4823257b6e91618705a5f1459308365cd3392d2a5e9164e0318a5eee7173d717[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

4823257b6e91618705a5f1459308365cd3392d2a5e9164e0318a5eee7173d717.exe
Size

12.2MB
MD5

e426d3a221efae78fe3d82ce2175962d
SHA1

a808e727601fae49f6646461c9409e9236f9f6bd
SHA256

4823257b6e91618705a5f1459308365cd3392d2a5e9164e0318a5eee7173d717
SHA512

38af105b6d21957c79011abb6753ac180cc69cfcb9b336e917e8247493d251c567a98c5ede05102981b9935deef4de89ac363027bf70145b3eb3a8abe477cd15
SSDEEP

196608:OwZ6k5h5gRIz8KHZTuxIBTANp6GuYEFQT3Xhp+fLC/GffQtli1rOL5oFk2:bth5gmNVuWAp6GwFQTBp+VItA1rlFl

Score

10^/10

vmprotect

Malware Config

Signatures

Detects executables packed with VMProtect. 2 IoCs

Processes:

resource	yara_rule
static1/unpack001/XmlAnalysis.dll	INDICATOR_EXE_Packed_VMProtect
static1/unpack001/mobilelink.dll	INDICATOR_EXE_Packed_VMProtect

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/mobilelink.dll	vmprotect

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/7z/7z.dll
unpack001/7z/7z.exe
unpack001/audio/AudioDecoder.dll
unpack001/audio/AudioFilter.dll
unpack001/audio/AudioPlayer.dll

NSIS installer 2 IoCs

installer

Processes:

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

4823257b6e91618705a5f1459308365cd3392d2a5e9164e0318a5eee7173d717.exe
.exe windows:4 windows x86 arch:x86

59a4a44a250c4cf4f2d9de2b3fe5d95f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08-05-2015 00:00

Not After

06-06-2018 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

87:f8:f6:c9:8d:a5:e1:dc:dd:79:eb:0c:26:96:17:99:3a:b3:3b:62
Signer

Actual PE Digest

87:f8:f6:c9:8d:a5:e1:dc:dd:79:eb:0c:26:96:17:99:3a:b3:3b:62

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
SearchPathA
GetShortPathNameA
CreateFileA
GetFileSize
GetModuleFileNameA
ReadFile
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
Sleep
CloseHandle
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrlenA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrcpyA
lstrcatA
GetSystemDirectoryA
GetVersion
GetProcAddress
GlobalAlloc
CompareFileTime
SetFileTime
ExpandEnvironmentStringsA
lstrcmpiA
lstrcmpA
WaitForSingleObject
GlobalFree
GetExitCodeProcess
GetModuleHandleA
GetTempPathA
GetWindowsDirectoryA
LoadLibraryExA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
WriteFile
FindClose
WritePrivateProfileStringA
MultiByteToWideChar
MulDiv
GetPrivateProfileStringA
FreeLibrary

user32

CreateWindowExA
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
GetDC
SystemParametersInfoA
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
DestroyWindow
CreateDialogParamA
SetTimer
GetDlgItem
wsprintfA
SetForegroundWindow
ShowWindow
IsWindow
LoadImageA
SetWindowLongA
SetClipboardData
EmptyClipboard
OpenClipboard
EndPaint
PostQuitMessage
FindWindowExA
SendMessageTimeoutA
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

610235b90207a63ccf481f0d4375d329

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileIntA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileStringA
SetCurrentDirectoryA
GetModuleHandleA
lstrcmpiA
WritePrivateProfileStringA
lstrcatA
lstrcpynA
GlobalFree
lstrlenA
lstrcpyA
GlobalUnlock
GlobalAlloc
GlobalLock

user32

MapWindowPoints
PtInRect
CloseClipboard
LoadCursorA
GetDlgCtrlID
OpenClipboard
GetClientRect
SetWindowRgn
DrawFocusRect
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
DrawTextA
SetCursor
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
CallWindowProcA
PostMessageA
MessageBoxA
GetSysColor
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetWindowLongA
EnableMenuItem
GetSystemMenu
GetClipboardData
LoadIconA

gdi32

DeleteObject
CombineRgn
SetTextColor
GetDIBits
SelectObject
CreateRectRgn
GetObjectA
CreateCompatibleDC

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHGetDesktopFolder

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

154903d617e825e7d4f76664593675fd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetACP
lstrlenA
lstrcmpA
GetModuleHandleA
GlobalFree
MulDiv
lstrcpynA
GlobalAlloc
lstrcpyA

user32

SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
SetWindowTextA
LoadIconA
GetDC
ShowWindow
SendMessageA

gdi32

DeleteObject
CreateFontIndirectA
GetDeviceCaps

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SoftwareLog.dll
.dll windows:5 windows x86 arch:x86

b71a87db9d246a8923984da7950b48dc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08-05-2015 00:00

Not After

06-06-2018 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:4a:de:11:c1:2e:70:f5:3b:a0:39:01:cc:70:9c:24:33:5b:c7:5d
Signer

Actual PE Digest

21:4a:de:11:c1:2e:70:f5:3b:a0:39:01:cc:70:9c:24:33:5b:c7:5d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

r:\Users\APC\Documents\Visual Studio 2008\Projects\SoftwareLog\Debug\SoftwareLog.pdb

Imports

kernel32

GetTickCount
lstrlenA
GetVolumeInformationA
GetModuleHandleW
CreateThread
SetEnvironmentVariableA
CompareStringW
GetProcAddress
GetSystemInfo
GetVersionExW
GetComputerNameW
GetSystemDirectoryA
WideCharToMultiByte
CompareStringA
CreateFileA
CloseHandle
GetTimeZoneInformation
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
LCMapStringW
LCMapStringA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
GetStringTypeA
GetDateFormatA
GetTimeFormatA
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
RaiseException
GetCurrentThreadId
GetCommandLineA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
GetCurrentThread
DebugBreak
MultiByteToWideChar
LoadLibraryA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FatalAppExitA
HeapValidate
IsBadReadPtr
GetStdHandle
WriteFile
OutputDebugStringA
WriteConsoleW
GetFileType
OutputDebugStringW
Sleep
ExitProcess
SetConsoleCtrlHandler
LoadLibraryW
GetModuleFileNameA
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
HeapAlloc
GetProcessHeap
VirtualQuery
FreeLibrary
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
HeapSize
HeapReAlloc
VirtualAlloc
InterlockedExchange
GetLocaleInfoW
GetLocaleInfoA
InitializeCriticalSection

user32

GetSystemMetrics

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA

ole32

CoCreateGuid

ws2_32

WSACleanup
WSAStartup
gethostbyname
inet_ntoa

wininet

InternetGetConnectedState
InternetOpenA
InternetSetOptionW
HttpQueryInfoW
InternetReadFile
InternetCloseHandle
InternetOpenUrlA

winmm

timeGetTime

Exports

Exports

CreateExportObj
DestroyExportObj
NSISLog

Sections

.textbss
Size: - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
7z/7z.dll
.dll windows:4 windows x86 arch:x86

6121a49841bf6f5b3700c1ebbb28be41

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

CharPrevExA
CharPrevA
CharNextA
CharLowerW
CharLowerA
CharUpperW
CharUpperA

oleaut32

SysFreeString
SysAllocStringByteLen
VariantCopy
VariantClear
SysAllocString

msvcrt

_adjust_fdiv
_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
strcmp
memset
memcmp
_purecall
memmove
memcpy
__CxxFrameHandler
free
_CxxThrowException
malloc

kernel32

InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreA
ResetEvent
SetEvent
CreateEventA
WaitForSingleObject
VirtualFree
VirtualAlloc
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
FileTimeToLocalFileTime
DeleteCriticalSection
LocalFileTimeToFileTime
GetVersionExA
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
FileTimeToDosDateTime
DosDateTimeToFileTime
GetModuleHandleA
GetProcAddress
GetSystemInfo
CompareFileTime
WriteFile
ReadFile
MultiByteToWideChar
WideCharToMultiByte
GetLastError
CloseHandle
SetFileAttributesA
DeleteFileA
GetTempPathA
GetTempFileNameA
CreateFileA

Exports

Exports

CreateObject
GetHandlerProperty
GetHandlerProperty2
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetLargePageMode

Sections

.text
Size: 520KB - Virtual size: 520KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7z/7z.exe
.exe windows:5 windows x86 arch:x86

618f9c06c19f69085dd36e56c2f4e72d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\source code\7z465\CPP\7zip\UI\Console\Debug\7z.pdb

Imports

kernel32

LoadLibraryExW
LoadLibraryW
GetModuleFileNameA
GetModuleFileNameW
LocalFree
FormatMessageA
FormatMessageW
GetWindowsDirectoryA
GetSystemDirectoryA
GetWindowsDirectoryW
GetSystemDirectoryW
CloseHandle
SetFileTime
CreateFileW
SetLastError
SetFileAttributesA
RemoveDirectoryA
MoveFileA
SetFileAttributesW
RemoveDirectoryW
MoveFileW
CreateDirectoryA
GetLastError
CreateDirectoryW
DeleteFileA
DeleteFileW
GetShortPathNameA
lstrlenA
GetFullPathNameA
GetFullPathNameW
GetCurrentDirectoryA
SetCurrentDirectoryW
SetCurrentDirectoryA
GetCurrentDirectoryW
SearchPathA
SearchPathW
GetTempPathA
GetTempPathW
GetTempFileNameA
GetTempFileNameW
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindCloseChangeNotification
FindFirstChangeNotificationA
AreFileApisANSI
GetLogicalDriveStringsA
GetLogicalDriveStringsW
CreateFileA
GetFileSize
SetFilePointer
GetFileInformationByHandle
ReadFile
WriteFile
SetEndOfFile
GetCurrentProcess
GetProcAddress
CompareFileTime
FileTimeToSystemTime
GetSystemInfo
GlobalMemoryStatus
GetModuleHandleA
DosDateTimeToFileTime
FileTimeToDosDateTime
SystemTimeToFileTime
GetSystemTime
MultiByteToWideChar
WideCharToMultiByte
UnmapViewOfFile
OpenFileMappingA
MapViewOfFile
OpenEventA
GetDriveTypeA
GetStdHandle
GetTickCount
GetProcessTimes
VirtualAlloc
VirtualFree
WaitForSingleObject
CreateEventA
SetEvent
ResetEvent
CreateSemaphoreA
ReleaseSemaphore
InitializeCriticalSection
CompareStringW
CompareStringA
GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
LoadLibraryA
LoadLibraryExA
FreeLibrary
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetVersionExA
SetFileApisToOEM
GetCommandLineW
FileTimeToLocalFileTime
FindFirstChangeNotificationW
SetConsoleCtrlHandler
GetStringTypeW
GetStringTypeA
GetDateFormatA
GetTimeFormatA
GetConsoleOutputCP
WriteConsoleA
RaiseException
RtlUnwind
CreateThread
GetCurrentThreadId
ExitThread
GetCommandLineA
IsDebuggerPresent
DebugBreak
TlsGetValue
GetModuleHandleW
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
GetCurrentThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
ExitProcess
HeapValidate
IsBadReadPtr
SetHandleCount
GetFileType
GetStartupInfoA
FatalAppExitA
FlushFileBuffers
GetConsoleCP
GetConsoleMode
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
HeapAlloc
GetProcessHeap
VirtualQuery
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
GetLocaleInfoW
GetLocaleInfoA
InterlockedExchange
InitializeCriticalSectionAndSpinCount
HeapSize
HeapReAlloc
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
SetStdHandle
SetEnvironmentVariableA

user32

CharLowerW
CharLowerA
CharUpperW
CharPrevA
CharNextA
CharUpperA
CharToOemA

advapi32

RegQueryValueExA
RegSetValueExW
RegSetValueExA
RegDeleteValueW
RegDeleteValueA
RegEnumKeyExA
RegDeleteKeyA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExW

oleaut32

SysStringByteLen
VariantCopy
VariantClear
SysFreeString
SysAllocString

Sections

.textbss
Size: - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 798KB - Virtual size: 798KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CalcHashAB.dll
.dll windows:5 windows x86 arch:x86

54aa9d374bcf0090d1464f4737974cb2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08-05-2015 00:00

Not After

06-06-2018 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8b:6a:cb:8f:f8:ce:a8:5b:ba:b0:e9:3a:36:b5:b2:06:87:f2:84:98
Signer

Actual PE Digest

8b:6a:cb:8f:f8:ce:a8:5b:ba:b0:e9:3a:36:b5:b2:06:87:f2:84:98

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

P:\360data\重要数据\我的文档\Visual Studio 2008\Projects\CalcHashAB\Debug\CalcHashAB.pdb

Imports

kernel32

GetModuleHandleW
GetCurrentThreadId
GetCommandLineA
IsDebuggerPresent
RaiseException
DebugBreak
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
GetProcAddress
LoadLibraryA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
GetCurrentThread
HeapValidate
IsBadReadPtr
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameW
HeapAlloc
GetProcessHeap
VirtualQuery
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapSize
HeapReAlloc
VirtualAlloc
WriteFile
SetConsoleCtrlHandler
InterlockedExchange
InitializeCriticalSectionAndSpinCount
RtlUnwind
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
LoadLibraryW
GetTimeFormatA
GetDateFormatA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
LCMapStringA
LCMapStringW
GetLocaleInfoW
GetTimeZoneInformation
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA
CloseHandle
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA

Exports

Exports

CalcHashABData

Sections

.textbss
Size: - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 572KB - Virtual size: 572KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 524KB - Virtual size: 535KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Extxml2.dll
.dll windows:4 windows x86 arch:x86

1491d389848a4ecd93d4f1ad9e4afeb1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08-05-2015 00:00

Not After

06-06-2018 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:eb:db:6f:a1:39:c2:2f:c1:1c:e3:9c:45:f6:23:35:75:93:40:c6
Signer

Actual PE Digest

61:eb:db:6f:a1:39:c2:2f:c1:1c:e3:9c:45:f6:23:35:75:93:40:c6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

WSACleanup
inet_ntoa
__WSAFDIsSet
getsockopt
WSAGetLastError
WSAStartup
getsockname
bind
listen
gethostbyname
htons
socket
connect
send
select
recv
closesocket

iconv

libiconv
libiconv_open
libiconv_close

zlib1

inflateEnd
inflateInit2_
inflate
gzopen
gzdopen
gzread
gzwrite
gzclose
deflateEnd
crc32
deflateInit2_
deflate
gzdirect

kernel32

TlsGetValue
WaitForSingleObject
CloseHandle
CreateMutexA
GetModuleHandleA
GetModuleFileNameA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedCompareExchange
GetCurrentThreadId
TlsFree
Sleep
TlsAlloc
InterlockedIncrement
TlsSetValue
MultiByteToWideChar
GetProcAddress
FreeLibrary
LoadLibraryA
GetVersionExA
ReleaseMutex

msvcrt

_read
_close
_open
_adjust_fdiv
_initterm
_CIfmod
_CIpow
_write
_dup
_vsnprintf
fprintf
getenv
strncpy
_snprintf
_iob
fputc
fclose
fopen
sscanf
free
toupper
memmove
_errno
vfprintf
_getcwd
realloc
malloc
strchr
strncmp
strtol
fwrite
_wfopen
_wopen
strstr
_stat
_wstat
fread
fflush
printf
floor
_isnan
_fpclass

Exports

Exports

UTF8ToHtml
UTF8Toisolat1
__docbDefaultSAXHandler
__htmlDefaultSAXHandler
__oldXMLWDcompatibility
__xmlBufferAllocScheme
__xmlDefaultBufferSize
__xmlDefaultSAXHandler
__xmlDefaultSAXLocator
__xmlDeregisterNodeDefaultValue
__xmlDoValidityCheckingDefaultValue
__xmlErrEncoding
__xmlGenericError
__xmlGenericErrorContext
__xmlGetWarningsDefaultValue
__xmlIndentTreeOutput
__xmlKeepBlanksDefaultValue
__xmlLastError
__xmlLineNumbersDefaultValue
__xmlLoadExtDtdDefaultValue
__xmlOutputBufferCreateFilenameValue
__xmlParserDebugEntities
__xmlParserInputBufferCreateFilenameValue
__xmlParserVersion
__xmlPedanticParserDefaultValue
__xmlRaiseError
__xmlRegisterNodeDefaultValue
__xmlSaveNoEmptyTags
__xmlSimpleError
__xmlStructuredError
__xmlStructuredErrorContext
__xmlSubstituteEntitiesDefaultValue
__xmlTreeIndentString
attribute
attributeDecl
cdataBlock
characters
checkNamespace
comment
docbCreateFileParserCtxt
docbCreatePushParserCtxt
docbDefaultSAXHandlerInit
docbEncodeEntities
docbFreeParserCtxt
docbParseChunk
docbParseDoc
docbParseDocument
docbParseFile
docbSAXParseDoc
docbSAXParseFile
elementDecl
emptyExp
endDocument
endElement
entityDecl
externalSubset
forbiddenExp
getColumnNumber
getEntity
getLineNumber
getNamespace
getParameterEntity
getPublicId
getSystemId
globalNamespace
hasExternalSubset
hasInternalSubset
htmlAttrAllowed
htmlAutoCloseTag
htmlCreateFileParserCtxt
htmlCreateMemoryParserCtxt
htmlCreatePushParserCtxt
htmlCtxtReadDoc
htmlCtxtReadFd
htmlCtxtReadFile
htmlCtxtReadIO
htmlCtxtReadMemory
htmlCtxtReset
htmlCtxtUseOptions
htmlDefaultSAXHandlerInit
htmlDocContentDumpFormatOutput
htmlDocContentDumpOutput
htmlDocDump
htmlDocDumpMemory
htmlDocDumpMemoryFormat
htmlElementAllowedHere
htmlElementStatusHere
htmlEncodeEntities
htmlEntityLookup
htmlEntityValueLookup
htmlFreeParserCtxt
htmlGetMetaEncoding
htmlHandleOmittedElem
htmlInitAutoClose
htmlIsAutoClosed
htmlIsBooleanAttr
htmlIsScriptAttribute
htmlNewDoc
htmlNewDocNoDtD
htmlNewParserCtxt
htmlNodeDump
htmlNodeDumpFile
htmlNodeDumpFileFormat
htmlNodeDumpFormatOutput
htmlNodeDumpOutput
htmlNodeStatus
htmlParseCharRef
htmlParseChunk
htmlParseDoc
htmlParseDocument
htmlParseElement
htmlParseEntityRef
htmlParseFile
htmlReadDoc
htmlReadFd
htmlReadFile
htmlReadIO
htmlReadMemory
htmlSAXParseDoc
htmlSAXParseFile
htmlSaveFile
htmlSaveFileEnc
htmlSaveFileFormat
htmlSetMetaEncoding
htmlTagLookup
ignorableWhitespace
initGenericErrorDefaultFunc
initdocbDefaultSAXHandler
inithtmlDefaultSAXHandler
initxmlDefaultSAXHandler
inputPop
inputPush
internalSubset
isStandalone
isolat1ToUTF8
namePop
namePush
namespaceDecl
nodePop
nodePush
notationDecl
processingInstruction
reference
resolveEntity
setDocumentLocator
setNamespace
startDocument
startElement
unparsedEntityDecl
valuePop
valuePush
xlinkGetDefaultDetect
xlinkGetDefaultHandler
xlinkIsLink
xlinkSetDefaultDetect
xlinkSetDefaultHandler
xmlACatalogAdd
xmlACatalogDump
xmlACatalogRemove
xmlACatalogResolve
xmlACatalogResolvePublic
xmlACatalogResolveSystem
xmlACatalogResolveURI
xmlAddAttributeDecl
xmlAddChild
xmlAddChildList
xmlAddDocEntity
xmlAddDtdEntity
xmlAddElementDecl
xmlAddEncodingAlias
xmlAddID
xmlAddNextSibling
xmlAddNotationDecl
xmlAddPrevSibling
xmlAddRef
xmlAddSibling
xmlAllocOutputBuffer
xmlAllocParserInputBuffer
xmlAttrSerializeTxtContent
xmlAutomataCompile
xmlAutomataGetInitState
xmlAutomataIsDeterminist
xmlAutomataNewAllTrans
xmlAutomataNewCountTrans
xmlAutomataNewCountTrans2
xmlAutomataNewCountedTrans
xmlAutomataNewCounter
xmlAutomataNewCounterTrans
xmlAutomataNewEpsilon
xmlAutomataNewNegTrans
xmlAutomataNewOnceTrans
xmlAutomataNewOnceTrans2
xmlAutomataNewState
xmlAutomataNewTransition
xmlAutomataNewTransition2
xmlAutomataSetFinalState
xmlBoolToText
xmlBufferAdd
xmlBufferAddHead
xmlBufferCCat
xmlBufferCat
xmlBufferContent
xmlBufferCreate
xmlBufferCreateSize
xmlBufferCreateStatic
xmlBufferDump
xmlBufferEmpty
xmlBufferFree
xmlBufferGrow
xmlBufferLength
xmlBufferResize
xmlBufferSetAllocationScheme
xmlBufferShrink
xmlBufferWriteCHAR
xmlBufferWriteChar
xmlBufferWriteQuotedString
xmlBuildQName
xmlBuildRelativeURI
xmlBuildURI
xmlByteConsumed
xmlC14NDocDumpMemory
xmlC14NDocSave
xmlC14NDocSaveTo
xmlC14NExecute
xmlCanonicPath
xmlCatalogAdd
xmlCatalogAddLocal
xmlCatalogCleanup
xmlCatalogConvert
xmlCatalogDump
xmlCatalogFreeLocal
xmlCatalogGetDefaults
xmlCatalogGetPublic
xmlCatalogGetSystem
xmlCatalogIsEmpty
xmlCatalogLocalResolve
xmlCatalogLocalResolveURI
xmlCatalogRemove
xmlCatalogResolve
xmlCatalogResolvePublic
xmlCatalogResolveSystem
xmlCatalogResolveURI
xmlCatalogSetDebug
xmlCatalogSetDefaultPrefer
xmlCatalogSetDefaults
xmlCharEncCloseFunc
xmlCharEncFirstLine
xmlCharEncInFunc
xmlCharEncOutFunc
xmlCharInRange
xmlCharStrdup
xmlCharStrndup
xmlCheckFilename
xmlCheckHTTPInput
xmlCheckLanguageID
xmlCheckUTF8
xmlCheckVersion
xmlChildElementCount
xmlCleanupCharEncodingHandlers
xmlCleanupEncodingAliases
xmlCleanupGlobals
xmlCleanupInputCallbacks
xmlCleanupMemory
xmlCleanupOutputCallbacks
xmlCleanupParser
xmlCleanupPredefinedEntities
xmlCleanupThreads
xmlClearNodeInfoSeq
xmlClearParserCtxt
xmlConvertSGMLCatalog
xmlCopyAttributeTable
xmlCopyChar
xmlCopyCharMultiByte
xmlCopyDoc
xmlCopyDocElementContent
xmlCopyDtd
xmlCopyElementContent
xmlCopyElementTable
xmlCopyEntitiesTable
xmlCopyEnumeration
xmlCopyError
xmlCopyNamespace
xmlCopyNamespaceList
xmlCopyNode
xmlCopyNodeList
xmlCopyNotationTable
xmlCopyProp
xmlCopyPropList
xmlCreateDocParserCtxt
xmlCreateEntitiesTable
xmlCreateEntityParserCtxt
xmlCreateEnumeration
xmlCreateFileParserCtxt
xmlCreateIOParserCtxt
xmlCreateIntSubset
xmlCreateMemoryParserCtxt
xmlCreatePushParserCtxt
xmlCreateURI
xmlCreateURLParserCtxt
xmlCtxtGetLastError
xmlCtxtReadDoc
xmlCtxtReadFd
xmlCtxtReadFile
xmlCtxtReadIO
xmlCtxtReadMemory
xmlCtxtReset
xmlCtxtResetLastError
xmlCtxtResetPush
xmlCtxtUseOptions
xmlCurrentChar
xmlDOMWrapAdoptNode
xmlDOMWrapCloneNode
xmlDOMWrapFreeCtxt
xmlDOMWrapNewCtxt
xmlDOMWrapReconcileNamespaces
xmlDOMWrapRemoveNode
xmlDebugCheckDocument
xmlDebugDumpAttr
xmlDebugDumpAttrList
xmlDebugDumpDTD
xmlDebugDumpDocument
xmlDebugDumpDocumentHead
xmlDebugDumpEntities
xmlDebugDumpNode
xmlDebugDumpNodeList
xmlDebugDumpOneNode
xmlDebugDumpString
xmlDecodeEntities
xmlDefaultSAXHandlerInit
xmlDelEncodingAlias
xmlDeregisterNodeDefault
xmlDetectCharEncoding
xmlDictCleanup
xmlDictCreate
xmlDictCreateSub
xmlDictExists
xmlDictFree
xmlDictLookup
xmlDictOwns
xmlDictQLookup
xmlDictReference
xmlDictSize
xmlDocCopyNode
xmlDocCopyNodeList
xmlDocDump
xmlDocDumpFormatMemory
xmlDocDumpFormatMemoryEnc
xmlDocDumpMemory
xmlDocDumpMemoryEnc
xmlDocFormatDump
xmlDocGetRootElement
xmlDocSetRootElement
xmlDumpAttributeDecl
xmlDumpAttributeTable
xmlDumpElementDecl
xmlDumpElementTable
xmlDumpEntitiesTable
xmlDumpEntityDecl
xmlDumpNotationDecl
xmlDumpNotationTable
xmlElemDump
xmlEncodeEntities
xmlEncodeEntitiesReentrant
xmlEncodeSpecialChars
xmlErrMemory
xmlExpCtxtNbCons
xmlExpCtxtNbNodes
xmlExpDump
xmlExpExpDerive
xmlExpFree
xmlExpFreeCtxt
xmlExpGetLanguage
xmlExpGetStart
xmlExpIsNillable
xmlExpMaxToken
xmlExpNewAtom
xmlExpNewCtxt
xmlExpNewOr
xmlExpNewRange
xmlExpNewSeq
xmlExpParse
xmlExpRef
xmlExpStringDerive
xmlExpSubsume
xmlFileClose
xmlFileMatch
xmlFileOpen
xmlFileRead
xmlFindCharEncodingHandler
xmlFirstElementChild
xmlFree
xmlFreeAttributeTable
xmlFreeAutomata
xmlFreeCatalog
xmlFreeDoc
xmlFreeDocElementContent
xmlFreeDtd
xmlFreeElementContent
xmlFreeElementTable
xmlFreeEntitiesTable
xmlFreeEnumeration
xmlFreeIDTable
xmlFreeInputStream
xmlFreeMutex
xmlFreeNode
xmlFreeNodeList
xmlFreeNotationTable
xmlFreeNs
xmlFreeNsList
xmlFreeParserCtxt
xmlFreeParserInputBuffer
xmlFreePattern
xmlFreePatternList
xmlFreeProp
xmlFreePropList
xmlFreeRMutex
xmlFreeRefTable
xmlFreeStreamCtxt
xmlFreeTextReader
xmlFreeTextWriter
xmlFreeURI
xmlFreeValidCtxt
xmlGcMemGet
xmlGcMemSetup
xmlGetBufferAllocationScheme
xmlGetCharEncodingHandler
xmlGetCharEncodingName
xmlGetCompressMode
xmlGetDocCompressMode
xmlGetDocEntity
xmlGetDtdAttrDesc
xmlGetDtdElementDesc
xmlGetDtdEntity
xmlGetDtdNotationDesc
xmlGetDtdQAttrDesc
xmlGetDtdQElementDesc
xmlGetEncodingAlias
xmlGetExternalEntityLoader
xmlGetFeature
xmlGetFeaturesList
xmlGetGlobalState
xmlGetID
xmlGetIntSubset
xmlGetLastChild
xmlGetLastError
xmlGetLineNo
xmlGetNoNsProp
xmlGetNodePath
xmlGetNsList
xmlGetNsProp
xmlGetParameterEntity
xmlGetPredefinedEntity
xmlGetProp
xmlGetRefs
xmlGetThreadId
xmlGetUTF8Char
xmlHandleEntity
xmlHasFeature
xmlHasNsProp
xmlHasProp
xmlHashAddEntry
xmlHashAddEntry2
xmlHashAddEntry3
xmlHashCopy
xmlHashCreate
xmlHashCreateDict
xmlHashFree
xmlHashLookup
xmlHashLookup2
xmlHashLookup3
xmlHashQLookup
xmlHashQLookup2
xmlHashQLookup3
xmlHashRemoveEntry
xmlHashRemoveEntry2
xmlHashRemoveEntry3
xmlHashScan
xmlHashScan3
xmlHashScanFull
xmlHashScanFull3
xmlHashSize
xmlHashUpdateEntry
xmlHashUpdateEntry2
xmlHashUpdateEntry3
xmlIOFTPClose
xmlIOFTPMatch
xmlIOFTPOpen
xmlIOFTPRead
xmlIOHTTPClose
xmlIOHTTPMatch
xmlIOHTTPOpen
xmlIOHTTPOpenW
xmlIOHTTPRead
xmlIOParseDTD
xmlInitCharEncodingHandlers
xmlInitGlobals
xmlInitMemory
xmlInitNodeInfoSeq
xmlInitParser
xmlInitParserCtxt

Sections

.text
Size: 737KB - Virtual size: 737KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FatOperate.dll
.dll windows:4 windows x86 arch:x86

81ce694558e5d77bc2fe8cd5ae38fb35

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08-05-2015 00:00

Not After

06-06-2018 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

86:f8:0c:2a:79:1c:35:55:26:0b:0c:6d:93:4d:88:f7:f8:13:63:17
Signer

Actual PE Digest

86:f8:0c:2a:79:1c:35:55:26:0b:0c:6d:93:4d:88:f7:f8:13:63:17

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

initialize

ord28
ord10

saveoperate

ord4

kernel32

EnterCriticalSection
Sleep
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
RtlUnwind
RaiseException
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetLastError
ReadFile
WriteFile
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FlushFileBuffers
HeapSize
WideCharToMultiByte
LCMapStringA
LCMapStringW
CloseHandle
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetCPInfo
SetStdHandle
GetStringTypeA
GetStringTypeW
CreateFileW
GetACP
GetOEMCP
LoadLibraryA
IsBadReadPtr
IsBadCodePtr
SetEndOfFile

Exports

Exports

check_fat_format_save_data
fat_exit
fat_fmtRec_exit
fat_fmtRec_init
fat_fmtRec_readfile
fat_fmtRec_search
fat_fmtStop
fat_init
fat_open_dir
fat_readfile
fat_searchfile
fat_searchfile_dir
fat_show
free_fat_file_info
get_fat_del_info_to_save
get_folder_info
read_scan_result_fat
save_scan_result_fat
set_fat_del_info_to_save

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FileHash.dll
.dll windows:5 windows x86 arch:x86

333a010f395de6046034e510d683bfdf

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08-05-2015 00:00

Not After

06-06-2018 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

89:da:89:e7:f4:62:c1:e0:c0:79:98:56:1c:53:3a:92:29:84:a0:8d
Signer

Actual PE Digest

89:da:89:e7:f4:62:c1:e0:c0:79:98:56:1c:53:3a:92:29:84:a0:8d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\code\backup\MSResampler-master\FileHash\Debug\FileHash.pdb

Imports

sqlite3

sqlite3_open
sqlite3_prepare
sqlite3_step
sqlite3_column_text
sqlite3_finalize
sqlite3_exec
sqlite3_last_insert_rowid
sqlite3_column_int
sqlite3_mprintf
sqlite3_free
sqlite3_close

user32

wsprintfW

ole32

CoCreateGuid

kernel32

TlsFree
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTimeZoneInformation
GetLocaleInfoW
CreateFileA
SetEndOfFile
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoA
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
RaiseException
GetCurrentThreadId
GetCommandLineA
HeapValidate
IsBadReadPtr
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetLastError
CloseHandle
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
DebugBreak
lstrlenA
GetProcAddress
LoadLibraryA
WriteFile
GetConsoleCP
GetConsoleMode
TlsGetValue
GetModuleHandleW
TlsAlloc
TlsSetValue
SetLastError
GetCurrentThread
FatalAppExitA
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
SetConsoleCtrlHandler
FlushFileBuffers
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
LoadLibraryW
SetStdHandle
InitializeCriticalSectionAndSpinCount
CreateFileW
GetProcessHeap
VirtualQuery
FreeLibrary
WriteConsoleA
GetConsoleOutputCP
LCMapStringA
LCMapStringW

Exports

Exports

WriteHash
WriteHashIos10
addsms_sqlite

Sections

.textbss
Size: - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 418KB - Virtual size: 418KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FreeImage.dll
.dll windows:6 windows x86 arch:x86

b2c30533d01b5ae7b5337e0921329f5c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08-05-2015 00:00

Not After

06-06-2018 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

83:71:56:f5:b0:0d:a5:c5:cf:d4:b2:0f:38:d5:7b:0d:32:e1:6f:79
Signer

Actual PE Digest

83:71:56:f5:b0:0d:a5:c5:cf:d4:b2:0f:38:d5:7b:0d:32:e1:6f:79

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

ntohs
ntohl
htons
htonl

kernel32

GetCurrentProcess
SetEndOfFile
SetEnvironmentVariableA
WriteConsoleW
FreeLibrary
GetModuleFileNameW
GetCurrentDirectoryW
GetProcAddress
LoadLibraryA
SetCurrentDirectoryW
IsBadReadPtr
OutputDebugStringA
DeleteFileA
GetTempPathA
GetTempFileNameA
ExitProcess
CreateFileA
GetFileSizeEx
CloseHandle
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
DebugBreak
WideCharToMultiByte
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetStringTypeW
GetLastError
HeapFree
HeapAlloc
ReadFile
HeapReAlloc
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FindClose
RtlUnwind
AreFileApisANSI
GetCommandLineA
GetCurrentThreadId
GetModuleHandleExW
IsProcessorFeaturePresent
FindFirstFileExW
GetDriveTypeW
RaiseException
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap
GetStdHandle
WriteFile
HeapSize
IsDebuggerPresent
IsValidCodePage
GetACP
GetOEMCP
GetConsoleMode
ReadConsoleW
GetConsoleCP
SetFilePointerEx
GetFileType
FindNextFileW
DeleteFileW
MoveFileExW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW
FlushFileBuffers
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
GetFullPathNameW
CreateFileW
GetTimeZoneInformation
OutputDebugStringW
SetStdHandle

Exports

Exports

FreeImage_OutputMessageProc
_FreeImage_AcquireMemory@12
_FreeImage_AdjustBrightness@12
_FreeImage_AdjustColors@32
_FreeImage_AdjustContrast@12
_FreeImage_AdjustCurve@12
_FreeImage_AdjustGamma@12
_FreeImage_Allocate@24
_FreeImage_AllocateEx@36
_FreeImage_AllocateExT@40
_FreeImage_AllocateHeader@28
_FreeImage_AllocateHeaderForBits@36
_FreeImage_AllocateHeaderT@32
_FreeImage_AllocateT@28
_FreeImage_AppendPage@8
_FreeImage_ApplyColorMapping@24
_FreeImage_ApplyPaletteIndexMapping@20
_FreeImage_Clone@4
_FreeImage_CloneMetadata@8
_FreeImage_CloneTag@4
_FreeImage_CloseMemory@4
_FreeImage_CloseMultiBitmap@8
_FreeImage_ColorQuantize@8
_FreeImage_ColorQuantizeEx@20
_FreeImage_Composite@16
_FreeImage_ConvertFromRawBits@36
_FreeImage_ConvertFromRawBitsEx@44
_FreeImage_ConvertLine16To24_555@12
_FreeImage_ConvertLine16To24_565@12
_FreeImage_ConvertLine16To32_555@12
_FreeImage_ConvertLine16To32_565@12
_FreeImage_ConvertLine16To4_555@12
_FreeImage_ConvertLine16To4_565@12
_FreeImage_ConvertLine16To8_555@12
_FreeImage_ConvertLine16To8_565@12
_FreeImage_ConvertLine16_555_To16_565@12
_FreeImage_ConvertLine16_565_To16_555@12
_FreeImage_ConvertLine1To16_555@16
_FreeImage_ConvertLine1To16_565@16
_FreeImage_ConvertLine1To24@16
_FreeImage_ConvertLine1To32@16
_FreeImage_ConvertLine1To4@12
_FreeImage_ConvertLine1To8@12
_FreeImage_ConvertLine24To16_555@12
_FreeImage_ConvertLine24To16_565@12
_FreeImage_ConvertLine24To32@12
_FreeImage_ConvertLine24To4@12
_FreeImage_ConvertLine24To8@12
_FreeImage_ConvertLine32To16_555@12
_FreeImage_ConvertLine32To16_565@12
_FreeImage_ConvertLine32To24@12
_FreeImage_ConvertLine32To4@12
_FreeImage_ConvertLine32To8@12
_FreeImage_ConvertLine4To16_555@16
_FreeImage_ConvertLine4To16_565@16
_FreeImage_ConvertLine4To24@16
_FreeImage_ConvertLine4To32@16
_FreeImage_ConvertLine4To8@12
_FreeImage_ConvertLine8To16_555@16
_FreeImage_ConvertLine8To16_565@16
_FreeImage_ConvertLine8To24@16
_FreeImage_ConvertLine8To32@16
_FreeImage_ConvertLine8To4@16
_FreeImage_ConvertTo16Bits555@4
_FreeImage_ConvertTo16Bits565@4
_FreeImage_ConvertTo24Bits@4
_FreeImage_ConvertTo32Bits@4
_FreeImage_ConvertTo4Bits@4
_FreeImage_ConvertTo8Bits@4
_FreeImage_ConvertToFloat@4
_FreeImage_ConvertToGreyscale@4
_FreeImage_ConvertToRGB16@4
_FreeImage_ConvertToRGBA16@4
_FreeImage_ConvertToRGBAF@4
_FreeImage_ConvertToRGBF@4
_FreeImage_ConvertToRawBits@32
_FreeImage_ConvertToStandardType@8
_FreeImage_ConvertToType@12
_FreeImage_ConvertToUINT16@4
_FreeImage_Copy@20
_FreeImage_CreateICCProfile@12
_FreeImage_CreateTag@0
_FreeImage_CreateView@20
_FreeImage_DeInitialise@0
_FreeImage_DeletePage@8
_FreeImage_DeleteTag@4
_FreeImage_DestroyICCProfile@4
_FreeImage_Dither@8
_FreeImage_EnlargeCanvas@28
_FreeImage_FIFSupportsExportBPP@8
_FreeImage_FIFSupportsExportType@8
_FreeImage_FIFSupportsICCProfiles@4
_FreeImage_FIFSupportsNoPixels@4
_FreeImage_FIFSupportsReading@4
_FreeImage_FIFSupportsWriting@4
_FreeImage_FillBackground@12
_FreeImage_FindCloseMetadata@4
_FreeImage_FindFirstMetadata@12
_FreeImage_FindNextMetadata@8
_FreeImage_FlipHorizontal@4
_FreeImage_FlipVertical@4
_FreeImage_GetAdjustColorsLookupTable@32
_FreeImage_GetBPP@4
_FreeImage_GetBackgroundColor@8
_FreeImage_GetBits@4
_FreeImage_GetBlueMask@4
_FreeImage_GetChannel@8
_FreeImage_GetColorType@4
_FreeImage_GetColorsUsed@4
_FreeImage_GetComplexChannel@8
_FreeImage_GetCopyrightMessage@0
_FreeImage_GetDIBSize@4
_FreeImage_GetDotsPerMeterX@4
_FreeImage_GetDotsPerMeterY@4
_FreeImage_GetFIFCount@0
_FreeImage_GetFIFDescription@4
_FreeImage_GetFIFExtensionList@4
_FreeImage_GetFIFFromFilename@4
_FreeImage_GetFIFFromFilenameU@4
_FreeImage_GetFIFFromFormat@4
_FreeImage_GetFIFFromMime@4
_FreeImage_GetFIFMimeType@4
_FreeImage_GetFIFRegExpr@4
_FreeImage_GetFileType@8
_FreeImage_GetFileTypeFromHandle@12
_FreeImage_GetFileTypeFromMemory@8
_FreeImage_GetFileTypeU@8
_FreeImage_GetFormatFromFIF@4
_FreeImage_GetGreenMask@4
_FreeImage_GetHeight@4
_FreeImage_GetHistogram@12
_FreeImage_GetICCProfile@4
_FreeImage_GetImageType@4
_FreeImage_GetInfo@4
_FreeImage_GetInfoHeader@4
_FreeImage_GetLine@4
_FreeImage_GetLockedPageNumbers@12
_FreeImage_GetMemorySize@4
_FreeImage_GetMetadata@16
_FreeImage_GetMetadataCount@8
_FreeImage_GetPageCount@4
_FreeImage_GetPalette@4
_FreeImage_GetPitch@4
_FreeImage_GetPixelColor@16
_FreeImage_GetPixelIndex@16
_FreeImage_GetRedMask@4
_FreeImage_GetScanLine@8
_FreeImage_GetTagCount@4
_FreeImage_GetTagDescription@4
_FreeImage_GetTagID@4
_FreeImage_GetTagKey@4
_FreeImage_GetTagLength@4
_FreeImage_GetTagType@4
_FreeImage_GetTagValue@4
_FreeImage_GetThumbnail@4
_FreeImage_GetTransparencyCount@4
_FreeImage_GetTransparencyTable@4
_FreeImage_GetTransparentIndex@4
_FreeImage_GetVersion@0
_FreeImage_GetWidth@4
_FreeImage_HasBackgroundColor@4
_FreeImage_HasPixels@4
_FreeImage_HasRGBMasks@4
_FreeImage_Initialise@4
_FreeImage_InsertPage@12
_FreeImage_Invert@4
_FreeImage_IsLittleEndian@0
_FreeImage_IsPluginEnabled@4
_FreeImage_IsTransparent@4
_FreeImage_JPEGCrop@24
_FreeImage_JPEGCropU@24
_FreeImage_JPEGTransform@16
_FreeImage_JPEGTransformCombined@32
_FreeImage_JPEGTransformCombinedFromMemory@32
_FreeImage_JPEGTransformCombinedU@32
_FreeImage_JPEGTransformFromHandle@40
_FreeImage_JPEGTransformU@16
_FreeImage_Load@12
_FreeImage_LoadFromHandle@16
_FreeImage_LoadFromMemory@12
_FreeImage_LoadMultiBitmapFromMemory@12
_FreeImage_LoadU@12
_FreeImage_LockPage@8
_FreeImage_LookupSVGColor@16
_FreeImage_LookupX11Color@16
_FreeImage_MakeThumbnail@12
_FreeImage_MovePage@12
_FreeImage_MultigridPoissonSolver@8
_FreeImage_OpenMemory@8
_FreeImage_OpenMultiBitmap@24
_FreeImage_OpenMultiBitmapFromHandle@16
_FreeImage_Paste@20
_FreeImage_PreMultiplyWithAlpha@4
_FreeImage_ReadMemory@16
_FreeImage_RegisterExternalPlugin@20
_FreeImage_RegisterLocalPlugin@20
_FreeImage_Rescale@16
_FreeImage_RescaleRect@36
_FreeImage_Rotate@16
_FreeImage_RotateClassic@12
_FreeImage_RotateEx@48
_FreeImage_Save@16
_FreeImage_SaveMultiBitmapToHandle@20
_FreeImage_SaveMultiBitmapToMemory@16
_FreeImage_SaveToHandle@20
_FreeImage_SaveToMemory@16
_FreeImage_SaveU@16
_FreeImage_SeekMemory@12
_FreeImage_SetBackgroundColor@8
_FreeImage_SetChannel@12
_FreeImage_SetComplexChannel@12
_FreeImage_SetDotsPerMeterX@8
_FreeImage_SetDotsPerMeterY@8
_FreeImage_SetMetadata@16
_FreeImage_SetMetadataKeyValue@16
_FreeImage_SetOutputMessage@4
_FreeImage_SetOutputMessageStdCall@4
_FreeImage_SetPixelColor@16
_FreeImage_SetPixelIndex@16
_FreeImage_SetPluginEnabled@8
_FreeImage_SetTagCount@8
_FreeImage_SetTagDescription@8
_FreeImage_SetTagID@8
_FreeImage_SetTagKey@8
_FreeImage_SetTagLength@8
_FreeImage_SetTagType@8
_FreeImage_SetTagValue@8
_FreeImage_SetThumbnail@8
_FreeImage_SetTransparencyTable@12
_FreeImage_SetTransparent@8
_FreeImage_SetTransparentIndex@8
_FreeImage_SwapColors@16
_FreeImage_SwapPaletteIndices@12
_FreeImage_TagToString@12
_FreeImage_TellMemory@4
_FreeImage_Threshold@8
_FreeImage_TmoDrago03@20
_FreeImage_TmoFattal02@20
_FreeImage_TmoReinhard05@20
_FreeImage_TmoReinhard05Ex@36
_FreeImage_ToneMapping@24
_FreeImage_Unload@4
_FreeImage_UnlockPage@12
_FreeImage_WriteMemory@16
_FreeImage_ZLibCRC32@12
_FreeImage_ZLibCompress@16
_FreeImage_ZLibGUnzip@16
_FreeImage_ZLibGZip@16
_FreeImage_ZLibUncompress@16

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InfoReport.dll
.dll windows:5 windows x86 arch:x86

0c38f4087e26f668f9118527b146fc5a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08-05-2015 00:00

Not After

06-06-2018 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:58:d0:e3:a9:72:fe:74:45:cb:94:43:5c:b2:56:c3:88:0f:66:ad
Signer

Actual PE Digest

69:58:d0:e3:a9:72:fe:74:45:cb:94:43:5c:b2:56:c3:88:0f:66:ad

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

t:\svn\CSmtp_v1_8a\Debug\CSmtp.pdb

Imports

ws2_32

gethostname
send
recv
ntohs
htons
socket
getservbyname
inet_addr
gethostbyname
ioctlsocket
connect
WSAGetLastError
select
__WSAFDIsSet
closesocket
WSAStartup
WSACleanup

kernel32

LoadLibraryA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetLocaleInfoW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
SetStdHandle
InitializeCriticalSectionAndSpinCount
FreeLibrary
VirtualQuery
GetProcessHeap
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoA
InterlockedIncrement
InterlockedDecrement
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
RaiseException
WriteConsoleW
GetFileType
GetStdHandle
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
HeapValidate
IsBadReadPtr
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
GetLastError
LCMapStringW
GetCPInfo
GetProcAddress
TlsGetValue
GetModuleHandleW
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
DebugBreak
lstrlenA
GetACP
GetOEMCP
IsValidCodePage
FatalAppExitA
WriteFile
OutputDebugStringA
OutputDebugStringW
ExitProcess
SetConsoleCtrlHandler
LoadLibraryW
CloseHandle
SetFilePointer
ReadFile
GetTimeZoneInformation
SetHandleCount
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
GetTimeFormatA
GetDateFormatA
GetStringTypeA
GetStringTypeW

Exports

Exports

?SendInfoReport@@YAHPBD00QAPBD@Z

Sections

.textbss
Size: - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 527KB - Virtual size: 527KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Initialize.dll
.dll windows:4 windows x86 arch:x86

c503d26ec8eceafb1a053e2fbefe4d0b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08-05-2015 00:00

Not After

06-06-2018 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ea:03:2b:83:7c:bd:de:00:32:e9:d8:8e:1c:06:cb:06:5f:c3:56:b8
Signer

Actual PE Digest

ea:03:2b:83:7c:bd:de:00:32:e9:d8:8e:1c:06:cb:06:5f:c3:56:b8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile
DeviceIoControl
CreateFileA
GetProcAddress
GetModuleHandleA
GetLastError
GetFileSize
SetFilePointer
GetDiskFreeSpaceExA
GetDriveTypeA
CloseHandle
WriteFile
FlushFileBuffers
EnterCriticalSection
Sleep
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
GetCommandLineA
GetVersion
RtlUnwind
RaiseException
FatalAppExitA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
UnhandledExceptionFilter
GetACP
GetOEMCP
LoadLibraryA
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetConsoleCtrlHandler
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA

Exports

Exports

AddFoundFileCallBack
Add_Partition_List
ExportsData
FreeDiskOpera_Partition
Free_List
Free_Par
FullDevStruct
FullDevStruct_exit
FullPartitionBlock
FullPartitionBlock_exit
Full_Part_Struct
GetDiskOpera_Partition
Get_GlobOffset
Get_MAC_Type
Get_RAID_Disk
GlobPointer
GlobPointerPartiton
Init_GTP_DataOffset
Inquiry_Device_List
Inquiry_Partiton_List
Part_Head
RemoveFoundFileCallBack
RemoveList
Restore_LostDisk_Data
_Is_DiskParType
g_callbackVec
get_ExportsData
get_blocksize
m_GlobalRAID
search_EXFAT
search_EXT2
search_FAT
search_HFS
search_HFSP
search_NTFS
set_ExportsData
test_EXFAT
test_FAT
test_NTFS

Sections

.text
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LibSearchFileName.dll
.dll windows:5 windows x86 arch:x86

8650898c76cd44710b07c9dcd7754ae1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08-05-2015 00:00

Not After

06-06-2018 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

88:eb:9d:a5:48:19:d8:f1:36:57:29:19:51:58:9c:9c:4a:6f:d1:22
Signer

Actual PE Digest

88:eb:9d:a5:48:19:d8:f1:36:57:29:19:51:58:9c:9c:4a:6f:d1:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

K:\IPhone3GS_Recovery\trunk\components\LibSearchFileName\lib\Release\LibSearchFileName.pdb

Imports

kernel32

CreateEventW
InitializeCriticalSection
DeleteCriticalSection
WideCharToMultiByte
EnterCriticalSection
ResetEvent
WaitForSingleObject
LeaveCriticalSection
MultiByteToWideChar
SetEvent
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
HeapAlloc
RaiseException
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
HeapSize
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

?CreateFilterObj@@YAPAVIFilterMgr@@W4tagFilterStrategy@@@Z
?FreeFilterObj@@YAXPAVIFilterMgr@@@Z

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
License.txt
NamePipe.dll
.dll windows:6 windows x86 arch:x86

7b7314789e434e80e57c55304e528450

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08-05-2015 00:00

Not After

06-06-2018 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:fb:25:9a:56:df:e2:c3:5f:7b:9b:50:5f:0e:54:c9:1b:41:a2:b2
Signer

Actual PE Digest

2d:fb:25:9a:56:df:e2:c3:5f:7b:9b:50:5f:0e:54:c9:1b:41:a2:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\svn\iPhoneclean\Release\NamePipe.pdb

Imports

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

kernel32

WideCharToMultiByte
CloseHandle
ConnectNamedPipe
GetLastError
CreateFileW
SetNamedPipeHandleState
WaitNamedPipeW
CreateNamedPipeW
DisconnectNamedPipe
FlushFileBuffers
ReadFile
WriteFile
EncodePointer
DecodePointer
GetCommandLineA
GetCurrentThreadId
RaiseException
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
HeapFree
HeapAlloc
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
HeapSize
SetLastError
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
HeapReAlloc
LCMapStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
OutputDebugStringW
GetStringTypeW
SetStdHandle
WriteConsoleW

Exports

Exports

ClientPipeNew
PipeDelete
ServerPipeNew

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NtfsOperate.dll
.dll windows:4 windows x86 arch:x86

14fdc35f0afa2fdd155ceab3a6ff934b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08-05-2015 00:00

Not After

06-06-2018 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b9:fd:23:ea:31:04:5a:4b:d4:a0:f9:5a:6f:8c:b0:c3:89:4a:75:b1
Signer

Actual PE Digest

b9:fd:23:ea:31:04:5a:4b:d4:a0:f9:5a:6f:8c:b0:c3:89:4a:75:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

initialize

ord10
ord28

saveoperate

ord4

kernel32

SetEnvironmentVariableA
CompareStringW
EnterCriticalSection
Sleep
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
HeapFree
RtlUnwind
HeapReAlloc
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
RaiseException
FatalAppExitA
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
WideCharToMultiByte
LCMapStringA
LCMapStringW
GetProcAddress
GetLastError
CloseHandle
FlushFileBuffers
WriteFile
HeapSize
ReadFile
SetFilePointer
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetStringTypeW
SetStdHandle
CreateFileW
UnhandledExceptionFilter
GetACP
GetOEMCP
LoadLibraryA
IsBadReadPtr
IsBadCodePtr
SetConsoleCtrlHandler
SetEndOfFile
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA

Exports

Exports

Initi_Ntfs_InFo
NTFS_Free_File_Info
NTFS_Free_Format_Info
NTFS_Free_Glod_Exit
Nfst_GetFormat_NameParentID
Ntfs_Decode_Run
Ntfs_Fat_Cmp
Ntfs_Find_Attribute
Ntfs_Format_BlockSize
Ntfs_Get_Data
Ntfs_Get_Del_File
Ntfs_Get_FlieSize
Ntfs_Get_MFTID
Ntfs_Get_NameParentID
Ntfs_Open_Dir
Ntfs_RWfile_Set
Ntfs_Read_ForMat_Data
Ntfs_Release_Attribute_Context
Search_Ntfs_InFo
Shwo_Ntfs_Dir
_Get_ExternUse
_Set_ExternUse
__Ntfs_list
check_ntfs_format_save_data
get_ntfs_format_info_from_save
read_scan_result_ntfs
save_scan_result_ntfs
set_info
set_ntfs_foramt_info_to_save
set_ntfs_operate

Sections

.text
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RecoveryPhoto.dll
.dll windows:5 windows x86 arch:x86

c61dfd9bf704e9c479ca115fb036082e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08-05-2015 00:00

Not After

06-06-2018 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:ef:32:42:6c:22:6a:a8:bb:5d:76:7f:10:65:2d:c6:19:30:33:50
Signer

Actual PE Digest

0c:ef:32:42:6c:22:6a:a8:bb:5d:76:7f:10:65:2d:c6:19:30:33:50

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

M:\360data\重要数据\我的文档\Visual Studio 2008\Projects\uuid\Debug\RecoveryPhoto.pdb

Imports

sqlite3

sqlite3_open
sqlite3_mprintf
sqlite3_prepare
sqlite3_step
sqlite3_column_int
sqlite3_finalize
sqlite3_free
sqlite3_close

kernel32

GetModuleFileNameA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTimeZoneInformation
GetLocaleInfoW
SetEndOfFile
CreateFileA
GetUserDefaultLCID
WideCharToMultiByte
GetLastError
CreateDirectoryW
GetCurrentThreadId
GetCommandLineA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
HeapValidate
IsBadReadPtr
GetModuleFileNameW
IsDebuggerPresent
RaiseException
DebugBreak
MultiByteToWideChar
lstrlenA
GetProcAddress
LoadLibraryA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WriteFile
GetConsoleCP
GetConsoleMode
CloseHandle
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
RtlUnwind
TlsGetValue
GetModuleHandleW
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
Sleep
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
SetConsoleCtrlHandler
LoadLibraryW
GetProcessHeap
VirtualQuery
FreeLibrary
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
FlushFileBuffers
CreateFileW
InterlockedExchange
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
IsValidLocale
EnumSystemLocalesA

Exports

Exports

RecoveryPhoto

Sections

.textbss
Size: - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 386KB - Virtual size: 386KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Reiboot.dll
.dll windows:5 windows x86 arch:x86

93971598157d73119f2e1d905fb919aa

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08-05-2015 00:00

Not After

06-06-2018 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

43:76:fd:0a:f7:f8:40:2f:5b:89:c1:79:cf:2d:5d:ce:f8:53:94:01
Signer

Actual PE Digest

43:76:fd:0a:f7:f8:40:2f:5b:89:c1:79:cf:2d:5d:ce:f8:53:94:01

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

R:\jiaojie\jiaojie\Reiboot\libReiboot_win\Release\Reiboot.pdb

Imports

kernel32

GetEnvironmentVariableW
LoadLibraryW
GetProcAddress
GetLastError
HeapFree
HeapAlloc
WideCharToMultiByte
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetConsoleCP
GetConsoleMode
SetEnvironmentVariableA
SetEnvironmentVariableW
CloseHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
CompareStringW
CreateFileA
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
FlushFileBuffers
HeapSize
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetEndOfFile
GetProcessHeap
ReadFile
CompareStringA

Exports

Exports

FreeDeviceInfo
GetDeviceInfo
IsWiFiConnect
device_connect
intorecovery
modification_init
outrecovery

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SaveOperate.dll
.dll windows:4 windows x86 arch:x86

4c37788802ac2f4de8d034a9a90a5e6c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08-05-2015 00:00

Not After

06-06-2018 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:a3:87:8a:ab:dc:d0:cd:e3:e2:dc:bf:b9:49:cb:94:6a:49:e9:6b
Signer

Actual PE Digest

31:a3:87:8a:ab:dc:d0:cd:e3:e2:dc:bf:b9:49:cb:94:6a:49:e9:6b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeviceIoControl
EnterCriticalSection
Sleep
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
GetCommandLineA
GetVersion
RtlUnwind
RaiseException
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
SetFilePointer
FlushFileBuffers
CloseHandle
SetUnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
IsBadReadPtr
IsBadCodePtr
SetStdHandle
ReadFile
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

get_disk_sequence
save_cmp_disk
save_cmp_partition
save_data_info

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SoftwareLog.dll
.dll windows:5 windows x86 arch:x86

b71a87db9d246a8923984da7950b48dc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08-05-2015 00:00

Not After

06-06-2018 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:4a:de:11:c1:2e:70:f5:3b:a0:39:01:cc:70:9c:24:33:5b:c7:5d
Signer

Actual PE Digest

21:4a:de:11:c1:2e:70:f5:3b:a0:39:01:cc:70:9c:24:33:5b:c7:5d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

r:\Users\APC\Documents\Visual Studio 2008\Projects\SoftwareLog\Debug\SoftwareLog.pdb

Imports

kernel32

GetTickCount
lstrlenA
GetVolumeInformationA
GetModuleHandleW
CreateThread
SetEnvironmentVariableA
CompareStringW
GetProcAddress
GetSystemInfo
GetVersionExW
GetComputerNameW
GetSystemDirectoryA
WideCharToMultiByte
CompareStringA
CreateFileA
CloseHandle
GetTimeZoneInformation
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
LCMapStringW
LCMapStringA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
GetStringTypeA
GetDateFormatA
GetTimeFormatA
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
RaiseException
GetCurrentThreadId
GetCommandLineA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
GetCurrentThread
DebugBreak
MultiByteToWideChar
LoadLibraryA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FatalAppExitA
HeapValidate
IsBadReadPtr
GetStdHandle
WriteFile
OutputDebugStringA
WriteConsoleW
GetFileType
OutputDebugStringW
Sleep
ExitProcess
SetConsoleCtrlHandler
LoadLibraryW
GetModuleFileNameA
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
HeapAlloc
GetProcessHeap
VirtualQuery
FreeLibrary
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
HeapSize
HeapReAlloc
VirtualAlloc
InterlockedExchange
GetLocaleInfoW
GetLocaleInfoA
InitializeCriticalSection

user32

GetSystemMetrics

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA

ole32

CoCreateGuid

ws2_32

WSACleanup
WSAStartup
gethostbyname
inet_ntoa

wininet

InternetGetConnectedState
InternetOpenA
InternetSetOptionW
HttpQueryInfoW
InternetReadFile
InternetCloseHandle
InternetOpenUrlA

winmm

timeGetTime

Exports

Exports

CreateExportObj
DestroyExportObj
NSISLog

Sections

.textbss
Size: - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ThreadCore.dll
.dll windows:5 windows x86 arch:x86

9e8749dbd8b45a8c1b4a6efd420d3473

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08-05-2015 00:00

Not After

06-06-2018 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:83:aa:78:22:00:72:4f:31:c6:51:2e:12:e9:67:0a:be:f2:02:df
Signer

Actual PE Digest

4f:83:aa:78:22:00:72:4f:31:c6:51:2e:12:e9:67:0a:be:f2:02:df

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\MediaCore\pro\vs\Release\ThreadCore.pdb

Imports

kernel32

WaitForSingleObject
SetThreadPriority
CloseHandle
CreateThread
SetEvent
ResetEvent
CreateEventW
TryEnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
HeapAlloc
RaiseException
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
InitializeCriticalSectionAndSpinCount
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

Event_Check
Event_Create
Event_Release
Event_Reset
Event_Set
Event_Wait
Event_WaitInfinite
Mutex_Create
Mutex_Lock
Mutex_Release
Mutex_Trylock
Mutex_Unlock
Thread_Command
Thread_Create
Thread_GetStatus
Thread_GetStatusNolock
Thread_IsCompleted
Thread_Pause
Thread_Release
Thread_SetNextWaitTime
Thread_Start
Thread_Stop
Thread_WaitComplete

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Un7z.dll
.dll windows:5 windows x86 arch:x86

246f6f084661c606db68b9ae606b6169

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08-05-2015 00:00

Not After

06-06-2018 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:7f:f5:34:17:f3:e5:70:79:b2:69:8e:56:d0:f8:b9:88:ac:02:6c
Signer

Actual PE Digest

47:7f:f5:34:17:f3:e5:70:79:b2:69:8e:56:d0:f8:b9:88:ac:02:6c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

r:\jiaojie\x86\7z922\CPP\7zip\UI\Console\Debug\Un7z.pdb

Imports

kernel32

LoadLibraryW
LoadLibraryA
GetModuleFileNameW
GetModuleFileNameA
LocalFree
FormatMessageW
FormatMessageA
GetWindowsDirectoryW
GetWindowsDirectoryA
GetSystemDirectoryW
GetSystemDirectoryA
CloseHandle
SetFileTime
CreateFileW
SetLastError
SetFileAttributesW
SetFileAttributesA
RemoveDirectoryW
RemoveDirectoryA
MoveFileW
MoveFileA
GetLastError
CreateDirectoryW
CreateDirectoryA
DeleteFileW
DeleteFileA
GetFullPathNameW
GetFullPathNameA
SetCurrentDirectoryW
SetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentDirectoryA
GetTempPathW
GetTempPathA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
FindClose
FindFirstFileW
FindFirstFileA
FindNextFileW
FindNextFileA
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstChangeNotificationA
LoadLibraryExA
GetLogicalDriveStringsA
CreateFileA
GetFileSize
SetFilePointer
DeviceIoControl
ReadFile
WriteFile
SetEndOfFile
GetCurrentProcess
GetProcAddress
CompareFileTime
FileTimeToSystemTime
lstrlenA
GetSystemInfo
GlobalMemoryStatus
GetModuleHandleA
DosDateTimeToFileTime
FileTimeToDosDateTime
SystemTimeToFileTime
GetSystemTime
MultiByteToWideChar
WideCharToMultiByte
UnmapViewOfFile
OpenFileMappingA
MapViewOfFile
OpenEventA
GetProcessTimes
VirtualAlloc
VirtualFree
WaitForSingleObject
CreateEventA
SetEvent
ResetEvent
CreateSemaphoreA
ReleaseSemaphore
InitializeCriticalSection
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetUserDefaultLCID
EnumSystemLocalesA
LoadLibraryExW
FreeLibrary
GetStdHandle
GetConsoleMode
SetConsoleMode
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetVersionExA
FileTimeToLocalFileTime
GetLogicalDriveStringsW
SetConsoleCtrlHandler
IsValidLocale
GetStringTypeW
GetStringTypeA
GetDateFormatA
GetTimeFormatA
GetConsoleOutputCP
WriteConsoleA
RtlUnwind
RaiseException
CreateThread
ExitThread
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DebugBreak
TlsGetValue
GetModuleHandleW
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
GetCurrentThread
HeapValidate
IsBadReadPtr
Sleep
ExitProcess
FatalAppExitA
FlushFileBuffers
GetConsoleCP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
HeapAlloc
GetProcessHeap
VirtualQuery
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
GetLocaleInfoW
GetLocaleInfoA
HeapSize
HeapReAlloc
InterlockedExchange
SetStdHandle

user32

CharToOemA
CharLowerW
CharUpperW
CharLowerA
CharUpperA
CharPrevA
CharNextA

advapi32

RegQueryValueExA
RegSetValueExW
RegSetValueExA
RegDeleteValueW
RegDeleteValueA
RegEnumKeyExA
RegDeleteKeyA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExW

oleaut32

SysStringByteLen
VariantCopy
VariantClear
SysAllocStringByteLen
SysFreeString
SysAllocString

Exports

Exports

Uncompression

Sections

.textbss
Size: - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 860KB - Virtual size: 860KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
XmlAnalysis.dll
.dll windows:5 windows x86 arch:x86

81dacb53e8f37f69e756998ec0e5b532

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08-05-2015 00:00

Not After

06-06-2018 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

35:5d:c8:6b:ee:68:29:c0:75:86:d7:83:45:24:c7:bc:c4:a9:4f:38
Signer

Actual PE Digest

35:5d:c8:6b:ee:68:29:c0:75:86:d7:83:45:24:c7:bc:c4:a9:4f:38

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

H:\Work\iPhoneCare\XmlAnalysis\bin\XmlAnalysis.pdb

Imports

extxml2

xmlNodeGetContent
xmlKeepBlanksDefault
xmlReadFile
xmlDocGetRootElement
xmlFreeDoc
xmlStrcmp

urlmon

URLDownloadToFileA

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
RaiseException
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
GetModuleHandleW
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
FreeLibrary
GetProcAddress
RtlUnwind
GetModuleFileNameW
InterlockedPushEntrySList
InterlockedFlushSList
LoadLibraryExW
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateFileW
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
GetModuleHandleExW
GetCurrentThread
GetACP
GetStdHandle
GetFileType
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetCommandLineA
GetCommandLineW
SetConsoleCtrlHandler
GetStringTypeW
SetStdHandle
HeapSize
HeapReAlloc
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
DecodePointer
WriteConsoleW
CloseHandle
OutputDebugStringA
OutputDebugStringW
WaitForSingleObjectEx
CreateThread
EnterCriticalSection

advapi32

SystemFunction036

Exports

Exports

DelIXmlAnalysis
GetIXmlAnalysis

Sections

.textbss
Size: - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 329KB - Virtual size: 329KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
audio/AudioDecoder.dll
.dll windows:5 windows x86 arch:x86

95d98000d23897cf8e74ea0e5cc831a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\AudioRecorder\obj\AudioDecoder\Release\AudioDecoder.pdb

Imports

kernel32

GetFileSize
SetFilePointer
SetEndOfFile
WriteFile
ReadFile
CreateFileW
GetLastError
CloseHandle
FreeLibrary
InterlockedIncrement
InterlockedDecrement
LoadLibraryW
GetProcAddress
SetUnhandledExceptionFilter
WideCharToMultiByte
MultiByteToWideChar
Sleep
CompareStringW
CompareStringA
GetProcessHeap
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
ExitProcess
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
GetFileType
RtlUnwind
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStartupInfoA
DeleteCriticalSection
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleA
LCMapStringA
LCMapStringW
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetStdHandle
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CreateFileA
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA

ole32

CoUninitialize
CoInitialize

Exports

Exports

CreateDecoder
DestroyDecoder
_FillWaveFormatEx@16
_FillWaveHeader@16

Sections

.text
Size: 446KB - Virtual size: 445KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
audio/AudioFilter.dll
.dll windows:5 windows x86 arch:x86

025b3c90f92339c68bd856e3682821d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\AudioRecorder\obj\AudioFilter\Release\AudioFilter.pdb

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
LoadLibraryW
GetModuleFileNameW
GetProcAddress
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
HeapAlloc
RaiseException
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
InitializeCriticalSectionAndSpinCount
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

CreateFilter
DestroyFilter

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
audio/AudioPlayer.dll
.dll windows:5 windows x86 arch:x86

5981cd7655435a09008879e44906955d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\AudioRecorder\obj\AudioPlayer\Release\AudioPlayer.pdb

Imports

winmm

waveOutClose
waveOutWrite
waveOutPause
waveOutGetPosition
waveOutRestart
waveOutReset
waveOutUnprepareHeader
waveOutOpen
waveOutPrepareHeader

dsound

ord11

kernel32

LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
LCMapStringW
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
InitializeCriticalSection
Sleep
SetThreadPriority
CreateEventW
WaitForMultipleObjects
DeleteCriticalSection
CloseHandle
CreateThread
FreeLibrary
LoadLibraryW
GetModuleFileNameW
GetProcAddress
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetLastError
GetModuleHandleA
HeapFree
HeapAlloc
RaiseException
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
InitializeCriticalSectionAndSpinCount

user32

GetDesktopWindow

Exports

Exports

CreatePlayer
CreatePlayer2
DestroyPlayer

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
db/siteInfo.dat
db/versionInfo.dat
errordump.dll
.dll windows:5 windows x86 arch:x86

00582fbf2d4612ce1cc4fa31f5e49e4d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08-05-2015 00:00

Not After

06-06-2018 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5b:a1:58:0d:8c:16:20:70:2f:86:61:e9:8c:e7:fc:c5:91:28:eb:f8
Signer

Actual PE Digest

5b:a1:58:0d:8c:16:20:70:2f:86:61:e9:8c:e7:fc:c5:91:28:eb:f8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

M:\360data\重要数据\我的文档\Visual Studio 2008\Projects\testDump\Release\errordump.pdb

Imports

dbghelp

MiniDumpWriteDump

kernel32

VirtualFree
SetUnhandledExceptionFilter
GetCurrentProcess
CreateFileW
GetCurrentThreadId
CloseHandle
GetCurrentProcessId
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteFile
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize

Exports

Exports

?SetdumpCall@@YAHPA_WP6AXXZ@Z

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iCloudLib.dll
.dll windows:5 windows x86 arch:x86

a62b830a73ecae3ed15c2590c0c987ec

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08-05-2015 00:00

Not After

06-06-2018 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

94:2f:fe:7f:a1:3f:f1:c0:ec:59:cc:f8:6e:d5:14:f4:cd:76:3a:62
Signer

Actual PE Digest

94:2f:fe:7f:a1:3f:f1:c0:ec:59:cc:f8:6e:d5:14:f4:cd:76:3a:62

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

threadcore

Thread_Stop
Thread_WaitComplete
Thread_Start
Thread_Create
Thread_Release

libcurl

curl_easy_cleanup
curl_easy_perform
curl_easy_setopt
curl_multi_setopt
curl_easy_reset
curl_slist_append
curl_easy_getinfo
curl_easy_init
curl_slist_free_all

wsock32

closesocket
socket
setsockopt
ntohl
shutdown

kernel32

CompareStringA
CompareStringW
GetLocaleInfoW
GetEnvironmentStrings
InitializeCriticalSectionAndSpinCount
GetUserDefaultLCID
GetLocaleInfoA
CreateFileMappingW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
IsValidLocale
CloseHandle
WriteFile
CreateFileW
LoadLibraryW
GetEnvironmentVariableW
GetSystemInfo
GetProcAddress
GetModuleHandleW
GetTempPathW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateDirectoryW
Sleep
GetTickCount
GetShortPathNameW
MultiByteToWideChar
WideCharToMultiByte
FlushViewOfFile
InterlockedCompareExchange
GetProcessHeap
OutputDebugStringW
OutputDebugStringA
WaitForSingleObjectEx
WaitForSingleObject
UnmapViewOfFile
UnlockFileEx
UnlockFile
SystemTimeToFileTime
SetFilePointer
SetEndOfFile
ReadFile
QueryPerformanceCounter
MapViewOfFile
LockFileEx
LockFile
LocalFree
LoadLibraryA
HeapCompact
HeapValidate
HeapSize
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GetVersionExW
GetVersionExA
GetTempPathA
GetSystemTimeAsFileTime
GetSystemTime
GetLastError
GetFullPathNameW
GetFullPathNameA
GetFileSize
GetFileAttributesExW
GetFileAttributesW
GetFileAttributesA
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetCurrentProcessId
FreeLibrary
FormatMessageW
FormatMessageA
FlushFileBuffers
DeleteFileW
DeleteFileA
CreateMutexW
FreeEnvironmentStringsA
CreateFileMappingA
CreateFileA
AreFileApisANSI
TryEnterCriticalSection
GetCurrentThreadId
InterlockedExchange
InterlockedExchangeAdd
GetModuleHandleA
GetVersion
GetFileType
GetStdHandle
GlobalMemoryStatus
FlushConsoleInputBuffer
InterlockedIncrement
InterlockedDecrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
RaiseException
GetTimeFormatA
GetDateFormatA
ExitThread
CreateThread
GetTimeZoneInformation
GetCommandLineA
ExitProcess
SetConsoleCtrlHandler
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
LCMapStringA
LCMapStringW
GetCPInfo
GetConsoleCP
VirtualFree
VirtualAlloc
GetModuleFileNameA
SetHandleCount
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetACP
GetOEMCP
IsValidCodePage
SetEnvironmentVariableA
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetStdHandle
EnumSystemLocalesA

user32

MessageBoxA
wsprintfA
wsprintfW
GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow

advapi32

CryptReleaseContext
CryptAcquireContextW
DeregisterEventSource
ReportEventA
RegisterEventSourceA
CryptGenRandom

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW

shlwapi

PathFileExistsW

Exports

Exports

Analyze
CleanDevice
CloseThread
DownBackupData
DownBakupInfoOS8
DownBakupInfoOS9
DownloadBackupDataOS9
GetBackupDeviceCount
GetBackupSnapshotCountForDeviceIndex
GetDownloadDataSize
GetFileListAllSize
GetLoginToken
GetTrustedDeviceList
GetiOSBackupInfo
InitLib
ParseBackupData
ParseBackupDataOS9
PrintChunkInfo
ReleaseBackupInfoOS9
ReleaseSnapshotInfo
ReleaseTrustedDeviceList
SendTwoStepVerificationRequest
SendTwoStepVerificationValidateCode
SendTwoStepVerificationValidateKey
TwoStepVerificationLogin
iCloudLogin
iCloudLoginFromToken

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 373KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iPhone Data Recovery.exe
.exe windows:5 windows x86 arch:x86

9109c5322f57232936ada31f744c3c93

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08-05-2015 00:00

Not After

06-06-2018 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9f:9d:8d:7c:9d:54:ce:d4:e4:4e:fe:1e:12:49:83:44:d2:83:c7:45
Signer

Actual PE Digest

9f:9d:8d:7c:9d:54:ce:d4:e4:4e:fe:1e:12:49:83:44:d2:83:c7:45

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\work\IPhone3GS_Recovery\bin\tenorshare\iphone6_demo(tenorshare)\iPhone Data Recovery.pdb

Imports

sqlite3

sqlite3_finalize
sqlite3_step
sqlite3_get_table
sqlite3_last_insert_rowid
sqlite3_mprintf
sqlite3_column_name
sqlite3_prepare
sqlite3_column_blob
sqlite3_column_int
sqlite3_free
sqlite3_free_table
sqlite3_column_count
sqlite3_open
sqlite3_exec
sqlite3_close
sqlite3_column_bytes
sqlite3_column_text

libexcel

?setFontBold@XLSSheet@@QAEXKKW4boldness_option_t@xlslib_core@@@Z
??0XLSFile@xlsFile@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4use_option@1@@Z
??1XLSFile@xlsFile@@UAE@XZ
??1XLSSheet@@UAE@XZ
?setText@XLSSheet@@QAEXKKABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?save@XLSFile@xlsFile@@QAEXXZ
?newSheet@XLSFile@xlsFile@@QAE?AVXLSSheet@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

lib_iphone_recovery

FreeAnalysisData
GetNoteContentFromBin
FreeNoteData
searchDeleteData

recoveryphoto

RecoveryPhoto

itunesdecrypt

StopDecrypt
StartDecrypt

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

iphoneclean

WiredConnEx
ConnectListenerNew
ConnectListenerDelete
CDeviceInfoDelete
CDeviceInfoNew
GetDeviceHandle

fatoperate

ord4
ord2
ord1

initialize

ord1
ord2
ord6
ord11
ord7
ord5
ord12
ord9

ntfsoperate

ord3
ord22
ord6
ord5

errordump

?SetdumpCall@@YAHPA_WP6AXXZ@Z

updataerror

?UpdataReportFile@@YAHPA_W@Z

icloudlib

ReleaseBackupInfoOS9
iCloudLoginFromToken
InitLib
GetDownloadDataSize
DownBackupData
GetBackupSnapshotCountForDeviceIndex
CloseThread
GetFileListAllSize
GetiOSBackupInfo
ParseBackupDataOS9
GetBackupDeviceCount
DownloadBackupDataOS9
DownBakupInfoOS9
ReleaseSnapshotInfo
CleanDevice
iCloudLogin
ParseBackupData
DownBakupInfoOS8

wininet

InternetOpenUrlW
InternetOpenW
InternetQueryDataAvailable
InternetReadFile
InternetCloseHandle
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetQueryOptionW
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
HttpQueryInfoW

libsearchfilename

?FreeFilterObj@@YAXPAVIFilterMgr@@@Z
?CreateFilterObj@@YAPAVIFilterMgr@@W4tagFilterStrategy@@@Z

iany

IOSInitialize
IOSListener
DeleteIanyManager
GetIanyManager
IsWiFiConnect

filehash

WriteHash
WriteHashIos10

softwarelog

DestroyExportObj
CreateExportObj

reiboot

modification_init
outrecovery

xmlanalysis

ord1
ord2

inforeport

?SendInfoReport@@YAHPBD00QAPBD@Z

kernel32

lstrlenW
OutputDebugStringW
GetTickCount
RaiseException
CreateDirectoryW
WriteFile
SuspendThread
ResumeThread
Sleep
LocalFree
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
GetFullPathNameW
FormatMessageW
GetFileAttributesW
RemoveDirectoryW
GetVersionExW
LoadLibraryW
SetLastError
GetSystemDirectoryA
WinExec
LeaveCriticalSection
InterlockedExchange
EnterCriticalSection
TerminateProcess
InterlockedDecrement
SetFileAttributesW
ConnectNamedPipe
CreateNamedPipeW
ReadFile
DisconnectNamedPipe
FlushFileBuffers
FreeResource
MulDiv
GlobalSize
GetVersionExA
lstrcmpW
LoadLibraryA
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GetModuleHandleA
GetThreadLocale
CompareStringA
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
GetPrivateProfileIntW
WritePrivateProfileStringW
SetThreadPriority
FileTimeToSystemTime
FileTimeToLocalFileTime
SetFilePointer
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetVolumeInformationW
GlobalGetAtomNameW
InitializeCriticalSection
DeleteCriticalSection
LocalAlloc
lstrlenA
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
lstrcpyW
SetErrorMode
FindResourceExW
GetFileSizeEx
GetFileTime
GetTempFileNameW
SearchPathW
GetProfileIntW
VirtualProtect
GetStartupInfoW
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
GetDriveTypeW
VirtualAlloc
VirtualQuery
ExitProcess
HeapReAlloc
RtlUnwind
ExitThread
HeapSize
SetStdHandle
GetFileType
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
LCMapStringA
LCMapStringW
GetCurrentDirectoryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetDriveTypeA
GetProcessHeap
SetEnvironmentVariableA
InterlockedIncrement
FindNextFileW
FindClose
FindFirstFileW
GetDiskFreeSpaceExW
WideCharToMultiByte
WaitForSingleObject
SetCurrentDirectoryW
GetCurrentDirectoryW
LoadLibraryExW
FreeLibrary
GetEnvironmentVariableW
CreateThread
CloseHandle
CreateEventW
GetExitCodeThread
ResetEvent
MultiByteToWideChar
GetModuleFileNameW
TerminateThread
SetEvent
GetSystemInfo
GetProcAddress
GetModuleHandleW
LockResource
GetTempPathW
SizeofResource
LoadResource
FindResourceW
GetLastError
CreateMutexW
GetWindowsDirectoryW
GetDiskFreeSpaceExA
DeviceIoControl
CreateFileA
GetCurrentProcessId
GetCurrentThreadId
CreateFileW
GetCurrentProcess
SetUnhandledExceptionFilter
MoveFileW
DeleteFileW
CopyFileW

user32

MoveWindow
ShowWindow
BeginPaint
EndPaint
GetKeyNameTextW
MapVirtualKeyW
GetWindowThreadProcessId
GetMenuItemInfoW
DestroyMenu
SystemParametersInfoW
CharNextW
PostQuitMessage
ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
ValidateRect
GetMessageW
IsZoomed
MessageBeep
CharUpperW
WindowFromPoint
TranslateAcceleratorW
BringWindowToTop
SetRectEmpty
InsertMenuItemW
LoadAcceleratorsW
ReleaseCapture
ReuseDDElParam
UnpackDDElParam
SetRect
DestroyCursor
GetSysColorBrush
IsRectEmpty
CopyAcceleratorTableW
InvalidateRgn
SetCapture
IsClipboardFormatAvailable
DeleteMenu
WaitMessage
DestroyIcon
GetNextDlgGroupItem
PostThreadMessageW
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
GetAsyncKeyState
DestroyAcceleratorTable
CreateAcceleratorTableW
NotifyWinEvent
GetSystemMenu
IsMenu
LockWindowUpdate
EnumChildWindows
RegisterClipboardFormatW
OpenClipboard
CopyImage
SetClipboardData
CloseClipboard
EmptyClipboard
UnregisterClassW
UnionRect
DrawIcon
CreateMenu
GetTabbedTextExtentA
DrawIconEx
DrawEdge
DrawFrameControl
DrawFocusRect
SetCursorPos
EnableScrollBar
UpdateLayeredWindow
SetMenuDefaultItem
GetMenuDefaultItem
IsCharLowerW
MapVirtualKeyExW
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
FrameRect
GetUpdateRect
CharUpperBuffW
CopyIcon
SubtractRect
GetIconInfo
GetDoubleClickTime
GetWindowRgn
SetMenu
SetScrollRange
SetDlgItemTextW
SetScrollPos
SetWindowTextW
SetForegroundWindow
ShowScrollBar
UpdateWindow
MessageBoxW
GetClassInfoExW
GetClassInfoW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
CallWindowProcW
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
LoadMenuW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
CheckMenuItem
GetMenuState
GetMenuStringW
GetMenuItemID
GetSubMenu
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
LoadIconW
EnableMenuItem
RemoveMenu
InsertMenuW
SetWindowPos
GetFocus
LoadBitmapW
SetCursor
LoadCursorW
ExitWindowsEx
SetLayeredWindowAttributes
GetMenuItemCount
SetWindowRgn
GetDC
InflateRect
InvalidateRect
GetWindowTextW
ReleaseDC
LoadImageW
DrawTextW
TabbedTextOutW
DrawTextExW
GrayStringW
GetClassLongW
SetClassLongW
GetCursorPos
DrawStateW
CopyRect
GetWindowDC
GetDesktopWindow
GetSystemMetrics
GetClientRect
FillRect
ScreenToClient
PtInRect
SetParent
ClientToScreen
GetWindowRect
GetParent
AppendMenuW
GetSysColor
CreatePopupMenu
IsWindow
IsWindowVisible
RedrawWindow
SetTimer
KillTimer
DestroyWindow
PostMessageW
MsgWaitForMultipleObjects
TranslateMessage
GetWindowLongW
PeekMessageW
SetWindowLongW
CreateWindowExW
SendMessageW
DefWindowProcW
DispatchMessageW
EnableWindow
wsprintfW
IsDialogMessageW
GetScrollPos
CheckDlgButton
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetForegroundWindow
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetScrollRange
GetKeyState
RegisterClassW

gdi32

SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
SetMapMode
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetClipBox
GetPixel
StartDocW
SetViewportOrgEx
OffsetViewportOrgEx
GetBoundsRect
FrameRgn
FillRgn
PtInRegion
GetPaletteEntries
CreatePalette
Polygon
Polyline
GetDCOrgEx
CreateBitmap
CreateDCW
CopyMetaFileW
ExtFloodFill
SetPaletteEntries
Rectangle
DeleteDC
SetDIBColorTable
CreateRoundRectRgn
CreateDIBSection
DeleteObject
CreatePolygonRgn
GetWindowOrgEx
GetTextExtentPoint32A
GetTextFaceW
GetTextAlign
GetStretchBltMode
GetROP2
GetPolyFillMode
GetBkMode
GetNearestColor
Ellipse
LPtoDP
CreateEllipticRgn
SetPixel
RealizePalette
SelectObject
CreatePen
RoundRect
StretchBlt
ExtTextOutW
PtVisible
Escape
RectVisible
TextOutW
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetDIBits
GetNearestPaletteIndex
GetSystemPaletteEntries
CreateFontIndirectW
CreateSolidBrush
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
GetTextExtentPoint32W
GetTextMetricsW
GetDeviceCaps
GetCurrentObject
OffsetWindowOrgEx
SetWindowExtEx
GetObjectW
GetWindowExtEx
EnumFontFamiliesExW
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
OffsetRgn
GetRgnBox
ScaleWindowExtEx
SetPixelV
GetCurrentPositionEx
ExtSelectClipRgn
CreatePatternBrush
SelectPalette
GetObjectType
CreateHatchBrush
CreateRectRgnIndirect
PatBlt
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
GetBkColor
GetTextColor
GetViewportOrgEx
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
GetCharWidthW
GetStockObject

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
GetJobW
OpenPrinterW
ClosePrinter

advapi32

RegEnumKeyExW
RegCreateKeyW
RegQueryValueExW
RegOpenKeyW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegQueryValueW
RegSetValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegDeleteKeyW
RegEnumKeyW

shell32

ShellExecuteW
SHGetSpecialFolderPathW
ShellExecuteExW
SHBrowseForFolderW
SHGetMalloc
SHGetPathFromIDListW
SHGetFolderLocation
SHGetSpecialFolderLocation
SHGetFileInfoW
SHAppBarMessage
DragQueryFileW
DragFinish

comctl32

InitCommonControlsEx
_TrackMouseEvent
ImageList_GetIconSize

shlwapi

PathIsDirectoryW
PathFileExistsW
PathAppendW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathStripToRootW
PathIsUNCW
UrlUnescapeW

oledlg

OleUIBusyW

ole32

CoLockObjectExternal
OleTranslateAccelerator
StgCreateDocfileOnILockBytes
IsAccelerator
OleCreateMenuDescriptor
CoRevokeClassObject
RevokeDragDrop
RegisterDragDrop
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
CoGetClassObject
CoInitializeEx
CoCreateInstance
CoUninitialize
CLSIDFromString
CLSIDFromProgID
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CoCreateGuid
StringFromGUID2
CreateStreamOnHGlobal
CoInitialize
OleGetClipboard
DoDragDrop
OleDestroyMenuDescriptor
OleIsCurrentClipboard
OleLockRunning
OleInitialize
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
OleUninitialize
OleFlushClipboard

oleaut32

SysFreeString
VariantClear
SysAllocString
VariantInit
OleCreateFontIndirect
VariantCopy
SysStringLen
SysAllocStringByteLen
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringLen
VariantChangeType

urlmon

URLDownloadToFileW

gdiplus

GdipImageSelectActiveFrame
GdipImageGetFrameDimensionsList
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipCloneBrush
GdipDeleteBrush
GdipDrawImageRect
GdipDrawImageI
GdiplusStartup
GdipImageRotateFlip
GdipImageGetFrameCount
GdiplusShutdown
GdipDrawImageRectRectI
GdipSaveImageToFile
GdipGetImageEncoders
GdipCreateSolidFill
GdipDrawImageRectI
GdipGetImageWidth
GdipCloneImage
GdipGetPropertyItem
GdipDisposeImage
GdipAlloc
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipDeleteGraphics
GdipGetImageHeight
GdipFree
GdipDrawImageRectRect
GdipBitmapUnlockBits
GdipCreateBitmapFromFile
GdipGetImagePaletteSize
GdipBitmapLockBits
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipGetImagePalette
GdipGetPropertyItemSize
GdipFillRectangleI
GdipCreateFromHDC
GdipGetImageThumbnail
GdipGetImageEncodersSize
GdipImageGetFrameDimensionsCount
GdipGetImagePixelFormat

crypt32

CryptUnprotectData

sensapi

IsNetworkAlive

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW
timeKillEvent

Exports

Exports

??0XLSSheet@@QAE@ABV0@@Z
??4XLSSheet@@QAEAAV0@ABV0@@Z
??_7XLSSheet@@6B@
tango_decode
tango_infofree
viber
viber_infofree

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 638KB - Virtual size: 638KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 245KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iPhoneClean.dll
.dll windows:5 windows x86 arch:x86

722ab44b37104dfc75e98d4e3ecfb162

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08-05-2015 00:00

Not After

06-06-2018 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:11:c1:a2:86:d6:48:13:71:19:56:12:5a:71:2c:0d:a2:44:c0:1e
Signer

Actual PE Digest

1a:11:c1:a2:86:d6:48:13:71:19:56:12:5a:71:2c:0d:a2:44:c0:1e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\lib_iPhoneCareRule_c\branches\v2.0\Release\iPhoneclean.pdb

Imports

shlwapi

PathAppendW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wtsapi32

WTSQueryUserToken

userenv

GetUserProfileDirectoryW

extxml2

xmlNewDoc
xmlFreeDoc
xmlNewProp
xmlNewNode
xmlNewTextChild
xmlDocGetRootElement
xmlDocSetRootElement
xmlAddChild
xmlNodeGetContent
xmlDocDumpFormatMemoryEnc
xmlParseMemory
xmlFree

namepipe

ServerPipeNew

sqlite3

sqlite3_close
sqlite3_open
sqlite3_prepare_v2
sqlite3_column_count
sqlite3_step
sqlite3_column_bytes
sqlite3_column_double
sqlite3_column_int
sqlite3_column_text
sqlite3_column_type
sqlite3_finalize
sqlite3_column_blob

shell32

SHGetSpecialFolderPathW
ShellExecuteW

advapi32

RegQueryValueExW
RegCreateKeyW
RegCloseKey
RegOpenKeyExW

user32

wsprintfW

ole32

CoInitialize
CoCreateGuid
CoUninitialize

kernel32

LoadLibraryExW
HeapReAlloc
GetModuleFileNameW
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetConsoleCP
WriteFile
FlushFileBuffers
GetProcessHeap
GetFileType
GetStdHandle
SetFilePointerEx
ReadConsoleW
GetConsoleMode
MoveFileExW
GetOEMCP
GetACP
IsValidCodePage
CreateFileW
SetEndOfFile
SetEnvironmentVariableA
SetStdHandle
IsDebuggerPresent
HeapSize
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
MultiByteToWideChar
WideCharToMultiByte
ReleaseMutex
WaitForSingleObject
Sleep
CreateMutexW
CreateDirectoryW
GetTimeZoneInformation
OutputDebugStringW
WaitNamedPipeW
VirtualAlloc
OpenProcess
TerminateProcess
FindClose
CloseHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcmpiW
GetTempPathW
RemoveDirectoryW
GetFileAttributesExW
DeleteFileW
FindFirstFileW
FindNextFileW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetComputerNameW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetModuleHandleW
LoadLibraryW
GetProcAddress
GetSystemInfo
WTSGetActiveConsoleSessionId
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
GetStringTypeW
RaiseException
RtlUnwind
GetLastError
AreFileApisANSI
GetSystemTimeAsFileTime
ReadFile
CreateThread
ExitThread
ResumeThread
HeapFree
GetCommandLineA
GetCurrentThreadId
HeapAlloc
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
IsProcessorFeaturePresent
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale

Exports

Exports

?FreePListDictionary@@YAXAAVCDicValueObj@@@Z
?hiTunesMobileDevice@CiTunesMobileDeviceApi@@2PAUHINSTANCE__@@A
?readPlistFromByteArry@@YAXPAEHAAVCDicValueObj@@W4plistType@@@Z
?readPlistFromFile@@YAXV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAVCDicValueObj@@@Z
?readPlistFromString@@YAXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAVCDicValueObj@@W4plistType@@@Z
?readPlistFromXmlUTF8@@YAXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAVCDicValueObj@@@Z
?readPlistFromXmlW@@YAXAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAVCDicValueObj@@@Z
?writeBinary@@YAXAAVCDicValueObj@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?writeBinaryFile@@YAXAAVCDicValueObj@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?writeXmlFile@@YAXAAVCDicValueObj@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?writeXmlW@@YAXAAVCDicValueObj@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?writeXmlutf8@@YAXAAVCDicValueObj@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
CDeviceInfoDelete
CDeviceInfoNew
CalcBackupSize
CheckDeviceBackUpEncryptionE
CheckDeviceRestoreEx
ConnectListenerDelete
ConnectListenerNew
CreateBackupInfo
CreateConfigureToolExIn
CreateInfoObjDelete
CreateInfoObjNewEx
DeepCleanComplete
DeviceBackUpDelete
DeviceBackUpNewEx
ExcludeAppKeylist
GetBackupPrepareWorkInstance
GetDeviceHandle
IsCheckInputPassEx
IsOpeniCloudEx
RestartDevice
ScanDeviceDelete
ScanDeviceNew
VerifyBackUp
WiredConnEx

Sections

.text
Size: 693KB - Virtual size: 693KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iTunesDecrypt.dll
.dll windows:5 windows x86 arch:x86

78e0c663a542504ed82f0205010492f2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08-05-2015 00:00

Not After

06-06-2018 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:27:ff:e8:1e:cd:9a:29:95:43:7c:53:cb:e6:5c:ef:f4:93:46:86
Signer

Actual PE Digest

04:27:ff:e8:1e:cd:9a:29:95:43:7c:53:cb:e6:5c:ef:f4:93:46:86

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\backupDecrypt\trunk\win\lib\release\iTunesDecrypt.pdb

Imports

kernel32

TlsSetValue
LocalReAlloc
GlobalFree
TlsFree
lstrlenW
SetErrorMode
lstrcmpW
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GlobalFlags
GetModuleHandleA
InterlockedIncrement
lstrcmpA
lstrlenA
FileTimeToSystemTime
InterlockedExchange
CompareStringA
GetLocaleInfoW
GetCurrentThread
GetCurrentProcess
FileTimeToLocalFileTime
TlsAlloc
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetACP
GetTimeZoneInformation
GetCurrentDirectoryA
GetStartupInfoA
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
VirtualAlloc
VirtualFree
GetModuleFileNameA
GetStdHandle
LCMapStringW
LCMapStringA
GetCPInfo
ExitProcess
RtlUnwind
GetCommandLineA
ExitThread
GetDriveTypeW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetThreadTimes
GlobalAlloc
GlobalHandle
GlobalUnlock
GlobalReAlloc
GlobalLock
TlsGetValue
LocalAlloc
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedDecrement
GetModuleHandleW
SetLastError
GetCurrentDirectoryW
DeleteFileA
AreFileApisANSI
GetSystemTime
LocalFree
GetTempPathA
GetCurrentProcessId
GetVersionExA
OutputDebugStringA
GetCurrentThreadId
DeleteCriticalSection
GetFileAttributesExW
GetSystemInfo
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileMappingA
LoadLibraryA
GetDiskFreeSpaceW
EnterCriticalSection
LockFileEx
HeapSize
GetProcAddress
GetTempPathW
FlushFileBuffers
ReadFile
HeapValidate
HeapCreate
GetFileAttributesA
LeaveCriticalSection
HeapDestroy
GetVersionExW
Sleep
LoadLibraryW
InitializeCriticalSection
WriteFile
FormatMessageA
GetSystemTimeAsFileTime
GetProcessHeap
UnlockFileEx
GetTickCount
OutputDebugStringW
WaitForSingleObjectEx
LockFile
UnlockFile
InterlockedCompareExchange
HeapFree
QueryPerformanceCounter
SystemTimeToFileTime
HeapAlloc
FreeLibrary
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
TryEnterCriticalSection
SetFilePointer
HeapCompact
CreateMutexW
GetFileSize
CreateFileA
HeapReAlloc
GetFullPathNameA
CreateThread
ResetEvent
SetEnvironmentVariableA
SetCurrentDirectoryW
FindClose
GetLastError
CreateFileW
GetModuleFileNameW
GetFileAttributesW
FormatMessageW
CreateDirectoryW
GetEnvironmentVariableW
GetFullPathNameW
SetFileAttributesW
DeleteFileW
CloseHandle
FindNextFileW
CreateEventW
GetExitCodeThread
RaiseException
MultiByteToWideChar
CopyFileW
WideCharToMultiByte
SetEvent
WaitForSingleObject
MoveFileExW
GetDriveTypeA
FindFirstFileW

user32

RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
GetWindowTextW
GetForegroundWindow
GetDlgItem
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
TabbedTextOutW
PostMessageW
GetClassInfoExW
GetClassInfoW
GetSysColor
DispatchMessageW
DefWindowProcW
SendMessageW
RegisterClassW
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
CallWindowProcW
GetMenu
SetWindowPos
SetWindowTextW
DrawTextW
DrawTextExW
GrayStringW
GetDC
CreateWindowExW
SetWindowLongW
PeekMessageW
GetWindowLongW
TranslateMessage
MsgWaitForMultipleObjects
DestroyWindow
UnhookWindowsHookEx
ValidateRect
GetKeyState
CallNextHookEx
SetWindowsHookExW
UnregisterClassW
MessageBoxW
EnableWindow
ReleaseDC
GetSysColorBrush
LoadCursorW
DestroyMenu
PostQuitMessage
ClientToScreen
GetClientRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowThreadProcessId
GetParent
GetLastActivePopup
IsWindowEnabled

gdi32

SetMapMode
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
RestoreDC
SaveDC
DeleteObject
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetStockObject
GetDeviceCaps

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

oleaut32

VariantInit
VariantChangeType
VariantClear

shlwapi

PathFindExtensionW
PathFindFileNameW

oleacc

LresultFromObject
CreateStdAccessibleObject

Exports

Exports

StartDecrypt
StopDecrypt

Sections

.text
Size: 807KB - Virtual size: 807KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iTunesdll/iTunesMobileDevice.dll
.dll windows:5 windows x86 arch:x86

40bac7ab4452fe98f27dd5b66c015e35

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0e:bc:19:35:d5:29:4a:59:4b:4f:32:70:7b:0a:0a:b9
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25-02-2016 00:00

Not After

24-02-2018 23:59

Subject

CN=Apple Inc.,O=Apple Inc.,L=Cupertino,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:bc:19:35:d5:29:4a:59:4b:4f:32:70:7b:0a:0a:b9
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25-02-2016 00:00

Not After

24-02-2018 23:59

Subject

CN=Apple Inc.,O=Apple Inc.,L=Cupertino,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12-01-2016 00:00

Not After

11-04-2027 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

83:5e:47:d3:43:7f:b1:66:20:45:6a:61:7b:a4:bd:36:37:77:e6:fb:cd:c2:fa:c4:9c:a3:f1:bf:33:b3:24:a9
Signer

Actual PE Digest

83:5e:47:d3:43:7f:b1:66:20:45:6a:61:7b:a4:bd:36:37:77:e6:fb:cd:c2:fa:c4:9c:a3:f1:bf:33:b3:24:a9

Digest Algorithm

sha256

PE Digest Matches

true

e7:34:53:cf:f7:5d:47:a3:4d:4f:a4:ea:97:80:5c:31:ff:72:10:0b
Signer

Actual PE Digest

e7:34:53:cf:f7:5d:47:a3:4d:4f:a4:ea:97:80:5c:31:ff:72:10:0b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\BWA\A0BA528E\MobileDevice_Win-905.1.2\MobileDevice_Win-905.1.2~1\Root\AppleInternal\bin32\iTunesMobileDevice.pdb

Imports

asl

asl_add_log_file
asl_log
asl_remove_log_file
asl_open

corefoundation

CFArrayCreateMutable
kCFTypeArrayCallBacks
CFArrayGetTypeID
CFEqual
CFStringCreateWithFormat
_CFRuntimeRegisterClass
CFAbsoluteTimeGetCurrent
CFNumberCreate
_CFRuntimeCreateInstance
CFDictionaryCreate
CFRunLoopWakeUp
CFRunLoopSourceSignal
CFPreferencesCopyAppValue
CFRunLoopSourceInvalidate
CFRunLoopSourceCreate
CFStringCreateWithFormatAndArguments
CFDictionaryAddValue
CFDictionaryGetKeysAndValues
CFDictionaryRemoveAllValues
CFDictionaryGetValueIfPresent
CFURLCopyFileSystemPath
CFURLCopyPath
CFErrorGetCode
CFSocketInvalidate
CFRunLoopTimerInvalidate
CFStringGetCString
CFStringDelete
CFStringGetLength
CFStringCreateMutableCopy
CFArrayGetValues
CFStringCreateArrayBySeparatingStrings
CFRunLoopAddSource
CFSocketCreateRunLoopSource
CFSocketSetSocketFlags
CFSocketGetSocketFlags
CFSocketCreateWithNative
CFRunLoopAddTimer
CFRunLoopTimerCreate
CFRunLoopRunInMode
CFRunLoopGetCurrent
CFWriteStreamCopyProperty
kCFStreamPropertyDataWritten
CFPropertyListWrite
CFWriteStreamOpen
CFWriteStreamCreateWithAllocatedBuffers
CFGetRetainCount
CFSetAddValue
CFURLCopyScheme
CFURLCreateCopyDeletingLastPathComponent
CFURLCopyLastPathComponent
CFSetApplyFunction
CFSetGetCount
CFArrayApplyFunction
CFSetCreateMutable
kCFTypeSetCallBacks
CFDictionaryApplyFunction
CFStringAppend
CFStringAppendFormat
CFStringCreateMutable
CFStringGetBytes
CFDictionaryRemoveValue
CFPropertyListCreateData
CFPropertyListCreateWithData
CFDataCreateWithBytesNoCopy
kCFAllocatorNull
CFDataGetBytes
CFStringCreateCopy
CFPreferencesAppSynchronize
CFPreferencesSetAppValue
CFURLCreateCopyDeletingPathExtension
CFURLCreateWithFileSystemPathRelativeToBase
CFStringCreateWithCString
CFRunLoopRemoveSource
kCFRunLoopCommonModes
CFArrayRemoveValueAtIndex
CFRunLoopRun
CFPropertyListIsValid
CFDictionaryContainsKey
CFDataCreateCopy
kCFPreferencesCurrentApplication
CFStringFindAndReplace
CFStringGetCStringPtr
CFNumberFormatterCreateNumberFromString
CFNumberFormatterCreate
CFBundleCopyLocalizedString
CFBundleCreate
CFBundleGetBundleWithIdentifier
CFStringCreateWithCStringNoCopy
CFStringGetMaximumSizeForEncoding
CFReadStreamClose
CFPropertyListCreateWithStream
CFReadStreamOpen
CFReadStreamCreateWithBytesNoCopy
CFCopyTypeIDDescription
CFURLCreateWithString
CFURLGetString
CFSetContainsValue
CFStringFind
CFURLGetFileSystemRepresentation
CFArrayAppendValue
CFURLCreateFromFileSystemRepresentation
CFPreferencesGetAppBooleanValue
CFDataReplaceBytes
CFDataGetMutableBytePtr
CFDataAppendBytes
CFDataCreateMutable
CFCopyDescription
CFArrayCreate
CFStringHasSuffix
CFArrayInsertValueAtIndex
CFWriteStreamSetProperty
kCFStreamPropertyAppendToFile
CFWriteStreamCreateWithFile
CFWriteStreamClose
CFURLCopyPathExtension
kCFErrorUnderlyingErrorKey
CFErrorCopyUserInfo
CFErrorGetDomain
CFUUIDCreateString
CFUUIDCreate
CFErrorCopyDescription
CFStringLowercase
CFLocaleCreate
CFWriteStreamWrite
CFStringCreateExternalRepresentation
CFErrorCreate
CFPropertyListCreateDeepCopy
kCFErrorLocalizedDescriptionKey
CFURLCreateStringByReplacingPercentEscapesUsingEncoding
CFStringAppendCString
kCFErrorDescriptionKey
CFReadStreamGetStatus
CFReadStreamRead
CFReadStreamCreateWithFile
CFStringCompareWithOptions
CFDataCreate
CFBundleGetMainBundle
CFAllocatorDeallocate
CFAllocatorAllocate
kCFNull
kCFCopyStringDictionaryKeyCallBacks
CFStringCreateWithBytes
CFSetCreateCopy
CFSetRemoveValue
CFSocketEnableCallBacks
kCFErrorDomainPOSIX
CFNumberIsFloatType
CFDataSetLength
CFHash
CFDateGetAbsoluteTime
CFAbsoluteTimeAddGregorianUnits
CFDateCompare
CFDateCreate
CFShow
kCFBundleExecutableKey
CFReadStreamCopyError
CFReadStreamUnscheduleFromRunLoop
CFReadStreamScheduleWithRunLoop
CFStreamCreatePairWithSocketToHost
CFReadStreamSetProperty
CFReadStreamSetClient
kCFRunLoopDefaultMode
CFRunLoopStop
CFDateGetTypeID
CFURLGetBaseURL
CFUUIDCreateFromString
kCFAllocatorSystemDefault
CFStringCreateWithCharacters
CFCharacterSetCreateWithCharactersInString
CFStringFindCharacterFromSet
CFErrorGetTypeID
CFStringCreateFromExternalRepresentation
CFStringGetIntValue
CFStringUppercase
CFStringCreateWithFileSystemRepresentation
CFBundleGetIdentifier
CFStringGetFastestEncoding
CFURLWriteDataAndPropertiesToResource
CFDataDeleteBytes
CFReadStreamCopyProperty
CFPropertyListCreateFromXMLData
CFPropertyListCreateXMLData
CFURLGetPortNumber
CFURLCopyHostName
CFURLHasDirectoryPath
CFDataCreateMutableCopy
CFStringGetCharacterAtIndex
CFURLCreateCopyAppendingPathExtension
CFArrayGetFirstIndexOfValue
CFArrayContainsValue
CFStringCreateWithSubstring
CFNumberGetType
CFArraySetValueAtIndex
kCFAllocatorMalloc
CFArrayCreateMutableCopy
CFStringCreateByCombiningStrings
CFURLGetTypeID
CFStringHasPrefix
CFDictionaryCreateCopy
CFArrayCreateCopy
CFArrayGetCount
CFArrayGetValueAtIndex
CFDictionaryCreateMutableCopy
CFURLCreateWithFileSystemPath
CFDataGetLength
CFDataGetBytePtr
CFURLCreateCopyAppendingPathComponent
CFDictionaryGetValue
CFNumberGetValue
CFStringGetFileSystemRepresentation
CFStringCompare
kCFBooleanFalse
__CFStringMakeConstantString
CFRelease
kCFTypeDictionaryValueCallBacks
kCFTypeDictionaryKeyCallBacks
CFGetAllocator
CFDictionaryCreateMutable
CFGetTypeID
CFStringGetTypeID
CFDictionarySetValue
CFNumberGetTypeID
kCFBooleanTrue
CFRetain
CFDataGetTypeID
CFBooleanGetTypeID
CFBooleanGetValue
CFDictionaryGetTypeID
CFDictionaryGetCount
kCFAllocatorDefault
CFStringFindWithOptions
CFPreferencesGetAppIntegerValue

pthreadvc2

pthread_mutex_destroy
pthread_mutex_lock
pthread_attr_init
pthread_join
pthread_detach
pthread_create
pthread_attr_destroy
pthread_attr_setdetachstate
pthread_mutex_unlock
pthread_once
pthread_mutex_init

ws2_32

WSACleanup
htons
setsockopt
socket
connect
select
WSAStartup
ntohs
closesocket
shutdown
WSAGetLastError
ntohl
recv
send
htonl
ioctlsocket
WSACloseEvent
accept
WSACreateEvent
WSASetEvent
WSAWaitForMultipleEvents
getaddrinfo
inet_ntoa
gethostname
WSASetLastError
WSAIoctl
WSAAddressToStringA
inet_addr
bind
listen
getsockname

zlib1

deflateInit2_
deflate
get_crc_table
inflateInit2_
inflateEnd
inflate
crc32
deflateEnd

libdispatch

dispatch_semaphore_wait
dispatch_async_f
dispatch_semaphore_create
dispatch_release
dispatch_queue_create
dispatch_once_f
dispatch_get_global_queue
_dispatch_source_type_timer
dispatch_source_cancel
dispatch_source_testcancel
dispatch_sync_f
dispatch_retain
dispatch_resume
dispatch_source_set_timer
dispatch_time
dispatch_set_context
dispatch_source_set_event_handler_f
dispatch_source_create
dispatch_semaphore_signal

kernel32

LoadLibraryW
FreeLibrary
GetProcAddress
GetVersionExW
GetFileAttributesW
CreateFileW
GetFileAttributesExW
CreateThread
GetVersion
GetFileType
GetStdHandle
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
LoadLibraryA
GetVersionExA
FlushConsoleInputBuffer
SetLastError
GetLocalTime
GetFileSizeEx
DeviceIoControl
GetOverlappedResult
CreateEventW
GetModuleHandleW
LockResource
LoadResource
FindResourceW
GetModuleHandleA
SleepEx
SetErrorMode
SetThreadPriority
CancelIo
WriteFile
GetFileSize
TlsGetValue
RemoveDirectoryW
GetModuleFileNameW
GetFullPathNameW
CreateProcessW
GetCurrentDirectoryW
CreateFileMappingW
OpenFileMappingW
MoveFileExW
CopyFileW
SetFileAttributesW
GetModuleFileNameA
GetFileInformationByHandle
FindNextFileW
MapViewOfFile
UnmapViewOfFile
ResetEvent
SetNamedPipeHandleState
FlushFileBuffers
CreateEventA
CreateNamedPipeA
ConnectNamedPipe
FindFirstFileA
FindNextFileA
VirtualQuery
GetProcessHeap
HeapAlloc
HeapFree
lstrlenA
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsSetValue
TlsAlloc
TryEnterCriticalSection
GetSystemTimeAsFileTime
GetSystemTime
OutputDebugStringA
GetTempPathW
GetTempFileNameW
DeleteFileW
CreateDirectoryW
WideCharToMultiByte
FindFirstFileW
LocalFree
InterlockedCompareExchange
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
ReadFile
CloseHandle
CreateMutexW
FindClose
Sleep
LoadLibraryExW
MultiByteToWideChar
GetLastError
WaitForSingleObject
ReleaseMutex
GetCurrentThreadId
DecodePointer
EncodePointer
RaiseException
InterlockedExchange
LocalAlloc
GetFileTime

user32

GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
UnregisterClassW
GetDesktopWindow
wsprintfW
RegisterClassW
GetPropW
SetPropW
DestroyWindow
DefWindowProcW
MsgWaitForMultipleObjects
PostQuitMessage
RegisterDeviceNotificationW
CreateWindowExW
GetMessageW
DispatchMessageW
SendMessageW
UnregisterDeviceNotification

gdi32

CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
GetObjectA
BitBlt
GetBitmapBits
DeleteObject
DeleteDC
CreateDCA

advapi32

RegCloseKey
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptHashData
RegQueryValueExW
RegOpenKeyExW
SetSecurityInfo
SetEntriesInAclW
GetSecurityInfo
CreateWellKnownSid
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegQueryValueExA
RegOpenKeyExA
GetUserNameW
CryptCreateHash
CryptAcquireContextW

shell32

SHGetFolderPathAndSubDirW
SHCreateDirectoryExW
SHGetFolderPathW
SHFileOperationW

ole32

StringFromGUID2

msvcp100

?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

msvcr100

_scwprintf
_wgetenv
_stricmp
fprintf
__iob_func
memset
strerror
free
calloc
_errno
malloc
memcpy
fread
fwrite
ftell
_ftelli64
fseek
_fseeki64
fclose
ferror
sprintf_s
realloc
_snwprintf
strncmp
_snwprintf_s
_unlink
_beginthreadex
wcschr
_localtime64
_mktime64
_time64
_strtoui64
atoi
strncpy
_endthreadex
_close
sscanf
sprintf
rand
srand
memchr
fflush
vfprintf
strerror_s
strrchr
strncpy_s
_strtoi64
strtol
isalpha
isdigit
toupper
_snprintf_s
_snprintf
abort
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
memmove
??3@YAXPAX@Z
??2@YAPAXI@Z
feof
perror
rewind
_wfopen_s
_wsopen_s
_strerror_s
wcscat_s
_write
fprintf_s
isxdigit
_wfopen
printf
_wputenv
strchr
getenv
strtoul
wcsstr
_vsnprintf
isspace
tolower
_setmode
_fileno
fgets
qsort
isupper
isalnum
strcmp
_gmtime64
fputs
signal
_getch
strstr
_ftime64
_fstat64i32
_stat64i32
strcat_s
strncat
_ctime64
_CxxThrowException
memcpy_s
memmove_s
_strlwr_s
_strnicmp
wcscpy_s
??_V@YAXPAX@Z
_strupr_s
_wcsicmp
__CxxFrameHandler3
_strupr
strcpy
strlen
_wchmod
_wstat64i32
?_wopen@@YAHPB_WHH@Z
_wmkdir
_wrename
_waccess
_wunlink
vsprintf_s
_strdup
_localtime64_s
_isatty
_vscprintf
_vsnprintf_s
_getpid
strftime
isprint
_purecall
_read
_wstat32i64
fopen
_set_errno
_get_osfhandle
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_CRT_RTC_INITW
_crt_debugger_hook
__clean_type_info_names_internal
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_mktemp

cfnetwork

CFHTTPMessageCreateRequest
CFHTTPMessageSetBody
kCFHTTPVersion1_1
CFURLRequestCreateMutableHTTPRequest
CFURLResponseGetHTTPResponse
CFReadStreamCreateForHTTPRequest
CFURLConnectionSendSynchronousRequest
CFHTTPMessageGetResponseStatusCode
kCFStreamPropertyHTTPResponseHeader
kCFStreamPropertySOCKSProxy
CFHTTPMessageSetHeaderFieldValue

setupapi

SetupDiDestroyDeviceInfoList
CM_Get_Sibling
CM_Get_Child
CM_Get_DevNode_Registry_PropertyW
CM_Get_Device_ID_Size
CM_Get_Device_IDA
CM_Locate_DevNodeW
SetupDiGetDeviceRegistryPropertyW
CM_Get_Parent
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInfo
SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces

Exports

Exports

?AFCLog@@YAXHPBDZZ
?AFCPlatformInitialize@@YAXXZ
?AFCSetLogLevel@@YAXH@Z
AFCConnectionClose
AFCConnectionCopyLastErrorInfo
AFCConnectionCreate
AFCConnectionGetContext
AFCConnectionGetFSBlockSize
AFCConnectionGetIOTimeout
AFCConnectionGetSecureContext
AFCConnectionGetSocketBlockSize
AFCConnectionGetStatus
AFCConnectionGetTypeID
AFCConnectionInvalidate
AFCConnectionIsValid
AFCConnectionOpen
AFCConnectionProcessOperation
AFCConnectionProcessOperations
AFCConnectionScheduleWithRunLoop
AFCConnectionSetCallBack
AFCConnectionSetContext
AFCConnectionSetDisposeSecureContextOnInvalidate
AFCConnectionSetFSBlockSize
AFCConnectionSetFatalError
AFCConnectionSetIOTimeout
AFCConnectionSetSecureContext
AFCConnectionSetSocketBlockSize
AFCConnectionSubmitOperation
AFCConnectionUnscheduleFromRunLoop
AFCCopyErrorString
AFCCopyPacketTypeString
AFCDeviceInfoOpen
AFCDirectoryClose
AFCDirectoryCreate
AFCDirectoryOpen
AFCDirectoryRead
AFCDiscardBodyData
AFCDiscardData
AFCErrnoToAFCError
AFCFileDescriptorCreateCloseOperation
AFCFileDescriptorCreateGetPositionOperation
AFCFileDescriptorCreateLockOperation
AFCFileDescriptorCreateReadAtPositionOperation
AFCFileDescriptorCreateReadOperation
AFCFileDescriptorCreateSetImmutableHintOperation
AFCFileDescriptorCreateSetPositionOperation
AFCFileDescriptorCreateSetSizeOperation
AFCFileDescriptorCreateUnlockOperation
AFCFileDescriptorCreateWriteAtPositionOperation
AFCFileDescriptorCreateWriteOperation
AFCFileDescriptorGetTypeID
AFCFileDescriptorInvalidate
AFCFileDescriptorIsValid
AFCFileInfoOpen
AFCFileRefClose
AFCFileRefLock
AFCFileRefOpen
AFCFileRefRead
AFCFileRefSeek
AFCFileRefSetFileSize
AFCFileRefTell
AFCFileRefUnlock
AFCFileRefWrite
AFCFlushData
AFCGetClientVersionString
AFCKeyValueClose
AFCKeyValueRead
AFCLinkPath
AFCLockCreate
AFCLockFree
AFCLockLock
AFCLockTryLock
AFCLockUnlock
AFCOperationCopyPacketData
AFCOperationCreateGetConnectionInfo
AFCOperationCreateGetDeviceInfo
AFCOperationCreateGetFileHash
AFCOperationCreateGetFileHashWithRange
AFCOperationCreateGetFileInfo
AFCOperationCreateGetSizeOfPathContents
AFCOperationCreateLinkPath
AFCOperationCreateMakeDirectory
AFCOperationCreateOpenFile
AFCOperationCreatePacketHeaderDictionary
AFCOperationCreateReadDirectory
AFCOperationCreateRemovePath
AFCOperationCreateRemovePathAndContents
AFCOperationCreateRenamePath
AFCOperationCreateSetConnectionOptions
AFCOperationCreateSetModTime
AFCOperationGetContext
AFCOperationGetResultObject
AFCOperationGetResultStatus
AFCOperationGetState
AFCOperationGetTypeID
AFCOperationSetContext
AFCReadData
AFCReadPacket
AFCReadPacketBody
AFCReadPacketHeader
AFCRemovePath
AFCRenamePath
AFCSendData
AFCSendDataPacket
AFCSendHeader
AFCSendPacket
AFCSendStatus
AFCStringCopy
AFCValidateHeader
AMDCopyArrayOfDevicesMatchingQuery
AMDCopyAuthenticationIdentityForDevice
AMDCopyErrorText
AMDCopySystemBonjourUniqueID
AMDFUModeDeviceCopyAuthInstallPreflightOptions
AMDFUModeDeviceCopyBoardConfig
AMDFUModeDeviceGetBoardID
AMDFUModeDeviceGetChipID
AMDFUModeDeviceGetECID
AMDFUModeDeviceGetLocationID
AMDFUModeDeviceGetProductID
AMDFUModeDeviceGetProductType
AMDFUModeDeviceGetProductionMode
AMDFUModeDeviceGetProgress
AMDFUModeDeviceGetSecurityDomain
AMDFUModeDeviceGetSecurityEpoch
AMDFUModeDeviceGetTypeID
AMDFUModeDeviceIsBootstrapOnly
AMDFUModeDeviceRequestAbbreviatedSendSync
AMDGetPairingRecordDirectoryPath
AMDListenForNotifications
AMDObserveNotification
AMDPostNotification
AMDSecureListenForNotifications
AMDSecureObserveNotification
AMDSecurePostNotification
AMDSecureShutdownNotificationProxy
AMDServiceConnectionCreate
AMDServiceConnectionGetSecureIOContext
AMDServiceConnectionGetSocket
AMDServiceConnectionGetTypeID
AMDServiceConnectionInvalidate
AMDServiceConnectionReceive
AMDServiceConnectionReceiveMessage
AMDServiceConnectionSend
AMDServiceConnectionSendMessage
AMDSetLogLevel
AMDShutdownNotificationProxy
AMDeviceActivate
AMDeviceArchiveApplication
AMDeviceCheckCapabilitiesMatch
AMDeviceConnect
AMDeviceCopyAuthInstallPreflightOptions
AMDeviceCopyDeviceIdentifier
AMDeviceCopyDeviceLocation
AMDeviceCopyPairedCompanion
AMDeviceCopyProvisioningProfiles
AMDeviceCopyValue
AMDeviceCopyValueWithError
AMDeviceCreateHouseArrestService
AMDeviceCreateWakeupToken
AMDeviceDeactivate
AMDeviceDeleteHostPairingRecordForUDID
AMDeviceDisconnect
AMDeviceEnterRecovery
AMDeviceExtendedPairWithOptions
AMDeviceGetConnectionID
AMDeviceGetInterfaceSpeed
AMDeviceGetInterfaceType
AMDeviceGetTypeID
AMDeviceGetUserInfo
AMDeviceGetWirelessBuddyFlags
AMDeviceInstallApplication
AMDeviceInstallProvisioningProfile
AMDeviceIsAtLeastVersionOnPlatform
AMDeviceIsPaired
AMDeviceIsValid
AMDeviceLookupApplicationArchives
AMDeviceLookupApplications
AMDeviceNotificationSubscribe
AMDeviceNotificationSubscribeWithOptions
AMDeviceNotificationUnsubscribe
AMDevicePair
AMDevicePairWithOptions
AMDevicePowerAssertionCreate
AMDevicePowerAssertionGetTypeID
AMDevicePreflightOperationCreate
AMDevicePreflightOperationGetRunLoopSource
AMDevicePreflightOperationGetTypeID
AMDevicePreflightOperationInvalidate
AMDeviceRemoveApplicationArchive
AMDeviceRemoveProvisioningProfile
AMDeviceRemoveValue
AMDeviceRequestAbbreviatedSendSync
AMDeviceRestoreApplication
AMDeviceSecureArchiveApplication
AMDeviceSecureCheckCapabilitiesMatch
AMDeviceSecureInstallApplication
AMDeviceSecureRemoveApplicationArchive
AMDeviceSecureRestoreApplication
AMDeviceSecureStartService
AMDeviceSecureTransferPath
AMDeviceSecureUninstallApplication
AMDeviceSecureUpgradeApplication
AMDeviceSetUserInfo
AMDeviceSetValue
AMDeviceSetWirelessBuddyFlags
AMDeviceStartHouseArrestService
AMDeviceStartService
AMDeviceStartServiceWithOptions
AMDeviceStartSession
AMDeviceStopSession
AMDeviceTransferApplication
AMDeviceTransferPath
AMDeviceUninstallApplication
AMDeviceUnpair
AMDeviceUpgradeApplication
AMDeviceValidatePairing
AMDeviceWakeupOperationCreateWithToken
AMDeviceWakeupOperationGetTypeID
AMDeviceWakeupOperationInvalidate
AMDeviceWakeupOperationSchedule
AMDeviceWakeupUsingToken
AMRAuthInstallCopyLocalizedStringForServerError
AMRAuthInstallCopyPreflightOptions
AMRAuthInstallFinalize
AMRAuthInstallPreflight
AMRAuthInstallRegisterProxyCredentialsCallback
AMRLog
AMRLogv
AMRecoveryModeDeviceCopyAuthInstallPreflightOptions
AMRecoveryModeDeviceCopyBoardConfig
AMRecoveryModeDeviceCopyEnvironmentVariableFromDevice
AMRecoveryModeDeviceCopyIMEI
AMRecoveryModeDeviceCopySerialNumber
AMRecoveryModeDeviceGetBoardID
AMRecoveryModeDeviceGetChipID
AMRecoveryModeDeviceGetECID
AMRecoveryModeDeviceGetLocationID
AMRecoveryModeDeviceGetProductID
AMRecoveryModeDeviceGetProductType
AMRecoveryModeDeviceGetProductionMode
AMRecoveryModeDeviceGetProgress
AMRecoveryModeDeviceGetSecurityDomain
AMRecoveryModeDeviceGetSecurityEpoch
AMRecoveryModeDeviceGetTypeID
AMRecoveryModeDeviceIsBootstrapOnly
AMRecoveryModeDeviceReboot
AMRecoveryModeDeviceRequestAbbreviatedSendSync
AMRecoveryModeDeviceSendBlindCommandToDevice
AMRecoveryModeDeviceSendCommandToDevice
AMRecoveryModeDeviceSendFileToDevice
AMRecoveryModeDeviceSetAutoBoot
AMRecoveryModeGetSoftwareBuildVersion
AMRestorableBuildCopyRestoreBundleURL
AMRestorableBuildCopySupportedBoardConfigs
AMRestorableBuildCopySupportedVariants
AMRestorableBuildCreate
AMRestorableCommitStashBag
AMRestorableDeviceCopyAMDevice
AMRestorableDeviceCopyAuthInstallPreflightOptions
AMRestorableDeviceCopyBoardConfig
AMRestorableDeviceCopyDFUModeDevice
AMRestorableDeviceCopyDefaultRestoreOptions
AMRestorableDeviceCopyRecoveryModeDevice
AMRestorableDeviceCopyRestoreModeDevice
AMRestorableDeviceCopyRestoreOptionsFromDocument
AMRestorableDeviceCopySerialDevicePath
AMRestorableDeviceCopySerialNumber
AMRestorableDeviceCreateFromAMDevice
AMRestorableDeviceEnableExtraDFUDevices
AMRestorableDeviceGetDFUModeDevice
AMRestorableDeviceGetECID
AMRestorableDeviceGetFusingInfo
AMRestorableDeviceGetLocationID
AMRestorableDeviceGetProductID
AMRestorableDeviceGetProductType
AMRestorableDeviceGetRecoveryModeDevice
AMRestorableDeviceGetState
AMRestorableDeviceRegisterForNotifications
AMRestorableDeviceRestore
AMRestorableDeviceSendBlindCommand
AMRestorableDeviceSendCommand
AMRestorableDeviceSendFile
AMRestorableDeviceSetLogFileURL
AMRestorableDeviceSetProxyCredentialsCallback
AMRestorableDeviceUnregisterForNotifications
AMRestorableEnableLogStreaming
AMRestorableGetIdentifyingErrorCode
AMRestorableLogToFile
AMRestorablePersonalizeCopyManifestTag
AMRestorablePersonalizeSendFile
AMRestorableSetGlobalLocationIDFilter
AMRestorableSetGlobalLogFileURL
AMRestorableSetLogLevel
AMRestoreCreateBootArgsByAddingArg
AMRestoreCreateBootArgsByRemovingArg
AMRestoreCreateDefaultOptions
AMRestoreCreatePathsForBundle
AMRestoreDisableFileLogging
AMRestoreEnableExtraDFUDevices
AMRestoreEnableFileLogging
AMRestoreGetSupportedPayloadVersion
AMRestoreGetTransformedDFUType
AMRestoreGetTransformedFirmwareTypeValue
AMRestoreModeDeviceCopyBoardConfig
AMRestoreModeDeviceCopyEcid
AMRestoreModeDeviceCopyIMEI
AMRestoreModeDeviceCopyRestoreLog
AMRestoreModeDeviceCopySerialNumber
AMRestoreModeDeviceCreate
AMRestoreModeDeviceGetDeviceID
AMRestoreModeDeviceGetLocationID
AMRestoreModeDeviceGetProgress
AMRestoreModeDeviceGetTypeID
AMRestoreModeDeviceReboot
AMRestoreModeGetLastFailureLog
AMRestorePerformDFURestore
AMRestorePerformRecoveryModeRestore
AMRestorePerformRestoreModeRestore
AMRestorePerformRestoreModeRestoreWithError
AMRestoreRegisterForDeviceNotifications
AMRestoreSetLogLevel
AMRestoreUnregisterForDeviceNotifications
AMSAddAppleSearchPathsToEnvironmentFromReg
AMSArchiveBackup
AMSBackupWithOptions
AMSBeginSync
AMSBeginSyncForDataClasses
AMSCancelBackupRestore
AMSCancelCrashReportCopy
AMSCancelSync
AMSCancelSyncDiagnostics
AMSChangeBackupPassword
AMSCleanup
AMSClearDataClasses
AMSConnectToCrashReportCopyTarget
AMSCopyApplicationListFromBackup
AMSCopyCrashReportPath
AMSCopyCrashReportsFromTarget
AMSCopySourcesForRestoreCompatibleWith
AMSDisconnectFromCrashReportCopyTarget
AMSEnableCloudBackup
AMSEnableSyncServices
AMSGetAOSUsername
AMSGetApplicationProviderInfo
AMSGetBackupInfo
AMSGetBackupPasswordFromKeychainForTarget
AMSGetCalendarDayLimit
AMSGetClientIdentifierAndDisplayNameForTarget
AMSGetCollectionsForDataClassName
AMSGetCrashReportCopyPreferencesForTarget
AMSGetDataChangeAlertInfo
AMSGetDataClassInfoForTarget
AMSGetDefaultOutlookCalendarMapping
AMSGetLastSyncDateForDataClass
AMSGetNewRecordCalendarName
AMSGetNewRecordGroupName
AMSGetNumberOfCrashReportsToCopy
AMSGetNumberOfCrashReportsToSubmit
AMSGetSourcesForRestore
AMSGetSupportedDataClassNames
AMSInitialize
AMSIsSyncServicesEnabled
AMSRefreshCollectionsForDataClassName
AMSRegisterCallbacks
AMSRegisterClientWithTargetIdentifierAndDisplayName
AMSResetSyncData
AMSRestoreWithApplications
AMSRunSyncDiagnostics
AMSSetBackupPasswordInKeychain
AMSSetCalendarDayLimit
AMSSetCrashReportCopyPreferencesForTarget
AMSSetDataChangeAlertInfo
AMSSetDataClassInfoForTarget
AMSSetDefaultOutlookCalendarMapping
AMSSetDesignatedProviderForDataClassName
AMSSetFilteredCollectionNamesForDataClassName
AMSSetNewRecordCalendarName
AMSSetNewRecordGroupName
AMSSubmitCrashReportsFromTarget
AMSSubmitRestoreLogFromPath
AMSUnregisterTarget
ASRServerHandleConnection
MISProfileCopyPayload
MISProfileCopySignerSubjectSummary
MISProfileCreateDataRepresentation
MISProfileCreateWithData
MISProfileCreateWithFile
MISProfileGetValue
MISProfileIsMutable
MISProfileValidateSignature
MISProfileValidateSignatureWithAnchors
MISProfileWriteToFile
MISProvisioningProfileCheckValidity
MISProvisioningProfileGetCreationDate
MISProvisioningProfileGetDeveloperCertificates
MISProvisioningProfileGetExpirationDate
MISProvisioningProfileGetName
MISProvisioningProfileGetProvisionedDevices
MISProvisioningProfileGetUUID
MISProvisioningProfileGetVersion
MISProvisioningProfileIncludesDevice
MISProvisioningProfileProvisionsAllDevices
MISProvisioningProfileValidateSignature
RCGetSystemPartitionExtrasSizeForDevice
USBMuxConnectByPort
USBMuxListenForDevices
USBMuxListenerClose
USBMuxListenerCreate
USBMuxListenerSetDebug
kAFCErrorCodeKey
kAFCErrorDebugDescriptionKey
kAFCErrorDescriptionKey
kAFCErrorDomain
kAFCErrorDomainKey
kAFCErrorExtendedInfoKey
kAFCErrorFileLineKey
kAFCErrorFileNameKey
kAFCErrorLocalizedDescriptionKey
kAFCErrorLocalizedFailureReasonKey
kAFCErrorLocalizedRecoverySuggestionKey
kAFCErrorUnderlyingErrorKey
kAFCErrorVersionKey
kAFCHeaderKeyHeaderLength
kAFCHeaderKeyPacketData
kAFCHeaderKeyPacketID
kAFCHeaderKeyPacketLength
kAFCHeaderKeyPacketType
kAFCHeaderKeySignature
kAMRestorableInvalidClientID

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 414KB - Virtual size: 413KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iany.dll
.dll windows:6 windows x86 arch:x86

5c79b0dc148cc13302be81639d07a844

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08-05-2015 00:00

Not After

06-06-2018 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c5:7b:10:f5:03:8e:0b:b4:f1:72:a2:95:75:da:14:d5:74:8f:94:fe
Signer

Actual PE Digest

c5:7b:10:f5:03:8e:0b:b4:f1:72:a2:95:75:da:14:d5:74:8f:94:fe

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

H:\Work\iAnyLib\branches\v1.0\bin\iany_connector.pdb

Imports

ws2_32

closesocket
send
recv
htons
ntohl

shlwapi

PathFileExistsW

managercdb

itdb_playlist_is_mpl
itdb_playlist_free
itdb_playlist_new
itdb_artist_free
itdb_album_free
itdb_track_free
itdb_add_photos
itdb_photodb_parse
itdb_photodb_write
itdb_parse
itdb_free
itdb_write_file
itdb_playlist_mpl
itdb_playlist_add_track
itdb_add_track_new
itdb_playlist_add
itdb_members_track_free
itdb_playlist_is_podcasts
itdb_del_photo_album
itdb_add_photo_album
itdb_photo_free
itdb_del_photos

sqlite3

sqlite3_open
sqlite3_column_text
sqlite3_finalize
sqlite3_column_count
sqlite3_column_type
sqlite3_prepare_v2
sqlite3_close
sqlite3_column_int64
sqlite3_column_bytes
sqlite3_step
sqlite3_column_blob
sqlite3_column_double
sqlite3_free
sqlite3_exec
sqlite3_free_table
sqlite3_get_table

un7z

Uncompression

userenv

GetUserProfileDirectoryW

shell32

ShellExecuteExW
SHGetSpecialFolderLocation
SHGetMalloc
CommandLineToArgvW
SHCreateDirectoryExW
SHGetPathFromIDListW

wtsapi32

WTSQueryUserToken

user32

wsprintfA
wsprintfW

ole32

CreateStreamOnHGlobal
CoCreateGuid

freeimage

_FreeImage_FlipVertical@4
_FreeImage_FlipHorizontal@4
_FreeImage_Initialise@4
_FreeImage_GetMetadata@16
_FreeImage_Load@12
_FreeImage_Save@16
_FreeImage_RotateClassic@12
_FreeImage_GetTagValue@4
_FreeImage_Unload@4
_FreeImage_GetFIFFromFilename@4

kernel32

EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleMode
GetConsoleCP
SetStdHandle
GetFullPathNameW
WriteConsoleW
MoveFileExW
FreeLibraryAndExitThread
ExitThread
GetModuleHandleExW
ExitProcess
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetDriveTypeW
GetFileAttributesExW
CreateDirectoryW
InterlockedFlushSList
FreeLibrary
RtlUnwind
OutputDebugStringW
GetACP
GetCurrentThreadId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
EncodePointer
LeaveCriticalSection
EnterCriticalSection
SetFilePointerEx
ReadConsoleW
SetEnvironmentVariableA
SetEnvironmentVariableW
FlushFileBuffers
GetCommandLineA
CreateProcessA
CreateEventA
CreatePipe
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEndOfFile
VirtualProtect
VirtualQuery
InitializeSListHead
GetFileTime
FindFirstFileW
FindNextFileW
GetTempPathW
FindClose
GetModuleFileNameA
WaitForSingleObject
ReleaseMutex
GetLocalTime
RemoveDirectoryW
Sleep
GetLastError
DeleteFileW
SystemTimeToFileTime
CloseHandle
CreateThread
GetComputerNameW
HeapFree
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
GetEnvironmentVariableW
HeapSize
MultiByteToWideChar
HeapReAlloc
RaiseException
HeapAlloc
GetCurrentDirectoryW
DecodePointer
DeleteCriticalSection
GetProcessHeap
WideCharToMultiByte
LoadLibraryExW
GetTimeZoneInformation
SetNamedPipeHandleState
WriteFile
CreateFileW
WaitNamedPipeW
ReadFile
GetCommandLineW
SetFilePointer
CreateMutexW
GetSystemInfo
LoadLibraryW
GetProcAddress
WTSGetActiveConsoleSessionId
GetModuleHandleW
CopyFileA
GlobalSize
FileTimeToSystemTime
GlobalAlloc
GlobalFree
GlobalLock
CreateDirectoryA
GetSystemTime
GlobalUnlock
LoadLibraryExA
CreateEventW
SetEvent
GetSystemDirectoryA
WaitForMultipleObjects
GetExitCodeThread
GetDiskFreeSpaceExW
GetFileSize
GetStdHandle
FormatMessageA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetTempPathA
GetTempFileNameA
LocalFree
GetCurrentProcess
GetCurrentProcessId
GetExitCodeProcess
DuplicateHandle

advapi32

RegSetValueExW
RegCreateKeyW
SystemFunction036
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

gdiplus

GdipResetWorldTransform
GdipLoadImageFromStreamICM
GdipGetImagePixelFormat
GdipGraphicsClear
GdipCreateSolidFill
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipDrawImageRectI
GdipDeleteBrush
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipSaveGraphics
GdipDrawRectangleI
GdipSetCompositingQuality
GdipGetImageHeight
GdipCloneBrush
GdipGetImageGraphicsContext
GdipFillRectangleI
GdipDeleteGraphics
GdipGetImageWidth
GdipTranslateWorldTransform
GdipDrawImageRectRect
GdipRotateWorldTransform
GdipSaveImageToStream
GdipDeletePen
GdipCreateBitmapFromScan0
GdipCreatePen1
GdipLoadImageFromStream
GdiplusStartup
GdiplusShutdown
GdipLoadImageFromFile
GdipGetImageEncoders
GdipGetImageThumbnail
GdipLoadImageFromFileICM
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipFree
GdipGetImageEncodersSize
GdipSaveImageToFile

Exports

Exports

DeleteIanyManager
GetIanyManager
IOSInitialize
IOSListener
IsWiFiConnect
ReleaseApi
small_irestore

Sections

.text
Size: 833KB - Virtual size: 832KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iconv.dll
.dll windows:4 windows x86 arch:x86

2fecad82d36d88ec85ac574c16ce0ddd

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08-05-2015 00:00

Not After

06-06-2018 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

35:aa:43:f6:0d:84:95:b7:83:28:c5:eb:d9:ed:97:88:5b:00:90:c9
Signer

Actual PE Digest

35:aa:43:f6:0d:84:95:b7:83:28:c5:eb:d9:ed:97:88:5b:00:90:c9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

malloc
memcmp
free
qsort
strlen
sprintf
memcpy
strcmp
_initterm
_adjust_fdiv
memset
_errno
strchr
abort
_strdup

kernel32

GetModuleFileNameA
GetACP
Sleep

Exports

Exports

_libiconv_version
libiconv
libiconv_close
libiconv_open
libiconv_set_relocation_prefix
libiconvctl
libiconvlist
locale_charset

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 800KB - Virtual size: 799KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
image/CHN.png
.png
image/Connect_5s.png
.png
image/GER.png
.png
image/JPN.png
.png
image/ROS_Advance.png
.png
image/ROS_BackingUp.gif
.gif
image/ROS_Problem.png
.png
image/ROS_download.gif
.gif
image/ROS_download_complete.png
.png
image/ROS_iPhone_itunes.png
.png
image/ROS_iPone_Success.png
.png
image/SPA.png
.png
image/USA.png
.png
image/about_backgroud.png
.png
image/backgroud.png
.png
image/bg_DataType.png
.png
image/bg_Submit.png
.png
image/bg_checkupdate.png
.png
image/bg_deleted.png
.png
image/bg_deleted_scanning.png
.png
image/bg_help_center.png
.png
image/bg_icloud_list.png
.png
image/bg_itunes.png
.png
image/bg_itunes_reslut.png
.png
image/bg_limited.png
.png
image/bg_locked.png
.png
image/bg_popup.png
.png
image/bg_profile_ros.png
.png
image/bg_progress.png
.png
image/bg_register.png
.png
image/bg_report.png
.png
image/bg_solution.png
.png
image/bg_step_transparent.png
.png
image/bg_transparent.png
.png
image/bg_trust.png
.png
image/bg_unregistered.png
.png
image/btn_Apple_ID.png
.png
image/btn_Download.png
.png
image/btn_Print.png
.png
image/btn_Sign_Out.png
.png
image/btn_Software_Access.png
.png
image/btn_back.png
.png
image/btn_exit_recovery_mode.png
.png
image/btn_home.png
.png
image/btn_language.png
.png
image/btn_login.png
.png
image/btn_next.png
.png
image/btn_register.png
.png
image/btn_save.png
.png
image/btn_send.png
.png
image/btn_start.png
.png
image/btn_start_scan.png
.png
image/button_Purchase.png
.png
image/button_Remind.png
.png
image/button_Stop_Download.png
.png
image/button_about.png
.png
image/button_browse.png
.png
image/button_buy.png
.png
image/button_cancel.png
.png
image/button_close.png
.png
image/button_enter_license.png
.png
image/button_freetrial.png
.png
image/button_go.png
.png
image/button_help.png
.png
image/button_help_connected.png
.png
image/button_home.png
.png
image/button_key.png
.png
image/button_learn_more.png
.png
image/button_main.png
.png
image/button_main_long.png
.png
image/button_menu_icloud.png
.png
image/button_menu_iphone.png
.png
image/button_menu_itunes.png
.png
image/button_menu_repair_os.png
.png
image/button_min.png
.png
image/button_msg_green.png
.png
image/button_msg_green_long.png
.png
image/button_msg_light.png
.png
image/button_msg_light_long.png
.png
image/button_msg_red.png
.png
image/button_msg_red_long.png
.png
image/button_next.png
.png
image/button_ok.png
.png
image/button_open.png
.png
image/button_pause.png
.png
image/button_popup.png
.png
image/button_previous.png
.png
image/button_recover.png
.png
image/button_registration.png
.png
image/button_resume.png
.png
image/button_scan_pause.png
.png
image/button_scan_stop.png
.png
image/button_second.png
.png
image/button_second_long.png
.png
image/button_select.png
.png
image/button_share.png
.png
image/button_start.png
.png
image/button_stop.png
.png
image/button_trust.png
.png
image/buy_now_limited.png
.png
image/buynow.png
.png
image/can_scan_bg.png
.png
image/can_scan_bg_3gs.png
.png
image/can_scan_bg_4.png
.png
image/can_scan_bg_6.png
.png
image/center_icloud.png
.png
image/center_ios.png
.png
image/center_itunes.png
.png
image/check_all.png
.png
image/check_none.png
.png
image/check_segment.png
.png
image/data2device/btn_Recover_device.png
.png
image/data2device/btn_Recover_pc.png
.png
image/data2device/icon_contact.png
.png
image/data2device/icon_message.png
.png
image/data2device/icon_note.png
.png
image/data2device/main_bg.png
.png
image/data2device/search_panel_bg.png
.png
image/decrypt_btn.png
.png
image/detail_WhatsApp.png
.png
image/detail_WhatsApp_Attachments.png
.png
image/detail_calls.png
.png
image/detail_camera.png
.png
image/detail_contacts.png
.png
image/detail_data.png
.png
image/detail_document.png
.png
image/detail_message_attachment.png
.png
image/detail_messages.png
.png
image/detail_messenger.png
.png
image/detail_messenger_attachment.png
.png
image/detail_note_attachment.png
.png
image/detail_notes.png
.png
image/detail_other_photos.png
.png
image/detail_photos.png
.png
image/detail_recordings.png
.png
image/detail_reminders.png
.png
image/detail_safari.png
.png
image/detail_tango.png
.png
image/detail_viber.png
.png
image/detail_viber_messages.png
.png
image/detail_voice.png
.png
image/detail_voicemail.png
.png
image/device_enable.png
.png
image/device_encrypt.png
.png
image/device_icloud.png
.png
image/device_info_bg.png
.png
image/device_lock_bg.png
.png
image/device_video.png
.png
image/device_whatsapp.png
.png
image/diskInfo/disk.png
.png
image/diskInfo/disk_bg.png
.png
image/diskInfo/disk_bg_click.png
.png
image/diskInfo/disk_c.png
.png
image/diskInfo/disk_c_click.png
.png
image/diskInfo/disk_click.png
.png
image/diskInfo/disk_track.png
.png
image/diskInfo/disk_track2.png
.png
image/dll_download_bg.png
.png
image/download_bg.png
.png
image/find.gif
.gif
image/find_top_bg.png
.png
image/flow/audio_btn_paly.png
.png
image/flow/audio_btn_stop.png
.png
image/flow/incoming_bottom.png
.png
image/flow/incoming_center.png
.png
image/flow/incoming_top.png
.png
image/flow/outgoing_bottom.png
.png
image/flow/outgoing_bottom_imessage.png
.png
image/flow/outgoing_center.png
.png
image/flow/outgoing_center_imessage.png
.png
image/flow/outgoing_top.png
.png
image/flow/outgoing_top_imessage.png
.png
image/flow/view_video.png
.png
image/flow/view_video_cannot_preview.png
.png
image/flow/view_voice.png
.png
image/gif_scan.gif
.gif
image/gif_scan_completed.png
.png
image/gif_search.gif
.gif
image/iCloud_download.gif
.gif
image/icloud_select_type_bg.png
.png
image/ico_app.png
.png
image/ico_media.png
.png
image/ico_text.png
.png
image/imageViewBundle/btn_panel_bg.png
.png
image/imageViewBundle/button_actual.png
.png
image/imageViewBundle/button_clockwise.png
.png
image/imageViewBundle/button_close.png
.png
image/imageViewBundle/button_contrarotate.png
.png
image/imageViewBundle/button_max.png
.png
image/imageViewBundle/button_next.png
.png
image/imageViewBundle/button_next_preview.png
.png
image/imageViewBundle/button_previous.png
.png
image/imageViewBundle/button_previous_preview.png
.png
image/imageViewBundle/button_restore.png
.png
image/imageViewBundle/button_suitable.png
.png
image/imageViewBundle/button_zoom_in.png
.png
image/imageViewBundle/button_zoom_out.png
.png
image/imageViewBundle/center_flag.png
.png
image/imageViewBundle/message_bottom.png
.png
image/imageViewBundle/message_line_left.png
.png
image/imageViewBundle/message_line_right.png
.png
image/imageViewBundle/message_top.png
.png
image/imagelist.bmp
image/ios_help_center_bg.png
.png
image/iphoen_connect.gif
.gif
image/iphone_search.swf
image/iphone_search_6.swf
image/list_hearder.bmp
image/list_sort_down.png
.png
image/list_sort_up.png
.png
image/list_split.bmp
image/loading_text.png
.png
image/main_no_connct.png
.png
image/main_no_connct_6.png
.png
image/menuIcon/menu_Language.png
.png
image/menuIcon/menu_Purchase.png
.png
image/menuIcon/menu_about.png
.png
image/menuIcon/menu_contact.png
.png
image/menuIcon/menu_exit.png
.png
image/menuIcon/menu_guide.png
.png
image/menuIcon/menu_help.png
.png
image/menuIcon/menu_home.png
.png
image/menuIcon/menu_mail.png
.png
image/menuIcon/menu_updates.png
.png
image/menu_about.png
.png
image/menu_buy.png
.png
image/menu_help.png
.png
image/menu_mail.png
.png
image/menu_register.png
.png
image/message_bg.png
.png
image/number.png
.png
image/number_bg.png
.png
image/output_setting_bg.png
.png
image/pic_have't_trusted.png
.png
image/pic_no_found.png
.png
image/pic_stuck.png
.png
image/pic_waiting.png
.png
image/preview_document.png
.png
image/preview_recording.png
.png
image/preview_video.png
.png
image/print.png
.png
image/privew.png
.png
image/railing/btn_album.png
.png
image/railing/btn_album_sel.png
.png
image/railing/btn_mid_railing.png
.png
image/railing/btn_mid_railing_sel.png
.png
image/railing/btn_railing.png
.png
image/railing/btn_railing_sel.png
.png
image/railing/btn_thumb.png
.png
image/railing/btn_thumb_sel.png
.png
image/railing/button_preview_data.png
.png
image/railing/check_all.png
.png
image/railing/check_none.png
.png
image/railing/check_segment.png
.png
image/railing/expand_flag.png
.png
image/recovery_backgroud.png
.png
image/recovery_ready_backgroud.png
.png
image/reg_fail_bg.png
.png
image/ros_iphone_warning.png
.png
image/scan_now.png
.png
image/search_btn.png
.png
image/search_panel_bg.png
.png
image/search_top_bg.png
.png
image/setting.png
.png
image/sign_in_iCloud_BG.png
.png
image/step_exit_dfu_mode.png
.png
image/step_into_dfu_mode.png
.png
image/step_recovery_mode.png
.png
image/sub_backgroud.png
.png
image/top_bar_backgroud.png
.png
image/trake_slider.gif
.gif
image/version_warning.png
.png
image/wait.gif
.gif
image/wait_login.gif
.gif
irestore.exe
.exe windows:5 windows x86 arch:x86

f0a712e5f833c3a363cb1631014380b4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08-05-2015 00:00

Not After

06-06-2018 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

63:81:02:6a:c0:a4:e8:28:5a:a0:d3:97:30:d4:cc:21:ef:e6:4f:ec
Signer

Actual PE Digest

63:81:02:6a:c0:a4:e8:28:5a:a0:d3:97:30:d4:cc:21:ef:e6:4f:ec

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\Work\iAnyLib\trank\v2.0\bin\irestore.pdb

Imports

iany

small_irestore
IOSInitialize

kernel32

CreateFileW
HeapFree
InitializeCriticalSectionAndSpinCount
HeapSize
GetLastError
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
DeleteCriticalSection
GetProcessHeap
WriteConsoleW
SetFilePointerEx
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
CloseHandle
CreateEventW
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
SetLastError
RtlUnwind
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
WriteFile
GetModuleFileNameA
GetCommandLineA
GetCommandLineW
GetACP
CompareStringW
LCMapStringW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetFileType
FindClose
FindFirstFileExA
FindNextFileA
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode

advapi32

SystemFunction036

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
language/english/ResourceLib.txt
language/japanese/ResourceLib.txt
language/language.xml
.xml
language/spanish/ResourceLib.txt
lib_iphone_recovery.dll
.dll windows:6 windows x86 arch:x86

3f238b0dc1c1e3811726e0ee7e838761

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08-05-2015 00:00

Not After

06-06-2018 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c9:c9:84:f2:3f:a6:ca:7d:ec:95:55:c1:63:4e:de:aa:e0:dc:93:d7
Signer

Actual PE Digest

c9:c9:84:f2:3f:a6:ca:7d:ec:95:55:c1:63:4e:de:aa:e0:dc:93:d7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\OfficeCode\lib_iphonedatarecovery_ios10_c\win\lib_iphone_reovery\Release\lib_iphone_recovery.pdb

Imports

user32

wsprintfW
MessageBoxA

shell32

ShellExecuteExW

kernel32

SetEnvironmentVariableA
SetEndOfFile
HeapSize
FlushFileBuffers
WaitForSingleObject
GetModuleFileNameW
GetTempPathW
GetLastError
MultiByteToWideChar
HeapFree
HeapAlloc
WideCharToMultiByte
GetSystemTimeAsFileTime
DeleteFileW
IsDebuggerPresent
IsProcessorFeaturePresent
ReadFile
GetCommandLineA
GetCurrentThreadId
EncodePointer
DecodePointer
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetProcessHeap
ExitProcess
GetModuleHandleExW
GetProcAddress
GetStdHandle
WriteFile
GetTimeZoneInformation
RaiseException
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetConsoleMode
ReadConsoleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetConsoleCP
SetFilePointerEx
GetFileType
DeleteCriticalSection
CloseHandle
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
LoadLibraryExW
OutputDebugStringW
HeapReAlloc
CreateFileW
SetStdHandle
WriteConsoleW

Exports

Exports

FreeAnalysisData
FreeNoteData
GetNoteContentFromBin
searchDeleteData

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libcurl.dll
.dll windows:5 windows x86 arch:x86

8176145028409aa62a5ba630fe78c43c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08-05-2015 00:00

Not After

06-06-2018 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:c1:0a:29:e1:36:6f:a1:55:4f:d5:89:2c:da:44:b5:f8:71:95:38
Signer

Actual PE Digest

71:c1:0a:29:e1:36:6f:a1:55:4f:d5:89:2c:da:44:b5:f8:71:95:38

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

recvfrom
sendto
send
select
__WSAFDIsSet
ioctlsocket
listen
accept
WSAStartup
WSACleanup
gethostname
getaddrinfo
freeaddrinfo
WSASetLastError
connect
socket
closesocket
recv
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
WSAGetLastError
shutdown

wldap32

ord22
ord211
ord143
ord60
ord50
ord26
ord30
ord200
ord32
ord35
ord79
ord33
ord301
ord27
ord41
ord46

user32

MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW

advapi32

ReportEventA
RegisterEventSourceA
DeregisterEventSource

kernel32

CompareStringA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetProcessHeap
SetEndOfFile
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
GetConsoleCP
CompareStringW
GetFullPathNameA
SetStdHandle
GetModuleFileNameA
VirtualAlloc
VirtualFree
HeapDestroy
HeapCreate
LCMapStringW
WideCharToMultiByte
LCMapStringA
RtlUnwind
GetStartupInfoA
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InterlockedDecrement
InterlockedIncrement
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize
CreateFileW
GetCurrentDirectoryA
GlobalMemoryStatus
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
SleepEx
VerifyVersionInfoA
VerSetConditionMask
CloseHandle
WaitForSingleObject
ExpandEnvironmentStringsA
Sleep
FormatMessageA
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
FreeLibrary
GetProcAddress
LoadLibraryA
GetTickCount
GetCurrentThreadId
GetModuleHandleA
GetVersion
WriteFile
MultiByteToWideChar
QueryPerformanceCounter
GetCurrentProcessId
TlsFree
FlushConsoleInputBuffer
SystemTimeToFileTime
GetSystemTime
GetSystemTimeAsFileTime
ExitThread
CreateThread
HeapReAlloc
HeapAlloc
HeapFree
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
SetFilePointer
FindClose
GetDriveTypeA
FindFirstFileA
GetCommandLineA
CreateFileA
GetModuleHandleW
ExitProcess
SetConsoleCtrlHandler
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_version
curl_version_info

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 277KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libexcel.dll
.dll windows:5 windows x86 arch:x86

9ab56d47be08171bcc5e652ab403681e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08-05-2015 00:00

Not After

06-06-2018 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:4c:06:2d:73:18:65:b3:b7:66:fd:4e:37:a2:76:89:0c:15:4c:5b
Signer

Actual PE Digest

32:4c:06:2d:73:18:65:b3:b7:66:fd:4e:37:a2:76:89:0c:15:4c:5b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

t:\IPhone3GS_Recovery\trunk\components\libexcel\lib\release\libexcel.pdb

Imports

kernel32

MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedCompareExchange
GetLocaleInfoA
GetLastError
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteConsoleW
GetFileType
GetStdHandle
GetModuleFileNameW
HeapAlloc
HeapReAlloc
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
RtlUnwind
RaiseException
LCMapStringA
LCMapStringW
GetCPInfo
GetTimeFormatA
GetDateFormatA
CompareStringA
CompareStringW
GetStringTypeW
SetHandleCount
GetStartupInfoA
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
ReadFile
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
SetFilePointer
CloseHandle
ExitProcess
LoadLibraryW
GetModuleFileNameA
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetModuleHandleA
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
SetStdHandle
LoadLibraryA
GetLocaleInfoW
CreateFileA
CreateFileW
SetEndOfFile
GetProcessHeap
SetEnvironmentVariableA

Exports

Exports

??0XLSFile@xlsFile@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4use_option@1@@Z
??0XLSSheet@@QAE@ABV0@@Z
??0XLSSheet@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAVworkbook@xlslib_core@@@Z
??0XLSSheet@@QAE@PAVworksheet@xlslib_core@@@Z
??0workbook@xlslib_core@@QAE@XZ
??1XLSFile@xlsFile@@UAE@XZ
??1XLSSheet@@UAE@XZ
??1workbook@xlslib_core@@UAE@XZ
??4XLSSheet@@QAEAAV0@ABV0@@Z
??_7XLSFile@xlsFile@@6B@
??_7XLSSheet@@6B@
??_7workbook@xlslib_core@@6BCBinFile@1@@
??_7workbook@xlslib_core@@6BCOleFileSystem@1@@
?Dump@workbook@xlslib_core@@QAEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?DumpData@workbook@xlslib_core@@AAEPAVCUnit@2@XZ
?GetSheet@workbook@xlslib_core@@QAEPAVworksheet@2@G@Z
?IsItalic@XLSSheet@@QAE_NKK@Z
?deleteContent@XLSSheet@@QAEXKK@Z
?firstTab@workbook@xlslib_core@@QAEXG@Z
?font@workbook@xlslib_core@@QAEPAVfont_t@2@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?font@workbook@xlslib_core@@QAEPAVfont_t@2@E@Z
?format@workbook@xlslib_core@@QAEPAVformat_t@2@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?format@workbook@xlslib_core@@QAEPAVformat_t@2@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?getBgColor@XLSSheet@@QAE?AW4color_name_t@xlslib_core@@KK@Z
?getBold@XLSSheet@@QAE?AW4boldness_option_t@xlslib_core@@KK@Z
?getCellType@XLSSheet@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@KK@Z
?getColspan@XLSSheet@@QAEHKK@Z
?getFilePath@XLSFile@xlsFile@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getFontColor@XLSSheet@@QAE?AW4color_name_t@xlslib_core@@KK@Z
?getFontHeight@XLSSheet@@QAEHKK@Z
?getFontName@XLSSheet@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@KK@Z
?getHAlign@XLSSheet@@QAE?AW4halign_option_t@xlslib_core@@KK@Z
?getLabel@XLSSheet@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@KK@Z
?getMaxCol@XLSSheet@@QAEHXZ
?getMaxRow@XLSSheet@@QAEHXZ
?getMinCol@XLSSheet@@QAEHXZ
?getMinRow@XLSSheet@@QAEHXZ
?getName@XLSSheet@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getNbSheet@XLSFile@xlsFile@@QBEHXZ
?getNumberDouble@XLSSheet@@QAENKK@Z
?getNumberInt@XLSSheet@@QAEHKK@Z
?getOrientation@XLSSheet@@QAE?AW4txtori_option_t@xlslib_core@@KK@Z
?getRowspan@XLSSheet@@QAEHKK@Z
?getScript@XLSSheet@@QAE?AW4script_option_t@xlslib_core@@KK@Z
?getSheet@XLSFile@xlsFile@@QAE?AVXLSSheet@@H@Z
?getUnderLine@XLSSheet@@QAE?AW4underline_option_t@xlslib_core@@KK@Z
?getVAlign@XLSSheet@@QAE?AW4valign_option_t@xlslib_core@@KK@Z
?hasBorderBottom@XLSSheet@@QAE_NKK@Z
?hasBorderLeft@XLSSheet@@QAE_NKK@Z
?hasBorderRight@XLSSheet@@QAE_NKK@Z
?hasBorderTop@XLSSheet@@QAE_NKK@Z
?newSheet@XLSFile@xlsFile@@QAE?AVXLSSheet@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?openCsv2@XLSFile@xlsFile@@QAE?AVXLSSheet@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0D@Z
?openCsv@XLSFile@xlsFile@@QAE?AVXLSSheet@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@D0@Z
?property@workbook@xlslib_core@@QAE_NW4property_t@2@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?save@XLSFile@xlsFile@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?save@XLSFile@xlsFile@@QAEXXZ
?saveToCsv@XLSFile@xlsFile@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?setCellBgColor@XLSSheet@@QAEXKKW4color_name_t@xlslib_core@@W4fill_option_t@3@@Z
?setCellBorderStyle@XLSSheet@@QAEXKKW4border_side_t@xlslib_core@@W4border_style_t@3@W4color_name_t@3@@Z
?setCellFrame@XLSSheet@@QAEXKKW4color_name_t@xlslib_core@@W4border_style_t@3@@Z
?setCellMerge@XLSSheet@@QAEXKKKK@Z
?setColWidth@XLSSheet@@QAEXKI@Z
?setColor@workbook@xlslib_core@@QAE_NEEEE@Z
?setFilePath@XLSFile@xlsFile@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?setFont@XLSSheet@@QAEXKKV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?setFontBold@XLSSheet@@QAEXKKW4boldness_option_t@xlslib_core@@@Z
?setFontColor@XLSSheet@@QAEXKKW4color_name_t@xlslib_core@@@Z
?setFontHAlign@XLSSheet@@QAEXKKW4halign_option_t@xlslib_core@@@Z
?setFontHeight@XLSSheet@@QAEXKKI@Z
?setFontItalic@XLSSheet@@QAEXKK_N@Z
?setFontOrientation@XLSSheet@@QAEXKKW4txtori_option_t@xlslib_core@@@Z
?setFontOutline@XLSSheet@@QAEXKK_N@Z
?setFontScript@XLSSheet@@QAEXKKW4script_option_t@xlslib_core@@@Z
?setFontShadow@XLSSheet@@QAEXKK_N@Z
?setFontStrikeout@XLSSheet@@QAEXKK_N@Z
?setFontUnderline@XLSSheet@@QAEXKKW4underline_option_t@xlslib_core@@@Z
?setFontVAlign@XLSSheet@@QAEXKKW4valign_option_t@xlslib_core@@@Z
?setNumber@XLSSheet@@QAEXKKH@Z
?setNumber@XLSSheet@@QAEXKKN@Z
?setRowHeight@XLSSheet@@QAEXKI@Z
?setTabNumber@XLSSheet@@QAEXPBHKKKK@Z
?setTabNumber@XLSSheet@@QAEXPBNKKKK@Z
?setTabText@XLSSheet@@QAEXPBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@KKKK@Z
?setText@XLSSheet@@QAEXKKABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?sheet@workbook@xlslib_core@@QAEPAVworksheet@2@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?sheet@workbook@xlslib_core@@QAEPAVworksheet@2@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?tabBarWidth@workbook@xlslib_core@@QAEXG@Z
?version@workbook@xlslib_core@@QBEPBDXZ
?windPosition@workbook@xlslib_core@@QAEXGG@Z
?windSize@workbook@xlslib_core@@QAEXGG@Z
?xformat@workbook@xlslib_core@@QAEPAVxf_t@2@PAVfont_t@2@@Z
?xformat@workbook@xlslib_core@@QAEPAVxf_t@2@XZ
copyXls
copyXlstoCsv
copyXlstoHtml

Sections

.text
Size: 328KB - Virtual size: 327KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
managercdb.dll
.dll windows:6 windows x86 arch:x86

d3a04084ea8e8c2c0276fff250447bb0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08-05-2015 00:00

Not After

06-06-2018 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8e:27:5b:0b:c2:41:0c:ab:16:69:b3:16:c0:9d:12:b4:2d:67:a7:c9
Signer

Actual PE Digest

8e:27:5b:0b:c2:41:0c:ab:16:69:b3:16:c0:9d:12:b4:2d:67:a7:c9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

H:\Work\iAnyLib\trank\v2.0\bin\managercdb.pdb

Imports

zlib1

compressBound
compress2
inflate
inflateEnd
inflateInit_

calchashab

CalcHashABData

kernel32

SetEndOfFile
DecodePointer
RaiseException
MultiByteToWideChar
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetLastError
GetModuleFileNameW
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReadFile
GetStdHandle
GetFileType
GetModuleHandleExW
WriteConsoleW
ExitProcess
HeapFree
HeapAlloc
HeapReAlloc
LCMapStringW
GetACP
SetFilePointerEx
GetConsoleMode
ReadConsoleW
CloseHandle
WriteFile
GetConsoleCP
OutputDebugStringW
WaitForSingleObjectEx
CreateThread
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetCommandLineA
GetCommandLineW
GetStringTypeW
FlushFileBuffers
SetStdHandle
CreateFileW
HeapSize

advapi32

SystemFunction036

Exports

Exports

itdb_add_photo_album
itdb_add_photos
itdb_add_track_new
itdb_album_free
itdb_artist_free
itdb_del_photo_album
itdb_del_photos
itdb_free
itdb_members_track_free
itdb_parse
itdb_photo_free
itdb_photodb_parse
itdb_photodb_write
itdb_playlist_add
itdb_playlist_add_track
itdb_playlist_free
itdb_playlist_is_mpl
itdb_playlist_is_podcasts
itdb_playlist_mpl
itdb_playlist_new
itdb_track_free
itdb_track_new
itdb_write_file

Sections

.text
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mobilelink.dll
.dll windows:6 windows x86 arch:x86

ed10cfcdc231268299beb836a75b092c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08-05-2015 00:00

Not After

06-06-2018 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:34:a3:fc:80:45:42:43:f8:49:56:09:b1:ad:d3:00:61:68:c6:ba
Signer

Actual PE Digest

1f:34:a3:fc:80:45:42:43:f8:49:56:09:b1:ad:d3:00:61:68:c6:ba

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\BWA\ProtectedCloudStorageWin-15\srcroot\PCS\Release\PCS.pdb

Imports

msvcr120

_unlock

kernel32

GetSystemTimeAsFileTime
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

bcrypt

BCryptDecrypt

msvcp120

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ

asl

asl_send

corefoundation

CFArrayInsertValueAtIndex

libdispatch

dispatch_async_f

shlwapi

PathAppendW

ws2_32

ntohl

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

aoskit

kAOSPersonIDKey

cfnetwork

kCFStreamPropertyHTTPResponseHeader

sqlite3

sqlite3_extended_errcode

Exports

Exports

PCSCopyUnwrappedKey
PCSCopyUnwrappedWithFDEServiceKey
PCSCopyWrappedKey
PCSCopyWrappedWithFDEServiceKey
PCSFPAddPrivateKey
PCSFPAddPublicIdentity
PCSFPAddSharePCS
PCSFPCopyDecryptedData
PCSFPCopyDiagnostic
PCSFPCopyEncryptedData
PCSFPCopyExported
PCSFPCopyKeyIDs
PCSFPCopyPrivateKey
PCSFPCopyPublicIdentities
PCSFPCopyRecoverPCS
PCSFPCopyUnwrappedKey
PCSFPCopyWrappedKey
PCSFPCreatePEMData
PCSFPCreatePrivateKey
PCSFPCreateUniqueID
PCSFPCreateWithExported
PCSFPCreateWithExportedAndIdentitySet
PCSFPRemovePublicIdentity
PCSFPRemoveSharePCS
PCSFPStatus
PCSIdentityCollectionCopyCurrent
PCSIdentityCollectionCopyPublicKeyInfo
PCSIdentityCollectionDestroy
PCSIdentityCollectionSave
PCSIdentityCollectionSetup
PCSIdentityCollectionStatus
PCSIdentityCopyCurrentKeyFingerprint
PCSIdentityCopyDiagnostic
PCSIdentityCopyExternalForm
PCSIdentityCopyPublicIdentity
PCSIdentityCopyPublicKeyInfo
PCSIdentityCreate
PCSIdentityCreateCollection
PCSIdentityCreateExportedRawCompact
PCSIdentityCreateFromData
PCSIdentityCreateFromRaw
PCSIdentityCreateRandomCompactRaw
PCSIdentityCreateService
PCSIdentityForeachService
PCSIdentityGetPublicID
PCSIdentityGetPublicKey
PCSIdentityGetService
PCSIdentityGetType
PCSIdentityGetTypeID
PCSIdentitySetAddIdentity
PCSIdentitySetCreate
PCSIdentitySetCreateMutable
PCSIdentitySetGetCurrentIdentity
PCSIdentitySetGetCurrentPublicIdentity
PCSIdentitySetGetIdentity
PCSIdentitySetGetIdentityByKeyID
PCSIdentitySetIsCurrentIdentity
PCSIdentitySetRemoveIdentity
PCSIdentitySetSetCurrentIdentity
PCSObjectCreateFromExportedWithIdentities
PCSObjectCreateFromExportedWithKeyedPCS
PCSPublicIdentityCollectionCopyCurrent
PCSPublicIdentityCopyCurrentKeyFingerprint
PCSPublicIdentityCopyPublicKey
PCSPublicIdentityCreateFromCollection
PCSPublicIdentityCreateFromKeyData
PCSPublicIdentityForeachService
PCSPublicIdentityGetPublicID
PCSPublicIdentityGetService
PCSPublicIdentityGetType
PCSPublicIdentityGetTypeID
PCSPublicIdentityImportPublicKeyInfo
PCSPublicServiceIdentityCopyWrappedKey
PCSServiceIdentityCopyExportedPublicKey
PCSServiceIdentityCopyPublicKeyInfo
PCSServiceIdentityCopyUnwrappedKey
PCSShareProtectionCopyKeys
PCSShareProtectionCreate
PCSShareProtectionDeletePCSKey
PCSShareProtectionGetAvailableKeyID
PCSShareProtectionGetTypeID
SecRandomCopyBytes
_PCSIdentityCacheReset
_PCSIdentitySetGetIdentities
__PCSIdentityCreateWithName
kPCSErrorDomain
kPCSServiceBladerunner
kPCSServiceFDE
kPCSServiceHyperion
kPCSServiceLiverpool
kPCSServiceMaster
kPCSServicePianoMover
kPCSServiceiMessage
kPCSSetupAuthToken
kPCSSetupDSID
kPCSSetupEnvionment
kPCSSetupEscrowURL
kPCSSetupForceNewIdentity
kPCSSetupKeychain
kPCSSetupPassword
kPCSSetupRecoverMode
kPCSSetupStingray
kPCSSetupTimeout
kPCSSetupUsername

Sections

.text
Size: - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pic/Success.png
.png
pic/button_Restart.png
.png
pic/button_Restart_later.png
.png
pic/button_cancel.png
.png
pic/button_close.png
.png
pic/button_min.png
.png
pic/button_no.png
.png
pic/button_ok.png
.png
pic/button_yes.png
.png
pic/error.png
.png
pic/message_bottom.png
.png
pic/message_line_left.png
.png
pic/message_line_right.png
.png
pic/message_top.png
.png
pic/msg_title_icon.png
.png
pic/question.png
.png
pic/warning.png
.png
sqlite3.dll
.dll windows:5 windows x86 arch:x86

31552e8967da01fae4dbb6dca841c0cc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08-05-2015 00:00

Not After

06-06-2018 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:d7:46:10:57:a6:8c:a9:ad:37:79:d3:1f:8d:e5:49:43:56:20:52
Signer

Actual PE Digest

5d:d7:46:10:57:a6:8c:a9:ad:37:79:d3:1f:8d:e5:49:43:56:20:52

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

t:\IPhone3GS_Recovery\trunk\components\sqlite-3.7.13\lib\release\sqlite3.pdb

Imports

kernel32

FreeLibrary
GetCurrentProcess
GetProcAddress
LoadLibraryA
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
CreateFileA
GetFileSize
CreateMutexW
SetFilePointer
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
HeapAlloc
SystemTimeToFileTime
SetFilePointerEx
QueryPerformanceCounter
HeapFree
WaitForSingleObject
InterlockedCompareExchange
UnlockFile
LockFile
WaitForSingleObjectEx
OutputDebugStringW
GetTickCount
UnlockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
Sleep
FormatMessageW
HeapDestroy
LeaveCriticalSection
GetFileAttributesA
HeapCreate
HeapValidate
GetFileAttributesW
ReadFile
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetLastError
HeapSize
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
DeleteCriticalSection
OutputDebugStringA
GetVersionExA
CloseHandle
DeleteFileW
GetCurrentProcessId
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
WriteConsoleW
GetFileType
GetStdHandle
GetModuleHandleW
ExitProcess
GetCurrentThreadId
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStartupInfoA
VirtualFree
VirtualAlloc
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetModuleFileNameA
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetModuleHandleA

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_config
sqlite3_db_filename
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_readonly
sqlite3_db_release_memory
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_rtree_geometry_callback
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_step
sqlite3_stmt_busy
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_stricmp
sqlite3_strnicmp
sqlite3_table_column_metadata
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_uri_boolean
sqlite3_uri_int64
sqlite3_uri_parameter
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vtab_config
sqlite3_vtab_on_conflict
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_sleep
sqlite3_win32_utf8_to_mbcs
sqlite3_win32_write_debug

Sections

.text
Size: 460KB - Virtual size: 459KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tango_decode.dll
.dll windows:5 windows x86 arch:x86

caeafb746cce229ca23c95eb20ac13f7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08-05-2015 00:00

Not After

06-06-2018 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

97:fb:b6:ff:7d:36:06:84:a0:3a:24:6a:1f:c3:ea:a0:85:6c:8e:f4
Signer

Actual PE Digest

97:fb:b6:ff:7d:36:06:84:a0:3a:24:6a:1f:c3:ea:a0:85:6c:8e:f4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

T:\code\base64_op\Release\tango_decode.pdb

Imports

sqlite3

sqlite3_close
sqlite3_free
sqlite3_finalize
sqlite3_column_bytes
sqlite3_column_blob
sqlite3_step
sqlite3_prepare
sqlite3_mprintf
sqlite3_open

kernel32

CloseHandle
ReadFile
GetProcessHeap
SetEndOfFile
LCMapStringW
WideCharToMultiByte
GetLastError
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
CreateFileA
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
SetStdHandle
FlushFileBuffers
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA

Exports

Exports

tango_decode
tango_infofree
viber
viber_infofree

Sections

.text
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe.nsis
updataError.dll
.dll windows:5 windows x86 arch:x86

e8fa3e2f25d7b247b10afeac9182c9ba

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08-05-2015 00:00

Not After

06-06-2018 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f2:29:d2:3b:f4:34:23:19:58:c7:3e:f5:9d:7f:8b:39:12:2b:73:e6
Signer

Actual PE Digest

f2:29:d2:3b:f4:34:23:19:58:c7:3e:f5:9d:7f:8b:39:12:2b:73:e6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\hook\Myhook\updataError\Release\updataError.pdb

Imports

kernel32

GetVersionExA
lstrcmpW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetWindowLongW

gdi32

DeleteObject

winspool.drv

DocumentPropertiesW

oleaut32

VariantInit

wininet

InternetOpenW

Exports

Exports

?UpdataReportFile@@YAHPA_W@Z

Sections

.text
Size: - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.asp10
Size: - Virtual size: 687KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.asp11
Size: 889KB - Virtual size: 889KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
zlib1.dll
.dll windows:4 windows x86 arch:x86

fd348b107c9a12537c4d666dc366ec5f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08-05-2015 00:00

Not After

06-06-2018 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

39:24:8c:ef:2e:32:87:2b:3a:6b:19:3f:e8:1c:0f:32:8c:9d:9f:69
Signer

Actual PE Digest

39:24:8c:ef:2e:32:87:2b:3a:6b:19:3f:e8:1c:0f:32:8c:9d:9f:69

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryW
MultiByteToWideChar
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

_close
_open
_read
_write
__dllonexit
__mb_cur_max
_amsg_exit
_errno
_initterm
_iob
_lock
_lseeki64
_onexit
_unlock
_vsnprintf
_wopen
abort
atoi
calloc
fputc
free
getenv
localeconv
malloc
memchr
memcpy
memset
setlocale
strchr
strerror
strlen
strncmp
wcslen
wcstombs

Exports

Exports

adler32
adler32_combine
adler32_combine64
compress
compress2
compressBound
crc32
crc32_combine
crc32_combine64
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePending
deflatePrime
deflateReset
deflateResetKeep
deflateSetDictionary
deflateSetHeader
deflateTune
get_crc_table
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgetc_
gzgets
gzoffset
gzoffset64
gzopen
gzopen64
gzopen_w
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzseek64
gzsetparams
gztell
gztell64
gzungetc
gzvprintf
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateGetDictionary
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
uncompress
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59a4a44a250c4cf4f2d9de2b3fe5d95f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

87:f8:f6:c9:8d:a5:e1:dc:dd:79:eb:0c:26:96:17:99:3a:b3:3b:62Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 105KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 105KB - Virtual size: 104KB

610235b90207a63ccf481f0d4375d329

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

154903d617e825e7d4f76664593675fd

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 697B

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 364B

b71a87db9d246a8923984da7950b48dc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

87:f8:f6:c9:8d:a5:e1:dc:dd:79:eb:0c:26:96:17:99:3a:b3:3b:62
Signer

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 105KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 105KB - Virtual size: 104KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 697B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 364B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

21:4a:de:11:c1:2e:70:f5:3b:a0:39:01:cc:70:9c:24:33:5b:c7:5d
Signer

.textbss
Size: - Virtual size: 193KB

.text
Size: 412KB - Virtual size: 412KB

.rdata
Size: 78KB - Virtual size: 78KB

.data
Size: 5KB - Virtual size: 14KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 18KB - Virtual size: 17KB

.text
Size: 520KB - Virtual size: 520KB

.rdata
Size: 66KB - Virtual size: 65KB

.data
Size: 18KB - Virtual size: 38KB

.rsrc
Size: 76KB - Virtual size: 76KB

.reloc
Size: 26KB - Virtual size: 26KB

.textbss
Size: - Virtual size: 380KB

.text
Size: 798KB - Virtual size: 798KB

.rdata
Size: 119KB - Virtual size: 119KB

.data
Size: 11KB - Virtual size: 21KB

.idata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 2KB - Virtual size: 1KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate