CTokenString@@QAE@ABV0@@Z
??0CTokenString@@QAE@XZ
??0CWOW64@@QAE@ABV0@@Z
??0CWOW64@@QAE@XZ
??1CCRC32@@UAE@XZ
??1CConfigCache@@UAE@XZ
??1CFileVersion@@UAE@XZ
??1CFormulaLexicalAnalyzer@@UAE@XZ
??1CFormulaTranslator@@UAE@XZ
??1CFormulaTranslatorVariableProvider@@UAE@XZ
??1CLexicalAnalyzer@@UAE@XZ
??1CLog@@UAE@XZ
??1CMultiString@@UAE@XZ
??1COSVersion@@UAE@XZ
??1CPtrListLite@@UAE@XZ
??1CPtrStack@@UAE@XZ
??1CRegValue@@UAE@XZ
??1CStringLite@@UAE@XZ
??1CTaskSchedulerInterface@@UAE@XZ
??1CTextFile@@UAE@XZ
??1CTokenString@@UAE@XZ
??1CWOW64@@UAE@XZ
??4CCRC32@@QAEAAV0@ABV0@@Z
??4CConfigCache@@QAEAAV0@ABV0@@Z
??4CFileVersion@@QAEAAV0@ABV0@@Z
??4CFormulaLexicalAnalyzer@@QAEAAV0@ABV0@@Z
??4CFormulaTranslator@@QAEAAV0@ABV0@@Z
??4CFormulaTranslatorVariableProvider@@QAEAAV0@ABV0@@Z
??4CLexicalAnalyzer@@QAEAAV0@ABV0@@Z
??4CLog@@QAEAAV0@ABV0@@Z
??4CMultiString@@QAEABV0@ABV0@@Z
??4COSVersion@@QAEAAV0@ABV0@@Z
??4CPtrListLite@@QAEAAV0@ABV0@@Z
??4CPtrStack@@QAEAAV0@ABV0@@Z
??4CRegValue@@QAEAAV0@ABV0@@Z
??4CStringLite@@QAEABV0@ABV0@@Z
??4CStringLite@@QAEABV0@D@Z
??4CStringLite@@QAEABV0@PBD@Z
??4CTaskSchedulerInterface@@QAEAAV0@ABV0@@Z
??4CTextFile@@QAEAAV0@ABV0@@Z
??4CTokenString@@QAEAAV0@ABV0@@Z
??4CWOW64@@QAEAAV0@ABV0@@Z
??BCStringLite@@QBEPBDXZ
??H@YA?AVCStringLite@@ABV0@0@Z
??H@YA?AVCStringLite@@ABV0@PBD@Z
??H@YA?AVCStringLite@@PBDABV0@@Z
??YCStringLite@@QAEABV0@ABV0@@Z
??YCStringLite@@QAEABV0@D@Z
??YCStringLite@@QAEABV0@PBD@Z
??_7CCRC32@@6B@
??_7CConfigCache@@6B@
??_7CFileVersion@@6B@
??_7CFormulaLexicalAnalyzer@@6B@
??_7CFormulaTranslator@@6B@
??_7CFormulaTranslatorVariableProvider@@6B@
??_7CLexicalAnalyzer@@6B@
??_7CLog@@6B@
??_7CMultiString@@6B@
??_7COSVersion@@6B@
??_7CPtrListLite@@6B@
??_7CPtrStack@@6B@
??_7CRegValue@@6B@
??_7CStringLite@@6B@
??_7CTaskSchedulerInterface@@6B@
??_7CTextFile@@6B@
??_7CTokenString@@6B@
??_7CWOW64@@6B@
?AddHead@CPtrListLite@@QAEPAUPTR_LIST_NODE@@PAX@Z
?AddIndent@CLog@@QAEKK@Z
?AddTail@CPtrListLite@@QAEPAUPTR_LIST_NODE@@PAX@Z
?AddTask@CTaskSchedulerInterface@@QAEHPBD000@Z
?AddUnhandledLexeme@CLexicalAnalyzer@@QAEXXZ
?AllocLexemeDescData@CLexicalAnalyzer@@QAEXKPAE@Z
?AllocateCopy@CStringLite@@QAEPADXZ
?AllocateCopy@CStringLite@@SAPADPBD@Z
?Analyze@CLexicalAnalyzer@@QAEJPBD@Z
?Append@CLog@@QAEXPBDH@Z
?Append@CMultiString@@QAEXPBD@Z
?AppendCharset@CLexicalAnalyzer@@QAEJD@Z
?AppendCharset@CLexicalAnalyzer@@QAEJDD@Z
?AppendCharset@CLexicalAnalyzer@@QAEJPBD@Z
?AppendHelper@CMultiString@@AAEXPBDK@Z
?AppendJumpTable@CLexicalAnalyzer@@QAEJGGK@Z
?AppendJumpTable@CLexicalAnalyzer@@QAEJGGKD@Z
?AppendJumpTable@CLexicalAnalyzer@@QAEJGGKDD@Z
?AppendJumpTable@CLexicalAnalyzer@@QAEJGGKPBD@Z
?AppendLexemeStr@CLexicalAnalyzer@@QAEXD@Z
?AppendLexemesList@CFormulaLexicalAnalyzer@@AAEJXZ
?AppendMulti@CMultiString@@QAEXPBD@Z
?Calc@CCRC32@@QAEKKPAEK@Z
?Calc@CCRC32@@QAEKKPBD@Z
?Calc@CFormulaTranslator@@QAEJXZ
?CalcAdd@CFormulaTranslator@@AAEHPAUFORMULATRANSLATOR_VALUE_DESC@@0@Z
?CalcDiv@CFormulaTranslator@@AAEHPAUFORMULATRANSLATOR_VALUE_DESC@@0@Z
?CalcMul@CFormulaTranslator@@AAEHPAUFORMULATRANSLATOR_VALUE_DESC@@0@Z
?CalcPow@CFormulaTranslator@@AAEHPAUFORMULATRANSLATOR_VALUE_DESC@@0@Z
?CalcSub@CFormulaTranslator@@AAEHPAUFORMULATRANSLATOR_VALUE_DESC@@0@Z
?CalcUnaryMinus@CFormulaTranslator@@AAEHPAUFORMULATRANSLATOR_VALUE_DESC@@@Z
?Close@CTextFile@@QAEXXZ
?CompareWithWildcard@CStringLite@@QAEHPBDD@Z
?CompareWithWildcard@CStringLite@@SAHPBD0D@Z
?CreateLexemeDesc@CLexicalAnalyzer@@QAEJK@Z
?DeleteBuf@CTokenString@@AAEXXZ
?DeleteKey@CRegValue@@QAEHXZ
?DeleteTask@CTaskSchedulerInterface@@QAEHPBD@Z
?DeleteValue@CRegValue@@QAEHPBD@Z
?DestroyCache@CTextFile@@QAEXXZ
?DestroyLexemeDesc@CLexicalAnalyzer@@QAEXPAULEXEME_DESC@@@Z
?DestroyLexemes@CLexicalAnalyzer@@QAEXXZ
?DestroyOperandsStack@CFormulaTranslator@@QAEXXZ
?DestroySectionsCache@CTextFile@@QAEXXZ
?DestroyThisLexeme@CLexicalAnalyzer@@QAEPAULEXEME_DESC@@XZ
?EnumSections@CTextFile@@QAE?AVCMultiString@@XZ
?Filter@CMultiString@@QAE?AV1@PAV1@0@Z
?Find@CPtrListLite@@QAEPAUPTR_LIST_NODE@@K@Z
?Find@CPtrListLite@@QAEPAUPTR_LIST_NODE@@PAX@Z
?Find@CStringLite@@QBEHPBD@Z
?Find@CStringLite@@QBEHPBDH@Z
?FindNoCase@CStringLite@@QBEHPBD@Z
?FindNoCase@CStringLite@@QBEHPBDH@Z
?Format@CFormulaTranslator@@QAE?AVCStringLite@@XZ
?Format@CStringLite@@QAAXPBDZZ
?Get@CConfigCache@@QAEPAUCONFIG_CACHE_ENTRY@@PBD@Z
?Get@CFileVersion@@SAKPBD@Z
?GetAt@CPtrListLite@@QAEPAXPAUPTR_LIST_NODE@@@Z
?GetCharsetSize@CLexicalAnalyzer@@QAEGXZ
?GetCount@CPtrListLite@@QAEKXZ
?GetErrName@CLexicalAnalyzer@@SA?AVCStringLite@@J@Z
?GetFilename@CLog@@QAEPBDXZ
?GetFirst@CMultiString@@QAEPBDXZ
?GetFltValue@CFormulaTranslator@@AAEMPAUFORMULATRANSLATOR_VALUE_DESC@@@Z
?GetFltValue@CFormulaTranslator@@QAEMXZ
?GetHead@CPtrListLite@@QAEPAUPTR_LIST_NODE@@XZ
?GetHeadLexeme@CLexicalAnalyzer@@QAEPAULEXEME_DESC@@XZ
?GetHeaderFlags@CLog@@QAEKXZ
?GetIndent@CLog@@QAEKXZ
?GetIntValue@CFormulaTranslator@@AAEJPAUFORMULATRANSLATOR_VALUE_DESC@@@Z
?GetIntValue@CFormulaTranslator@@QAEJXZ
?GetLength@CStringLite@@QBEHXZ
?GetLexemeStr@CLexicalAnalyzer@@QAEPBDXZ
?GetMajorVersion@COSVersion@@QAEKXZ
?GetMinorVersion@COSVersion@@QAEKXZ
?GetNext@CMultiString@@QAEPBDXZ
?GetNext@CPtrListLite@@QAEPAXAAPAUPTR_LIST_NODE@@@Z
?GetNextLexeme@CLexicalAnalyzer@@QAEPAULEXEME_DESC@@XZ
?GetParam@CTextFile@@SAHHPBDAAVCStringLite@@0H@Z
?GetParams@CTextFile@@SAHHHPBDAAVCStringLite@@0H@Z
?GetParams@CTextFile@@SAHPBDAAVCStringLite@@10H@Z
?GetParams@CTextFile@@SAHPBDAAVCStringLite@@110H@Z
?GetPlatformID@COSVersion@@QAEKXZ
?GetPrev@CPtrListLite@@QAEPAXAAPAUPTR_LIST_NODE@@@Z
?GetPrevLexeme@CLexicalAnalyzer@@QAEPAULEXEME_DESC@@XZ
?GetPrivateProfileStringA@CConfigCache@@QAEKPBD00PADK0@Z
?GetRange@CTextFile@@SAHPBDAAK1@Z
?GetSamDesired@CRegValue@@QAEKXZ
?GetSeparator@CTokenString@@QAEDXZ
?GetSize@CMultiString@@SAKPBD@Z
?GetStr@CFileVersion@@SA?AVCStringLite@@PBD@Z
?GetStrUni@CFileVersion@@CA?AVCStringLite@@PBD@Z
?GetStrVxd@CFileVersion@@CA?AVCStringLite@@PBD@Z
?GetSystemWow64DirectoryA@CWOW64@@SAIPADI@Z
?GetTail@CPtrListLite@@QAEPAUPTR_LIST_NODE@@XZ
?GetTailLexeme@CLexicalAnalyzer@@QAEPAULEXEME_DESC@@XZ
?GetThisLexeme@CLexicalAnalyzer@@QAEPAULEXEME_DESC@@XZ
?GetTimeStamp@CLog@@QAE_JXZ
?GetUnhandledLexeme@CLexicalAnalyzer@@QAEPAULEXEME_DESC@@XZ
?GetValue@CRegValue@@QAE?AVCMultiString@@PBDAAV2@@Z
?GetValue@CRegValue@@QAE?AVCStringLite@@PBD0@Z
?GetValue@CRegValue@@QAEKPBDKK@Z
?GetValue@CTextFile@@SAHPBDAAKK@Z
?GetVxdVersion@CFileVersion@@CAHPADPAKPAX@Z
?GetVxdVersionInfo@CFileVersion@@CAHPADKPAX@Z
?GetVxdVersionInfoSize@CFileVersion@@CAKPAD@Z
?Home@CTextFile@@QAEXXZ
?Init@CFormulaLexicalAnalyzer@@QAEXXZ
?Init@CMultiString@@QAEXPBD@Z
?Init@CTaskSchedulerInterface@@QAEHXZ
?InitJumpTable@CLexicalAnalyzer@@QAEJG@Z
?InitLexemePriority@CFormulaTranslator@@AAEKPAULEXEME_DESC@@@Z
?InitMulti@CMultiString@@QAEXPBD@Z
?InitTable@CCRC32@@QAEXXZ
?IsConstFltLexeme@CFormulaLexicalAnalyzer@@QAEHPAULEXEME_DESC@@@Z
?IsConstIntLexeme@CFormulaLexicalAnalyzer@@QAEHPAULEXEME_DESC@@@Z
?IsConstLexeme@CFormulaLexicalAnalyzer@@QAEHPAULEXEME_DESC@@@Z
?IsEmpty@CMultiString@@QAEHXZ
?IsEmpty@CPtrListLite@@QAEHXZ
?IsEmpty@CStringLite@@QBEHXZ
?IsFltValue@CFormulaTranslator@@AAEHPAUFORMULATRANSLATOR_VALUE_DESC@@@Z
?IsFltValue@CFormulaTranslator@@QAEHXZ
?IsInRange@CTextFile@@SAHKPBD@Z
?IsIntValue@CFormulaTranslator@@AAEHPAUFORMULATRANSLATOR_VALUE_DESC@@@Z
?IsIntValue@CFormulaTranslator@@QAEHXZ
?IsOperationBracketLexeme@CFormulaLexicalAnalyzer@@QAEHPAULEXEME_DESC@@@Z
?IsOperationCloseBracketLexeme@CFormulaLexicalAnalyzer@@QAEHPAULEXEME_DESC@@@Z
?IsOperationLexeme@CFormulaLexicalAnalyzer@@QAEHPAULEXEME_DESC@@@Z
?IsOperationOpenBracketLexeme@CFormulaLexicalAnalyzer@@QAEHPAULEXEME_DESC@@@Z
?IsTaskExist@CTaskSchedulerInterface@@QAEHPBD@Z
?IsVarLexeme@CFormulaLexicalAnalyzer@@QAEHPAULEXEME_DESC@@@Z
?IsWindows2000@COSVersion@@QAEHXZ
?IsWindows2000OrLater@COSVersion@@QAEHXZ
?IsWindows7@COSVersion@@QAEHXZ
?IsWindows7OrLater@COSVersion@@QAEHXZ
?IsWindows95@COSVersion@@QAEHXZ
?IsWindows98@COSVersion@@QAEHXZ
?IsWindows98OrLater@COSVersion@@QAEHXZ
?IsWindows9x@COSVersion@@QAEHXZ
?IsWindowsME@COSVersion@@QAEHXZ
?IsWindowsNT4@COSVersion@@QAEHXZ
?IsWindowsNT4OrLater@COSVersion@@QAEHXZ
?IsWindowsNT@COSVersion@@QAEHXZ
?IsWindowsVista@COSVersion@@QAEHXZ
?IsWindowsVistaOrLater@COSVersion@@QAEHXZ
?IsWindowsXP64OrLater@COSVersion@@QAEHXZ
?IsWindowsXP@COSVersion@@QAEHXZ
?IsWindowsXPOrLater@COSVersion@@QAEHXZ
?IsWow64Process@CWOW64@@SAHPAXPAH@Z
?KillTable@CCRC32@@QAEXXZ
?Left@CStringLite@@QBE?AV1@H@Z
?MakeLower@CStringLite@@QAEXXZ
?MakeUpper@CStringLite@@QAEXXZ
?MarkReachabilityHelper@CLexicalAnalyzer@@AAEXPAEG@Z
?Mid@CStringLite@@QBE?AV1@HH@Z
?OnStateChange@CFormulaLexicalAnalyzer@@EAEJGGD@Z
?Open@CTextFile@@QAEHPBD@Z
?Peek@CPtrStack@@QAEPAXXZ
?Pop@CPtrStack@@QAEPAXXZ
?PostAnalyze@CFormulaLexicalAnalyzer@@EAEJH@Z
?PreAnalyze@CFormulaLexicalAnalyzer@@EAEJXZ
?Precache@CTextFile@@QAEXPBD@Z
?Precache@CTextFile@@QAEXXZ
?PrecacheSections@CTextFile@@QAEXXZ
?Push@CPtrStack@@QAEXPAX@Z
?PushVal@CFormulaTranslator@@AAEXKJ@Z
?PushVar@CFormulaTranslator@@AAEHPBD@Z
?QueryValue@CRegValue@@QAEHPBDAAKK@Z
?QueryValueEx@CRegValue@@QAEHPBDPAEAAK2@Z
?ReadSection@CTextFile@@UAEHPBDAAVCStringLite@@@Z
?ReadSectionParam@CTextFile@@UAE?AVCStringLite@@PBD00@Z
?ReadSectionParam@CTextFile@@UAEHPBD0AAVCStringLite@@@Z
?ReadString@CTextFile@@QAEHAAVCStringLite@@@Z
?RemoveAll@CPtrListLite@@QAEXXZ
?RemoveAt@CPtrListLite@@QAEXPAUPTR_LIST_NODE@@@Z
?Replace@CStringLite@@QAEHPBD0@Z
?ResetLexemeStr@CLexicalAnalyzer@@QAEXXZ
?Right@CStringLite@@QBE?AV1@H@Z
?SetFilename@CLog@@QAEXPBD@Z
?SetHeaderFlags@CLog@@QAEXK@Z
?SetIndent@CLog@@QAEXK@Z
?SetLexemeStr@CLexicalAnalyzer@@QAEXD@Z
?SetRegistryKey@CRegValue@@QAEXPAUHKEY__@@PBD@Z
?SetSamDesired@CRegValue@@QAEXK@Z
?SetValue@CRegValue@@QAEHPBD0@Z
?SetValue@CRegValue@@QAEHPBDKK@Z
?SetValueEx@CRegValue@@QAEHPBDPAEKK@Z
?SetVariableProvider@CFormulaTranslator@@QAEXPAVCFormulaTranslatorVariableProvider@@@Z
?Sort@CPtrListLite@@QAEXHP6AHPAUPTR_LIST_NODE@@0@Z@Z
?SortLexemesHelper@CFormulaTranslator@@CAHPAUPTR_LIST_NODE@@0@Z
?StrToDWORD@CFileVersion@@SAKPBD@Z
?StripComments@CTextFile@@QAEHAAVCStringLite@@@Z
?SubIndent@CLog@@QAEKK@Z
?SwapWithNext@CPtrListLite@@QAEXPAUPTR_LIST_NODE@@@Z
?SwapWithPrev@CPtrListLite@@QAEXPAUPTR_LIST_NODE@@@Z
?Translate@CFormulaTranslator@@QAEJPBD@Z
?TrimLeft@CStringLite@@QAEXD@Z
?TrimLeft@CStringLite@@QAEXPBD@Z
?TrimLeft@CStringLite@@QAEXXZ
?TrimRight@CStringLite@@QAEXD@Z
?TrimRight@CStringLite@@QAEXPBD@Z
?TrimRight@CStringLite@@QAEXXZ
?Uninit@CConfigCache@@QAEXXZ
?Uninit@CMultiString@@QAEXXZ
?Uninit@CTaskSchedulerInterface@@QAEXXZ
?UninitCharset@CLexicalAnalyzer@@QAEXXZ
?UninitJumpTable@CLexicalAnalyzer@@QAEXXZ
?ValidateJumpTable@CLexicalAnalyzer@@QAEJXZ
?Wow64DisableWow64FsRedirection@CWOW64@@SAHPAPAX@Z
?Wow64RevertWow64FsRedirection@CWOW64@@SAHPAX@Z
?WritePrivateProfileStringA@CConfigCache@@QAEHPBD000@Z
?g_hRTFCDLL@@3PAUHINSTANCE__@@A
?helper_AppendBuf@CStringLite@@IAEXD@Z
?helper_AppendBuf@CStringLite@@IAEXPBD@Z
?helper_FreeBuf@CStringLite@@IAEXXZ
?helper_InitBuf@CStringLite@@IAEXD@Z
?helper_InitBuf@CStringLite@@IAEXPBD@Z
?helper_InitBuf@CStringLite@@IAEXPBDH@Z
?strtok@CTokenString@@QAEPADPBD0@Z
?strtokex@CTokenString@@QAEPADPBD0@Z

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RTMUI.dll
.dll windows:5 windows x86 arch:x86

960c8cfa99b3b65d86195c390ec402f9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathRemoveFileSpecA

rtfc

?GetParam@CTextFile@@SAHHPBDAAVCStringLite@@0H@Z
??1CStringLite@@UAE@XZ
?Calc@CCRC32@@QAEKKPBD@Z
??1CCRC32@@UAE@XZ
??0CCRC32@@QAE@XZ
??0CStringLite@@QAE@XZ

mfc90

ord5666
ord5668
ord6446
ord1729
ord4688
ord5139
ord3732
ord4589
ord6780
ord5497
ord5585
ord4650
ord1496
ord4331
ord1752
ord1755
ord6388
ord3344
ord1678
ord1809
ord1810
ord2208
ord5309
ord5152
ord4617
ord5615
ord374
ord4993
ord5636
ord2074
ord2069
ord6048
ord1536
ord2899
ord3987
ord3568
ord2282
ord4498
ord2130
ord1361
ord1108
ord3895
ord753
ord5137
ord5153
ord4618
ord4594
ord5262
ord5286
ord5032
ord5216
ord5493
ord5496
ord5494
ord5495
ord5644
ord6474
ord6058
ord1791
ord6365
ord3436
ord6473
ord6475
ord542
ord539
ord541
ord4013
ord3896
ord756
ord4678
ord1643
ord4686
ord5645
ord1497
ord6391
ord3346
ord1711
ord2224
ord1409
ord2592
ord547
ord549
ord4996
ord3365
ord4014
ord698
ord580
ord446
ord3560
ord958
ord6154
ord903
ord5862
ord3313
ord4462
ord941
ord6682
ord6676
ord781
ord5776
ord1144
ord2896
ord4037
ord1045
ord2123
ord1241
ord391
ord1152
ord2591
ord4431
ord3223
ord4513
ord6557
ord6559
ord4116
ord3175
ord4337
ord586
ord3653
ord4667
ord5647
ord1726
ord1789
ord789
ord4025
ord1728
ord5633
ord2766
ord2978
ord3107
ord4714
ord2961
ord3135
ord2769
ord2888
ord2759
ord4066
ord4067
ord4057
ord2886
ord4334
ord4895
ord4668
ord376
ord639
ord3783
ord6802
ord5761
ord945
ord5924
ord820
ord6791
ord266
ord1709
ord3579
ord579
ord5528
ord2539
ord4311
ord6815
ord817
ord1568
ord2531
ord780
ord310
ord1137
ord5750
ord1247
ord2566
ord1252
ord1603
ord6613
ord3213
ord305
ord3178
ord1611
ord798
ord300
ord910
ord963
ord967
ord965
ord969
ord2610
ord2630
ord2614
ord2620
ord2618
ord2616
ord2633
ord2628
ord2612
ord2635
ord2623
ord2605
ord2607
ord2625
ord2375
ord2368
ord1644
ord6784
ord4160
ord6782
ord3671
ord5389
ord6356
ord3218
ord1446
ord5608
ord2139
ord6494
ord1792
ord316
ord601
ord800
ord5482

msvcr90

memset
sscanf_s
_findfirst64i32
_stricmp
_access
strstr
_findnext64i32
__CxxFrameHandler3
_findclose
strcpy_s
__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ

kernel32

GetPrivateProfileStringA
LoadLibraryA
FreeResource
GetLocalTime
LoadResource
FindResourceA
GetModuleFileNameA
GetProcAddress
LockResource
FreeLibrary
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetCurrentThreadId

user32

GetWindowLongA
GetParent
ModifyMenuA
GetSubMenu
GetMenuState
GetMenuItemID
GetSystemMetrics
MonitorFromPoint
GetDC
ReleaseDC
GetCursorPos
IsWindow
MapDialogRect
GetClassNameA
GetDlgCtrlID
IsWindowVisible
ScreenToClient
ClientToScreen
PtInRect
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetWindow
GetWindowRect
SendMessageA
LoadMenuA
EnableWindow
InvalidateRect
GetClientRect
LoadImageA
DestroyIcon
WindowFromPoint

gdi32

GetDeviceCaps

Exports

Exports

??0?$CList@PAULANGUAGE_DESC@@PAU1@@@QAE@H@Z
??0?$CList@PAULOCALIZED_STRING@@PAU1@@@QAE@H@Z
??0?$CList@PAULOCALIZED_STRING_DIFFERENCE@@PAU1@@@QAE@H@Z
??0CLocalizationManager@@QAE@XZ
??0CLocalizedDialog@@IAE@XZ
??0CLocalizedDialog@@QAE@IPAVCWnd@@@Z
??0CLocalizedMenu@@QAE@XZ
??0CLocalizedPropertyPage@@QAE@II@Z
??0CLocalizedPropertyPage@@QAE@PBDI@Z
??0CLocalizedPropertyPage@@QAE@XZ
??0CLocalizedPropertySheet@@QAE@IPAVCWnd@@I@Z
??0CLocalizedPropertySheet@@QAE@PBDPAVCWnd@@I@Z
??0CLocalizedStringDifferenceList@@QAE@XZ
??0CLocalizedStringList@@QAE@XZ
??0CLocalizedTooltip@@QAE@XZ
??0CToolTipCtrlEx@@QAE@XZ
??1?$CList@PAULANGUAGE_DESC@@PAU1@@@UAE@XZ
??1?$CList@PAULOCALIZED_STRING@@PAU1@@@UAE@XZ
??1?$CList@PAULOCALIZED_STRING_DIFFERENCE@@PAU1@@@UAE@XZ
??1CLocalizationManager@@UAE@XZ
??1CLocalizedDialog@@MAE@XZ
??1CLocalizedMenu@@UAE@XZ
??1CLocalizedPropertyPage@@UAE@XZ
??1CLocalizedPropertySheet@@UAE@XZ
??1CLocalizedStringDifferenceList@@UAE@XZ
??1CLocalizedStringList@@UAE@XZ
??1CLocalizedTooltip@@UAE@XZ
??1CToolTipCtrlEx@@UAE@XZ
??_7?$CList@PAULANGUAGE_DESC@@PAU1@@@6B@
??_7?$CList@PAULOCALIZED_STRING@@PAU1@@@6B@
??_7?$CList@PAULOCALIZED_STRING_DIFFERENCE@@PAU1@@@6B@
??_7CLocalizationManager@@6B@
??_7CLocalizedDialog@@6B@
??_7CLocalizedMenu@@6B@
??_7CLocalizedPropertyPage@@6B@
??_7CLocalizedPropertySheet@@6B@
??_7CLocalizedStringDifferenceList@@6B@
??_7CLocalizedStringList@@6B@
??_7CLocalizedTooltip@@6B@
??_7CToolTipCtrlEx@@6B@
??_F?$CList@PAULANGUAGE_DESC@@PAU1@@@QAEXXZ
??_F?$CList@PAULOCALIZED_STRING@@PAU1@@@QAEXXZ
??_F?$CList@PAULOCALIZED_STRING_DIFFERENCE@@PAU1@@@QAEXXZ
?Add@CLocalizedStringDifferenceList@@QAEXPBDPAULOCALIZED_STRING@@@Z
?Add@CLocalizedStringList@@QAEHPBDJJ0IKJJ@Z
?AddHead@?$CList@PAULANGUAGE_DESC@@PAU1@@@QAEPAU__POSITION@@PAULANGUAGE_DESC@@@Z
?AddHead@?$CList@PAULANGUAGE_DESC@@PAU1@@@QAEXPAV1@@Z
?AddHead@?$CList@PAULOCALIZED_STRING@@PAU1@@@QAEPAU__POSITION@@PAULOCALIZED_STRING@@@Z
?AddHead@?$CList@PAULOCALIZED_STRING@@PAU1@@@QAEXPAV1@@Z
?AddHead@?$CList@PAULOCALIZED_STRING_DIFFERENCE@@PAU1@@@QAEPAU__POSITION@@PAULOCALIZED_STRING_DIFFERENCE@@@Z
?AddHead@?$CList@PAULOCALIZED_STRING_DIFFERENCE@@PAU1@@@QAEXPAV1@@Z
?AddLanguageDesc@CLocalizationManager@@QAEXPBD@Z
?AddTail@?$CList@PAULANGUAGE_DESC@@PAU1@@@QAEPAU__POSITION@@PAULANGUAGE_DESC@@@Z
?AddTail@?$CList@PAULANGUAGE_DESC@@PAU1@@@QAEXPAV1@@Z
?AddTail@?$CList@PAULOCALIZED_STRING@@PAU1@@@QAEPAU__POSITION@@PAULOCALIZED_STRING@@@Z
?AddTail@?$CList@PAULOCALIZED_STRING@@PAU1@@@QAEXPAV1@@Z
?AddTail@?$CList@PAULOCALIZED_STRING_DIFFERENCE@@PAU1@@@QAEPAU__POSITION@@PAULOCALIZED_STRING_DIFFERENCE@@@Z
?AddTail@?$CList@PAULOCALIZED_STRING_DIFFERENCE@@PAU1@@@QAEXPAV1@@Z
?AllocateLocalizedTooltip@CLocalizationManager@@QAEPAVCLocalizedTooltip@@XZ
?AppendLog@CLocalizationManager@@QAEXV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@H0HK@Z
?AreTooltipsEnabled@CLocalizationManager@@QAEHXZ
?Compare@CLocalizationManager@@QAEXPBD@Z
?CompareFileSystem@CLocalizationManager@@QAEXPBD0K@Z
?CompareFileSystemHelper@CLocalizationManager@@QAEXPBD00KPAK@Z
?CreateObject@CLocalizedDialog@@SGPAVCObject@@XZ
?CreateObject@CLocalizedPropertyPage@@SGPAVCObject@@XZ
?DefWindowProcA@CLocalizedDialog@@MAEJIIJ@Z
?DefWindowProcA@CLocalizedPropertyPage@@MAEJIIJ@Z
?DefWindowProcA@CLocalizedPropertySheet@@MAEJIIJ@Z
?Destroy@CLocalizedStringDifferenceList@@QAEXXZ
?Destroy@CLocalizedStringList@@QAEXXZ
?DoDataExchange@CLocalizedDialog@@MAEXPAVCDataExchange@@@Z
?DoDataExchange@CLocalizedPropertyPage@@MAEXPAVCDataExchange@@@Z
?Enable@CLocalizedTooltip@@QAEXH@Z
?EnableScroll@CLocalizedPropertyPage@@QAEXH@Z
?EnableScroll@CLocalizedPropertySheet@@QAEXH@Z
?EnableTooltips@CLocalizationManager@@QAEXH@Z
?Find@?$CList@PAULANGUAGE_DESC@@PAU1@@@QBEPAU__POSITION@@PAULANGUAGE_DESC@@PAU2@@Z
?Find@?$CList@PAULOCALIZED_STRING@@PAU1@@@QBEPAU__POSITION@@PAULOCALIZED_STRING@@PAU2@@Z
?Find@?$CList@PAULOCALIZED_STRING_DIFFERENCE@@PAU1@@@QBEPAU__POSITION@@PAULOCALIZED_STRING_DIFFERENCE@@PAU2@@Z
?Find@CLocalizationManager@@QAEPAULANGUAGE_DESC@@PBD@Z
?FindIndex@?$CList@PAULANGUAGE_DESC@@PAU1@@@QBEPAU__POSITION@@H@Z
?FindIndex@?$CList@PAULOCALIZED_STRING@@PAU1@@@QBEPAU__POSITION@@H@Z
?FindIndex@?$CList@PAULOCALIZED_STRING_DIFFERENCE@@PAU1@@@QBEPAU__POSITION@@H@Z
?FreeNode@?$CList@PAULANGUAGE_DESC@@PAU1@@@IAEXPAUCNode@1@@Z
?FreeNode@?$CList@PAULOCALIZED_STRING@@PAU1@@@IAEXPAUCNode@1@@Z
?FreeNode@?$CList@PAULOCALIZED_STRING_DIFFERENCE@@PAU1@@@IAEXPAUCNode@1@@Z
?Get@CLocalizationManager@@QAE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDAAJ10I@Z
?Get@CLocalizedStringList@@QAEHAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAJ1PBDI11@Z
?GetAllocateLocalizedTooltip@CLocalizationManager@@QAEP6APAVCLocalizedTooltip@@XZXZ
?GetAt@?$CList@PAULANGUAGE_DESC@@PAU1@@@QAEAAPAULANGUAGE_DESC@@PAU__POSITION@@@Z
?GetAt@?$CList@PAULANGUAGE_DESC@@PAU1@@@QBEABQAULANGUAGE_DESC@@PAU__POSITION@@@Z
?GetAt@?$CList@PAULOCALIZED_STRING@@PAU1@@@QAEAAPAULOCALIZED_STRING@@PAU__POSITION@@@Z
?GetAt@?$CList@PAULOCALIZED_STRING@@PAU1@@@QBEABQAULOCALIZED_STRING@@PAU__POSITION@@@Z
?GetAt@?$CList@PAULOCALIZED_STRING_DIFFERENCE@@PAU1@@@QAEAAPAULOCALIZED_STRING_DIFFERENCE@@PAU__POSITION@@@Z
?GetAt@?$CList@PAULOCALIZED_STRING_DIFFERENCE@@PAU1@@@QBEABQAULOCALIZED_STRING_DIFFERENCE@@PAU__POSITION@@@Z
?GetCount@?$CList@PAULANGUAGE_DESC@@PAU1@@@QBEHXZ
?GetCount@?$CList@PAULOCALIZED_STRING@@PAU1@@@QBEHXZ
?GetCount@?$CList@PAULOCALIZED_STRING_DIFFERENCE@@PAU1@@@QBEHXZ
?GetCreator@CLocalizationManager@@QAE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetCreatorEmail@CLocalizationManager@@QAE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetCreatorICQ@CLocalizationManager@@QAE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetDebugFlags@CLocalizationManager@@QAEKXZ
?GetDpi@@YAIPAUHWND__@@@Z
?GetDpiForMonitor@@YAIPAUHMONITOR__@@@Z
?GetDpiForWindow@@YAIPAUHWND__@@@Z
?GetFolder@CLocalizationManager@@QAE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetHead@?$CList@PAULANGUAGE_DESC@@PAU1@@@QAEAAPAULANGUAGE_DESC@@XZ
?GetHead@?$CList@PAULANGUAGE_DESC@@PAU1@@@QBEABQAULANGUAGE_DESC@@XZ
?GetHead@?$CList@PAULOCALIZED_STRING@@PAU1@@@QAEAAPAULOCALIZED_STRING@@XZ
?GetHead@?$CList@PAULOCALIZED_STRING@@PAU1@@@QBEABQAULOCALIZED_STRING@@XZ
?GetHead@?$CList@PAULOCALIZED_STRING_DIFFERENCE@@PAU1@@@QAEAAPAULOCALIZED_STRING_DIFFERENCE@@XZ
?GetHead@?$CList@PAULOCALIZED_STRING_DIFFERENCE@@PAU1@@@QBEABQAULOCALIZED_STRING_DIFFERENCE@@XZ
?GetHeadPosition@?$CList@PAULANGUAGE_DESC@@PAU1@@@QBEPAU__POSITION@@XZ
?GetHeadPosition@?$CList@PAULOCALIZED_STRING@@PAU1@@@QBEPAU__POSITION@@XZ
?GetHeadPosition@?$CList@PAULOCALIZED_STRING_DIFFERENCE@@PAU1@@@QBEPAU__POSITION@@XZ
?GetHelpFilePath@CLocalizedTooltip@@UAE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@Z
?GetID@CLocalizationManager@@QAEPBDXZ
?GetLabel@CLocalizedPropertyPage@@QAE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetLanguage@CLocalizationManager@@QAE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetMessageMap@CLocalizedDialog@@MBEPBUAFX_MSGMAP@@XZ
?GetMessageMap@CLocalizedPropertyPage@@MBEPBUAFX_MSGMAP@@XZ
?GetMessageMap@CLocalizedPropertySheet@@MBEPBUAFX_MSGMAP@@XZ
?GetMessageMap@CToolTipCtrlEx@@MBEPBUAFX_MSGMAP@@XZ
?GetNext@?$CList@PAULANGUAGE_DESC@@PAU1@@@QAEAAPAULANGUAGE_DESC@@AAPAU__POSITION@@@Z
?GetNext@?$CList@PAULANGUAGE_DESC@@PAU1@@@QBEABQAULANGUAGE_DESC@@AAPAU__POSITION@@@Z
?GetNext@?$CList@PAULOCALIZED_STRING@@PAU1@@@QAEAAPAULOCALIZED_STRING@@AAPAU__POSITION@@@Z
?GetNext@?$CList@PAULOCALIZED_STRING@@PAU1@@@QBEABQAULOCALIZED_STRING@@AAPAU__POSITION@@@Z
?GetNext@?$CList@PAULOCALIZED_STRING_DIFFERENCE@@PAU1@@@QAEAAPAULOCALIZED_STRING_DIFFERENCE@@AAPAU__POSITION@@@Z
?GetNext@?$CList@PAULOCALIZED_STRING_DIFFERENCE@@PAU1@@@QBEABQAULOCALIZED_STRING_DIFFERENCE@@AAPAU__POSITION@@@Z
?GetPrev@?$CList@PAULANGUAGE_DESC@@PAU1@@@QAEAAPAULANGUAGE_DESC@@AAPAU__POSITION@@@Z
?GetPrev@?$CList@PAULANGUAGE_DESC@@PAU1@@@QBEABQAULANGUAGE_DESC@@AAPAU__POSITION@@@Z
?GetPrev@?$CList@PAULOCALIZED_STRING@@PAU1@@@QAEAAPAULOCALIZED_STRING@@AAPAU__POSITION@@@Z
?GetPrev@?$CList@PAULOCALIZED_STRING@@PAU1@@@QBEABQAULOCALIZED_STRING@@AAPAU__POSITION@@@Z
?GetPrev@?$CList@PAULOCALIZED_STRING_DIFFERENCE@@PAU1@@@QAEAAPAULOCALIZED_STRING_DIFFERENCE@@AAPAU__POSITION@@@Z
?GetPrev@?$CList@PAULOCALIZED_STRING_DIFFERENCE@@PAU1@@@QBEABQAULOCALIZED_STRING_DIFFERENCE@@AAPAU__POSITION@@@Z
?GetResourceFilePath@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD0@Z
?GetRuntimeClass@CLocalizedDialog@@UBEPAUCRuntimeClass@@XZ
?GetRuntimeClass@CLocalizedPropertyPage@@UBEPAUCRuntimeClass@@XZ
?GetRuntimeClass@CLocalizedPropertySheet@@UBEPAUCRuntimeClass@@XZ
?GetSize@?$CList@PAULANGUAGE_DESC@@PAU1@@@QBEHXZ
?GetSize@?$CList@PAULOCALIZED_STRING@@PAU1@@@QBEHXZ
?GetSize@?$CList@PAULOCALIZED_STRING_DIFFERENCE@@PAU1@@@QBEHXZ
?GetSystemMetricsForDpi@@YAHHI@Z
?GetTail@?$CList@PAULANGUAGE_DESC@@PAU1@@@QAEAAPAULANGUAGE_DESC@@XZ
?GetTail@?$CList@PAULANGUAGE_DESC@@PAU1@@@QBEABQAULANGUAGE_DESC@@XZ
?GetTail@?$CList@PAULOCALIZED_STRING@@PAU1@@@QAEAAPAULOCALIZED_STRING@@XZ
?GetTail@?$CList@PAULOCALIZED_STRING@@PAU1@@@QBEABQAULOCALIZED_STRING@@XZ
?GetTail@?$CList@PAULOCALIZED_STRING_DIFFERENCE@@PAU1@@@QAEAAPAULOCALIZED_STRING_DIFFERENCE@@XZ
?GetTail@?$CList@PAULOCALIZED_STRING_DIFFERENCE@@PAU1@@@QBEABQAULOCALIZED_STRING_DIFFERENCE@@XZ
?GetTailPosition@?$CList@PAULANGUAGE_DESC@@PAU1@@@QBEPAU__POSITION@@XZ
?GetTailPosition@?$CList@PAULOCALIZED_STRING@@PAU1@@@QBEPAU__POSITION@@XZ
?GetTailPosition@?$CList@PAULOCALIZED_STRING_DIFFERENCE@@PAU1@@@QBEPAU__POSITION@@XZ
?GetTemplateName@CLocalizedDialog@@QAEPBDXZ
?GetThisClass@CLocalizedDialog@@SGPAUCRuntimeClass@@XZ
?GetThisClass@CLocalizedPropertyPage@@SGPAUCRuntimeClass@@XZ
?GetThisClass@CLocalizedPropertySheet@@SGPAUCRuntimeClass@@XZ
?GetThisMessageMap@CLocalizedDialog@@KGPBUAFX_MSGMAP@@XZ
?GetThisMessageMap@CLocalizedPropertyPage@@KGPBUAFX_MSGMAP@@XZ
?GetThisMessageMap@CLocalizedPropertySheet@@KGPBUAFX_MSGMAP@@XZ
?GetThisMessageMap@CToolTipCtrlEx@@KGPBUAFX_MSGMAP@@XZ
?GetTooltipID@CLocalizedTooltip@@UAE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@HH@Z
?Init@CLocalizationManager@@QAEXPBD0K@Z
?Init@CLocalizedTooltip@@QAEXPAVCWnd@@@Z
?InitToolTipText@CLocalizedTooltip@@QAEXHH@Z
?InsertAfter@?$CList@PAULANGUAGE_DESC@@PAU1@@@QAEPAU__POSITION@@PAU2@PAULANGUAGE_DESC@@@Z
?InsertAfter@?$CList@PAULOCALIZED_STRING@@PAU1@@@QAEPAU__POSITION@@PAU2@PAULOCALIZED_STRING@@@Z
?InsertAfter@?$CList@PAULOCALIZED_STRING_DIFFERENCE@@PAU1@@@QAEPAU__POSITION@@PAU2@PAULOCALIZED_STRING_DIFFERENCE@@@Z
?InsertBefore@?$CList@PAULANGUAGE_DESC@@PAU1@@@QAEPAU__POSITION@@PAU2@PAULANGUAGE_DESC@@@Z
?InsertBefore@?$CList@PAULOCALIZED_STRING@@PAU1@@@QAEPAU__POSITION@@PAU2@PAULOCALIZED_STRING@@@Z
?InsertBefore@?$CList@PAULOCALIZED_STRING_DIFFERENCE@@PAU1@@@QAEPAU__POSITION@@PAU2@PAULOCALIZED_STRING_DIFFERENCE@@@Z
?IsEmpty@?$CList@PAULANGUAGE_DESC@@PAU1@@@QBEHXZ
?IsEmpty@?$CList@PAULOCALIZED_STRING@@PAU1@@@QBEHXZ
?IsEmpty@?$CList@PAULOCALIZED_STRING_DIFFERENCE@@PAU1@@@QBEHXZ
?IsInitialized@CLocalizationManager@@QAEHXZ
?LoadMenuA@CLocalizedMenu@@QAEHI@Z
?LoadStringA@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@I@Z
?LoadStringA@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@Z
?LoadStringA@@YAHAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAJ1PBDI@Z
?LoadTooltip@CLocalizedTooltip@@UAEXPBD@Z
?Localize@@YAXPAVCMenu@@@Z
?Localize@@YAXPAVCWnd@@@Z
?LockSetModified@CLocalizedPropertyPage@@QAEXH@Z
?NewNode@?$CList@PAULANGUAGE_DESC@@PAU1@@@IAEPAUCNode@1@PAU21@0@Z
?NewNode@?$CList@PAULOCALIZED_STRING@@PAU1@@@IAEPAUCNode@1@PAU21@0@Z
?NewNode@?$CList@PAULOCALIZED_STRING_DIFFERENCE@@PAU1@@@IAEPAUCNode@1@PAU21@0@Z
?OnAdjustHeight@CLocalizedPropertySheet@@UAEXXZ
?OnCreate@CLocalizedPropertyPage@@IAEHPAUtagCREATESTRUCTA@@@Z
?OnDpiChange@CLocalizedPropertyPage@@UAEXXZ
?OnGetMinMaxInfo@CLocalizedPropertySheet@@IAEXPAUtagMINMAXINFO@@@Z
?OnInitDialog@CLocalizedDialog@@MAEHXZ
?OnInitDialog@CLocalizedPropertyPage@@MAEHXZ
?OnInitDialog@CLocalizedPropertySheet@@MAEHXZ
?OnMouseMove@CLocalizedDialog@@IAEXIVCPoint@@@Z
?OnMouseMove@CLocalizedPropertyPage@@IAEXIVCPoint@@@Z
?OnMouseMove@CLocalizedTooltip@@QAEXIVCPoint@@@Z
?OnPreTranslateMessage@CLocalizedTooltip@@QAEXPAUtagMSG@@@Z
?OnSize@CLocalizedPropertyPage@@IAEXIHH@Z
?OnSize@CLocalizedPropertySheet@@IAEXIHH@Z
?OnToolTipText@CLocalizedDialog@@IAEHIPAUtagNMHDR@@PAJ@Z
?OnToolTipText@CLocalizedPropertyPage@@IAEHIPAUtagNMHDR@@PAJ@Z
?OnToolTipText@CLocalizedTooltip@@QAEHIPAUtagNMHDR@@PAJ@Z
?OnVScroll@CLocalizedPropertyPage@@IAEXIIPAVCScrollBar@@@Z
?OnWindowFromPoint@CToolTipCtrlEx@@IAEJIJ@Z
?PostLoadTooltip@CLocalizedTooltip@@UAEXPBD@Z
?PreTranslateMessage@CLocalizedDialog@@MAEHPAUtagMSG@@@Z
?PreTranslateMessage@CLocalizedPropertyPage@@MAEHPAUtagMSG@@@Z
?PrepareTooltips@CLocalizedTooltip@@QAEXXZ
?RedrawChild@CLocalizedDialog@@QAEXI@Z
?RemoveAll@?$CList@PAULANGUAGE_DESC@@PAU1@@@QAEXXZ
?RemoveAll@?$CList@PAULOCALIZED_STRING@@PAU1@@@QAEXXZ
?RemoveAll@?$CList@PAULOCALIZED_STRING_DIFFERENCE@@PAU1@@@QAEXXZ
?RemoveAt@?$CList@PAULANGUAGE_DESC@@PAU1@@@QAEXPAU__POSITION@@@Z
?RemoveAt@?$CList@PAULOCALIZED_STRING@@PAU1@@@QAEXPAU__POSITION@@@Z
?RemoveAt@?$CList@PAULOCALIZED_STRING_DIFFERENCE@@PAU1@@@QAEXPAU__POSITION@@@Z
?RemoveHead@?$CList@PAULANGUAGE_DESC@@PAU1@@@QAEPAULANGUAGE_DESC@@XZ
?RemoveHead@?$CList@PAULOCALIZED_STRING@@PAU1@@@QAEPAULOCALIZED_STRING@@XZ
?RemoveHead@?$CList@PAULOCALIZED_STRING_DIFFERENCE@@PAU1@@@QAEPAULOCALIZED_STRING_DIFFERENCE@@XZ
?RemoveTail@?$CList@PAULANGUAGE_DESC@@PAU1@@@QAEPAULANGUAGE_DESC@@XZ
?RemoveTail@?$CList@PAULOCALIZED_STRING@@PAU1@@@QAEPAULOCALIZED_STRING@@XZ
?RemoveTail@?$CList@PAULOCALIZED_STRING_DIFFERENCE@@PAU1@@@QAEPAULOCALIZED_STRING_DIFFERENCE@@XZ
?RepositionChildren@CLocalizedPropertySheet@@QAEXHH@Z
?ResetScrollbars@CLocalizedPropertyPage@@QAEXXZ
?Save@CLocalizedStringDifferenceList@@QAEXPAVCStringArray@@@Z
?Serialize@?$CList@PAULANGUAGE_DESC@@PAU1@@@UAEXAAVCArchive@@@Z
?Serialize@?$CList@PAULOCALIZED_STRING@@PAU1@@@UAEXAAVCArchive@@@Z
?Serialize@?$CList@PAULOCALIZED_STRING_DIFFERENCE@@PAU1@@@UAEXAAVCArchive@@@Z
?SetAllocateLocalizedTooltip@CLocalizationManager@@QAEXP6APAVCLocalizedTooltip@@XZ@Z
?SetAt@?$CList@PAULANGUAGE_DESC@@PAU1@@@QAEXPAU__POSITION@@PAULANGUAGE_DESC@@@Z
?SetAt@?$CList@PAULOCALIZED_STRING@@PAU1@@@QAEXPAU__POSITION@@PAULOCALIZED_STRING@@@Z
?SetAt@?$CList@PAULOCALIZED_STRING_DIFFERENCE@@PAU1@@@QAEXPAU__POSITION@@PAULOCALIZED_STRING_DIFFERENCE@@@Z
?SetDpiAware@@YAHK@Z
?SetModifiedLockable@CLocalizedPropertyPage@@QAEXH@Z
?SetTargetWnd@CToolTipCtrlEx@@QAEXPAVCWnd@@@Z
?SetupScrollbars@CLocalizedPropertyPage@@QAEXXZ
?Uninit@CLocalizationManager@@QAEXXZ
?_GetBaseClass@CLocalizedDialog@@KGPAUCRuntimeClass@@XZ
?_GetBaseClass@CLocalizedPropertyPage@@KGPAUCRuntimeClass@@XZ
?_GetBaseClass@CLocalizedPropertySheet@@KGPAUCRuntimeClass@@XZ
?classCLocalizedDialog@CLocalizedDialog@@2UCRuntimeClass@@B
?classCLocalizedPropertyPage@CLocalizedPropertyPage@@2UCRuntimeClass@@B
?classCLocalizedPropertySheet@CLocalizedPropertySheet@@2UCRuntimeClass@@B
?g_dwDpiAware@@3KA
?g_localizationManager@@3VCLocalizationManager@@A

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RTSS.dat
RTSS.exe
.exe windows:5 windows x86 arch:x86

67f141b54e0d9dbdb95f29f5a1d19341

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:41:25:7e:66:2b:31:db:5b:7d:1b:47:51:28:95:07
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

25/02/2022, 00:00

Not After

25/02/2024, 23:59

Subject

CN=Alexey Nicolaychuk,O=Alexey Nicolaychuk,ST=Rostovskaya oblast',C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d3:2c:f6:49:3e:52:b9:79:45:1c:85:fc:05:7e:94:a8:0c:89:95:36
Signer

Actual PE Digest

d3:2c:f6:49:3e:52:b9:79:45:1c:85:fc:05:7e:94:a8:0c:89:95:36

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dinput8

DirectInput8Create

shlwapi

PathRemoveFileSpecA
PathStripPathA
PathIsRelativeA

rtfc

??1CTaskSchedulerInterface@@UAE@XZ
?IsTaskExist@CTaskSchedulerInterface@@QAEHPBD@Z
?DeleteTask@CTaskSchedulerInterface@@QAEHPBD@Z
?AddTask@CTaskSchedulerInterface@@QAEHPBD000@Z
?Uninit@CTaskSchedulerInterface@@QAEXXZ
??0CTaskSchedulerInterface@@QAE@XZ
??YCStringLite@@QAEABV0@PBD@Z
??H@YA?AVCStringLite@@PBDABV0@@Z
??YCStringLite@@QAEABV0@ABV0@@Z
??0CFileVersion@@QAE@XZ
?GetStr@CFileVersion@@SA?AVCStringLite@@PBD@Z
??1CFileVersion@@UAE@XZ
?GetValue@CRegValue@@QAE?AVCStringLite@@PBD0@Z
?DeleteValue@CRegValue@@QAEHPBD@Z
??0CTokenString@@QAE@XZ
?strtok@CTokenString@@QAEPADPBD0@Z
??1CTokenString@@UAE@XZ
?GetValue@CTextFile@@SAHPBDAAKK@Z
?IsWow64Process@CWOW64@@SAHPAXPAH@Z
??0CStringLite@@QAE@PBDH@Z
?Init@CTaskSchedulerInterface@@QAEHXZ
?ReadSectionParam@CTextFile@@UAE?AVCStringLite@@PBD00@Z
?ReadSection@CTextFile@@UAEHPBDAAVCStringLite@@@Z
??0CTextFile@@QAE@XZ
??1CTextFile@@UAE@XZ
?GetParam@CTextFile@@SAHHPBDAAVCStringLite@@0H@Z
??4CStringLite@@QAEABV0@PBD@Z
??0CStringLite@@QAE@XZ
?ReadSectionParam@CTextFile@@UAEHPBD0AAVCStringLite@@@Z
?IsEmpty@CStringLite@@QBEHXZ
??H@YA?AVCStringLite@@ABV0@PBD@Z
??0CStringLite@@QAE@PBD@Z
?IsWindowsVistaOrLater@COSVersion@@QAEHXZ
?SetRegistryKey@CRegValue@@QAEXPAUHKEY__@@PBD@Z
?SetValue@CRegValue@@QAEHPBD0@Z
??1CRegValue@@UAE@XZ
??0COSVersion@@QAE@XZ
?IsWindows9x@COSVersion@@QAEHXZ
??1COSVersion@@UAE@XZ
??1CStringLite@@UAE@XZ
?Precache@CTextFile@@QAEXPBD@Z
??0CRegValue@@QAE@XZ

rtui

?GetIndicatorValue@CSkinnedControl@@UAEMK@Z
?NotifyParent@CSkinnedControl@@UAEXKK@Z
?HitTest@CSkinnedButton@@UAEHVCPoint@@K@Z
?GetClassNameA@CSkinnedButton@@UAE?AVCStringLite@@XZ
?OnLButtonDown@CSkinnedButton@@UAEXVCPoint@@@Z
?OnLButtonUp@CSkinnedButton@@UAEXVCPoint@@@Z
?OnMouseMove@CSkinnedButton@@UAEXVCPoint@@@Z
?OnKeyDown@CSkinnedButton@@UAEXIII@Z
?Draw@CSkinnedButton@@UAEXPAVCDIB@@0@Z
?Redraw@CSkinnedControl@@QAEXXZ
?OverrideDIBPressedHottrack@CSkinnedButton@@QAEXPAVCDIB@@@Z
?OverrideDIBHottrack@CSkinnedButton@@QAEXPAVCDIB@@@Z
?OverrideDIBPressed@CSkinnedButton@@QAEXPAVCDIB@@@Z
?OverrideDIB@CSkinnedButton@@QAEXPAVCDIB@@@Z
?OnCreate@CSkinnedButton@@UAEHPAVCSkin@@PBDK1K@Z
??0CSkinnedSlider@@QAE@XZ
?OnKillFocus@CSkinnedSlider@@UAEXXZ
?GetClassNameA@CSkinnedSlider@@UAE?AVCStringLite@@XZ
?OnLButtonDown@CSkinnedSlider@@UAEXVCPoint@@@Z
?OnKeyUp@CSkinnedControl@@UAEXIII@Z
?OnCreate@CSkinnedSlider@@UAEHPAVCSkin@@PBDK1K@Z
?SetTimerPeriod@CSkinnedControl@@QAEXK@Z
?PauseTimer@CSkinnedControl@@QAEXH@Z
?GetPos@CSkinnedSlider@@QAEJXZ
?SetPos@CSkinnedSlider@@QAEXJ@Z
?SetRange@CSkinnedSlider@@QAEHJJ@Z
?SetPage@CSkinnedSlider@@QAEXK@Z
??1CSkinnedSlider@@UAE@XZ
?Draw@CSkinnedSlider@@UAEXPAVCDIB@@0@Z
?OnKeyUp@CSkinnedSlider@@UAEXIII@Z
?OnTimer@CSkinnedButton@@UAEXXZ
?SetVisible@CSkinnedControl@@UAEHH@Z
?OnKillFocus@CSkinnedButton@@UAEXXZ
?OnKillKeyboardFocus@CSkinnedControl@@UAEXXZ
?IsKeyboardFocusCaptured@CSkinnedControl@@UAEHXZ
?DefWindowProcA@CSkinnedWnd@@MAEJIIJ@Z
?GetLayeredWindowAlpha@CSkinnedWnd@@QAEKXZ
?GetScaleFactor@CSkinnedWnd@@QAEKXZ
?AddControl@CSkinnedWnd@@QAEHPAVCSkinnedControl@@H@Z
?Create@CSkinnedControl@@QAEHPAVCSkin@@PBDK1KH@Z
?SetID@CSkinnedControl@@QAEXK@Z
?SetCheckbox@CSkinnedButton@@QAEXH@Z
?RemoveControl@CSkinnedWnd@@QAEHPAVCSkinnedControl@@@Z
?SetSpin@CSkinnedButton@@QAEXH@Z
?IsHorizontal@CSkinnedSlider@@QAEHXZ
?SetEditMask@CSkinnedText@@QAEXPBD@Z
?SetEditCursor@CSkinnedText@@QAEDD@Z
?SetEditTextLen@CSkinnedText@@QAEHH@Z
?SetEditAnimationFrames@CSkinnedText@@QAEKK@Z
?SetEditMode@CSkinnedText@@QAEHH@Z
?CreateAdditionalControls@CSkinnedWnd@@QAEHPAVCSkin@@PBDKHH@Z
?SortControls@CSkinnedWnd@@QAEXXZ
?GetParam@CSkinnedPlaceholder@@QAEHHAAVCStringLite@@@Z
?IsVisible@CSkinnedControl@@QAEHXZ
?CreateTimer@CSkinnedWnd@@QAEKK@Z
?GetThisMessageMap@CSkinnedWnd@@KGPBUAFX_MSGMAP@@XZ
?IsKeyboardFocusCaptured@CSkinnedWnd@@QAEHXZ
?IsEnabled@CSkinnedControl@@QAEHXZ
?OnKeyDown@CSkinnedWnd@@IAEXIII@Z
?OnDestroy@CSkinnedWnd@@IAEXXZ
?SaveDIB@CDIB@@QAEHPAD@Z
?GetID@CSkinnedControl@@QAEKXZ
?OnLButtonDown@CSkinnedWnd@@IAEXIVCPoint@@@Z
?Swap@CSkinnedWnd@@QAEHHPBD@Z
?RedrawControls@CSkinnedWnd@@QAEXXZ
?OnTimer@CSkinnedWnd@@IAEXI@Z
?GetControlByName@CSkinnedWnd@@QAEPAVCSkinnedControl@@PBD@Z
?SetNextState@CSkinnedButton@@QAEKXZ
?GetDC@CLayeredWindowDC@@QAEPAUHDC__@@XZ
?DeleteDC@CLayeredWindowDC@@QAEXXZ
?SkinToClient@CSkinnedWnd@@QAEHH@Z
?GetIndicatorValue@CSkinnedSlider@@UAEMK@Z
?GetControlRect@CSkinnedControl@@QAE?AVCRect@@XZ
?SkinToClient@CSkinnedWnd@@QAE?AVCRect@@V2@@Z
?OnLButtonUp@CSkinnedWnd@@IAEXIVCPoint@@@Z
?GetText@CSkinnedText@@QAE?AVCStringLite@@XZ
?LockUpdateDIB@CSkinnedWnd@@QAEXH@Z
?SetText@CSkinnedText@@QAEXPBD@Z
?SetState@CSkinnedButton@@QAEXK@Z
?Enable@CSkinnedControl@@QAEHH@Z
?Create@CSkinnedWnd@@UAEHPAVCSkin@@PBDK@Z
?OnMoveWindow@CSkinnedWnd@@UAEXVCPoint@@@Z
?SetLayout@CSkinnedWnd@@UAEHK@Z
?OnReadControlDesc@CSkinnedWnd@@UAEHPAVCSkin@@PBD1K1AAVCStringLite@@@Z
?OnReadDefaultControlDesc@CSkinnedWnd@@UAEHPAVCSkin@@PBD1K1AAVCStringLite@@@Z
?UpdateDIB@CSkinnedWnd@@UAEHXZ
?UpdateDIB@CSkinnedWnd@@UAEHPAVCDC@@VCRect@@@Z
??0CSkinnedWnd@@QAE@XZ
??0CSkinnedButton@@QAE@XZ
??0CSkinnedText@@QAE@XZ
??0CSkinnedPlaceholder@@QAE@XZ
??1CSkinnedWnd@@UAE@XZ
?OnKeyDown@CSkinnedSlider@@UAEXIII@Z
?OnMouseMove@CSkinnedSlider@@UAEXVCPoint@@@Z
?OnLButtonUp@CSkinnedSlider@@UAEXVCPoint@@@Z
??0CDIBWnd@@QAE@XZ
?UpdateDIB@CDIBWnd@@UAEHPAVCDC@@VCRect@@@Z
?UpdateDIB@CDIBWnd@@UAEHXZ
??1CDIBWnd@@UAE@XZ
?GetThisMessageMap@CDIBWnd@@KGPBUAFX_MSGMAP@@XZ
??1CDIB@@UAE@XZ
?Bar@CDIB@@QAEHJJJJJ@Z
?ConvertHSLToRGB@CDIB@@QAEXPAK00000@Z
?GetHeight@CDIB@@QAEJXZ
?GetWidthB@CDIB@@QAEJXZ
?GetWidth@CDIB@@QAEJXZ
?GetImage@CDIB@@QAEPAEXZ
?ConvertRGBToHSL@CDIB@@QAEXPAK00000@Z
??0CDIB@@QAE@XZ
?AttachDIB@CDIBWnd@@QAEHPAVCDIB@@@Z
?Create@CDIBWnd@@QAEHKABUtagRECT@@PAVCWnd@@I@Z
?Create@CDIB@@QAEHJJGK@Z
?ClipInt@CValueClipper@@SAHHHH@Z
?CreateBitmap@CDIB@@QAEPAUHBITMAP__@@PAVCDC@@@Z
?GetRect@CDIB@@QAEXPAVCRect@@@Z
?GetPixel@CDIB@@QAEHHHAAK@Z
?LoadImageA@CDIB@@QAEHPAD@Z
??1CSkin@@UAE@XZ
?Destroy@CSkinnedWnd@@QAEXH@Z
?SetLayeredWindowAlpha@CSkinnedWnd@@QAEXK@Z
?SetLayeredWindowMode@CSkinnedWnd@@QAEXK@Z
?IsSupportedFormat@CSkin@@QAEHXZ
?SetAsyncScaling@CDIBWnd@@QAEXK@Z
?SetScalingMode@CDIBWnd@@QAEXK@Z
?SetScaleFactor@CSkinnedWnd@@QAEXK@Z
?Decompile@CSkin@@QAEHPBDK@Z
?ReadHeaderSectionParam@CSkin@@QAEHPBD0AAVCStringLite@@@Z
?Load@CSkin@@QAEHPAVCMemFile@@@Z
?SetPath@CSkin@@QAEHPBD@Z
?Compile@CSkin@@QAEHPBDK@Z
??0CSkin@@QAE@XZ
?GetSizeB@CDIB@@QAEKXZ
?AlphaBlt@CDIB@@QAEHPAV1@0JJJJJJK@Z
?Create@CMMTimer@@QAEHIIKPAUHWND__@@IIJ@Z
?IsActive@CMMTimer@@QAEHXZ
??1CMMTimer@@UAE@XZ
??0CMMTimer@@QAE@XZ
?Blt@CDIB@@QAEHPAV1@JJJJJJ@Z
?Kill@CMMTimer@@QAEXH@Z
?EatMessages@CMMTimer@@QAEHXZ
?ConvertToTrueColor@CDIB@@QAEHXZ
?DestroyDIB@CDIB@@QAEHXZ
?GetName@CSkinnedControl@@QAEPBDXZ
?HitTest@CSkinnedWnd@@QAEPAVCSkinnedControl@@VCPoint@@K@Z
?UpdateLayeredWindowAttributes@CSkinnedWnd@@QAEXXZ
?UpdateLayeredWindow@CSkinnedWnd@@QAEXXZ
?GetLayeredWindowMode@CSkinnedWnd@@QAEKXZ
?IsNative@CSkin@@QAEHXZ
?LoadPAK@CDIB@@QAEHPAVCSZArray@@PBD@Z
?MapBitmapName@CSkin@@QAE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@Z
?GetPAK@CSkin@@QAEPAVCSZArray@@XZ
?HitTest@CSkinnedSlider@@UAEHVCPoint@@K@Z
?ClientToSkin@CSkinnedWnd@@QAE?AVCPoint@@V2@@Z
?IsCaptured@CSkinnedWnd@@QAEHXZ
?OnMouseMove@CSkinnedWnd@@IAEXIVCPoint@@@Z
?EnableRedraw@CSkinnedWnd@@QAEXH@Z
?IsRedrawEnabled@CSkinnedWnd@@QAEHXZ
?Press@CSkinnedButton@@QAEXH@Z
?IsPressed@CSkinnedButton@@QAEHXZ
?Uninit@CSkin@@QAEXXZ
??1CSkinnedPlaceholder@@UAE@XZ
??1CSkinnedText@@UAE@XZ
??1CSkinnedButton@@UAE@XZ

rtmui

??0CLocalizedMenu@@QAE@XZ
?GetThisClass@CLocalizedPropertySheet@@SGPAUCRuntimeClass@@XZ
??1CLocalizedPropertySheet@@UAE@XZ
?DefWindowProcA@CLocalizedPropertySheet@@MAEJIIJ@Z
?OnAdjustHeight@CLocalizedPropertySheet@@UAEXXZ
?GetThisMessageMap@CLocalizedPropertySheet@@KGPBUAFX_MSGMAP@@XZ
??0CLocalizedPropertySheet@@QAE@PBDPAVCWnd@@I@Z
?EnableScroll@CLocalizedPropertySheet@@QAEXH@Z
?OnInitDialog@CLocalizedPropertySheet@@MAEHXZ
??0CLocalizedTooltip@@QAE@XZ
?GetHelpFilePath@CLocalizedTooltip@@UAE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@Z
??1CLocalizedTooltip@@UAE@XZ
?LoadTooltip@CLocalizedTooltip@@UAEXPBD@Z
?GetTooltipID@CLocalizedTooltip@@UAE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@HH@Z
?GetNext@?$CList@PAULANGUAGE_DESC@@PAU1@@@QAEAAPAULANGUAGE_DESC@@AAPAU__POSITION@@@Z
?GetHeadPosition@?$CList@PAULANGUAGE_DESC@@PAU1@@@QBEPAU__POSITION@@XZ
?OnMouseMove@CLocalizedTooltip@@QAEXIVCPoint@@@Z
?OnPreTranslateMessage@CLocalizedTooltip@@QAEXPAUtagMSG@@@Z
?OnToolTipText@CLocalizedTooltip@@QAEHIPAUtagNMHDR@@PAJ@Z
?EnableTooltips@CLocalizationManager@@QAEXH@Z
?Init@CLocalizedTooltip@@QAEXPAVCWnd@@@Z
?PrepareTooltips@CLocalizedTooltip@@QAEXXZ
??1CLocalizedDialog@@MAE@XZ
??0CLocalizedDialog@@QAE@IPAVCWnd@@@Z
?PreTranslateMessage@CLocalizedDialog@@MAEHPAUtagMSG@@@Z
?DefWindowProcA@CLocalizedDialog@@MAEJIIJ@Z
?DoDataExchange@CLocalizedDialog@@MAEXPAVCDataExchange@@@Z
?GetThisMessageMap@CLocalizedDialog@@KGPBUAFX_MSGMAP@@XZ
?LoadStringA@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@I@Z
?OnInitDialog@CLocalizedDialog@@MAEHXZ
?Init@CLocalizationManager@@QAEXPBD0K@Z
?g_localizationManager@@3VCLocalizationManager@@A
?Compare@CLocalizationManager@@QAEXPBD@Z
?LoadMenuA@CLocalizedMenu@@QAEHI@Z
??1CLocalizedMenu@@UAE@XZ
?GetThisClass@CLocalizedDialog@@SGPAUCRuntimeClass@@XZ
?Find@CLocalizationManager@@QAEPAULANGUAGE_DESC@@PBD@Z
?SetAllocateLocalizedTooltip@CLocalizationManager@@QAEXP6APAVCLocalizedTooltip@@XZ@Z
?SetDpiAware@@YAHK@Z
?Localize@@YAXPAVCWnd@@@Z
?Localize@@YAXPAVCMenu@@@Z
?LoadStringA@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@Z
?GetThisClass@CLocalizedPropertyPage@@SGPAUCRuntimeClass@@XZ
??1CLocalizedPropertyPage@@UAE@XZ
?g_dwDpiAware@@3KA
?GetDpi@@YAIPAUHWND__@@@Z
?GetThisMessageMap@CLocalizedPropertyPage@@KGPBUAFX_MSGMAP@@XZ
?OnInitDialog@CLocalizedPropertyPage@@MAEHXZ
??0CLocalizedPropertyPage@@QAE@II@Z
?DoDataExchange@CLocalizedPropertyPage@@MAEXPAVCDataExchange@@@Z
?OnDpiChange@CLocalizedPropertyPage@@UAEXXZ
?DefWindowProcA@CLocalizedPropertyPage@@MAEJIIJ@Z
?PreTranslateMessage@CLocalizedPropertyPage@@MAEHPAUtagMSG@@@Z

msimg32

GradientFill

mfc90

ord5520
ord404
ord1258
ord2591
ord615
ord5137
ord5153
ord663
ord5286
ord5032
ord5216
ord5493
ord5496
ord5494
ord5495
ord2045
ord2047
ord1934
ord2057
ord1937
ord2360
ord4618
ord3487
ord4640
ord1670
ord2277
ord4496
ord1604
ord2103
ord3436
ord4594
ord5924
ord1211
ord1265
ord4529
ord1387
ord2372
ord5960
ord320
ord2566
ord1709
ord3528
ord2469
ord1042
ord6646
ord4678
ord1643
ord4686
ord5645
ord1711
ord2224
ord1409
ord1016
ord6140
ord2354
ord616
ord3488
ord1671
ord1770
ord2590
ord6365
ord4251
ord3138
ord1222
ord5307
ord1144
ord639
ord3489
ord3228
ord5636
ord4993
ord5151
ord4616
ord5852
ord1536
ord3738
ord2210
ord411
ord664
ord3016
ord2209
ord3351
ord405
ord3009
ord2130
ord3179
ord5753
ord1555
ord6793
ord341
ord617
ord1098
ord5552
ord1603
ord6613
ord3213
ord305
ord1611
ord2447
ord793
ord4434
ord4409
ord6783
ord4159
ord6781
ord4733
ord2251
ord2206
ord6018
ord4165
ord1046
ord5533
ord6721
ord5813
ord4199
ord5659
ord4981
ord6001
ord3659
ord589
ord4952
ord4029
ord942
ord2896
ord4481
ord2481
ord6166
ord5997
ord2141
ord820
ord692
ord1492
ord6771
ord2105
ord1698
ord4643
ord3553
ord4727
ord1884
ord2100
ord686
ord3545
ord6333
ord6802
ord5761
ord5482
ord4760
ord333
ord4527
ord4396
ord6071
ord3731
ord6791
ord5750
ord1247
ord3579
ord436
ord3157
ord1691
ord6079
ord525
ord6078
ord6527
ord6170
ord4153
ord3148
ord6074
ord3627
ord1358
ord3477
ord3479
ord3612
ord2588
ord1183
ord3534
ord1137
ord1061
ord1087
ord3726
ord6153
ord1254
ord310
ord941
ord4392
ord300
ord3178
ord817
ord781
ord580
ord3997
ord2280
ord4644
ord3554
ord693
ord524
ord744
ord2470
ord6507
ord2097
ord2587
ord1357
ord367
ord636
ord798
ord3980
ord2448
ord795
ord2087
ord3209
ord5657
ord5660
ord4333
ord4982
ord5663
ord5646
ord6002
ord3110
ord4890
ord593
ord3939
ord265
ord266
ord4030
ord796
ord3663
ord6740
ord4977
ord6048
ord6584
ord6456
ord1782
ord1717
ord3277
ord3638
ord595
ord2364
ord2899
ord4116
ord2539
ord6291
ord2048
ord772
ord2069
ord2592
ord3346
ord6391
ord1497
ord2074
ord5647
ord4667
ord3940
ord3056
ord4248
ord6559
ord3140
ord2497
ord5870
ord316
ord945
ord4311
ord1041
ord910
ord6335
ord601
ord4252
ord6327
ord1252
ord1938
ord5615
ord4617
ord5152
ord5309
ord2208
ord1810
ord1809
ord1678
ord3344
ord6388
ord1755
ord1752
ord4331
ord1496
ord4650
ord5585
ord5497
ord6780
ord4589
ord3732
ord5139
ord4688
ord1729
ord6446
ord5668
ord5666
ord958
ord963
ord967
ord965
ord969
ord2610
ord2630
ord2614
ord2620
ord2618
ord2616
ord2633
ord2628
ord2612
ord2635
ord2623
ord2605
ord2607
ord2625
ord2375
ord2368
ord1644
ord6784
ord4160
ord6782
ord3671
ord5389
ord6356
ord3218
ord1446
ord5608
ord2139
ord1792
ord1791
ord1728
ord5633
ord2766
ord2978
ord3107
ord4714
ord2961
ord3135
ord2769
ord2888
ord2759
ord4066
ord4067
ord4057
ord2886
ord4334
ord4895
ord4668
ord581
ord782
ord800
ord5262
ord2106
ord1276

msvcr90

?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_except_handler4_common
malloc
__iob_func
fprintf
fread
pow
_invoke_watson
_setjmp3
longjmp
floor
memcmp
vsprintf_s
sprintf_s
labs
wcscmp
__RTDynamicCast
_findfirst32
_findnext32
_findclose
_time32
_mkdir
strcmp
strstr
_time64
_localtime64_s
strftime
_mktime64
_fullpath
_strnicmp
strcpy_s
strcat_s
_access
memset
memcpy_s
_stricmp
strlen
memcpy
sscanf_s
_splitpath_s
__CxxFrameHandler3
_setmbcp
free
_controlfp_s

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
ExitProcess
GetFileSize
ReadFile
OpenFile
WriteFile
_lclose
GetLocalTime
WritePrivateProfileStringA
DeleteFileA
GetVersionExA
LocalFree
OpenProcess
MultiByteToWideChar
BeginUpdateResourceA
EnumResourceTypesA
EndUpdateResourceA
EnumResourceNamesA
FindResourceA
LoadResource
LockResource
SizeofResource
UpdateResourceA
FreeResource
GetModuleFileNameA
GetCurrentProcess
Sleep
CreateFileMappingA
GetPrivateProfileStringA
GetTickCount
CreateMutexA
ReleaseMutex
CloseHandle
WaitForMultipleObjects
ResetEvent
GetSystemDirectoryA
ResumeThread
lstrlenA
lstrcpyA
lstrcatA
GetLastError
SetLastError
GetModuleHandleA
SetEvent
SetThreadPriority
QueryPerformanceFrequency
WaitForSingleObject
QueryPerformanceCounter
SwitchToThread
CreateEventA
LoadLibraryA
GetProcAddress
FreeLibrary
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile

user32

PostMessageA
IsWindowVisible
GetActiveWindow
GetForegroundWindow
IsRectEmpty
OffsetRect
GetDC
ReleaseDC
GetSysColor
CopyRect
PtInRect
DrawTextA
ScreenToClient
InvalidateRgn
RedrawWindow
SetTimer
KillTimer
GetCapture
WindowFromPoint
GetCursorPos
SetCursor
GetAsyncKeyState
DestroyIcon
LoadImageA
SetForegroundWindow
GetWindowRect
FindWindowA
RegisterWindowMessageA
GetDesktopWindow
MessageBoxA
GetMonitorInfoA
SystemParametersInfoA
MonitorFromPoint
GetSystemMetrics
GetSubMenu
GetUpdateRect
SetMenuInfo
GetMenuInfo
LoadCursorA
GetWindowThreadProcessId
IsIconic
SetWindowRgn
GetWindow
SendMessageTimeoutA
IsWindow
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
AdjustWindowRectEx
MonitorFromWindow
ReleaseCapture
GetParent
SetCapture
GetWindowLongA
SetWindowLongA
SendMessageA
EnableWindow
BroadcastSystemMessageA
GetClientRect
FillRect

gdi32

SetTextColor
SetBkColor
GetTextCharacterExtra
GetTextMetricsA
GetCharWidth32A
GetCharABCWidthsA
TextOutA
GetDIBits
DeleteDC
GetObjectA
GetBitmapBits
SetBitmapBits
SetStretchBltMode
StretchDIBits
CreateFontA
CreatePen
CreateSolidBrush
GetCurrentObject
GetTextExtentPoint32A
BitBlt
CombineRgn
CreateRectRgn
CreateCompatibleBitmap
DeleteObject
StretchBlt
SelectObject
CreateCompatibleDC

advapi32

SetNamedSecurityInfoA
RegCloseKey
RegDeleteValueA
GetNamedSecurityInfoA
ConvertStringSidToSidA
SetEntriesInAclA
RegSetValueExA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumValueA

shell32

Shell_NotifyIconA
SHGetSpecialFolderPathA
ShellExecuteA

comctl32

ord17
ImageList_DrawEx

wininet

InternetErrorDlg
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetSetOptionA
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetReadFile

Exports

Exports

GetColorPreview
GetHostAppID
GetHostAppProperty
GetHostAppVersion
LocalizeMenu
LocalizeStr
LocalizeWnd
PickColor
PickColorEx

Sections

.text
Size: 243KB - Virtual size: 243KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RTSSHooks.dll.copy
.dll windows:5 windows x86 arch:x86

b9685dc82d2f01fe4befe6baf5092725

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:41:25:7e:66:2b:31:db:5b:7d:1b:47:51:28:95:07
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

25/02/2022, 00:00

Not After

25/02/2024, 23:59

Subject

CN=Alexey Nicolaychuk,O=Alexey Nicolaychuk,ST=Rostovskaya oblast',C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:80:39:1a:12:26:8d:15:e1:8e:b7:11:ed:67:08:94:2e:20:07:98
Signer

Actual PE Digest

08:80:39:1a:12:26:8d:15:e1:8e:b7:11:ed:67:08:94:2e:20:07:98

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInstanceIdA

shlwapi

PathAddBackslashA
PathRemoveExtensionA
PathMatchSpecA
PathRemoveFileSpecA
PathStripPathA
PathRenameExtensionA

winmm

timeKillEvent
timeSetEvent

kernel32

VirtualFree
VirtualProtect
SwitchToThread
GetTickCount
CloseHandle
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
ReleaseMutex
CreateMutexA
WritePrivateProfileStringA
ReadFile
GetFileSize
OpenFile
GetSystemDirectoryA
QueryPerformanceCounter
QueryPerformanceFrequency
LoadLibraryA
FreeLibrary
GetVersionExA
CreateEventA
GetCurrentProcessId
MapViewOfFile
OpenFileMappingA
OpenEventA
UnmapViewOfFile
ResetEvent
SetEvent
GetCurrentThreadId
GetLocalTime
_lclose
WriteFile
SetFilePointer
OutputDebugStringA
GetLastError
CreateFileMappingA
GetWindowsDirectoryA
GetEnvironmentVariableA
GetCurrentProcess
DuplicateHandle
Sleep
SetNamedPipeHandleState
WaitNamedPipeA
CreateFileA
SetWaitableTimer
CreateWaitableTimerA
GetExitCodeProcess
InterlockedCompareExchange
ResumeThread
FlushInstructionCache
SetThreadContext
GetThreadContext
SetLastError
LoadLibraryExW
GetModuleHandleW
VirtualAlloc
GetPrivateProfileStringA
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LocalAlloc
GetSystemDirectoryW
GetFileAttributesW
LocalFree
FileTimeToSystemTime
GetModuleFileNameW
VerifyVersionInfoW
VerSetConditionMask
lstrcmpW
ExpandEnvironmentStringsW
GetFullPathNameW
InterlockedExchange
RaiseException
GetStringTypeW
GetStringTypeA
FlushFileBuffers
GetFileType
HeapReAlloc
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetProcessHeap
SetEndOfFile
GetConsoleMode
GetConsoleCP
SetStdHandle
DeleteCriticalSection
GetStartupInfoA
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
GetTimeZoneInformation
WideCharToMultiByte
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
VirtualQuery
GetModuleHandleA
GetProcAddress
GetModuleFileNameA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
GetCommandLineA
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapAlloc
TerminateProcess
IsDebuggerPresent
DeleteFileA
SetEnvironmentVariableA
RtlUnwind
GetFileAttributesA
MultiByteToWideChar
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
CreateDirectoryA
FindClose
FileTimeToLocalFileTime
FindFirstFileA
FindNextFileA
GetCPInfo

user32

DrawIcon
ReleaseDC
RegisterWindowMessageA
SetWindowsHookExA
CallNextHookEx
SendMessageA
PostMessageA
MessageBeep
GetForegroundWindow
SendMessageTimeoutA
UnhookWindowsHookEx
DestroyWindow
LoadCursorA
GetIconInfo
CreateWindowExA
IsRectEmpty
OffsetRect
GetActiveWindow
IntersectRect
SubtractRect
WindowFromDC
GetClientRect
FindWindowA
GetMonitorInfoA
GetWindowThreadProcessId
FindWindowExA
GetClassNameA
GetCursorPos
GetDC
EnumDisplaySettingsA
GetAsyncKeyState
FillRect
RegisterClassA
MonitorFromWindow

gdi32

CreateSolidBrush
SetTextColor
SetBkColor
CreateFontA
GetTextCharacterExtra
GetTextMetricsA
GetCharWidth32A
GetCharABCWidthsA
GetTextExtentPoint32A
TextOutA
CreateCompatibleDC
GetDeviceCaps
CreateBitmap
SelectObject
BitBlt
DeleteObject
GetDIBits
CreateDCA
GetDeviceGammaRamp
DeleteDC
GetStockObject
CreateCompatibleBitmap

Exports

Exports

BeginRecord
CleanupPreview
CopyFontTexture
DeleteProfile
DesktopVideoCapture
EndRecord
EnumProfiles
GetFnOffsetCacheErr
GetFontTextureWidth
GetPreviewStats
GetProfileProperty
InitFnOffsetCache
InitPreview
InjectProcess
InstallRTSSHook
IsCaptureInProgress
IsValidFnOffsetCache
LatencyMarker
LoadProfile
PTTEvent
RenderPreviewBeginD3D9
RenderPreviewEnd
ResetProfile
SaveProfile
ScreenCapture
SetFlags
SetProfileProperty
UninstallRTSSHook
UpdateProfiles
ValidateRuntimes
VideoCapture
VideoCaptureEx
_RTSSCBTProc@12
_RTSSRemoteProc@4

Sections

.text
Size: 555KB - Virtual size: 554KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 51.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RTSSHooks64.dll.copy
.dll windows:5 windows x64 arch:x64

19001af9eb170008f43f47a841d64d58

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:41:25:7e:66:2b:31:db:5b:7d:1b:47:51:28:95:07
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

25/02/2022, 00:00

Not After

25/02/2024, 23:59

Subject

CN=Alexey Nicolaychuk,O=Alexey Nicolaychuk,ST=Rostovskaya oblast',C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e9:bd:78:39:c4:a0:da:ff:99:90:57:5e:54:e0:3e:6b:81:39:de:b3
Signer

Actual PE Digest

e9:bd:78:39:c4:a0:da:ff:99:90:57:5e:54:e0:3e:6b:81:39:de:b3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInstanceIdA

shlwapi

PathAddBackslashA
PathRemoveExtensionA
PathMatchSpecA
PathRemoveFileSpecA
PathStripPathA
PathRenameExtensionA

winmm

timeKillEvent
timeSetEvent

kernel32

VirtualFree
VirtualProtect
SwitchToThread
GetTickCount
CloseHandle
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
ReleaseMutex
CreateMutexA
WritePrivateProfileStringA
ReadFile
GetFileSize
OpenFile
GetSystemDirectoryA
QueryPerformanceCounter
QueryPerformanceFrequency
LoadLibraryA
FreeLibrary
GetVersionExA
CreateEventA
GetCurrentProcessId
MapViewOfFile
OpenFileMappingA
OpenEventA
UnmapViewOfFile
ResetEvent
SetEvent
GetCurrentThreadId
GetLocalTime
_lclose
WriteFile
SetFilePointer
OutputDebugStringA
GetLastError
GetWindowsDirectoryA
GetEnvironmentVariableA
GetCurrentProcess
DuplicateHandle
Sleep
SetNamedPipeHandleState
WaitNamedPipeA
CreateFileA
SetWaitableTimer
CreateWaitableTimerA
GetExitCodeProcess
ResumeThread
FlushInstructionCache
SetThreadContext
GetThreadContext
SetLastError
VirtualQuery
GetModuleHandleW
DeleteFileA
GetPrivateProfileStringA
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
LocalAlloc
GetSystemDirectoryW
GetFileAttributesW
LocalFree
FileTimeToSystemTime
GetModuleFileNameW
VerifyVersionInfoW
VerSetConditionMask
GetFullPathNameW
RaiseException
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
HeapDestroy
HeapCreate
HeapSetInformation
GetEnvironmentStringsW
HeapAlloc
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetProcessHeap
SetEndOfFile
GetConsoleMode
GetConsoleCP
SetStdHandle
DeleteCriticalSection
GetStartupInfoA
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
GetTimeZoneInformation
WideCharToMultiByte
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlPcToFileHeader
FlsAlloc
VirtualAlloc
GetModuleHandleA
GetProcAddress
GetModuleFileNameA
HeapReAlloc
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
TerminateProcess
IsDebuggerPresent
RtlVirtualUnwind
EncodePointer
DecodePointer
FlsGetValue
LoadLibraryExW
SetEnvironmentVariableA
RtlLookupFunctionEntry
RtlUnwindEx
GetFileAttributesA
MultiByteToWideChar
GetSystemTimeAsFileTime
GetDateFormatA
GetTimeFormatA
CreateDirectoryA
FindClose
FileTimeToLocalFileTime
FindFirstFileA
FindNextFileA
GetFileType
FlsSetValue
GetCommandLineA
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlCaptureContext
FlsFree

user32

DrawIcon
ReleaseDC
RegisterWindowMessageA
SetWindowsHookExA
CallNextHookEx
PostMessageA
SendMessageA
MessageBeep
GetForegroundWindow
SendMessageTimeoutA
UnhookWindowsHookEx
DestroyWindow
LoadCursorA
GetIconInfo
CreateWindowExA
IsRectEmpty
GetActiveWindow
IntersectRect
SubtractRect
WindowFromDC
GetClientRect
FindWindowA
MonitorFromWindow
GetMonitorInfoA
GetWindowThreadProcessId
FindWindowExA
GetClassNameA
GetCursorPos
GetDC
EnumDisplaySettingsA
GetAsyncKeyState
FillRect
RegisterClassA
OffsetRect

gdi32

CreateSolidBrush
SetTextColor
SetBkColor
CreateFontA
GetTextCharacterExtra
GetTextMetricsA
GetCharWidth32A
GetCharABCWidthsA
GetTextExtentPoint32A
TextOutA
CreateCompatibleDC
GetDeviceCaps
CreateBitmap
SelectObject
BitBlt
DeleteObject
GetDIBits
CreateDCA
GetDeviceGammaRamp
DeleteDC
GetStockObject
CreateCompatibleBitmap

Exports

Exports

BeginRecord
CleanupPreview
CopyFontTexture
DeleteProfile
DesktopVideoCapture
EndRecord
EnumProfiles
GetFnOffsetCacheErr
GetFontTextureWidth
GetPreviewStats
GetProfileProperty
InitFnOffsetCache
InitPreview
InjectProcess
InstallRTSSHook
IsCaptureInProgress
IsValidFnOffsetCache
LatencyMarker
LoadProfile
PTTEvent
RTSSCBTProc
RTSSRemoteProc
RenderPreviewBeginD3D9
RenderPreviewEnd
ResetProfile
SaveProfile
ScreenCapture
SetFlags
SetProfileProperty
UninstallRTSSHook
UpdateProfiles
ValidateRuntimes
VideoCapture
VideoCaptureEx

Sections

.text
Size: 662KB - Virtual size: 661KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 51.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.shared
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RTSSHooksLoader.exe
.exe windows:5 windows x86 arch:x86

03f49005641bb128cf958dd3cba79eab

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:41:25:7e:66:2b:31:db:5b:7d:1b:47:51:28:95:07
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

25/02/2022, 00:00

Not After

25/02/2024, 23:59

Subject

CN=Alexey Nicolaychuk,O=Alexey Nicolaychuk,ST=Rostovskaya oblast',C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4a:f4:e6:d8:30:69:7a:98:4e:8b:45:63:d6:b4:55:12:04:c3:f1:f6
Signer

Actual PE Digest

4a:f4:e6:d8:30:69:7a:98:4e:8b:45:63:d6:b4:55:12:04:c3:f1:f6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\RTSS734\RTSSHooksLoader\RTSSHooksLoader\Release\RTSSHooksLoader.pdb

Imports

psapi

EnumProcesses

mfc90

ord1752
ord1755
ord6391
ord3346
ord4952
ord4029
ord7118
ord7312
ord300
ord1611
ord3213
ord305
ord4197
ord5552
ord1222
ord2447
ord9252
ord4890
ord3110
ord6001
ord5646
ord5663
ord4981
ord4333
ord5659
ord5657
ord3209
ord2087
ord4199
ord5668
ord6721
ord5533
ord1046
ord4165
ord6018
ord2206
ord2251
ord4733
ord6781
ord4159
ord6783
ord4409
ord4434
ord9945
ord7746
ord12597
ord12145
ord13116
ord10284
ord10437
ord9952
ord13174
ord12384
ord341
ord617
ord820
ord3579
ord265
ord266
ord5666
ord4331
ord4688
ord967
ord965
ord969
ord2610
ord2630
ord2614
ord2620
ord2618
ord2616
ord2633
ord2628
ord2612
ord2635
ord2623
ord2605
ord2607
ord2625
ord2375
ord2368
ord1644
ord6784
ord4160
ord6782
ord3671
ord5389
ord6356
ord3218
ord1446
ord5608
ord2139
ord1792
ord1791
ord1728
ord5633
ord2766
ord2978
ord3107
ord4714
ord2961
ord3135
ord2769
ord2888
ord2759
ord4066
ord4067
ord4057
ord2886
ord4334
ord4895
ord4667
ord3663
ord4116
ord316
ord2592
ord601
ord310
ord4760
ord2069
ord1497
ord4650
ord5585
ord5497
ord6780
ord4589
ord5647
ord3732
ord958
ord5139
ord2074
ord4030
ord1729
ord963
ord6446
ord796
ord595
ord800
ord1276
ord1137
ord5813

msvcr90

strpbrk
_setmbcp
strcpy_s
__CxxFrameHandler3
memset
_controlfp_s
_invoke_watson
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
strcat_s
_stricmp

kernel32

GetModuleHandleA
CloseHandle
OpenProcess
GetProcAddress
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
LoadLibraryA
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
GetPrivateProfileStringA
GetLastError
CreateFileMappingA
GetModuleFileNameA

user32

PostMessageA
FindWindowA
EnableWindow
SendMessageTimeoutA
GetWindow
GetDesktopWindow
GetWindowThreadProcessId
RegisterWindowMessageA
LoadCursorA

comctl32

InitCommonControlsEx

shlwapi

PathStripPathA
PathRemoveFileSpecA

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RTSSHooksLoader64.exe
.exe windows:5 windows x64 arch:x64

48c96fbc2f1db4292b73fffd675edef2

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:41:25:7e:66:2b:31:db:5b:7d:1b:47:51:28:95:07
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

25/02/2022, 00:00

Not After

25/02/2024, 23:59

Subject

CN=Alexey Nicolaychuk,O=Alexey Nicolaychuk,ST=Rostovskaya oblast',C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c3:3a:ac:ae:61:c1:c5:3b:e4:cd:54:11:63:ba:96:48:24:84:a3:c6
Signer

Actual PE Digest

c3:3a:ac:ae:61:c1:c5:3b:e4:cd:54:11:63:ba:96:48:24:84:a3:c6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\Projects\RTSS734\RTSSHooksLoader\RTSSHooksLoader\Release\RTSSHooksLoader.pdb

Imports

psapi

EnumProcesses

mfc90

ord1434
ord4039
ord1659
ord1662
ord6041
ord3133
ord4648
ord3774
ord6744
ord6938
ord300
ord1523
ord3006
ord305
ord3921
ord5239
ord1188
ord2303
ord8878
ord4586
ord2907
ord5684
ord5333
ord5350
ord4677
ord4041
ord5346
ord5344
ord3002
ord1966
ord936
ord5499
ord6348
ord5220
ord1023
ord3897
ord5701
ord2065
ord2110
ord4429
ord6407
ord3892
ord6409
ord4112
ord4136
ord9571
ord7372
ord12223
ord11771
ord12742
ord9910
ord10063
ord9578
ord12800
ord12010
ord340
ord604
ord798
ord3338
ord265
ord266
ord4346
ord6086
ord945
ord943
ord947
ord2455
ord2475
ord2459
ord2465
ord2463
ord2461
ord2478
ord2473
ord2457
ord2480
ord2468
ord2450
ord2452
ord2470
ord2233
ord2226
ord1556
ord6410
ord3893
ord6408
ord3430
ord5083
ord6012
ord3011
ord1393
ord5295
ord2010
ord1699
ord1698
ord1635
ord5320
ord2602
ord2797
ord2904
ord4410
ord2780
ord2932
ord2605
ord2711
ord2598
ord3809
ord3810
ord3800
ord2709
ord4042
ord4591
ord4363
ord3422
ord3852
ord316
ord2437
ord589
ord310
ord4456
ord1949
ord5272
ord5191
ord6406
ord4285
ord5334
ord3488
ord4833
ord4384
ord1636
ord1954
ord3775
ord5355
ord941
ord5353
ord774
ord583
ord778
ord1237
ord1103
ord3923

msvcr90

strpbrk
_setmbcp
strcpy_s
__CxxFrameHandler3
memset
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__C_specific_handler
strcat_s
_stricmp

kernel32

GetModuleHandleA
CloseHandle
OpenProcess
GetProcAddress
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
LoadLibraryA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
Sleep
GetPrivateProfileStringA
GetLastError
CreateFileMappingA
GetModuleFileNameA

user32

PostMessageA
FindWindowA
EnableWindow
SendMessageTimeoutA
GetWindow
GetDesktopWindow
GetWindowThreadProcessId
RegisterWindowMessageA
LoadCursorA

comctl32

InitCommonControlsEx

shlwapi

PathStripPathA
PathRemoveFileSpecA

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 690B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RTUI.dll
.dll windows:5 windows x86 arch:x86

cd6e848007d71adb8f82a622da11ffe2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathStripPathA
PathIsRelativeA
PathFileExistsA
PathRemoveFileSpecA

winmm

timeKillEvent
timeSetEvent

rtfc

?RemoveAt@CPtrListLite@@QAEXPAUPTR_LIST_NODE@@@Z
?GetTail@CPtrListLite@@QAEPAUPTR_LIST_NODE@@XZ
?Sort@CPtrListLite@@QAEXHP6AHPAUPTR_LIST_NODE@@0@Z@Z
??YCStringLite@@QAEABV0@PBD@Z
?Left@CStringLite@@QBE?AV1@H@Z
??YCStringLite@@QAEABV0@D@Z
?GetParams@CTextFile@@SAHHHPBDAAVCStringLite@@0H@Z
?IsEmpty@CStringLite@@QBEHXZ
?Home@CTextFile@@QAEXXZ
??0CStringLite@@QAE@PBDH@Z
?Precache@CTextFile@@QAEXPBD@Z
?PrecacheSections@CTextFile@@QAEXXZ
?Open@CTextFile@@QAEHPBD@Z
?ReadString@CTextFile@@QAEHAAVCStringLite@@@Z
?GetLength@CStringLite@@QBEHXZ
?ReadSection@CTextFile@@UAEHPBDAAVCStringLite@@@Z
?GetParams@CTextFile@@SAHPBDAAVCStringLite@@10H@Z
??H@YA?AVCStringLite@@ABV0@0@Z
?Format@CStringLite@@QAAXPBDZZ
?GetParam@CTextFile@@SAHHPBDAAVCStringLite@@0H@Z
??0CStringLite@@QAE@PBD@Z
??YCStringLite@@QAEABV0@ABV0@@Z
?GetCount@CPtrListLite@@QAEKXZ
?DestroyCache@CTextFile@@QAEXXZ
??0CTextFile@@QAE@XZ
??0CTokenString@@QAE@XZ
?strtok@CTokenString@@QAEPADPBD0@Z
?GetValue@CTextFile@@SAHPBDAAKK@Z
??1CTokenString@@UAE@XZ
??0CStringLite@@QAE@XZ
??4CStringLite@@QAEABV0@PBD@Z
??1CPtrListLite@@UAE@XZ
??4CStringLite@@QAEABV0@ABV0@@Z
??4CTextFile@@QAEAAV0@ABV0@@Z
??0CStringLite@@QAE@ABV0@@Z
??0CTextFile@@QAE@ABV0@@Z
??1CStringLite@@UAE@XZ
??1CTextFile@@UAE@XZ
?RemoveAll@CPtrListLite@@QAEXXZ
?AddTail@CPtrListLite@@QAEPAUPTR_LIST_NODE@@PAX@Z
?GetHead@CPtrListLite@@QAEPAUPTR_LIST_NODE@@XZ
??0CPtrListLite@@QAE@XZ
??_7CPtrListLite@@6B@
??0CCRC32@@QAE@XZ
?Calc@CCRC32@@QAEKKPAEK@Z
??1CCRC32@@UAE@XZ
??H@YA?AVCStringLite@@ABV0@PBD@Z

mfc90

ord2448
ord795
ord2087
ord3209
ord5657
ord5660
ord4333
ord4982
ord5663
ord5646
ord6002
ord3110
ord4890
ord593
ord3939
ord4030
ord1884
ord4760
ord524
ord744
ord2069
ord2587
ord1222
ord3346
ord6391
ord1755
ord1752
ord4331
ord1497
ord4650
ord5585
ord2074
ord5497
ord6780
ord4589
ord5647
ord3732
ord5139
ord4688
ord1729
ord6446
ord5668
ord5666
ord958
ord963
ord967
ord965
ord969
ord2610
ord2630
ord2614
ord2620
ord2618
ord2616
ord2633
ord2628
ord2612
ord2635
ord2623
ord2605
ord3980
ord2625
ord2375
ord2368
ord1644
ord6784
ord4160
ord6782
ord3671
ord5389
ord6356
ord3218
ord1446
ord5608
ord2139
ord1792
ord1791
ord1728
ord5633
ord2766
ord2978
ord3107
ord4714
ord2961
ord3135
ord2769
ord2888
ord2759
ord4066
ord4067
ord4057
ord2886
ord4334
ord4895
ord4667
ord3663
ord595
ord796
ord320
ord5852
ord817
ord300
ord1265
ord798
ord4516
ord1490
ord6557
ord6291
ord2592
ord4502
ord2469
ord1358
ord3528
ord2106
ord1183
ord3534
ord579
ord5528
ord6815
ord780
ord945
ord453
ord702
ord3213
ord305
ord6613
ord3178
ord1611
ord310
ord1137
ord820
ord316
ord601
ord2539
ord910
ord6793
ord3179
ord404
ord5520
ord663
ord5753
ord1555
ord6062
ord3579
ord2588
ord265
ord266
ord800
ord391
ord2607
ord1241
ord1152

msvcr90

_encoded_null
_encode_pointer
?terminate@@YAXXZ
strlen
pow
floor
memcmp
__iob_func
fprintf
strchr
sscanf_s
__RTDynamicCast
_mkdir
strcat_s
wcstombs_s
_CIpow
_purecall
fflush
fclose
fwrite
_ftelli64
_fseeki64
fread
__CxxFrameHandler3
fopen_s
_mktime64
realloc
malloc
free
strcpy_s
qsort
_setjmp3
longjmp
memset
_splitpath_s
_stricmp
memcpy
_malloc_crt
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer

kernel32

CreateProcessA
GetModuleFileNameA
ExitProcess
InterlockedExchange
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetFullPathNameA
CloseHandle
WaitForSingleObject
SetEvent
WaitForMultipleObjects
ResetEvent
CreateEventA
ResumeThread
SetThreadPriority
Sleep
GetPrivateProfileIntA
GetPrivateProfileStringA
FindResourceA
LoadResource
LockResource
InterlockedCompareExchange
GetTickCount
FreeResource

user32

UnionRect
GetDC
ReleaseCapture
IsWindow
UpdateLayeredWindow
SetLayeredWindowAttributes
GetFocus
SetCapture
LockWindowUpdate
SendMessageA
ClientToScreen
GetWindowRect
SetWindowRgn
EqualRect
ReleaseDC
IntersectRect
PtInRect
GetCursorPos
ScreenToClient
PeekMessageA
PostMessageA
EnableWindow
RedrawWindow
GetUpdateRect
GetClientRect
CopyRect
LoadCursorA

gdi32

SetDIBits
StretchBlt
StretchDIBits
CreateDIBitmap
CreateCompatibleDC
GetDeviceCaps
CreateFontA
CreateBitmap
SelectObject
BitBlt
GetDIBits
DeleteDC
GetCurrentObject
CreateRectRgn
CombineRgn
DeleteObject
CreatePalette
SetStretchBltMode

Exports

Exports

??0CDIB@@QAE@XZ
??0CDIBCache@@QAE@ABV0@@Z
??0CDIBCache@@QAE@XZ
??0CDIBDC@@QAE@XZ
??0CDIBWnd@@QAE@XZ
??0CDIBWndThread@@IAE@XZ
??0CDIBWndThread@@QAE@PAVCDIBWnd@@@Z
??0CLauncherThread@@IAE@XZ
??0CLauncherThread@@QAE@PAVCWnd@@PAVCLauncherThreadOwner@@PBDK@Z
??0CLauncherThreadOwner@@QAE@ABV0@@Z
??0CLauncherThreadOwner@@QAE@XZ
??0CLayeredWindowDC@@QAE@ABV0@@Z
??0CLayeredWindowDC@@QAE@XZ
??0CMMTimer@@QAE@ABV0@@Z
??0CMMTimer@@QAE@XZ
??0CSkin@@QAE@ABV0@@Z
??0CSkin@@QAE@XZ
??0CSkinnedButton@@QAE@ABV0@@Z
??0CSkinnedButton@@QAE@XZ
??0CSkinnedControl@@QAE@ABV0@@Z
??0CSkinnedControl@@QAE@XZ
??0CSkinnedIndicator@@QAE@XZ
??0CSkinnedIndicatorSource@@QAE@ABV0@@Z
??0CSkinnedIndicatorSource@@QAE@XZ
??0CSkinnedPlaceholder@@QAE@ABV0@@Z
??0CSkinnedPlaceholder@@QAE@XZ
??0CSkinnedSite@@QAE@ABV0@@Z
??0CSkinnedSite@@QAE@XZ
??0CSkinnedSlider@@QAE@ABV0@@Z
??0CSkinnedSlider@@QAE@XZ
??0CSkinnedText@@QAE@XZ
??0CSkinnedWnd@@QAE@XZ
??0CValueClipper@@QAE@ABV0@@Z
??0CValueClipper@@QAE@XZ
??1CDIB@@UAE@XZ
??1CDIBCache@@UAE@XZ
??1CDIBDC@@UAE@XZ
??1CDIBWnd@@UAE@XZ
??1CDIBWndThread@@MAE@XZ
??1CLauncherThread@@UAE@XZ
??1CLauncherThreadOwner@@UAE@XZ
??1CLayeredWindowDC@@UAE@XZ
??1CMMTimer@@UAE@XZ
??1CSkin@@UAE@XZ
??1CSkinnedButton@@UAE@XZ
??1CSkinnedControl@@UAE@XZ
??1CSkinnedIndicator@@UAE@XZ
??1CSkinnedIndicatorSource@@UAE@XZ
??1CSkinnedPlaceholder@@UAE@XZ
??1CSkinnedSite@@UAE@XZ
??1CSkinnedSlider@@UAE@XZ
??1CSkinnedText@@UAE@XZ
??1CSkinnedWnd@@UAE@XZ
??1CValueClipper@@UAE@XZ
??4CDIBCache@@QAEAAV0@ABV0@@Z
??4CLauncherThreadOwner@@QAEAAV0@ABV0@@Z
??4CLayeredWindowDC@@QAEAAV0@ABV0@@Z
??4CMMTimer@@QAEAAV0@ABV0@@Z
??4CSkin@@QAEAAV0@ABV0@@Z
??4CSkinnedButton@@QAEAAV0@ABV0@@Z
??4CSkinnedControl@@QAEAAV0@ABV0@@Z
??4CSkinnedIndicatorSource@@QAEAAV0@ABV0@@Z
??4CSkinnedPlaceholder@@QAEAAV0@ABV0@@Z
??4CSkinnedSite@@QAEAAV0@ABV0@@Z
??4CSkinnedSlider@@QAEAAV0@ABV0@@Z
??4CValueClipper@@QAEAAV0@ABV0@@Z
??_7CDIB@@6B@
??_7CDIBCache@@6B@
??_7CDIBDC@@6B@
??_7CDIBWnd@@6B@
??_7CDIBWndThread@@6B@
??_7CLauncherThread@@6B@
??_7CLauncherThreadOwner@@6B@
??_7CLayeredWindowDC@@6B@
??_7CMMTimer@@6B@
??_7CSkin@@6B@
??_7CSkinnedButton@@6B@
??_7CSkinnedControl@@6B@
??_7CSkinnedIndicator@@6B@
??_7CSkinnedIndicatorSource@@6B@
??_7CSkinnedPlaceholder@@6B@
??_7CSkinnedSite@@6B@
??_7CSkinnedSlider@@6B@
??_7CSkinnedText@@6B@
??_7CSkinnedWnd@@6B@
??_7CValueClipper@@6B@
?AddControl@CSkinnedWnd@@QAEHPAVCSkinnedControl@@H@Z
?AddDIB@CDIBCache@@QAEPAVCDIB@@PBDPAVCSkin@@0@Z
?AddDIB@CDIBCache@@QAEXPBDPAVCDIB@@K@Z
?AddDirtyRect@CSkinnedWnd@@QAEXPAVCRect@@@Z
?AlphaBlt@CDIB@@QAEHPAV1@0JJJJJJK@Z
?Animate@CSkinnedButton@@QAEHXZ
?Animate@CSkinnedIndicator@@QAEHXZ
?Animate@CSkinnedText@@QAEXXZ
?AppendPAK@CDIB@@QAEHPAVCSZArray@@PBDH@Z
?ApplyBitmapEffect@CSkin@@QAEHPBDPAVCDIB@@@Z
?AsyncPrepare@CDIBWnd@@QAEXXZ
?AsyncUpdate@CDIBWndThread@@QAEXXZ
?AsyncUpdateBackbuffer@CDIBWnd@@QAEXKK@Z
?Attach@CDIB@@QAEHPAV1@H@Z
?AttachDIB@CDIBWnd@@QAEHPAVCDIB@@@Z
?Bar@CDIB@@QAEHJJJJJ@Z
?BeginRedrawDirtyControls@CSkinnedWnd@@QAEXXZ
?Blt@CDIB@@QAEHPAV1@JJJJJJ@Z
?Blur9Tap@CDIB@@QAEHXZ
?CalcIndicatorValue@CSkinnedIndicatorSource@@UAEMM@Z
?CalcTimerPeriod@CSkinnedWnd@@QAEKXZ
?Capture@CDIB@@QAEHPAVCDC@@KK@Z
?CaptureDesktop@CDIB@@QAEHVCRect@@@Z
?ChangeRgn@CSkinnedWnd@@QAEXXZ
?ClientToSkin@CSkinnedWnd@@QAE?AVCPoint@@V2@@Z
?ClientToSkin@CSkinnedWnd@@QAE?AVCRect@@V2@@Z
?ClientToSkin@CSkinnedWnd@@QAEHH@Z
?ClipDWORD@CValueClipper@@SAKKKK@Z
?ClipFloat@CValueClipper@@SAMMMM@Z
?ClipInt@CValueClipper@@SAHHHH@Z
?ClipLong@CValueClipper@@SAJJJJ@Z
?ColorKeyBlt@CDIB@@QAEHPAV1@JJJJJJK@Z
?Compile@CSkin@@QAEHPBDK@Z
?CompressToPNG@CDIB@@QAEXXZ
?ConvertHSLToRGB@CDIB@@QAEXPAK00000@Z
?ConvertRGBToHSL@CDIB@@QAEXPAK00000@Z
?ConvertTo256Color@CDIB@@QAEHXZ
?ConvertTo256ColorHelper@CDIB@@KAHPBX0@Z
?ConvertToAlpha@CDIB@@QAEHXZ
?ConvertToGreyscale@CDIB@@QAEHXZ
?ConvertToHiColor@CDIB@@QAEHH@Z
?ConvertToTrueColor@CDIB@@QAEHXZ
?CopyCompressed@CDIB@@QAEXKPAEK@Z
?CopyDIB@CDIB@@QAEHPAV1@@Z
?Create@CDIB@@QAEHJJGK@Z
?Create@CDIBWnd@@QAEHKABUtagRECT@@PAVCWnd@@I@Z
?Create@CMMTimer@@QAEHIIKP6AXK@Z@Z
?Create@CMMTimer@@QAEHIIKPAUHWND__@@IIJ@Z
?Create@CSkinnedControl@@QAEHPAVCSkin@@PBDK1KH@Z
?Create@CSkinnedWnd@@UAEHPAVCSkin@@PBDK@Z
?CreateAdditionalButtons@CSkinnedWnd@@QAEHPAVCSkin@@PBDKHH@Z
?CreateAdditionalControls@CSkinnedWnd@@QAEHPAVCSkin@@PBDKHH@Z
?CreateAdditionalIndicator@CSkinnedWnd@@QAEHPAVCSkin@@PBDK11HH@Z
?CreateAdditionalIndicators@CSkinnedWnd@@QAEHPAVCSkin@@PBDKHH@Z
?CreateBitmap@CDIB@@QAEPAUHBITMAP__@@PAUHDC__@@@Z
?CreateBitmap@CDIB@@QAEPAUHBITMAP__@@PAVCDC@@@Z
?CreateDCA@CDIBDC@@QAEXXZ
?CreateDCA@CLayeredWindowDC@@QAEXPAVCDIB@@0KKK@Z
?CreateDCA@CSkinnedIndicator@@QAEXK@Z
?CreateFontA@CSkinnedText@@QAEHPAVCSkin@@PBD@Z
?CreateObject@CDIBWndThread@@SGPAVCObject@@XZ
?CreateObject@CLauncherThread@@SGPAVCObject@@XZ
?CreatePAK@CDIB@@SAJPBD0@Z
?CreatePalette@CDIB@@QAEPAUHPALETTE__@@XZ
?CreateRgn@CDIB@@QAEPAUHRGN__@@KK@Z
?CreateThread@CDIBWnd@@QAEXXZ
?CreateTimer@CSkinnedWnd@@QAEKK@Z
?Decompile@CSkin@@QAEHPBDK@Z
?DefWindowProcA@CSkinnedWnd@@MAEJIIJ@Z
?DeleteDC@CDIBDC@@QAEXXZ
?DeleteDC@CLayeredWindowDC@@QAEXXZ
?Destroy@CDIBWndThread@@QAEXXZ
?Destroy@CSkinnedWnd@@QAEXH@Z
?DestroyAdditionalControls@CSkinnedWnd@@QAEXXZ
?DestroyCompressed@CDIB@@QAEXXZ
?DestroyDIB@CDIB@@QAEHXZ
?DestroyDirtyRects@CSkinnedWnd@@QAEXXZ
?DestroyImage@CDIB@@QAEHXZ
?DestroyPalette@CDIB@@QAEHXZ
?DestroyThread@CDIBWnd@@QAEXXZ
?DetachDIB@CDIBWnd@@QAEXXZ
?DisplayMessage@CSkinnedWnd@@UAEHPBDK@Z
?DoEdit@CSkinnedText@@QAEXXZ
?Draw@CSkinnedButton@@UAEXPAVCDIB@@0@Z
?Draw@CSkinnedIndicator@@UAEXPAVCDIB@@0@Z
?Draw@CSkinnedIndicatorSource@@UAEXPAVCDIB@@0@Z
?Draw@CSkinnedPlaceholder@@UAEXPAVCDIB@@0@Z
?Draw@CSkinnedSite@@UAEXPAVCDIB@@0@Z
?Draw@CSkinnedSlider@@UAEXPAVCDIB@@0@Z
?Draw@CSkinnedText@@UAEXPAVCDIB@@0@Z
?Dump@CDIBCache@@QAEXPBD@Z
?DumpCache@CSkinnedWnd@@QAEXPBD@Z
?EatMessages@CMMTimer@@QAEHXZ
?Emboss@CDIB@@QAEHEEEE@Z
?Enable@CSkinnedControl@@QAEHH@Z
?EnableAnimtation@CSkinnedIndicator@@QAEXH@Z
?EnableClickPos@CSkinnedSlider@@QAEXH@Z
?EnableRedraw@CSkinnedWnd@@QAEXH@Z
?EnableRedrawControls@CSkinnedWnd@@QAEXH@Z
?EncryptDecryptHeader@CSkin@@QAEXPAEK0K@Z
?EncryptDecryptHeader@CSkin@@QAEXPAVCSZArray@@@Z
?EndEdit@CSkinnedText@@QAEXH@Z
?EndRedrawDirtyControls@CSkinnedWnd@@QAEXXZ
?ExitInstance@CDIBWndThread@@UAEHXZ
?ExitInstance@CLauncherThread@@UAEHXZ
?ExtractAlpha@CDIB@@QAEHXZ
?FastCopyDIB@CDIB@@QAEHPAV1@@Z
?FastResizeA8R8G8B8@CDIB@@SAXPAEKKK0KKK@Z
?FastResizeR8G8B8@CDIB@@SAXPAEKKK0KKK@Z
?FastResizeR8G8B8@CDIB@@SAXPAEKKK0KKKK@Z
?FillBitmapInfoHeader@CDIB@@QAEXPAUtagBITMAPINFOHEADER@@@Z
?FindDIB@CDIBCache@@QAEPAVCDIB@@PBD@Z
?FixSize@CSkinnedControl@@QAEXPAVCDIB@@0@Z
?FixSizes@CSkinnedSite@@QAEXXZ
?FlushDC@CDIBDC@@QAEXXZ
?FlushDIB@CDIBDC@@QAEXXZ
?GetAdditionalError@CSkin@@QAEPBDXZ
?GetAlpha@CSkinnedControl@@QAEKXZ
?GetAlphaPath@CSkinnedSlider@@QAE?AVCPoint@@V2@@Z
?GetAnimationFrame@CSkinnedButton@@QAEKXZ
?GetAnimationFrames@CSkinnedButton@@QAEKXZ
?GetAsyncScaling@CDIBWnd@@QAEKXZ
?GetBackbuffer@CDIBWnd@@QAEHXZ
?GetBaseColorKey@CSkinnedWnd@@QAEHAAK@Z
?GetBgndRect@CSkinnedSlider@@AAE?AVCRect@@XZ
?GetBitmap@CLayeredWindowDC@@QAEPAUHBITMAP__@@XZ
?GetBitmapFilenameWithEffects@CSkin@@QAE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDPAH@Z
?GetBltHitCount@CDIB@@QAEJPAV1@JJJJJJJJ@Z
?GetCapturedControl@CSkinnedWnd@@QAEPAVCSkinnedControl@@XZ
?GetClassNameA@CSkinnedButton@@UAE?AVCStringLite@@XZ
?GetClassNameA@CSkinnedIndicator@@UAE?AVCStringLite@@XZ
?GetClassNameA@CSkinnedIndicatorSource@@UAE?AVCStringLite@@XZ
?GetClassNameA@CSkinnedPlaceholder@@UAE?AVCStringLite@@XZ
?GetClassNameA@CSkinnedSite@@UAE?AVCStringLite@@XZ
?GetClassNameA@CSkinnedSlider@@UAE?AVCStringLite@@XZ
?GetClassNameA@CSkinnedText@@UAE?AVCStringLite@@XZ
?GetCommonParamsNum@CSkinnedControl@@SAKK@Z
?GetCompatibilityFlags@CSkinnedWnd@@QAEKXZ
?GetControlByID@CSkinnedWnd@@QAEPAVCSkinnedControl@@K@Z
?GetControlByName@CSkinnedWnd@@QAEPAVCSkinnedControl@@PBD@Z
?GetControlRect@CSkinnedControl@@QAE?AVCRect@@XZ
?GetControlRectInvalidated@CSkinnedControl@@QAE?AVCRect@@XZ
?GetControlRectRelative@CSkinnedControl@@QAE?AVCRect@@XZ
?GetDC@CDIBDC@@QAEPAUHDC__@@XZ
?GetDC@CLayeredWindowDC@@QAEPAUHDC__@@XZ
?GetDC@CSkinnedIndicator@@QAEPAVCDIBDC@@H@Z
?GetDIB@CSkinnedButton@@AAEPAVCDIB@@XZ
?GetDIB@CSkinnedIndicator@@QAEPAVCDIB@@XZ
?GetDIB@CSkinnedSlider@@AAEPAVCDIB@@XZ
?GetDIBAlpha@CSkinnedButton@@AAEPAVCDIB@@XZ
?GetDIBAlpha@CSkinnedIndicator@@QAEPAVCDIB@@XZ
?GetDIBAlpha@CSkinnedSlider@@AAEPAVCDIB@@XZ
?GetDIBAlphaBeforeClick@CSkinnedButton@@AAEPAVCDIB@@XZ
?GetDIBCache@CSkinnedControl@@QAEPAVCDIBCache@@XZ
?GetDepth@CDIB@@QAEGXZ
?GetDragRect@CSkinnedSlider@@AAE?AVCRect@@XZ
?GetEditAnimationFrames@CSkinnedText@@QAEKXZ
?GetEditCursor@CSkinnedText@@QAEDXZ
?GetEditMask@CSkinnedText@@QAEPBDXZ
?GetEditTextLen@CSkinnedText@@QAEHXZ
?GetFileType@CDIB@@QAEKPBD@Z
?GetFormat@CSkin@@QAEKXZ
?GetHeaderBitmapsSectionName@CSkin@@QAEPBDXZ
?GetHeaderGlobalSectionName@CSkin@@QAEPBDXZ
?GetHeight@CDIB@@QAEJXZ
?GetHost@CSkin@@QAEPBDXZ
?GetHottrackControl@CSkinnedWnd@@QAEPAVCSkinnedControl@@XZ
?GetID@CSkinnedControl@@QAEKXZ
?GetImage@CDIB@@QAEPAEXZ
?GetIndicatorValue@CSkinnedControl@@UAEMK@Z
?GetIndicatorValue@CSkinnedIndicatorSource@@UAEMK@Z
?GetIndicatorValue@CSkinnedSlider@@UAEMK@Z
?GetKeyboardFocus@CSkinnedWnd@@QAEPAVCSkinnedControl@@XZ
?GetLastError@CDIB@@QAEHXZ
?GetLauncherThread@CLauncherThreadOwner@@QAEPAVCLauncherThread@@XZ
?GetLayeredWindowAlpha@CSkinnedWnd@@QAEKXZ
?GetLayeredWindowMode@CSkinnedWnd@@QAEKXZ
?GetLayout@CSkinnedWnd@@QAEKXZ
?GetMMTimerMode@CMMTimer@@QAEKXZ
?GetMessageMap@CDIBWnd@@MBEPBUAFX_MSGMAP@@XZ
?GetMessageMap@CDIBWndThread@@MBEPBUAFX_MSGMAP@@XZ
?GetMessageMap@CLauncherThread@@MBEPBUAFX_MSGMAP@@XZ
?GetMessageMap@CSkinnedWnd@@MBEPBUAFX_MSGMAP@@XZ
?GetName@CSkinnedControl@@QAEPBDXZ
?GetName@CSkinnedWnd@@QAEPBDXZ
?GetNearestColor@CDIB@@QAEHPAUtagPALETTEENTRY@@@Z
?GetNearestColor@CDIB@@SAHPAUtagPALETTEENTRY@@H0@Z
?GetOwner@CDIB@@QAEPAVCDIBWnd@@XZ
?GetPAK@CSkin@@QAEPAVCSZArray@@XZ
?GetPage@CSkinnedSlider@@QAEKXZ
?GetPalette@CDIB@@QAEPAUtagPALETTEENTRY@@XZ
?GetPaletteSize@CDIB@@QAEHXZ
?GetParam@CSkinnedIndicator@@QAEHHAAVCStringLite@@@Z
?GetParam@CSkinnedPlaceholder@@QAEHHAAVCStringLite@@@Z
?GetParams@CSkinnedIndicator@@QAEPBDXZ
?GetParams@CSkinnedPlaceholder@@QAEPBDXZ
?GetPeriod@CMMTimer@@QAEIXZ
?GetPixel@CDIB@@QAEHHHAAK@Z
?GetPoint@CSkinnedSlider@@QAE?AVCPoint@@XZ
?GetPos@CSkinnedSlider@@QAEJXZ
?GetRGBDifference@CDIB@@SAHPAUtagPALETTEENTRY@@0@Z
?GetRect@CDIB@@QAEXPAVCRect@@@Z
?GetReplace@CSkinnedText@@QAEEE@Z
?GetRuntimeClass@CDIBWndThread@@UBEPAUCRuntimeClass@@XZ
?GetRuntimeClass@CLauncherThread@@UBEPAUCRuntimeClass@@XZ
?GetSSAAHeight@CDIBDC@@QAEKXZ
?GetSSAAWidth@CDIBDC@@QAEKXZ
?GetScaleFactor@CSkinnedWnd@@QAEKXZ
?GetScalingMode@CDIBWnd@@QAEKXZ
?GetSite@CSkinnedControl@@QAEPAVCSkinnedSite@@XZ
?GetSize@CDIB@@QAEKXZ
?GetSizeB@CDIB@@QAEKXZ
?GetSourceControl@CSkinnedIndicator@@QAEPAVCSkinnedControl@@XZ
?GetState@CSkinnedButton@@QAEKXZ
?GetStates@CSkinnedButton@@QAEKXZ
?GetStrFilter@CDIB@@SAPADXZ
?GetText@CSkinnedText@@QAE?AVCStringLite@@XZ
?GetThisClass@CDIBWndThread@@SGPAUCRuntimeClass@@XZ
?GetThisClass@CLauncherThread@@SGPAUCRuntimeClass@@XZ
?GetThisMessageMap@CDIBWnd@@KGPBUAFX_MSGMAP@@XZ
?GetThisMessageMap@CDIBWndThread@@KGPBUAFX_MSGMAP@@XZ
?GetThisMessageMap@CLauncherThread@@KGPBUAFX_MSGMAP@@XZ
?GetThisMessageMap@CSkinnedWnd@@KGPBUAFX_MSGMAP@@XZ
?GetThread@CDIBWnd@@QAEPAVCDIBWndThread@@XZ
?GetTimerPeriod@CSkinnedControl@@QAEKXZ
?GetTimerRes@CSkinnedWnd@@QAEHXZ
?GetWidth@CDIB@@QAEJXZ
?GetWidthB@CDIB@@QAEJXZ
?GetWnd@CSkin@@QAEPAVCSkinnedWnd@@XZ
?GetWnd@CSkinnedControl@@QAEPAVCSkinnedWnd@@XZ
?GetZOrder@CSkinnedControl@@QAEKXZ
?HitTest@CSkinnedButton@@UAEHVCPoint@@K@Z
?HitTest@CSkinnedControl@@UAEHVCPoint@@K@Z
?HitTest@CSkinnedPlaceholder@@UAEHVCPoint@@K@Z
?HitTest@CSkinnedSite@@UAEHVCPoint@@K@Z
?HitTest@CSkinnedSlider@@UAEHVCPoint@@K@Z
?HitTest@CSkinnedText@@UAEHVCPoint@@K@Z
?HitTest@CSkinnedWnd@@QAEPAVCSkinnedControl@@VCPoint@@K@Z
?HitTestBase@CSkinnedWnd@@QAEHVCPoint@@K@Z
?InitDivLookup@CDIB@@QAEXXZ
?InitHeaderType@CSkin@@QAEHK@Z
?InitInstance@CDIBWndThread@@UAEHXZ
?InitInstance@CLauncherThread@@UAEHXZ
?InitResize@CDIB@@SAXPAK00000KKKKKKK@Z
?Invalidate@CSkinnedControl@@QAEXH@Z
?IsActive@CMMTimer@@QAEHXZ
?IsAlphaPath@CSkinnedSlider@@QAEHXZ
?IsAnimationEnabled@CSkinnedIndicator@@QAEHXZ
?IsBlind@CSkinnedIndicator@@QAEHXZ
?IsCaptured@CSkinnedControl@@QAEHXZ
?IsCaptured@CSkinnedWnd@@QAEHXZ
?IsCheckbox@CSkinnedButton@@QAEHXZ
?IsCmdLine@CSkinnedButton@@QAEHXZ
?IsCompressed@CDIB@@QAEHXZ
?IsEditMode@CSkinnedText@@QAEHXZ
?IsEditing@CSkinnedText@@QAEHXZ
?IsEnabled@CSkinnedControl@@QAEHXZ
?IsGDI@CSkinnedText@@QAEHXZ
?IsHorizontal@CSkinnedIndicator@@QAEHXZ
?IsHorizontal@CSkinnedSlider@@QAEHXZ
?IsHottrack@CSkinnedControl@@QAEHXZ
?IsIdle@CDIBWndThread@@QAEHXZ
?IsIntersected@CSkinnedControl@@QAEHPAVCRect@@@Z
?IsInverted@CSkinnedIndicator@@QAEHXZ
?IsKeyboardFocusCaptured@CSkinnedControl@@UAEHXZ
?IsKeyboardFocusCaptured@CSkinnedText@@UAEHXZ
?IsKeyboardFocusCaptured@CSkinnedWnd@@QAEHXZ
?IsNative@CSkin@@QAEHXZ
?IsPressed@CSkinnedButton@@QAEHXZ
?IsRedrawControlsEnabled@CSkinnedWnd@@QAEHXZ
?IsRedrawEnabled@CSkinnedWnd@@QAEHXZ
?IsSmooth@CSkinnedIndicator@@QAEHXZ
?IsSpin@CSkinnedButton@@QAEHXZ
?IsSupportedFormat@CSkin@@IAEHK@Z
?IsSupportedFormat@CSkin@@QAEHXZ
?IsTimerPaused@CSkinnedControl@@QAEHXZ
?IsUSFHeader@CSkin@@QAEHXZ
?IsUXFHeader@CSkin@@QAEHXZ
?IsValidChar@CSkinnedText@@QAEHE@Z
?IsVisible@CSkinnedControl@@QAEHXZ
?Kill@CDIBWndThread@@QAEXXZ
?Kill@CLauncherThread@@QAEXXZ
?Kill@CMMTimer@@QAEXH@Z
?KillDivLookup@CDIB@@QAEXXZ
?LaunchApplication@CLauncherThread@@QAEHPBDK@Z
?Line@CDIB@@QAEHJJJJJ@Z
?Load@CSkin@@QAEHPAVCMemFile@@@Z
?LoadDIB@CDIB@@QAEHHPAUHINSTANCE__@@@Z
?LoadDIB@CDIB@@QAEHPAD@Z
?LoadDIB@CDIB@@QAEHPBDPAUHINSTANCE__@@@Z
?LoadGIF@CDIB@@QAEHPAD@Z
?LoadImageA@CDIB@@QAEHPAD@Z
?LoadJPEG@CDIB@@QAEHPAD@Z
?LoadPAK@CDIB@@QAEHPAVCSZArray@@PBD@Z
?LoadPAK@CDIB@@QAEHPBD0@Z
?LoadPCX@CDIB@@QAEHPAD@Z
?LoadPNG@CDIB@@QAEHPAD@Z
?LoadPNG@CDIB@@QAEHPAEK@Z
?LockUpdateDIB@CSkinnedWnd@@QAEXH@Z
?LockUpdateLayeredWindow@CSkinnedWnd@@QAEXH@Z
?MapBitmapName@CSkin@@QAE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@Z
?NotifyParent@CSkinnedControl@@UAEXKK@Z
?OnAsyncUpdate@CDIBWnd@@QAEXXZ
?OnCreate@CDIBWnd@@QAEHPAUtagCREATESTRUCTA@@@Z
?OnCreate@CSkinnedButton@@UAEHPAVCSkin@@PBDK1K@Z
?OnCreate@CSkinnedIndicator@@UAEHPAVCSkin@@PBDK1K@Z
?OnCreate@CSkinnedIndicatorSource@@UAEHPAVCSkin@@PBDK1K@Z
?OnCreate@CSkinnedPlaceholder@@UAEHPAVCSkin@@PBDK1K@Z
?OnCreate@CSkinnedSite@@UAEHPAVCSkin@@PBDK1K@Z
?OnCreate@CSkinnedSlider@@UAEHPAVCSkin@@PBDK1K@Z
?OnCreate@CSkinnedText@@UAEHPAVCSkin@@PBDK1K@Z
?OnCreateCommon@CSkinnedControl@@IAEHKPBDAAK11K@Z
?OnDestroy@CDIBWnd@@IAEXXZ
?OnDestroy@CSkinnedWnd@@IAEXXZ
?OnKeyDown@CSkinnedButton@@UAEXIII@Z
?OnKeyDown@CSkinnedControl@@UAEXIII@Z
?OnKeyDown@CSkinnedPlaceholder@@UAEXIII@Z
?OnKeyDown@CSkinnedSlider@@UAEXIII@Z
?OnKeyDown@CSkinnedText@@UAEXIII@Z
?OnKeyDown@CSkinnedWnd@@IAEXIII@Z
?OnKeyUp@CSkinnedControl@@UAEXIII@Z
?OnKeyUp@CSkinnedSlider@@UAEXIII@Z
?OnKeyUp@CSkinnedWnd@@IAEXIII@Z
?OnKillFocus@CSkinnedButton@@UAEXXZ
?OnKillFocus@CSkinnedControl@@UAEXXZ
?OnKillFocus@CSkinnedSlider@@UAEXXZ
?OnKillFocus@CSkinnedText@@UAEXXZ
?OnKillFocus@CSkinnedWnd@@IAEXPAVCWnd@@@Z
?OnKillKeyboardFocus@CSkinnedControl@@UAEXXZ
?OnKillKeyboardFocus@CSkinnedText@@UAEXXZ
?OnLButtonDown@CSkinnedButton@@UAEXVCPoint@@@Z
?OnLButtonDown@CSkinnedControl@@UAEXVCPoint@@@Z
?OnLButtonDown@CSkinnedPlaceholder@@UAEXVCPoint@@@Z
?OnLButtonDown@CSkinnedSlider@@UAEXVCPoint@@@Z
?OnLButtonDown@CSkinnedText@@UAEXVCPoint@@@Z
?OnLButtonDown@CSkinnedWnd@@IAEXIVCPoint@@@Z
?OnLButtonUp@CSkinnedButton@@UAEXVCPoint@@@Z
?OnLButtonUp@CSkinnedControl@@UAEXVCPoint@@@Z
?OnLButtonUp@CSkinnedPlaceholder@@UAEXVCPoint@@@Z
?OnLButtonUp@CSkinnedSlider@@UAEXVCPoint@@@Z
?OnLButtonUp@CSkinnedText@@UAEXVCPoint@@@Z
?OnLButtonUp@CSkinnedWnd@@IAEXIVCPoint@@@Z
?OnMouseMove@CSkinnedButton@@UAEXVCPoint@@@Z
?OnMouseMove@CSkinnedControl@@UAEXVCPoint@@@Z
?OnMouseMove@CSkinnedPlaceholder@@UAEXVCPoint@@@Z
?OnMouseMove@CSkinnedSlider@@UAEXVCPoint@@@Z
?OnMouseMove@CSkinnedText@@UAEXVCPoint@@@Z
?OnMouseMove@CSkinnedWnd@@IAEXIVCPoint@@@Z
?OnMoveWindow@CSkinnedWnd@@UAEXVCPoint@@@Z
?OnPaint@CDIBWnd@@IAEXXZ
?OnReadControlDesc@CSkinnedWnd@@UAEHPAVCSkin@@PBD1K1AAVCStringLite@@@Z
?OnReadDefaultControlDesc@CSkinnedWnd@@UAEHPAVCSkin@@PBD1K1AAVCStringLite@@@Z
?OnSetScaleFactor@CSkinnedWnd@@UAEXK@Z
?OnTimer@CSkinnedButton@@UAEXXZ
?OnTimer@CSkinnedControl@@UAEXXZ
?OnTimer@CSkinnedIndicator@@UAEXXZ
?OnTimer@CSkinnedText@@UAEXXZ
?OnTimer@CSkinnedWnd@@IAEXI@Z
?OnUpdateLayeredWindow@CSkinnedWnd@@UAEXPAUHDC__@@@Z
?OutCode@CDIB@@IAEHJJJJJJ@Z
?OverrideDIB@CSkinnedButton@@QAEXPAVCDIB@@@Z
?OverrideDIB@CSkinnedIndicator@@QAEXPAVCDIB@@@Z
?OverrideDIBAlpha@CSkinnedButton@@QAEXPAVCDIB@@@Z
?OverrideDIBAlpha@CSkinnedIndicator@@QAEXPAVCDIB@@@Z
?OverrideDIBHottrack@CSkinnedButton@@QAEXPAVCDIB@@@Z
?OverrideDIBHottrackAlpha@CSkinnedButton@@QAEXPAVCDIB@@@Z
?OverrideDIBPressed@CSkinnedButton@@QAEXPAVCDIB@@@Z
?OverrideDIBPressedAlpha@CSkinnedButton@@QAEXPAVCDIB@@@Z
?OverrideDIBPressedHottrack@CSkinnedButton@@QAEXPAVCDIB@@@Z
?OverrideDIBPressedHottrackAlpha@CSkinnedButton@@QAEXPAVCDIB@@@Z
?OverrideHeader@CSkin@@AAEXPAVCTextFile@@@Z
?PauseTimer@CSkinnedControl@@QAEXH@Z
?PointToPos@CSkinnedSlider@@AAEJVCPoint@@@Z
?PosToPoint@CSkinnedSlider@@AAE?AVCPoint@@J@Z
?PostMessageToTarget@CMMTimer@@IAEXXZ
?Press@CSkinnedButton@@QAEXH@Z
?ProcessCommandLine@CLauncherThread@@QAEXPBDAAPAD1H@Z
?ProcessLButtonDown@CSkinnedWnd@@QAEHVCPoint@@@Z
?ProcessLButtonUp@CSkinnedWnd@@QAEHVCPoint@@@Z
?ProcessMouseMove@CSkinnedWnd@@QAEHVCPoint@@@Z
?RGBTo555@CDIB@@SAGEEE@Z
?ReadControlDesc@CSkin@@QAEHPBD0K0AAVCStringLite@@@Z
?ReadHeaderSection@CSkin@@QAEHPBDAAVCStringLite@@@Z
?ReadHeaderSectionParam@CSkin@@QAEHPBD0AAVCStringLite@@@Z
?ReadHeaderSectionParamForLayout@CSkin@@QAEHPBDK0AAVCStringLite@@H@Z
?RecalcControlRect@CSkinnedText@@QAEXXZ
?Recompress@CDIB@@QAEXXZ
?Recreate@CSkinnedControl@@QAEHPAVCSkin@@H@Z
?Redraw@CSkinnedControl@@QAEXXZ
?RedrawControl@CSkinnedWnd@@QAEXPAVCSkinnedControl@@@Z
?RedrawControls@CSkinnedWnd@@QAEXPAVCRect@@@Z
?RedrawControls@CSkinnedWnd@@QAEXXZ
?RedrawIndicators@CSkinnedControl@@QAEXXZ
?ReleaseKeyboardFocus@CSkinnedControl@@QAEXXZ
?RemoveControl@CSkinnedWnd@@QAEHPAVCSkinnedControl@@@Z
?RemoveUnusedEntries@CDIB@@QAEHXZ
?RepositionControl@CSkinnedControl@@QAEXXZ
?ResetLayouts@CSkinnedWnd@@QAEXXZ
?ResizeA8R8G8B8@CDIB@@SAXPAEKKK0KKK@Z
?ResizeDIB@CDIB@@QAEHHHH@Z
?ResizePalette@CDIB@@QAEHH@Z
?ResizePaletteHelper@CDIB@@KAHPBX0@Z
?ResizeR8G8B8@CDIB@@SAXPAEKKK0KKK@Z
?ResizeR8G8B8@CDIB@@SAXPAEKKK0KKKK@Z
?SaveDIB@CDIB@@QAEHPAD@Z
?SetAdditionalError@CSkin@@QAEXPBD@Z
?SetAlphaHitTest@CSkinnedButton@@QAEXH@Z
?SetAlphaPathThreshold@CSkinnedSlider@@QAEXK@Z
?SetAnimationFrame@CSkinnedButton@@QAEHK@Z
?SetAnimationFrames@CSkinnedIndicator@@QAEXK@Z
?SetAsyncScaling@CDIBWnd@@QAEXK@Z
?SetBackbuffer@CDIBWnd@@QAEXH@Z
?SetBgndColor@CSkinnedText@@QAEXK@Z
?SetCapture@CSkinnedControl@@QAEHH@Z

Sections

.text
Size: 273KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SaveMedia.cfg
SaveMedia.dll
.dll windows:5 windows x86 arch:x86

43b0d6741ccb904ea1c66050f700cbbc

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:41:25:7e:66:2b:31:db:5b:7d:1b:47:51:28:95:07
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

25/02/2022, 00:00

Not After

25/02/2024, 23:59

Subject

CN=Alexey Nicolaychuk,O=Alexey Nicolaychuk,ST=Rostovskaya oblast',C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5d:d2:a0:35:7b:9e:b7:62:80:4e:bf:67:5d:30:14:b6:df:7e:10:51
Signer

Actual PE Digest

5d:d2:a0:35:7b:9e:b7:62:80:4e:bf:67:5d:30:14:b6:df:7e:10:51

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

msvfw32

ICCompressorChoose
ICSendMessage
ICClose
ICGetInfo
ICOpen

shlwapi

PathStripPathA
PathRemoveFileSpecA
PathRenameExtensionA

dsound

ord6
ord7

mfc90

ord5924
ord817
ord1884
ord3939
ord701
ord4890
ord3110
ord6002
ord5646
ord5663
ord4982
ord4333
ord5660
ord5657
ord3209
ord2087
ord795
ord2448
ord3980
ord945
ord906
ord5865
ord4465
ord449
ord699
ord904
ord4463
ord447
ord4993
ord3987
ord5615
ord4617
ord5309
ord2208
ord1810
ord1809
ord1678
ord3344
ord6388
ord1496
ord4650
ord5636
ord4668
ord374
ord639
ord2899
ord2360
ord5152
ord310
ord4502
ord1938
ord2372
ord1183
ord1387
ord615
ord2103
ord1604
ord4496
ord2277
ord1670
ord3346
ord6391
ord1755
ord1752
ord4331
ord1497
ord4640
ord5585
ord2074
ord5497
ord6780
ord4589
ord5647
ord3732
ord5139
ord4688
ord1729
ord6446
ord5668
ord5666
ord958
ord963
ord967
ord965
ord969
ord2610
ord2630
ord2614
ord2620
ord2618
ord2616
ord2633
ord2628
ord2612
ord2635
ord2623
ord2605
ord2607
ord2625
ord2375
ord2368
ord1644
ord6784
ord4160
ord6782
ord3671
ord5389
ord6356
ord3218
ord1446
ord5608
ord2139
ord1792
ord1791
ord1728
ord5633
ord2766
ord2978
ord3107
ord4714
ord2961
ord3135
ord2769
ord2888
ord2759
ord3277
ord4066
ord4067
ord4057
ord2886
ord4334
ord4895
ord4667
ord3487
ord595
ord1137
ord3213
ord305
ord6613
ord3178
ord910
ord1611
ord3783
ord4311
ord798
ord2566
ord6802
ord5761
ord1709
ord1252
ord6791
ord265
ord266
ord316
ord2539
ord820
ord601
ord5750
ord1247
ord3579
ord800
ord593

msvcr90

strpbrk
strncpy_s
srand
rand
wcstombs_s
_setjmp3
fopen_s
longjmp
fclose
_mkdir
_stricmp
sscanf_s
_findfirst64i32
__CxxFrameHandler3
strcpy_s
_findnext64i32
_findclose
_splitpath_s
strcat_s
_purecall
memcpy
memset
sprintf_s
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_except_handler4_common
getenv
sscanf
sprintf
exit
malloc
fwrite
__iob_func
fprintf
strlen
free
memcmp
fflush
ferror

kernel32

WriteFile
_lclose
GetLocalTime
CloseHandle
GetTickCount
LoadLibraryExA
SetFilePointer
GetProcAddress
GetModuleFileNameA
FreeLibrary
GetCurrentThreadId
GetCurrentThread
OpenFile
GetCurrentProcessId
GetPrivateProfileStringA
ReleaseMutex
WaitForSingleObject
CreateMutexA
SystemTimeToFileTime
SetEndOfFile
CreateFileA
LoadLibraryA
GetPrivateProfileIntA
WritePrivateProfileStringA
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
ExitProcess
DeleteFileA
WideCharToMultiByte
GetVersionExA
SetEvent
WaitForMultipleObjects
ResetEvent
CreateEventA
GetSystemInfo
ResumeThread
SetThreadPriority
TerminateThread
GetModuleHandleA
QueryPerformanceFrequency
QueryPerformanceCounter
ReadFile

user32

EnumDisplaySettingsA
GetDC
LoadCursorA
GetCursorPos
GetIconInfo
DrawIcon
ReleaseDC
SendMessageA
EnableWindow

gdi32

CreateBitmap
BitBlt
CreateCompatibleDC
DeleteObject
GetDeviceCaps
SelectObject
DeleteDC
GetDIBits

ole32

CoUninitialize
CoTaskMemFree
CoInitialize
CoCreateInstance
PropVariantClear

Exports

Exports

Configure
EnumAudioSources
GetStat
Init
SaveMedia
Uninit

Sections

.text
Size: 331KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 457KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SaveMedia64.dll
.dll windows:5 windows x64 arch:x64

1db55a5f5782886deb99ac5f3a3b2ce8

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:41:25:7e:66:2b:31:db:5b:7d:1b:47:51:28:95:07
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

25/02/2022, 00:00

Not After

25/02/2024, 23:59

Subject

CN=Alexey Nicolaychuk,O=Alexey Nicolaychuk,ST=Rostovskaya oblast',C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

59:b4:3c:b2:e4:ed:b1:49:85:3d:7a:70:a2:5a:c6:ea:70:cf:df:6a
Signer

Actual PE Digest

59:b4:3c:b2:e4:ed:b1:49:85:3d:7a:70:a2:5a:c6:ea:70:cf:df:6a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

msvfw32

ICCompressorChoose
ICSendMessage
ICClose
ICGetInfo
ICOpen

shlwapi

PathStripPathA
PathRemoveFileSpecA
PathRenameExtensionA

dsound

ord6
ord7

mfc90

ord5609
ord795
ord1786
ord3685
ord679
ord4586
ord2907
ord5685
ord5333
ord5350
ord4678
ord4041
ord5347
ord5344
ord3002
ord1966
ord773
ord2304
ord3726
ord923
ord884
ord5551
ord4167
ord437
ord677
ord882
ord4165
ord435
ord4689
ord3732
ord5302
ord4313
ord5003
ord2067
ord1714
ord1713
ord1585
ord3131
ord6038
ord1433
ord4346
ord5323
ord4364
ord362
ord617
ord2722
ord2218
ord4846
ord310
ord4202
ord1840
ord2230
ord1149
ord1339
ord602
ord1977
ord1517
ord4196
ord2136
ord1581
ord3133
ord6041
ord1662
ord1659
ord4039
ord1434
ord4336
ord5272
ord1954
ord5191
ord6406
ord4285
ord5334
ord3488
ord4833
ord4384
ord1636
ord6086
ord5355
ord5353
ord936
ord941
ord945
ord943
ord947
ord2455
ord2475
ord2459
ord2465
ord2463
ord2461
ord2478
ord2473
ord2457
ord2480
ord2468
ord2450
ord2452
ord2470
ord2233
ord2226
ord1556
ord6410
ord3893
ord6408
ord3430
ord5083
ord6012
ord3011
ord1393
ord5295
ord2010
ord1699
ord1698
ord1635
ord5320
ord2602
ord2797
ord2904
ord4410
ord2780
ord2932
ord2605
ord2711
ord2598
ord3069
ord3809
ord3810
ord3800
ord2709
ord4042
ord4591
ord4363
ord3253
ord583
ord1103
ord3006
ord305
ord6247
ord2973
ord888
ord1523
ord3529
ord4027
ord776
ord2411
ord6428
ord5448
ord1616
ord1213
ord6417
ord265
ord266
ord316
ord2380
ord798
ord589
ord5437
ord1209
ord3338
ord778
ord581

msvcr90

strncpy_s
srand
rand
memcmp
__C_specific_handler
wcstombs_s
_setjmp
fopen_s
longjmp
fclose
_mkdir
_stricmp
sscanf_s
__CxxFrameHandler3
_findfirst64i32
strcpy_s
_findnext64i32
_findclose
_splitpath_s
strcat_s
_purecall
memset
memcpy
sprintf_s
strpbrk
__clean_type_info_names_internal
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__CppXcptFilter
_amsg_exit
_encoded_null
_initterm_e
_initterm
_malloc_crt
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
getenv
sscanf
sprintf
exit
malloc
fwrite
__iob_func
fprintf
strlen
free
fflush
ferror

kernel32

GetCurrentProcessId
WriteFile
SetFilePointer
GetPrivateProfileStringA
GetTickCount
LoadLibraryExA
CloseHandle
GetProcAddress
GetModuleFileNameA
FreeLibrary
GetCurrentThreadId
GetCurrentThread
OpenFile
GetLocalTime
_lclose
ReleaseMutex
WaitForSingleObject
CreateMutexA
SystemTimeToFileTime
SetEndOfFile
CreateFileA
LoadLibraryA
GetPrivateProfileIntA
WritePrivateProfileStringA
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
Sleep
ExitProcess
DeleteFileA
WideCharToMultiByte
GetVersionExA
SetEvent
WaitForMultipleObjects
ResetEvent
CreateEventA
GetSystemInfo
ResumeThread
SetThreadPriority
TerminateThread
GetModuleHandleA
QueryPerformanceFrequency
QueryPerformanceCounter
ReadFile

user32

EnumDisplaySettingsA
GetDC
LoadCursorA
GetCursorPos
GetIconInfo
DrawIcon
ReleaseDC
SendMessageA
EnableWindow

gdi32

CreateBitmap
BitBlt
CreateCompatibleDC
DeleteObject
GetDeviceCaps
SelectObject
DeleteDC
GetDIBits

ole32

CoUninitialize
CoTaskMemFree
CoInitialize
CoCreateInstance
PropVariantClear

Exports

Exports

Configure
EnumAudioSources
GetStat
Init
SaveMedia
Uninit

Sections

.text
Size: 358KB - Virtual size: 358KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 459KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libmfxsw32.dll
.dll windows:5 windows x86 arch:x86

3b6ea42b172600bb5a8950b6766adce0

Code Sign

35:de:f4:cf
Certificate

Issuer

OU=Equifax Secure Certificate Authority,O=Equifax,C=US

Not Before

22/08/1998, 16:41

Not After

22/08/2018, 16:41

Subject

OU=Equifax Secure Certificate Authority,O=Equifax,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:b0:ff
Certificate

Issuer

OU=Equifax Secure Certificate Authority,O=Equifax,C=US

Not Before

16/02/2006, 18:01

Not After

19/02/2016, 18:01

Subject

CN=Intel External Basic Policy CA,O=Intel Corporation,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1b:aa:c3:a2:00:01:00:00:79:76
Certificate

Issuer

CN=Intel External Basic Issuing CA 3A,O=Intel Corporation,C=US

Not Before

12/12/2011, 18:40

Not After

26/11/2014, 18:40

Subject

CN=Intel(R) Software Products

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:1e:80:b7:00:00:00:00:00:07
Certificate

Issuer

CN=Intel External Basic Policy CA,O=Intel Corporation,C=US

Not Before

15/05/2009, 19:25

Not After

15/05/2015, 19:35

Subject

CN=Intel External Basic Issuing CA 3A,O=Intel Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7e:7b:38:2d:2b:14:3d:42:3e:33:ac:81:56:4b:de:44:29:9d:dd:ad
Signer

Actual PE Digest

7e:7b:38:2d:2b:14:3d:42:3e:33:ac:81:56:4b:de:44:29:9d:dd:ad

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\users\mkazakov\2013_R2\MediaSDK_2013_R2\build\win_Win32\bin\libmfxsw32.pdb

Imports

kernel32

GetLastError
CreateEventExW
GetOverlappedResult
WriteFile
CloseHandle
CreateEventW
InterlockedIncrement
WaitForSingleObject
SetEvent
ResetEvent
SetThreadAffinityMask
InterlockedDecrement
InterlockedCompareExchange
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetModuleFileNameW
GetSystemInfo
QueryPerformanceCounter
GetSystemTimeAsFileTime
Sleep
SwitchToThread
ReleaseSemaphore
CreateSemaphoreW
OutputDebugStringA
DecodePointer
EncodePointer
GetCurrentThreadId
GetCommandLineA
HeapAlloc
HeapReAlloc
HeapFree
ExitThread
CreateThread
GetProcAddress
GetModuleHandleW
ExitProcess
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetStdHandle
HeapSize
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
GetTickCount
GetCurrentProcessId
LoadLibraryW
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
SetStdHandle
WriteConsoleW
LCMapStringW
GetStringTypeW
FlushFileBuffers
CreateFileW
ReadFile
GetFileAttributesExW
DeleteFileW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

winmm

timeGetTime

Exports

Exports

MFXCloneSession
MFXClose
MFXDisjoinSession
MFXGetPriority
MFXInit
MFXJoinSession
MFXQueryIMPL
MFXQueryVersion
MFXSetPriority
MFXVideoCORE_GetHandle
MFXVideoCORE_SetBufferAllocator
MFXVideoCORE_SetFrameAllocator
MFXVideoCORE_SetHandle
MFXVideoCORE_SyncOperation
MFXVideoDECODE_Close
MFXVideoDECODE_DecodeFrameAsync
MFXVideoDECODE_DecodeHeader
MFXVideoDECODE_GetDecodeStat
MFXVideoDECODE_GetPayload
MFXVideoDECODE_GetVideoParam
MFXVideoDECODE_Init
MFXVideoDECODE_Query
MFXVideoDECODE_QueryIOSurf
MFXVideoDECODE_Reset
MFXVideoDECODE_SetSkipMode
MFXVideoENCODE_Close
MFXVideoENCODE_EncodeFrameAsync
MFXVideoENCODE_GetEncodeStat
MFXVideoENCODE_GetVideoParam
MFXVideoENCODE_Init
MFXVideoENCODE_Query
MFXVideoENCODE_QueryIOSurf
MFXVideoENCODE_Reset
MFXVideoUSER_ProcessFrameAsync
MFXVideoUSER_Register
MFXVideoUSER_Unregister
MFXVideoVPP_Close
MFXVideoVPP_GetVPPStat
MFXVideoVPP_GetVideoParam
MFXVideoVPP_Init
MFXVideoVPP_Query
MFXVideoVPP_QueryIOSurf
MFXVideoVPP_Reset
MFXVideoVPP_RunFrameVPPAsync

Sections

.text
Size: 14.6MB - Virtual size: 14.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 453KB - Virtual size: 453KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 194KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 213KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libmfxsw64.dll
.dll windows:5 windows x64 arch:x64

ceb419a5aaa755241938db3b7db9fb65

Code Sign

35:de:f4:cf
Certificate

Issuer

OU=Equifax Secure Certificate Authority,O=Equifax,C=US

Not Before

22/08/1998, 16:41

Not After

22/08/2018, 16:41

Subject

OU=Equifax Secure Certificate Authority,O=Equifax,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:b0:ff
Certificate

Issuer

OU=Equifax Secure Certificate Authority,O=Equifax,C=US

Not Before

16/02/2006, 18:01

Not After

19/02/2016, 18:01

Subject

CN=Intel External Basic Policy CA,O=Intel Corporation,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1b:aa:c3:a2:00:01:00:00:79:76
Certificate

Issuer

CN=Intel External Basic Issuing CA 3A,O=Intel Corporation,C=US

Not Before

12/12/2011, 18:40

Not After

26/11/2014, 18:40

Subject

CN=Intel(R) Software Products

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:1e:80:b7:00:00:00:00:00:07
Certificate

Issuer

CN=Intel External Basic Policy CA,O=Intel Corporation,C=US

Not Before

15/05/2009, 19:25

Not After

15/05/2015, 19:35

Subject

CN=Intel External Basic Issuing CA 3A,O=Intel Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d4:8a:b8:6f:64:ba:04:f3:b1:8d:3c:05:6d:e2:4e:53:02:44:df:08
Signer

Actual PE Digest

d4:8a:b8:6f:64:ba:04:f3:b1:8d:3c:05:6d:e2:4e:53:02:44:df:08

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\users\mkazakov\2013_R2\MediaSDK_2013_R2\build\win_x64\bin\libmfxsw64.pdb

Imports

kernel32

GetLastError
CreateEventExW
GetOverlappedResult
WriteFile
CloseHandle
CreateEventW
WaitForSingleObject
SetEvent
ResetEvent
SetThreadAffinityMask
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetModuleFileNameW
GetSystemInfo
QueryPerformanceCounter
GetSystemTimeAsFileTime
Sleep
SwitchToThread
ReleaseSemaphore
CreateSemaphoreW
OutputDebugStringA
DecodePointer
EncodePointer
GetCurrentThreadId
FlsSetValue
GetCommandLineA
HeapAlloc
HeapReAlloc
HeapFree
ExitThread
CreateThread
GetProcAddress
GetModuleHandleW
ExitProcess
RaiseException
RtlPcToFileHeader
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
GetStdHandle
HeapSize
FlsGetValue
FlsFree
SetLastError
FlsAlloc
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
GetTickCount
GetCurrentProcessId
LoadLibraryW
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
SetStdHandle
WriteConsoleW
LCMapStringW
GetStringTypeW
FlushFileBuffers
CreateFileW
ReadFile
GetFileAttributesExW
DeleteFileW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

winmm

timeGetTime

Exports

Exports

MFXCloneSession
MFXClose
MFXDisjoinSession
MFXGetPriority
MFXInit
MFXJoinSession
MFXQueryIMPL
MFXQueryVersion
MFXSetPriority
MFXVideoCORE_GetHandle
MFXVideoCORE_SetBufferAllocator
MFXVideoCORE_SetFrameAllocator
MFXVideoCORE_SetHandle
MFXVideoCORE_SyncOperation
MFXVideoDECODE_Close
MFXVideoDECODE_DecodeFrameAsync
MFXVideoDECODE_DecodeHeader
MFXVideoDECODE_GetDecodeStat
MFXVideoDECODE_GetPayload
MFXVideoDECODE_GetVideoParam
MFXVideoDECODE_Init
MFXVideoDECODE_Query
MFXVideoDECODE_QueryIOSurf
MFXVideoDECODE_Reset
MFXVideoDECODE_SetSkipMode
MFXVideoENCODE_Close
MFXVideoENCODE_EncodeFrameAsync
MFXVideoENCODE_GetEncodeStat
MFXVideoENCODE_GetVideoParam
MFXVideoENCODE_Init
MFXVideoENCODE_Query
MFXVideoENCODE_QueryIOSurf
MFXVideoENCODE_Reset
MFXVideoUSER_ProcessFrameAsync
MFXVideoUSER_Register
MFXVideoUSER_Unregister
MFXVideoVPP_Close
MFXVideoVPP_GetVPPStat
MFXVideoVPP_GetVideoParam
MFXVideoVPP_Init
MFXVideoVPP_Query
MFXVideoVPP_QueryIOSurf
MFXVideoVPP_Reset
MFXVideoVPP_RunFrameVPPAsync

Sections

.text
Size: 17.9MB - Virtual size: 17.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1016KB - Virtual size: 1015KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 248KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 337KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e7f9a29f2c85394521a08b9f31f6275

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

9c:41:25:7e:66:2b:31:db:5b:7d:1b:47:51:28:95:07Certificate

Extended Key Usages

Key Usages

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29Certificate

Extended Key Usages

Key Usages

e0:a1:72:e2:2c:6a:54:c3:b8:3b:c0:9f:53:ae:a0:52:70:68:c1:7aSigner

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 128KB

.ndata Size: - Virtual size: 176KB

.rsrc Size: 39KB - Virtual size: 39KB

3e8d18bb71c7ebbda2ddc2a4bb03547b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 681B

.data Size: 512B - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 352B

80469f6834e579db68a646d49780b9d5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 1024B - Virtual size: 578B

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

File Characteristics

Imports

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

9c:41:25:7e:66:2b:31:db:5b:7d:1b:47:51:28:95:07
Certificate

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

e0:a1:72:e2:2c:6a:54:c3:b8:3b:c0:9f:53:ae:a0:52:70:68:c1:7a
Signer

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 128KB

.ndata
Size: - Virtual size: 176KB

.rsrc
Size: 39KB - Virtual size: 39KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 681B

.data
Size: 512B - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 352B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 1024B - Virtual size: 578B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 648B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 638B

.text
Size: 197KB - Virtual size: 197KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 10KB - Virtual size: 10KB

.text
Size: 197KB - Virtual size: 197KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 10KB - Virtual size: 10KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate