0fa3497ecdd386e00145f9cdea558165_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0fa3497ecdd386e00145f9cdea558165_JaffaCakes118
Size

260.0MB
MD5

0fa3497ecdd386e00145f9cdea558165
SHA1

43237ab97ee8f244fae0bf9af56f23968eca013c
SHA256

5166d595721e09384eafcc43ad6577b751caa5b201ed09917d98f15c11fe51fd
SHA512

687cec31f4ce4eccb52894c8b6be2219bb83b8485b1cf5a690b1a130c2a334482cbdb62d86af5e45fa722d6bf5a413cad287c93ad40eb4dc6fafad0b2c658527
SSDEEP

6291456:DJiGVJBGPQyL2nEC7tP6Jg9xZ64tczUULYTwL/LME:DJiGaL4UW9xZ6UcoUkTi/Lt

Score

3^/10

Malware Config

Signatures

Unsigned PE 16 IoCs

Checks for missing Authenticode signature.

resource
0fa3497ecdd386e00145f9cdea558165_JaffaCakes118
unpack001/$PLUGINSDIR/AccessControl.dll
unpack001/$PLUGINSDIR/CustomLicense.dll
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/SimpleFC.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/crashreport.dll
unpack002/infinst.exe
unpack004/infinst.exe
unpack006/infinst.exe
unpack008/infinst.exe
unpack001/farm2012.demo.dll
unpack001/farm2012.demo.exe
unpack001/iupdate.dll
unpack001/uninstall.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/uninstall.exe	nsis_installer_1
static1/unpack001/uninstall.exe	nsis_installer_2

Files

0fa3497ecdd386e00145f9cdea558165_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/AccessControl.dll
.dll windows:4 windows x86 arch:x86

ed83f419402bc3b83a08e3aaf8b5b5b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

ConvertStringSidToSidA
LookupAccountNameA
AdjustTokenPrivileges
LookupPrivilegeValueA
GetUserNameA
SetNamedSecurityInfoA
SetEntriesInAclA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
OpenProcessToken
LookupAccountSidA
ConvertSidToStringSidA
GetSidSubAuthority
GetSidSubAuthorityCount

kernel32

lstrcmpiA
lstrcpyA
LocalAlloc
lstrlenA
LocalFree
GetLastError
GlobalFree
lstrcpynA
GlobalAlloc
GetFileAttributesA
CloseHandle
GetCurrentProcess
lstrcatA

user32

wsprintfA

Exports

Exports

ClearOnFile
ClearOnRegKey
DenyOnFile
DenyOnRegKey
DisableFileInheritance
DisableRegKeyInheritance
EnableFileInheritance
EnableRegKeyInheritance
GetCurrentUserName
GetFileGroup
GetFileOwner
GetRegKeyGroup
GetRegKeyOwner
GrantOnFile
GrantOnRegKey
IsUserTheAdministrator
RevokeOnFile
RevokeOnRegKey
SetFileGroup
SetFileOwner
SetOnFile
SetOnRegKey
SetRegKeyGroup
SetRegKeyOwner
SidToName

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/CustomLicense.dll
.dll windows:4 windows x86 arch:x86

0d87660e15e4e2499d63742f6c9630fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
CloseHandle
ReadFile
GetFileSize
GetLastError
CreateFileA

user32

SendMessageA

Exports

Exports

LoadFile

Sections

.text
Size: 1024B - Virtual size: 598B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 413B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

9b6b6a7858e17fb0b17e1c1428330343

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GetACP
lstrlenA
lstrcmpA
lstrcpynA
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc

user32

SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SimpleFC.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

AddApplication
AddPort
AdvAddRule
AdvExistsRule
AdvRemoveRule
AllowDisallowExceptionsNotAllowed
AllowDisallowIcmpInboundEchoRequest
AllowDisallowIcmpInboundMaskRequest
AllowDisallowIcmpInboundRouterRequest
AllowDisallowIcmpInboundTimestampRequest
AllowDisallowIcmpOutboundDestinationUnreachable
AllowDisallowIcmpOutboundPacketTooBig
AllowDisallowIcmpOutboundParameterProblem
AllowDisallowIcmpOutboundSourceQuench
AllowDisallowIcmpOutboundTimeExceeded
AllowDisallowIcmpRedirect
AreExceptionsNotAllowed
AreNotificationsEnabled
EnableDisableApplication
EnableDisableFirewall
EnableDisableNotifications
EnableDisablePort
IsApplicationAdded
IsApplicationEnabled
IsFirewallEnabled
IsFirewallServiceRunning
IsIcmpTypeAllowed
IsPortAdded
IsPortEnabled
RemoveApplication
RemovePort
RestoreDefaults
StartStopFirewallService

Sections

CODE
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/ActaLogic/EULA/EULA V2.de.txt
$TEMP/ActaLogic/EULA/EULA V2.en.txt
$TEMP/ActaLogic/EULA/EULA V2.fr.txt
$TEMP/ActaLogic/EULA/EULA V2.hu.txt
$TEMP/ActaLogic/EULA/EULA V2.it.txt
$TEMP/ActaLogic/EULA/EULA V2.nl.txt
$TEMP/ActaLogic/EULA/EULA V2.pl.2.txt
$TEMP/ActaLogic/EULA/EULA V2.pl.txt
$TEMP/ActaLogic/EULA/EULA V2.sl.txt
crashreport.dll
.dll windows:5 windows x86 arch:x86

b79276a0d2a3f826f3da4a32e4dc05a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
lstrcmpiA
lstrlenW
RaiseException
SizeofResource
GetLastError
LoadLibraryExA
GetModuleFileNameA
InitializeCriticalSection
DeleteCriticalSection
SetUnhandledExceptionFilter
DeleteFileA
CopyFileA
FileTimeToSystemTime
CompareStringA
Sleep
CreateThread
GetStdHandle
CreateProcessA
GetExitCodeProcess
GetTempPathA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetSystemInfo
GetVersionExA
FileTimeToLocalFileTime
GetTempFileNameA
FileTimeToDosDateTime
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
EnterCriticalSection
FreeLibrary
FreeEnvironmentStringsA
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
WriteFile
HeapDestroy
HeapCreate
HeapReAlloc
ExitProcess
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
GetCommandLineA
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
VirtualQuery
GetModuleHandleW
VirtualProtect
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
InitializeCriticalSectionAndSpinCount
HeapFree
InterlockedCompareExchange
CompareStringW
SetEnvironmentVariableA
GetCurrentThreadId
FlushInstructionCache
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
LoadLibraryA
CloseHandle
ReadFile
CreateFileA
LoadResource
GetModuleHandleA
FindResourceA
GetEnvironmentStrings
LeaveCriticalSection
GetCurrentProcess
FindClose
IsDBCSLeadByte
SetLastError
FindFirstFileA
InterlockedDecrement
MultiByteToWideChar
DebugBreak
OutputDebugStringA
lstrlenA
WideCharToMultiByte
FreeEnvironmentStringsW
InterlockedIncrement
SetEndOfFile

user32

CreateDialogParamA
DispatchMessageA
ShowCursor
TranslateMessage
PeekMessageA
ShowWindow
GetDesktopWindow
DrawFocusRect
FillRect
GetFocus
GetSysColor
ReleaseDC
GetDC
IsWindowEnabled
CreateWindowExA
GetClassNameA
ScreenToClient
GetCursorPos
ReleaseCapture
GetCapture
SetCapture
UpdateWindow
InvalidateRect
EndPaint
BeginPaint
IsWindow
AppendMenuA
IsMenu
DestroyMenu
EndDialog
DialogBoxParamA
DestroyWindow
SetFocus
GetWindowTextA
GetWindowTextLengthA
SetWindowTextA
GetSysColorBrush
GetActiveWindow
GetSystemMenu
MessageBoxA
GetDlgItem
GetWindow
MonitorFromWindow
GetMonitorInfoA
GetWindowRect
GetClientRect
MapWindowPoints
SetWindowPos
GetDlgCtrlID
SendMessageA
SetCursor
CallWindowProcA
DefWindowProcA
GetWindowLongA
SetWindowLongA
GetParent
LoadIconA
LoadCursorA
LoadStringA
CharNextA
OffsetRect
SetRectEmpty
PtInRect
DrawTextA
UnregisterClassA

gdi32

SetBkMode
SelectObject
GetObjectA
CreateFontIndirectA
DeleteObject
GetStockObject
SetTextColor

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegCloseKey
RegDeleteKeyA
RegQueryValueExA

shell32

SHGetFileInfoA
ShellExecuteA

ole32

CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoUninitialize

oleaut32

VarUI4FromStr
SysAllocStringLen
SysFreeString
SysAllocString

comctl32

_TrackMouseEvent

dbghelp

MiniDumpWriteDump

Exports

Exports

AddCrashHandler
AddFile
BeginBusyDialog
EndBusyDialog
GenerateErrorReport
InitCrashReport
Uninstall
UserCallback
UserCallback2

Sections

.text
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/French.language
data/Machinery.data
data/PolskiEX.language
data/Shared.data
data/SlovenscinaEx.language
data/SoundsNonresident.data
data/SoundsResident.data
data/farm2012demo.data
data/intro.data
external/PhysX_9.09.0408_SystemSoftware.exe
.exe windows:4 windows x86 arch:x86

4919594d07b5897f2c5f632270759675

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3a:f8:20:a6:90:76:99:58:04:10:05:52:28:ec:ad:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

07-08-2007 00:00

Not After

01-09-2009 23:59

Subject

CN=NVIDIA Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e7:90:20:8d:4b:91:d1:f5:27:29:c3:fd:ea:f9:bb:5d:58:aa:3d:7d
Signer

Actual PE Digest

e7:90:20:8d:4b:91:d1:f5:27:29:c3:fd:ea:f9:bb:5d:58:aa:3d:7d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSACleanup
WSAStartup
socket
htons
connect
WSAAsyncSelect
WSAGetLastError
shutdown
recv
setsockopt
send
closesocket
ioctlsocket
gethostbyname

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

GetVersionExA
lstrcmpiA
lstrcatA
lstrcpyA
lstrlenA
_lwrite
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
_lclose
GetProcAddress
LoadLibraryA
_lcreat
GetPrivateProfileStringA
GetPrivateProfileIntA
GlobalLock
GlobalAlloc
GlobalFree
GlobalUnlock
WritePrivateProfileStringA
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
FreeLibrary
DeleteFileA
_llseek
lstrcmpA
_lread
GetCommandLineA
CloseHandle
GetFileTime
CreateFileA
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceA
GetFileAttributesA
ExitProcess
_lopen
GetExitCodeProcess
WaitForSingleObject
GetModuleFileNameA
CreateDirectoryA
SetErrorMode
MulDiv
GetUserDefaultLangID
SetCurrentDirectoryA
GetCurrentProcess
ExpandEnvironmentStringsA
Sleep
GetFileSize
SetEnvironmentVariableA
GetModuleHandleA
lstrcpynA

user32

DispatchMessageA
TranslateMessage
PeekMessageA
wsprintfA
GetDC
MessageBoxA
DestroyWindow
CharNextA
LoadStringA
SendMessageA
GetDlgItem
EnumChildWindows
ReleaseDC
EndDialog
GetDlgItemTextA
SetWindowTextA
SetDlgItemTextA
CreateDialogParamA
ExitWindowsEx
EnableWindow
ShowWindow
SetTimer
DialogBoxParamA

gdi32

GetDeviceCaps
DeleteObject
CreateFontA

advapi32

RegCreateKeyExA
RegDeleteValueA
RegEnumValueA
OpenSCManagerA
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryValueExA
RegSetValueExA
RegQueryValueA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteExA

Exports

Exports

_LanguageDlg@16
_PasswordDlg@16
_ProgressDlg@16
_UpdateCRC@8
_t1@40
_t2@12

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.WISE
Size: 39.2MB - Virtual size: 39.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
external/dx/Aug2009_XAudio_x64.cab
.cab
AUG2009_XAudio_x64.inf
XAPOFX1_3.dll
.dll windows:6 windows x64 arch:x64

bdc0f4f1e33b7d66464f441e4b7cfa48

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:27:81:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-10-2008 21:24

Not After

22-01-2010 21:34

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-09-2006 01:55

Not After

16-09-2011 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

12:c0:88:50:ca:fe:07:29:29:c9:66:1a:f0:7c:b2:f9:c4:f1:f5:a2
Signer

Actual PE Digest

12:c0:88:50:ca:fe:07:29:29:c9:66:1a:f0:7c:b2:f9:c4:f1:f5:a2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

XAPOFX1_3.pdb

Imports

msvcrt

_amsg_exit
__C_specific_handler
free
_initterm
malloc
_XcptFilter
sqrtf
memset
memcpy
_aligned_free
memcmp
_aligned_malloc
pow
powf
_control87
cos
_vsnprintf
sin
floorf
tanf

kernel32

HeapFree
HeapAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
Sleep
GetProcessHeap

ole32

CoTaskMemFree
CoTaskMemAlloc

Exports

Exports

CreateFX

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 406B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
XAudio2_5.dll
.dll regsvr32 windows:6 windows x64 arch:x64

11ee0b523ff580f74b7e6228c33e08b7

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:27:81:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-10-2008 21:24

Not After

22-01-2010 21:34

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-09-2006 01:55

Not After

16-09-2011 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

63:bb:72:db:ed:e3:a2:be:ed:f2:5f:5f:cf:f0:64:07:d4:3a:44:a8
Signer

Actual PE Digest

63:bb:72:db:ed:e3:a2:be:ed:f2:5f:5f:cf:f0:64:07:d4:3a:44:a8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

xaudio2_5.pdb

Imports

msvcrt

memmove
sqrtf
memset
memcpy
__C_specific_handler
_amsg_exit
powf
atanf
free
cosf
_initterm
malloc
_XcptFilter
_purecall
_vsnprintf
log
sinf
_aligned_malloc
_aligned_free
_vsnwprintf
sin
floorf
cos
memcmp
_control87
pow
exp

kernel32

WaitForSingleObjectEx
CreateThread
ResumeThread
GetProcessAffinityMask
SetThreadAffinityMask
GetVersionExA
LoadLibraryA
lstrcmpW
ResetEvent
SetEvent
CreateEventA
CreateSemaphoreA
CloseHandle
ReleaseSemaphore
GetProcAddress
HeapSize
GetSystemInfo
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
Sleep
WaitForSingleObject
WaitForMultipleObjects
DuplicateHandle
FreeLibrary
GetModuleFileNameA
GetProcessHeap
DisableThreadLibraryCalls
GetCurrentThreadId
TryEnterCriticalSection
SetThreadPriority
GetCurrentThread
GetThreadPriority
InitializeCriticalSection
HeapCreate
GetLastError
HeapDestroy
DeleteCriticalSection
OutputDebugStringA
LeaveCriticalSection
HeapFree
EnterCriticalSection
QueryPerformanceFrequency
HeapAlloc

ole32

PropVariantClear
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CLSIDFromString

advapi32

RegEnumKeyA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegQueryValueExA

rpcrt4

RpcStringFreeA
UuidToStringA

winmm

timeBeginPeriod
timeEndPeriod

user32

GetDesktopWindow

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 472KB - Virtual size: 471KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.no_bbt
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
XAudio2_5_x64.cat
XAudio2_5_x64.inf
XAudio2_5_x64_xp.inf
infinst.exe
.exe windows:6 windows x64 arch:x64

b22a4f669312ee374cb26a4eb9e4098a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

infinst.pdb

Imports

kernel32

LocalFree
FormatMessageA
GetWindowsDirectoryA
CreateDirectoryA
GetLastError
OutputDebugStringA
MoveFileExA
GetModuleFileNameA
FindFirstFileA
CopyFileA
GetCurrentDirectoryA
CompareStringA
FindClose
GetPrivateProfileStringA
CloseHandle
CreateFileA
lstrlenA
CreateFileW
VirtualQuery
GetSystemInfo
SetThreadStackGuarantee
VirtualAlloc
VirtualProtect
ReadFile
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetCommandLineA
GetVersionExW
GetStartupInfoW
GetLocalTime
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
EncodePointer
DecodePointer
FlsFree
SetLastError
FlsSetValue
FlsGetValue
GetCurrentThreadId
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapAlloc
InitializeCriticalSectionAndSpinCount
LoadLibraryW
GetCPInfo
GetACP
GetOEMCP
Sleep
GetConsoleCP
GetConsoleMode
SetFilePointer
SetStdHandle
FlushFileBuffers
LCMapStringW
MultiByteToWideChar
GetStringTypeW

user32

CharNextA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

setupapi

SetupCloseInfFile
SetupCloseFileQueue
SetupOpenFileQueue
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupOpenInfFileA
SetupDiSetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
SetupInstallFromInfSectionA
SetupDefaultQueueCallbackA
SetupCopyOEMInfA

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
external/dx/Aug2009_XAudio_x86.cab
.cab
AUG2009_XAudio_x86.inf
XAPOFX1_3.dll
.dll windows:6 windows x86 arch:x86

2202a52528b49e385a2a2838c52b0d06

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:27:81:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-10-2008 21:24

Not After

22-01-2010 21:34

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:01

Not After

25-07-2013 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b2:9f:78:a6:96:16:ab:6c:3d:2c:31:27:b7:d2:ed:44:dd:5b:04:4f
Signer

Actual PE Digest

b2:9f:78:a6:96:16:ab:6c:3d:2c:31:27:b7:d2:ed:44:dd:5b:04:4f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

XAPOFX1_3.pdb

Imports

msvcrt

_adjust_fdiv
_amsg_exit
_initterm
free
malloc
_XcptFilter
sqrt
_aligned_malloc
memcpy
_aligned_free
memcmp
cos
sin
memset
_CIpow
floor
_vsnprintf
_control87

kernel32

GetCurrentProcessId
GetProcessHeap
HeapAlloc
HeapFree
GetVersion
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
InterlockedIncrement
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedCompareExchange
Sleep
InterlockedExchange
IsProcessorFeaturePresent
InterlockedDecrement

ole32

CoTaskMemFree
CoTaskMemAlloc

user32

MessageBoxA

Exports

Exports

CreateFX

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
XAudio2_5.dll
.dll regsvr32 windows:6 windows x86 arch:x86

7281d4f3c765a4c5fb98f4a8c401c61d

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:27:81:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-10-2008 21:24

Not After

22-01-2010 21:34

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:01

Not After

25-07-2013 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0c:3d:8c:8e:66:64:5f:e4:23:5d:13:92:05:49:23:c2:3d:7d:7b:7a
Signer

Actual PE Digest

0c:3d:8c:8e:66:64:5f:e4:23:5d:13:92:05:49:23:c2:3d:7d:7b:7a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

xaudio2_5.pdb

Imports

msvcrt

memset
_adjust_fdiv
_amsg_exit
_initterm
free
malloc
_XcptFilter
ceil
_CIpow
_control87
strlen
_purecall
memmove
_vsnprintf
memcmp
memcpy
_aligned_malloc
_aligned_free
strcmp
wcslen
_vsnwprintf
sin
cos
floor
sqrt

kernel32

SetThreadPriority
WaitForSingleObjectEx
CreateThread
ResumeThread
GetProcessAffinityMask
SetThreadAffinityMask
lstrcmpW
FreeLibrary
GetVersionExA
ResetEvent
SetEvent
CreateEventA
CreateSemaphoreA
GetProcAddress
ReleaseSemaphore
GetProcessHeap
HeapSize
GetSystemInfo
GetVersion
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedCompareExchange
Sleep
InterlockedExchange
DisableThreadLibraryCalls
LoadLibraryA
WaitForSingleObject
DuplicateHandle
WaitForMultipleObjects
CloseHandle
GetCurrentThread
IsProcessorFeaturePresent
GetModuleFileNameA
GetCurrentThreadId
HeapDestroy
TryEnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
QueryPerformanceFrequency
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
HeapFree
HeapCreate
OutputDebugStringA
InterlockedIncrement
InterlockedDecrement
GetLastError
GetThreadPriority

ole32

PropVariantClear
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CLSIDFromString

user32

GetDesktopWindow
MessageBoxA

rpcrt4

UuidToStringA
RpcStringFreeA

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA

winmm

timeBeginPeriod
timeEndPeriod

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 478KB - Virtual size: 478KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.no_bbt
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
XAudio2_5_x86.cat
XAudio2_5_x86.inf
XAudio2_5_x86_xp.inf
external/dx/Aug2009_d3dx9_42_x64.cab
.cab
AUG2009_d3dx9_42_x64.inf
d3dx9_42.dll
.dll windows:6 windows x64 arch:x64

e79722d5c95f67dfd652b6c1d4e76dc8

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:27:81:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-10-2008 21:24

Not After

22-01-2010 21:34

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:01

Not After

25-07-2013 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

d7:b3:e2:fc:e1:d1:e3:d7:f6:fb:b9:bd:31:3b:9d:96:45:4f:a5:2f
Signer

Actual PE Digest

d7:b3:e2:fc:e1:d1:e3:d7:f6:fb:b9:bd:31:3b:9d:96:45:4f:a5:2f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d3dx9_42.pdb

Imports

msvcrt

malloc
_vsnprintf
_finite
memmove
_purecall
qsort
_stricmp
modff
iswpunct
_clearfp
iswdigit
iswalpha
iswspace
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
_strdup
setlocale
free
calloc
realloc
sscanf
_strtime
_isatty
_write
_lseeki64
_fileno
__pioinfo
__badioinfo
wctomb
_itoa
_snprintf
_iob
isleadbyte
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
memset
memcpy
__C_specific_handler
_amsg_exit
_initterm
_XcptFilter
srand
strtod
fread
fwrite
fflush
abort
_tempnam
_ultoa
isalpha
atol
atof
isxdigit
wcstombs
_isnan
rand
atoi
isalnum
_vsnwprintf
isdigit
isspace
longjmp
ldexp
frexp
__CxxFrameHandler
_errno
_strdate
sqrt
powf
sqrtf
floor
fmodf
memcmp
log
cos
exp
sinf
cosf
floorf
ceilf
atan2
atan
acos
asin
sin
pow
atan2f
logf
acosf
fmod
asinf
_setjmp
ceil

gdi32

GetObjectW
GetGlyphOutlineW
GetCurrentObject
GetOutlineTextMetricsA
TranslateCharsetInfo
ExtTextOutA
MoveToEx
ExtTextOutW
CreateDIBSection
GetGlyphOutlineA
GetObjectA
GetCharacterPlacementA
GetCharacterPlacementW
SetTextColor
SetBkColor
SetBkMode
GetTextMetricsA
GetTextMetricsW
GetFontLanguageInfo
CreateFontIndirectA
CreateFontIndirectW
SetTextAlign
SetMapMode
CreateCompatibleDC
DeleteDC
DeleteObject
SelectObject

kernel32

FindResourceW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GetProcessHeap
HeapFree
HeapAlloc
ReleaseMutex
WaitForSingleObject
CreateMutexA
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
ExpandEnvironmentStringsA
GlobalMemoryStatus
GetSystemInfo
SetEndOfFile
MoveFileW
GetTempFileNameW
MoveFileA
CompareStringA
SetFilePointer
DeleteFileW
FindResourceA
LoadResource
LockResource
SizeofResource
FreeResource
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalFree
FormatMessageA
GetFullPathNameW
CreateFileW
GetFileSizeEx
GetLastError
IsDBCSLeadByte
WriteFile
DeleteFileA
CloseHandle
ReadFile
CreateFileA
GetTempFileNameA
GetTempPathA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetACP
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringA
GetModuleHandleA
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
Sleep
VirtualProtect
DisableThreadLibraryCalls

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyA

Exports

Exports

D3DXAssembleShader
D3DXAssembleShaderFromFileA
D3DXAssembleShaderFromFileW
D3DXAssembleShaderFromResourceA
D3DXAssembleShaderFromResourceW
D3DXBoxBoundProbe
D3DXCheckCubeTextureRequirements
D3DXCheckTextureRequirements
D3DXCheckVersion
D3DXCheckVolumeTextureRequirements
D3DXCleanMesh
D3DXColorAdjustContrast
D3DXColorAdjustSaturation
D3DXCompileShader
D3DXCompileShaderFromFileA
D3DXCompileShaderFromFileW
D3DXCompileShaderFromResourceA
D3DXCompileShaderFromResourceW
D3DXComputeBoundingBox
D3DXComputeBoundingSphere
D3DXComputeIMTFromPerTexelSignal
D3DXComputeIMTFromPerVertexSignal
D3DXComputeIMTFromSignal
D3DXComputeIMTFromTexture
D3DXComputeNormalMap
D3DXComputeNormals
D3DXComputeTangent
D3DXComputeTangentFrame
D3DXComputeTangentFrameEx
D3DXConcatenateMeshes
D3DXConvertMeshSubsetToSingleStrip
D3DXConvertMeshSubsetToStrips
D3DXCreateAnimationController
D3DXCreateBox
D3DXCreateBuffer
D3DXCreateCompressedAnimationSet
D3DXCreateCubeTexture
D3DXCreateCubeTextureFromFileA
D3DXCreateCubeTextureFromFileExA
D3DXCreateCubeTextureFromFileExW
D3DXCreateCubeTextureFromFileInMemory
D3DXCreateCubeTextureFromFileInMemoryEx
D3DXCreateCubeTextureFromFileW
D3DXCreateCubeTextureFromResourceA
D3DXCreateCubeTextureFromResourceExA
D3DXCreateCubeTextureFromResourceExW
D3DXCreateCubeTextureFromResourceW
D3DXCreateCylinder
D3DXCreateEffect
D3DXCreateEffectCompiler
D3DXCreateEffectCompilerFromFileA
D3DXCreateEffectCompilerFromFileW
D3DXCreateEffectCompilerFromResourceA
D3DXCreateEffectCompilerFromResourceW
D3DXCreateEffectEx
D3DXCreateEffectFromFileA
D3DXCreateEffectFromFileExA
D3DXCreateEffectFromFileExW
D3DXCreateEffectFromFileW
D3DXCreateEffectFromResourceA
D3DXCreateEffectFromResourceExA
D3DXCreateEffectFromResourceExW
D3DXCreateEffectFromResourceW
D3DXCreateEffectPool
D3DXCreateFontA
D3DXCreateFontIndirectA
D3DXCreateFontIndirectW
D3DXCreateFontW
D3DXCreateKeyframedAnimationSet
D3DXCreateLine
D3DXCreateMatrixStack
D3DXCreateMesh
D3DXCreateMeshFVF
D3DXCreateNPatchMesh
D3DXCreatePMeshFromStream
D3DXCreatePRTBuffer
D3DXCreatePRTBufferTex
D3DXCreatePRTCompBuffer
D3DXCreatePRTEngine
D3DXCreatePatchMesh
D3DXCreatePolygon
D3DXCreateRenderToEnvMap
D3DXCreateRenderToSurface
D3DXCreateSPMesh
D3DXCreateSkinInfo
D3DXCreateSkinInfoFVF
D3DXCreateSkinInfoFromBlendedMesh
D3DXCreateSphere
D3DXCreateSprite
D3DXCreateTeapot
D3DXCreateTextA
D3DXCreateTextW
D3DXCreateTexture
D3DXCreateTextureFromFileA
D3DXCreateTextureFromFileExA
D3DXCreateTextureFromFileExW
D3DXCreateTextureFromFileInMemory
D3DXCreateTextureFromFileInMemoryEx
D3DXCreateTextureFromFileW
D3DXCreateTextureFromResourceA
D3DXCreateTextureFromResourceExA
D3DXCreateTextureFromResourceExW
D3DXCreateTextureFromResourceW
D3DXCreateTextureGutterHelper
D3DXCreateTextureShader
D3DXCreateTorus
D3DXCreateVolumeTexture
D3DXCreateVolumeTextureFromFileA
D3DXCreateVolumeTextureFromFileExA
D3DXCreateVolumeTextureFromFileExW
D3DXCreateVolumeTextureFromFileInMemory
D3DXCreateVolumeTextureFromFileInMemoryEx
D3DXCreateVolumeTextureFromFileW
D3DXCreateVolumeTextureFromResourceA
D3DXCreateVolumeTextureFromResourceExA
D3DXCreateVolumeTextureFromResourceExW
D3DXCreateVolumeTextureFromResourceW
D3DXDebugMute
D3DXDeclaratorFromFVF
D3DXDisassembleEffect
D3DXDisassembleShader
D3DXFVFFromDeclarator
D3DXFileCreate
D3DXFillCubeTexture
D3DXFillCubeTextureTX
D3DXFillTexture
D3DXFillTextureTX
D3DXFillVolumeTexture
D3DXFillVolumeTextureTX
D3DXFilterTexture
D3DXFindShaderComment
D3DXFloat16To32Array
D3DXFloat32To16Array
D3DXFrameAppendChild
D3DXFrameCalculateBoundingSphere
D3DXFrameDestroy
D3DXFrameFind
D3DXFrameNumNamedMatrices
D3DXFrameRegisterNamedMatrices
D3DXFresnelTerm
D3DXGenerateOutputDecl
D3DXGeneratePMesh
D3DXGetDeclLength
D3DXGetDeclVertexSize
D3DXGetDriverLevel
D3DXGetFVFVertexSize
D3DXGetImageInfoFromFileA
D3DXGetImageInfoFromFileInMemory
D3DXGetImageInfoFromFileW
D3DXGetImageInfoFromResourceA
D3DXGetImageInfoFromResourceW
D3DXGetPixelShaderProfile
D3DXGetShaderConstantTable
D3DXGetShaderConstantTableEx
D3DXGetShaderInputSemantics
D3DXGetShaderOutputSemantics
D3DXGetShaderSamplers
D3DXGetShaderSize
D3DXGetShaderVersion
D3DXGetVertexShaderProfile
D3DXIntersect
D3DXIntersectSubset
D3DXIntersectTri
D3DXLoadMeshFromXA
D3DXLoadMeshFromXInMemory
D3DXLoadMeshFromXResource
D3DXLoadMeshFromXW
D3DXLoadMeshFromXof
D3DXLoadMeshHierarchyFromXA
D3DXLoadMeshHierarchyFromXInMemory
D3DXLoadMeshHierarchyFromXW
D3DXLoadPRTBufferFromFileA
D3DXLoadPRTBufferFromFileW
D3DXLoadPRTCompBufferFromFileA
D3DXLoadPRTCompBufferFromFileW
D3DXLoadPatchMeshFromXof
D3DXLoadSkinMeshFromXof
D3DXLoadSurfaceFromFileA
D3DXLoadSurfaceFromFileInMemory
D3DXLoadSurfaceFromFileW
D3DXLoadSurfaceFromMemory
D3DXLoadSurfaceFromResourceA
D3DXLoadSurfaceFromResourceW
D3DXLoadSurfaceFromSurface
D3DXLoadVolumeFromFileA
D3DXLoadVolumeFromFileInMemory
D3DXLoadVolumeFromFileW
D3DXLoadVolumeFromMemory
D3DXLoadVolumeFromResourceA
D3DXLoadVolumeFromResourceW
D3DXLoadVolumeFromVolume
D3DXMatrixAffineTransformation
D3DXMatrixAffineTransformation2D
D3DXMatrixDecompose
D3DXMatrixDeterminant
D3DXMatrixInverse
D3DXMatrixLookAtLH
D3DXMatrixLookAtRH
D3DXMatrixMultiply
D3DXMatrixMultiplyTranspose
D3DXMatrixOrthoLH
D3DXMatrixOrthoOffCenterLH
D3DXMatrixOrthoOffCenterRH
D3DXMatrixOrthoRH
D3DXMatrixPerspectiveFovLH
D3DXMatrixPerspectiveFovRH
D3DXMatrixPerspectiveLH
D3DXMatrixPerspectiveOffCenterLH
D3DXMatrixPerspectiveOffCenterRH
D3DXMatrixPerspectiveRH
D3DXMatrixReflect
D3DXMatrixRotationAxis
D3DXMatrixRotationQuaternion
D3DXMatrixRotationX
D3DXMatrixRotationY
D3DXMatrixRotationYawPitchRoll
D3DXMatrixRotationZ
D3DXMatrixScaling
D3DXMatrixShadow
D3DXMatrixTransformation
D3DXMatrixTransformation2D
D3DXMatrixTranslation
D3DXMatrixTranspose
D3DXOptimizeFaces
D3DXOptimizeVertices
D3DXPlaneFromPointNormal
D3DXPlaneFromPoints
D3DXPlaneIntersectLine
D3DXPlaneNormalize
D3DXPlaneTransform
D3DXPlaneTransformArray
D3DXPreprocessShader
D3DXPreprocessShaderFromFileA
D3DXPreprocessShaderFromFileW
D3DXPreprocessShaderFromResourceA
D3DXPreprocessShaderFromResourceW
D3DXQuaternionBaryCentric
D3DXQuaternionExp
D3DXQuaternionInverse
D3DXQuaternionLn
D3DXQuaternionMultiply
D3DXQuaternionNormalize
D3DXQuaternionRotationAxis
D3DXQuaternionRotationMatrix
D3DXQuaternionRotationYawPitchRoll
D3DXQuaternionSlerp
D3DXQuaternionSquad
D3DXQuaternionSquadSetup
D3DXQuaternionToAxisAngle
D3DXRectPatchSize
D3DXSHAdd
D3DXSHDot
D3DXSHEvalConeLight
D3DXSHEvalDirection
D3DXSHEvalDirectionalLight
D3DXSHEvalHemisphereLight
D3DXSHEvalSphericalLight
D3DXSHMultiply2
D3DXSHMultiply3
D3DXSHMultiply4
D3DXSHMultiply5
D3DXSHMultiply6
D3DXSHPRTCompSplitMeshSC
D3DXSHPRTCompSuperCluster
D3DXSHProjectCubeMap
D3DXSHRotate
D3DXSHRotateZ
D3DXSHScale
D3DXSaveMeshHierarchyToFileA
D3DXSaveMeshHierarchyToFileW
D3DXSaveMeshToXA
D3DXSaveMeshToXW
D3DXSavePRTBufferToFileA
D3DXSavePRTBufferToFileW
D3DXSavePRTCompBufferToFileA
D3DXSavePRTCompBufferToFileW
D3DXSaveSurfaceToFileA
D3DXSaveSurfaceToFileInMemory
D3DXSaveSurfaceToFileW
D3DXSaveTextureToFileA
D3DXSaveTextureToFileInMemory
D3DXSaveTextureToFileW
D3DXSaveVolumeToFileA
D3DXSaveVolumeToFileInMemory
D3DXSaveVolumeToFileW
D3DXSimplifyMesh
D3DXSphereBoundProbe
D3DXSplitMesh
D3DXTessellateNPatches
D3DXTessellateRectPatch
D3DXTessellateTriPatch
D3DXTriPatchSize
D3DXUVAtlasCreate
D3DXUVAtlasPack
D3DXUVAtlasPartition
D3DXValidMesh
D3DXValidPatchMesh
D3DXVec2BaryCentric
D3DXVec2CatmullRom
D3DXVec2Hermite
D3DXVec2Normalize
D3DXVec2Transform
D3DXVec2TransformArray
D3DXVec2TransformCoord
D3DXVec2TransformCoordArray
D3DXVec2TransformNormal
D3DXVec2TransformNormalArray
D3DXVec3BaryCentric
D3DXVec3CatmullRom
D3DXVec3Hermite
D3DXVec3Normalize
D3DXVec3Project
D3DXVec3ProjectArray
D3DXVec3Transform
D3DXVec3TransformArray
D3DXVec3TransformCoord
D3DXVec3TransformCoordArray
D3DXVec3TransformNormal
D3DXVec3TransformNormalArray
D3DXVec3Unproject
D3DXVec3UnprojectArray
D3DXVec4BaryCentric
D3DXVec4CatmullRom
D3DXVec4Cross
D3DXVec4Hermite
D3DXVec4Normalize
D3DXVec4Transform
D3DXVec4TransformArray
D3DXWeldVertices

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d3dx9_42_x64.cat
d3dx9_42_x64.inf
d3dx9_42_x64_xp.inf
infinst.exe
.exe windows:6 windows x64 arch:x64

b22a4f669312ee374cb26a4eb9e4098a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

infinst.pdb

Imports

kernel32

LocalFree
FormatMessageA
GetWindowsDirectoryA
CreateDirectoryA
GetLastError
OutputDebugStringA
MoveFileExA
GetModuleFileNameA
FindFirstFileA
CopyFileA
GetCurrentDirectoryA
CompareStringA
FindClose
GetPrivateProfileStringA
CloseHandle
CreateFileA
lstrlenA
CreateFileW
VirtualQuery
GetSystemInfo
SetThreadStackGuarantee
VirtualAlloc
VirtualProtect
ReadFile
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetCommandLineA
GetVersionExW
GetStartupInfoW
GetLocalTime
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
EncodePointer
DecodePointer
FlsFree
SetLastError
FlsSetValue
FlsGetValue
GetCurrentThreadId
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapAlloc
InitializeCriticalSectionAndSpinCount
LoadLibraryW
GetCPInfo
GetACP
GetOEMCP
Sleep
GetConsoleCP
GetConsoleMode
SetFilePointer
SetStdHandle
FlushFileBuffers
LCMapStringW
MultiByteToWideChar
GetStringTypeW

user32

CharNextA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

setupapi

SetupCloseInfFile
SetupCloseFileQueue
SetupOpenFileQueue
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupOpenInfFileA
SetupDiSetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
SetupInstallFromInfSectionA
SetupDefaultQueueCallbackA
SetupCopyOEMInfA

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
external/dx/Aug2009_d3dx9_42_x86.cab
.cab
AUG2009_d3dx9_42_x86.inf
d3dx9_42.dll
.dll windows:6 windows x86 arch:x86

12b2200cb5e3bf090d11cb95972d3afc

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:27:81:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-10-2008 21:24

Not After

22-01-2010 21:34

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:02

Not After

25-07-2013 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c2:59:7d:ad:3c:49:b0:89:c0:ae:6d:82:0d:6a:6b:3e:88:16:d8:b3
Signer

Actual PE Digest

c2:59:7d:ad:3c:49:b0:89:c0:ae:6d:82:0d:6a:6b:3e:88:16:d8:b3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d3dx9_42.pdb

Imports

msvcrt

_isatty
_write
_lseeki64
_fileno
__pioinfo
__badioinfo
wctomb
_itoa
_snprintf
isleadbyte
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
_amsg_exit
_initterm
_XcptFilter
srand
strtod
fread
fflush
fwrite
abort
_tempnam
exit
isalpha
atof
atol
isxdigit
_ultoa
wcstombs
_CIexp
_isnan
rand
atoi
isalnum
floor
_strtime
_strdate
sscanf
isspace
isdigit
_setjmp3
longjmp
ldexp
frexp
calloc
realloc
_CIlog
setlocale
_strdup
free
_clearfp
ceil
_controlfp
malloc
_CIatan
_CIcos
_CIasin
_finite
_CIsin
_CIatan2
_CIacos
memmove
qsort
_CIfmod
_purecall
_stricmp
modf
iswspace
iswalpha
iswdigit
iswpunct
_CIsqrt
memcpy
memset
_CIpow
??2@YAPAXI@Z
??3@YAXPAX@Z
_iob
_vsnprintf
_vsnwprintf
_errno
__CxxFrameHandler

gdi32

GetTextMetricsA
GetObjectA
GetGlyphOutlineA
CreateDIBSection
DeleteDC
DeleteObject
SelectObject
GetCharacterPlacementA
GetCharacterPlacementW
SetTextColor
SetBkColor
SetBkMode
GetTextMetricsW
GetFontLanguageInfo
CreateFontIndirectA
CreateFontIndirectW
SetTextAlign
SetMapMode
CreateCompatibleDC
ExtTextOutA
MoveToEx
ExtTextOutW
TranslateCharsetInfo
GetCurrentObject
GetOutlineTextMetricsA
GetGlyphOutlineW
GetObjectW

kernel32

SetFilePointer
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
FindResourceA
LoadResource
LockResource
SizeofResource
FreeResource
CompareStringA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FormatMessageA
LocalFree
CreateFileW
GetFileSizeEx
GetFullPathNameW
GetLastError
IsDBCSLeadByte
WriteFile
GetTempPathA
GetTempFileNameA
DeleteFileW
ReadFile
CloseHandle
DeleteFileA
InterlockedDecrement
InterlockedIncrement
IsProcessorFeaturePresent
VirtualFree
GetACP
WideCharToMultiByte
MultiByteToWideChar
OutputDebugStringA
GetModuleHandleA
FreeLibrary
LoadLibraryA
GetVersionExA
GetVersion
GetSystemInfo
GetProcAddress
VirtualAlloc
GetProcessHeap
HeapFree
HeapAlloc
DisableThreadLibraryCalls
MoveFileA
MoveFileW
GetTempFileNameW
GlobalMemoryStatus
SetEndOfFile
ExpandEnvironmentStringsA
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
WaitForSingleObject
ReleaseMutex
CreateMutexA
Sleep
InterlockedExchange
InterlockedCompareExchange
RtlUnwind
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateFileA
FindResourceW

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey

Exports

Exports

D3DXAssembleShader
D3DXAssembleShaderFromFileA
D3DXAssembleShaderFromFileW
D3DXAssembleShaderFromResourceA
D3DXAssembleShaderFromResourceW
D3DXBoxBoundProbe
D3DXCheckCubeTextureRequirements
D3DXCheckTextureRequirements
D3DXCheckVersion
D3DXCheckVolumeTextureRequirements
D3DXCleanMesh
D3DXColorAdjustContrast
D3DXColorAdjustSaturation
D3DXCompileShader
D3DXCompileShaderFromFileA
D3DXCompileShaderFromFileW
D3DXCompileShaderFromResourceA
D3DXCompileShaderFromResourceW
D3DXComputeBoundingBox
D3DXComputeBoundingSphere
D3DXComputeIMTFromPerTexelSignal
D3DXComputeIMTFromPerVertexSignal
D3DXComputeIMTFromSignal
D3DXComputeIMTFromTexture
D3DXComputeNormalMap
D3DXComputeNormals
D3DXComputeTangent
D3DXComputeTangentFrame
D3DXComputeTangentFrameEx
D3DXConcatenateMeshes
D3DXConvertMeshSubsetToSingleStrip
D3DXConvertMeshSubsetToStrips
D3DXCreateAnimationController
D3DXCreateBox
D3DXCreateBuffer
D3DXCreateCompressedAnimationSet
D3DXCreateCubeTexture
D3DXCreateCubeTextureFromFileA
D3DXCreateCubeTextureFromFileExA
D3DXCreateCubeTextureFromFileExW
D3DXCreateCubeTextureFromFileInMemory
D3DXCreateCubeTextureFromFileInMemoryEx
D3DXCreateCubeTextureFromFileW
D3DXCreateCubeTextureFromResourceA
D3DXCreateCubeTextureFromResourceExA
D3DXCreateCubeTextureFromResourceExW
D3DXCreateCubeTextureFromResourceW
D3DXCreateCylinder
D3DXCreateEffect
D3DXCreateEffectCompiler
D3DXCreateEffectCompilerFromFileA
D3DXCreateEffectCompilerFromFileW
D3DXCreateEffectCompilerFromResourceA
D3DXCreateEffectCompilerFromResourceW
D3DXCreateEffectEx
D3DXCreateEffectFromFileA
D3DXCreateEffectFromFileExA
D3DXCreateEffectFromFileExW
D3DXCreateEffectFromFileW
D3DXCreateEffectFromResourceA
D3DXCreateEffectFromResourceExA
D3DXCreateEffectFromResourceExW
D3DXCreateEffectFromResourceW
D3DXCreateEffectPool
D3DXCreateFontA
D3DXCreateFontIndirectA
D3DXCreateFontIndirectW
D3DXCreateFontW
D3DXCreateKeyframedAnimationSet
D3DXCreateLine
D3DXCreateMatrixStack
D3DXCreateMesh
D3DXCreateMeshFVF
D3DXCreateNPatchMesh
D3DXCreatePMeshFromStream
D3DXCreatePRTBuffer
D3DXCreatePRTBufferTex
D3DXCreatePRTCompBuffer
D3DXCreatePRTEngine
D3DXCreatePatchMesh
D3DXCreatePolygon
D3DXCreateRenderToEnvMap
D3DXCreateRenderToSurface
D3DXCreateSPMesh
D3DXCreateSkinInfo
D3DXCreateSkinInfoFVF
D3DXCreateSkinInfoFromBlendedMesh
D3DXCreateSphere
D3DXCreateSprite
D3DXCreateTeapot
D3DXCreateTextA
D3DXCreateTextW
D3DXCreateTexture
D3DXCreateTextureFromFileA
D3DXCreateTextureFromFileExA
D3DXCreateTextureFromFileExW
D3DXCreateTextureFromFileInMemory
D3DXCreateTextureFromFileInMemoryEx
D3DXCreateTextureFromFileW
D3DXCreateTextureFromResourceA
D3DXCreateTextureFromResourceExA
D3DXCreateTextureFromResourceExW
D3DXCreateTextureFromResourceW
D3DXCreateTextureGutterHelper
D3DXCreateTextureShader
D3DXCreateTorus
D3DXCreateVolumeTexture
D3DXCreateVolumeTextureFromFileA
D3DXCreateVolumeTextureFromFileExA
D3DXCreateVolumeTextureFromFileExW
D3DXCreateVolumeTextureFromFileInMemory
D3DXCreateVolumeTextureFromFileInMemoryEx
D3DXCreateVolumeTextureFromFileW
D3DXCreateVolumeTextureFromResourceA
D3DXCreateVolumeTextureFromResourceExA
D3DXCreateVolumeTextureFromResourceExW
D3DXCreateVolumeTextureFromResourceW
D3DXDebugMute
D3DXDeclaratorFromFVF
D3DXDisassembleEffect
D3DXDisassembleShader
D3DXFVFFromDeclarator
D3DXFileCreate
D3DXFillCubeTexture
D3DXFillCubeTextureTX
D3DXFillTexture
D3DXFillTextureTX
D3DXFillVolumeTexture
D3DXFillVolumeTextureTX
D3DXFilterTexture
D3DXFindShaderComment
D3DXFloat16To32Array
D3DXFloat32To16Array
D3DXFrameAppendChild
D3DXFrameCalculateBoundingSphere
D3DXFrameDestroy
D3DXFrameFind
D3DXFrameNumNamedMatrices
D3DXFrameRegisterNamedMatrices
D3DXFresnelTerm
D3DXGenerateOutputDecl
D3DXGeneratePMesh
D3DXGetDeclLength
D3DXGetDeclVertexSize
D3DXGetDriverLevel
D3DXGetFVFVertexSize
D3DXGetImageInfoFromFileA
D3DXGetImageInfoFromFileInMemory
D3DXGetImageInfoFromFileW
D3DXGetImageInfoFromResourceA
D3DXGetImageInfoFromResourceW
D3DXGetPixelShaderProfile
D3DXGetShaderConstantTable
D3DXGetShaderConstantTableEx
D3DXGetShaderInputSemantics
D3DXGetShaderOutputSemantics
D3DXGetShaderSamplers
D3DXGetShaderSize
D3DXGetShaderVersion
D3DXGetVertexShaderProfile
D3DXIntersect
D3DXIntersectSubset
D3DXIntersectTri
D3DXLoadMeshFromXA
D3DXLoadMeshFromXInMemory
D3DXLoadMeshFromXResource
D3DXLoadMeshFromXW
D3DXLoadMeshFromXof
D3DXLoadMeshHierarchyFromXA
D3DXLoadMeshHierarchyFromXInMemory
D3DXLoadMeshHierarchyFromXW
D3DXLoadPRTBufferFromFileA
D3DXLoadPRTBufferFromFileW
D3DXLoadPRTCompBufferFromFileA
D3DXLoadPRTCompBufferFromFileW
D3DXLoadPatchMeshFromXof
D3DXLoadSkinMeshFromXof
D3DXLoadSurfaceFromFileA
D3DXLoadSurfaceFromFileInMemory
D3DXLoadSurfaceFromFileW
D3DXLoadSurfaceFromMemory
D3DXLoadSurfaceFromResourceA
D3DXLoadSurfaceFromResourceW
D3DXLoadSurfaceFromSurface
D3DXLoadVolumeFromFileA
D3DXLoadVolumeFromFileInMemory
D3DXLoadVolumeFromFileW
D3DXLoadVolumeFromMemory
D3DXLoadVolumeFromResourceA
D3DXLoadVolumeFromResourceW
D3DXLoadVolumeFromVolume
D3DXMatrixAffineTransformation
D3DXMatrixAffineTransformation2D
D3DXMatrixDecompose
D3DXMatrixDeterminant
D3DXMatrixInverse
D3DXMatrixLookAtLH
D3DXMatrixLookAtRH
D3DXMatrixMultiply
D3DXMatrixMultiplyTranspose
D3DXMatrixOrthoLH
D3DXMatrixOrthoOffCenterLH
D3DXMatrixOrthoOffCenterRH
D3DXMatrixOrthoRH
D3DXMatrixPerspectiveFovLH
D3DXMatrixPerspectiveFovRH
D3DXMatrixPerspectiveLH
D3DXMatrixPerspectiveOffCenterLH
D3DXMatrixPerspectiveOffCenterRH
D3DXMatrixPerspectiveRH
D3DXMatrixReflect
D3DXMatrixRotationAxis
D3DXMatrixRotationQuaternion
D3DXMatrixRotationX
D3DXMatrixRotationY
D3DXMatrixRotationYawPitchRoll
D3DXMatrixRotationZ
D3DXMatrixScaling
D3DXMatrixShadow
D3DXMatrixTransformation
D3DXMatrixTransformation2D
D3DXMatrixTranslation
D3DXMatrixTranspose
D3DXOptimizeFaces
D3DXOptimizeVertices
D3DXPlaneFromPointNormal
D3DXPlaneFromPoints
D3DXPlaneIntersectLine
D3DXPlaneNormalize
D3DXPlaneTransform
D3DXPlaneTransformArray
D3DXPreprocessShader
D3DXPreprocessShaderFromFileA
D3DXPreprocessShaderFromFileW
D3DXPreprocessShaderFromResourceA
D3DXPreprocessShaderFromResourceW
D3DXQuaternionBaryCentric
D3DXQuaternionExp
D3DXQuaternionInverse
D3DXQuaternionLn
D3DXQuaternionMultiply
D3DXQuaternionNormalize
D3DXQuaternionRotationAxis
D3DXQuaternionRotationMatrix
D3DXQuaternionRotationYawPitchRoll
D3DXQuaternionSlerp
D3DXQuaternionSquad
D3DXQuaternionSquadSetup
D3DXQuaternionToAxisAngle
D3DXRectPatchSize
D3DXSHAdd
D3DXSHDot
D3DXSHEvalConeLight
D3DXSHEvalDirection
D3DXSHEvalDirectionalLight
D3DXSHEvalHemisphereLight
D3DXSHEvalSphericalLight
D3DXSHMultiply2
D3DXSHMultiply3
D3DXSHMultiply4
D3DXSHMultiply5
D3DXSHMultiply6
D3DXSHPRTCompSplitMeshSC
D3DXSHPRTCompSuperCluster
D3DXSHProjectCubeMap
D3DXSHRotate
D3DXSHRotateZ
D3DXSHScale
D3DXSaveMeshHierarchyToFileA
D3DXSaveMeshHierarchyToFileW
D3DXSaveMeshToXA
D3DXSaveMeshToXW
D3DXSavePRTBufferToFileA
D3DXSavePRTBufferToFileW
D3DXSavePRTCompBufferToFileA
D3DXSavePRTCompBufferToFileW
D3DXSaveSurfaceToFileA
D3DXSaveSurfaceToFileInMemory
D3DXSaveSurfaceToFileW
D3DXSaveTextureToFileA
D3DXSaveTextureToFileInMemory
D3DXSaveTextureToFileW
D3DXSaveVolumeToFileA
D3DXSaveVolumeToFileInMemory
D3DXSaveVolumeToFileW
D3DXSimplifyMesh
D3DXSphereBoundProbe
D3DXSplitMesh
D3DXTessellateNPatches
D3DXTessellateRectPatch
D3DXTessellateTriPatch
D3DXTriPatchSize
D3DXUVAtlasCreate
D3DXUVAtlasPack
D3DXUVAtlasPartition
D3DXValidMesh
D3DXValidPatchMesh
D3DXVec2BaryCentric
D3DXVec2CatmullRom
D3DXVec2Hermite
D3DXVec2Normalize
D3DXVec2Transform
D3DXVec2TransformArray
D3DXVec2TransformCoord
D3DXVec2TransformCoordArray
D3DXVec2TransformNormal
D3DXVec2TransformNormalArray
D3DXVec3BaryCentric
D3DXVec3CatmullRom
D3DXVec3Hermite
D3DXVec3Normalize
D3DXVec3Project
D3DXVec3ProjectArray
D3DXVec3Transform
D3DXVec3TransformArray
D3DXVec3TransformCoord
D3DXVec3TransformCoordArray
D3DXVec3TransformNormal
D3DXVec3TransformNormalArray
D3DXVec3Unproject
D3DXVec3UnprojectArray
D3DXVec4BaryCentric
D3DXVec4CatmullRom
D3DXVec4Cross
D3DXVec4Hermite
D3DXVec4Normalize
D3DXVec4Transform
D3DXVec4TransformArray
D3DXWeldVertices

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d3dx9_42_x86.cat
d3dx9_42_x86.inf
d3dx9_42_x86_xp.inf
external/dx/DSETUP.dll
.dll windows:6 windows x86 arch:x86

5ee93a27b334994f92812e79a2fb75bd

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-12-2009 22:40

Not After

07-03-2011 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:01

Not After

25-07-2013 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e7:2c:0e:bb:86:1f:cb:57:4e:97:97:44:28:c3:0a:2d:07:1d:2d:27
Signer

Actual PE Digest

e7:2c:0e:bb:86:1f:cb:57:4e:97:97:44:28:c3:0a:2d:07:1d:2d:27

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

DSETUP.pdb

Imports

kernel32

LocalFree
LocalAlloc
lstrcmpA
WideCharToMultiByte
GetSystemDefaultLCID
GetModuleFileNameA
SetLastError
MultiByteToWideChar
lstrlenA
lstrlenW
CompareStringA
CreateDirectoryA
GetWindowsDirectoryA
FormatMessageA
GetCurrentThreadId
DecodePointer
GetCommandLineA
HeapFree
HeapAlloc
HeapReAlloc
GetLocalTime
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
InterlockedDecrement
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentDirectoryA
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
WriteFile
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryW
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
CreateFileA
LCMapStringW
GetStringTypeW
HeapSize
WriteConsoleW
SetEndOfFile
GetProcessHeap
ReadFile
CreateFileW
GetSystemDirectoryA
SetCurrentDirectoryA
GetVersionExA
LoadLibraryA
GetProcAddress
OutputDebugStringA
CreateMutexA
GetLastError
CloseHandle
HeapCreate
FreeLibrary

user32

GetKeyboardType
DestroyWindow
SetFocus
CreateDialogParamA
SetDlgItemTextA
MessageBoxA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA

advapi32

RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA
RegSetValueExW
RegCreateKeyExW
RegQueryValueExA

winmm

mmioRead
mmioDescend
mmioClose
mmioOpenA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ole32

StringFromGUID2

Exports

Exports

DirectXDeviceDriverSetupA
DirectXDeviceDriverSetupW
DirectXLoadString
DirectXRegisterApplicationA
DirectXRegisterApplicationW
DirectXSetupA
DirectXSetupCallback
DirectXSetupGetEULAA
DirectXSetupGetEULAW
DirectXSetupGetFileVersion
DirectXSetupGetVersion
DirectXSetupIsEng
DirectXSetupIsJapan
DirectXSetupIsJapanNec
DirectXSetupSetCallback
DirectXSetupShowEULA
DirectXSetupW
DirectXUnRegisterApplication

Sections

.text
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
external/dx/DXSETUP.exe
.exe windows:6 windows x86 arch:x86

9f601d1261adacd540476661fd007bc3

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-12-2009 22:40

Not After

07-03-2011 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:01

Not After

25-07-2013 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b1:da:04:49:85:85:98:e8:94:a8:22:25:b7:5b:70:bb:f9:f9:02:96
Signer

Actual PE Digest

b1:da:04:49:85:85:98:e8:94:a8:22:25:b7:5b:70:bb:f9:f9:02:96

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

DXSETUP.pdb

Imports

advapi32

RegCloseKey
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

kernel32

FindClose
FindFirstFileA
lstrlenA
ReadFile
GetFileSize
CreateFileA
GetCurrentDirectoryA
GetCurrentProcess
GetModuleFileNameA
SetErrorMode
CreateMutexA
GetModuleHandleA
CreateThread
GetSystemDirectoryA
CloseHandle
GetVersionExA
LoadLibraryA
GetProcAddress
GetWindowsDirectoryA
FreeLibrary
CompareStringA
FormatMessageA
lstrcmpiA
GetProcessHeap
SetEndOfFile
WriteConsoleW
HeapReAlloc
GetStringTypeW
HeapSize
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
Sleep
LoadLibraryW
MultiByteToWideChar
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsProcessorFeaturePresent
RaiseException
HeapAlloc
RtlUnwind
CreateFileW
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringA
CreateDirectoryA
GetLastError
LocalFree
GetCommandLineA
HeapSetInformation
GetStartupInfoW
GetLocalTime
SetUnhandledExceptionFilter
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
HeapFree

gdi32

CreateCompatibleDC
GetObjectA
StretchBlt
DeleteDC
SelectObject
CreateFontIndirectA
DeleteObject
GetDeviceCaps

user32

ReleaseDC
GetDC
LoadImageA
SystemParametersInfoA
SendDlgItemMessageA
SetWindowTextA
GetWindowLongA
SetWindowLongA
PostMessageA
GetParent
SetDlgItemTextA
GetDlgItem
SendMessageA
ShowWindow
GetAsyncKeyState
ExitWindowsEx
EnumWindows
CharLowerA
LoadStringA
MessageBoxA
GetWindowTextA
GetClassNameA
SetForegroundWindow
SetFocus

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

comctl32

CreatePropertySheetPageA
PropertySheetA
ord17

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 436KB - Virtual size: 435KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
external/dx/Feb2010_X3DAudio_x64.cab
.cab
FEB2010_X3DAudio_x64.inf
X3DAudio1_7.dll
.dll windows:6 windows x64 arch:x64

aa754ab37995acbbabc2b4c1aeaeae3e

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-12-2009 22:40

Not After

07-03-2011 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:01

Not After

25-07-2013 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1a:23:e8:59:07:ac:62:e0:ee:c5:7e:a7:90:6c:fa:73:46:f6:b1:aa
Signer

Actual PE Digest

1a:23:e8:59:07:ac:62:e0:ee:c5:7e:a7:90:6c:fa:73:46:f6:b1:aa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

X3DAudio1_7.pdb

Imports

msvcrt

__C_specific_handler
_amsg_exit
free
_initterm
malloc
_XcptFilter
tanf
cosf
acosf
atan2f
sin
sinf

kernel32

UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
Sleep
SetUnhandledExceptionFilter

Exports

Exports

X3DAudioCalculate
X3DAudioInitialize

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
X3DAudio1_7_x64.cat
X3DAudio1_7_x64.inf
X3DAudio1_7_x64_xp.inf
infinst.exe
.exe windows:6 windows x64 arch:x64

b22a4f669312ee374cb26a4eb9e4098a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

infinst.pdb

Imports

kernel32

LocalFree
FormatMessageA
GetWindowsDirectoryA
CreateDirectoryA
GetLastError
OutputDebugStringA
MoveFileExA
GetModuleFileNameA
FindFirstFileA
CopyFileA
GetCurrentDirectoryA
CompareStringA
FindClose
GetPrivateProfileStringA
CloseHandle
CreateFileA
lstrlenA
CreateFileW
VirtualQuery
GetSystemInfo
SetThreadStackGuarantee
VirtualAlloc
VirtualProtect
ReadFile
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetCommandLineA
GetVersionExW
GetStartupInfoW
GetLocalTime
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
EncodePointer
DecodePointer
FlsFree
SetLastError
FlsSetValue
FlsGetValue
GetCurrentThreadId
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapAlloc
InitializeCriticalSectionAndSpinCount
LoadLibraryW
GetCPInfo
GetACP
GetOEMCP
Sleep
GetConsoleCP
GetConsoleMode
SetFilePointer
SetStdHandle
FlushFileBuffers
LCMapStringW
MultiByteToWideChar
GetStringTypeW

user32

CharNextA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

setupapi

SetupCloseInfFile
SetupCloseFileQueue
SetupOpenFileQueue
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupOpenInfFileA
SetupDiSetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
SetupInstallFromInfSectionA
SetupDefaultQueueCallbackA
SetupCopyOEMInfA

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
external/dx/Feb2010_X3DAudio_x86.cab
.cab
FEB2010_X3DAudio_x86.inf
X3DAudio1_7.dll
.dll windows:6 windows x86 arch:x86

939c925ad24b5326d66117cd864242ee

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-12-2009 22:40

Not After

07-03-2011 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:01

Not After

25-07-2013 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:3d:61:33:57:1e:9f:cf:89:9e:35:4c:57:aa:c8:59:05:3d:68:aa
Signer

Actual PE Digest

30:3d:61:33:57:1e:9f:cf:89:9e:35:4c:57:aa:c8:59:05:3d:68:aa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

X3DAudio1_7.pdb

Imports

msvcrt

_adjust_fdiv
_amsg_exit
_initterm
free
malloc
_XcptFilter
_CIacos

kernel32

GetCurrentThreadId
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
IsProcessorFeaturePresent
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedCompareExchange
Sleep
InterlockedExchange

user32

MessageBoxA

Exports

Exports

X3DAudioCalculate
X3DAudioInitialize

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
X3DAudio1_7_x86.cat
X3DAudio1_7_x86.inf
X3DAudio1_7_x86_xp.inf
external/dx/Feb2010_XAudio_x64.cab
.cab
FEB2010_XAudio_x64.inf
XAPOFX1_4.dll
.dll windows:6 windows x64 arch:x64

dae43bcd13a7d4666efa357462bb9496

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-12-2009 22:40

Not After

07-03-2011 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:02

Not After

25-07-2013 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

d2:45:4c:23:18:9d:70:4c:ae:01:4f:93:26:f3:87:52:ce:66:44:21
Signer

Actual PE Digest

d2:45:4c:23:18:9d:70:4c:ae:01:4f:93:26:f3:87:52:ce:66:44:21

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

XAPOFX1_4.pdb

Imports

msvcrt

_amsg_exit
__C_specific_handler
free
_initterm
malloc
_XcptFilter
sqrtf
memset
memcpy
_aligned_free
memcmp
_aligned_malloc
pow
powf
floorf
cos
_vsnprintf
sin
tanf

kernel32

HeapAlloc
GetProcessHeap
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
Sleep
HeapFree

ole32

CoTaskMemFree
CoTaskMemAlloc

Exports

Exports

CreateFX

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 426B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
XAudio2_6.dll
.dll regsvr32 windows:6 windows x64 arch:x64

919a640fd051c2bbab5fdf06dfd1aac2

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-12-2009 22:40

Not After

07-03-2011 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:02

Not After

25-07-2013 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3b:1d:e1:55:bf:60:0b:84:03:82:e9:a3:47:91:f9:fe:ec:f0:a2:ac
Signer

Actual PE Digest

3b:1d:e1:55:bf:60:0b:84:03:82:e9:a3:47:91:f9:fe:ec:f0:a2:ac

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

xaudio2_6.pdb

Imports

msvcrt

sqrtf
memmove
memset
memcpy
__C_specific_handler
powf
_amsg_exit
free
_initterm
malloc
_XcptFilter
atanf
cosf
_purecall
_vsnprintf
sinf
log
_aligned_malloc
_aligned_free
_vsnwprintf
sin
floorf
cos
memcmp
pow
exp

kernel32

HeapFree
GetVersionExA
LoadLibraryA
lstrcmpW
WaitForSingleObjectEx
CreateThread
ResumeThread
GetProcessAffinityMask
SetThreadAffinityMask
ResetEvent
SetEvent
CreateEventA
CreateSemaphoreA
CloseHandle
GetProcAddress
GetProcessHeap
HeapSize
GetSystemInfo
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
Sleep
DisableThreadLibraryCalls
WaitForSingleObject
WaitForMultipleObjects
DuplicateHandle
FreeLibrary
ReleaseSemaphore
GetLastError
EnterCriticalSection
GetModuleFileNameA
GetCurrentThreadId
TryEnterCriticalSection
SetThreadPriority
GetCurrentThread
GetThreadPriority
InitializeCriticalSection
HeapCreate
HeapDestroy
HeapAlloc
DeleteCriticalSection
OutputDebugStringA
QueryPerformanceFrequency
LeaveCriticalSection

ole32

PropVariantClear
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CLSIDFromString

rpcrt4

RpcStringFreeA
UuidToStringA

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegEnumKeyA
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA

winmm

timeEndPeriod
timeBeginPeriod

user32

GetDesktopWindow

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 484KB - Virtual size: 483KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.no_bbt
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
XAudio2_6_x64.cat
XAudio2_6_x64.inf
XAudio2_6_x64_xp.inf
infinst.exe
.exe windows:6 windows x64 arch:x64

b22a4f669312ee374cb26a4eb9e4098a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

infinst.pdb

Imports

kernel32

LocalFree
FormatMessageA
GetWindowsDirectoryA
CreateDirectoryA
GetLastError
OutputDebugStringA
MoveFileExA
GetModuleFileNameA
FindFirstFileA
CopyFileA
GetCurrentDirectoryA
CompareStringA
FindClose
GetPrivateProfileStringA
CloseHandle
CreateFileA
lstrlenA
CreateFileW
VirtualQuery
GetSystemInfo
SetThreadStackGuarantee
VirtualAlloc
VirtualProtect
ReadFile
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetCommandLineA
GetVersionExW
GetStartupInfoW
GetLocalTime
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
EncodePointer
DecodePointer
FlsFree
SetLastError
FlsSetValue
FlsGetValue
GetCurrentThreadId
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapAlloc
InitializeCriticalSectionAndSpinCount
LoadLibraryW
GetCPInfo
GetACP
GetOEMCP
Sleep
GetConsoleCP
GetConsoleMode
SetFilePointer
SetStdHandle
FlushFileBuffers
LCMapStringW
MultiByteToWideChar
GetStringTypeW

user32

CharNextA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

setupapi

SetupCloseInfFile
SetupCloseFileQueue
SetupOpenFileQueue
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupOpenInfFileA
SetupDiSetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
SetupInstallFromInfSectionA
SetupDefaultQueueCallbackA
SetupCopyOEMInfA

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
external/dx/Feb2010_XAudio_x86.cab
.cab
FEB2010_XAudio_x86.inf
XAPOFX1_4.dll
.dll windows:6 windows x86 arch:x86

a3a674b1b02986f74e6f1f4671ca62fc

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-12-2009 22:40

Not After

07-03-2011 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:02

Not After

25-07-2013 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c8:20:d6:41:8e:81:c3:0e:41:97:f0:d1:b3:b0:62:ef:28:23:71:40
Signer

Actual PE Digest

c8:20:d6:41:8e:81:c3:0e:41:97:f0:d1:b3:b0:62:ef:28:23:71:40

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

XAPOFX1_4.pdb

Imports

msvcrt

_adjust_fdiv
_amsg_exit
_initterm
free
malloc
_XcptFilter
sqrt
_aligned_malloc
memcpy
_aligned_free
memcmp
sin
_vsnprintf
memset
_CIpow
floor
cos

kernel32

GetCurrentProcessId
GetProcessHeap
HeapAlloc
HeapFree
GetVersion
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
InterlockedIncrement
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedCompareExchange
Sleep
InterlockedExchange
IsProcessorFeaturePresent
InterlockedDecrement

ole32

CoTaskMemFree
CoTaskMemAlloc

user32

MessageBoxA

Exports

Exports

CreateFX

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
XAudio2_6.dll
.dll regsvr32 windows:6 windows x86 arch:x86

3f01b646c2444455f7233e736b73c9c4

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-12-2009 22:40

Not After

07-03-2011 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:01

Not After

25-07-2013 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5a:50:92:57:49:13:c2:26:0f:d6:5b:7b:c1:00:17:b1:b6:90:72:c4
Signer

Actual PE Digest

5a:50:92:57:49:13:c2:26:0f:d6:5b:7b:c1:00:17:b1:b6:90:72:c4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

xaudio2_6.pdb

Imports

msvcrt

memset
_adjust_fdiv
_amsg_exit
_initterm
free
malloc
_XcptFilter
ceil
_CIpow
strlen
_purecall
memmove
sqrt
_vsnprintf
memcmp
memcpy
_aligned_malloc
_aligned_free
strcmp
wcslen
_vsnwprintf
sin
cos
floor

kernel32

WaitForSingleObjectEx
CreateThread
ResumeThread
GetProcessAffinityMask
SetThreadAffinityMask
lstrcmpW
FreeLibrary
GetVersionExA
ResetEvent
SetEvent
CreateEventA
CreateSemaphoreA
CloseHandle
GetProcAddress
GetProcessHeap
HeapSize
GetSystemInfo
GetVersion
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedCompareExchange
Sleep
InterlockedExchange
DisableThreadLibraryCalls
LoadLibraryA
WaitForSingleObject
DuplicateHandle
WaitForMultipleObjects
ReleaseSemaphore
GetCurrentThreadId
GetModuleFileNameA
HeapDestroy
TryEnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
HeapCreate
GetLastError
GetCurrentThread
QueryPerformanceFrequency
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
HeapFree
GetThreadPriority
OutputDebugStringA
InterlockedIncrement
InterlockedDecrement
SetThreadPriority
IsProcessorFeaturePresent

ole32

PropVariantClear
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CLSIDFromString

user32

MessageBoxA
GetDesktopWindow

rpcrt4

UuidToStringA
RpcStringFreeA

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA

winmm

timeEndPeriod
timeBeginPeriod

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 491KB - Virtual size: 490KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.no_bbt
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
XAudio2_6_x86.cat
XAudio2_6_x86.inf
XAudio2_6_x86_xp.inf
external/dx/Jun2010_XAudio_x64.cab
.cab
external/dx/Jun2010_XAudio_x86.cab
.cab
external/dx/Jun2010_d3dx9_43_x64.cab
.cab
external/dx/Jun2010_d3dx9_43_x86.cab
.cab
external/dx/Mar2008_X3DAudio_x64.cab
.cab
external/dx/Mar2009_X3DAudio_x86.cab
.cab
external/dx/Nov2008_X3DAudio_x64.cab
.cab
external/dx/Nov2008_X3DAudio_x86.cab
.cab
external/dx/Nov2008_XAudio_x64.cab
.cab
external/dx/Nov2008_XAudio_x86.cab
.cab
external/dx/Nov2008_d3dx9_40_x64.cab
.cab
external/dx/Nov2008_d3dx9_40_x86.cab
.cab
external/dx/dsetup32.dll
.dll windows:6 windows x86 arch:x86

d1671a2cd7c955bf9903489363b7585c

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-12-2009 22:40

Not After

07-03-2011 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:02

Not After

25-07-2013 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

22:9d:3f:6c:9f:d6:3c:85:3d:d2:28:5b:3e:7b:4f:07:0b:5d:a1:86
Signer

Actual PE Digest

22:9d:3f:6c:9f:d6:3c:85:3d:d2:28:5b:3e:7b:4f:07:0b:5d:a1:86

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dsetup32.pdb

Imports

kernel32

FindClose
FindFirstFileA
GetSystemDirectoryA
CopyFileA
DeleteFileA
SetFileAttributesA
WideCharToMultiByte
LoadResource
FindResourceA
GetSystemDefaultLCID
GetModuleFileNameA
lstrcmpA
LockResource
SizeofResource
SetLastError
GetPrivateProfileStringA
MultiByteToWideChar
CloseHandle
GetFileSize
CreateFileA
GetPrivateProfileSectionA
lstrcmpiA
lstrlenA
FindNextFileA
GetShortPathNameA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
LoadLibraryExA
GetFileAttributesA
GetPrivateProfileSectionNamesA
GetSystemInfo
GetDiskFreeSpaceA
GetModuleHandleA
ReadFile
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetTempFileNameA
GetDriveTypeA
GetCurrentDirectoryA
ExpandEnvironmentStringsA
GetTempPathA
MoveFileExA
SetFileTime
GetFileTime
Sleep
CreateMutexA
GetCurrentThreadId
DecodePointer
GetCommandLineA
GetLocalTime
HeapFree
HeapReAlloc
EncodePointer
TlsAlloc
TlsGetValue
GetVersionExA
TlsFree
InterlockedIncrement
GetModuleHandleW
InterlockedDecrement
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
HeapAlloc
RaiseException
IsProcessorFeaturePresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
WriteFile
GetConsoleCP
GetConsoleMode
LoadLibraryW
GetModuleFileNameW
SetFilePointer
SetStdHandle
FlushFileBuffers
HeapSize
GetStringTypeW
WriteConsoleW
SetEndOfFile
GetProcessHeap
CreateFileW
GetProcAddress
LoadLibraryA
GetCurrentProcess
FreeLibrary
CompareStringA
FormatMessageA
LocalFree
GetWindowsDirectoryA
OutputDebugStringA
CreateDirectoryA
TlsSetValue
GetLastError

gdi32

GetDeviceCaps

user32

PeekMessageA
ShowWindow
GetDlgItem
SendMessageA
CharLowerA
MessageBoxA
CreateDialogParamA
SetFocus
DestroyWindow
DialogBoxParamA
GetMessageA
CharNextA
EndDialog
SetDlgItemTextA
SendDlgItemMessageA
GetDesktopWindow
GetWindowRect
GetDC
ReleaseDC
SetWindowPos
LoadStringA
DispatchMessageA
TranslateMessage
GetKeyboardType

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteValueA
RegQueryValueExA

shlwapi

SHDeleteKeyA

winmm

mmioDescend
mmioOpenA
mmioClose
mmioRead

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

SHFileOperationA

ole32

StringFromGUID2

Exports

Exports

DirectXLoadString
DirectXSetupCallback
DirectXSetupSetCallback
DirectXSetupShowEULA
iDirectXSetup
iDirectXSetupGetEULA

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
external/dx/dxdllreg_x86.cab
.cab
external/dx/dxnt.cab
.cab
external/dx/dxupdate.cab
.cab
farm2012.demo.dll
.exe windows:5 windows x86 arch:x86

0b0a1ebcf113f058a8349bfefacc78eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\prg\c\vs.insomnia\projects\farm2012\.build\farm2012\Final\farm2012.pdb

Imports

crashreport

UserCallback2
InitCrashReport
UserCallback

ws2_32

inet_addr
WSARecvFrom
ntohs
connect
shutdown
send
recv
ntohl
getnameinfo
inet_ntoa
recvfrom
ioctlsocket
sendto
setsockopt
WSAGetLastError
bind
htons
socket
closesocket
WSAIoctl
WSAStartup
__WSAFDIsSet
gethostbyname
WSASendTo
getsockname
htonl
select
freeaddrinfo
getaddrinfo
WSACleanup

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

winmm

timeEndPeriod
timeGetTime
timeBeginPeriod

dbghelp

SymInitialize
SymGetModuleInfo64
SymGetLineFromAddr64
SymGetSymFromAddr64
SymFromAddr
SymSetOptions

d3d9

Direct3DCreate9
D3DPERF_GetStatus

d3dx9_43

D3DXCreateSprite
D3DXCreateFontA
D3DXSaveSurfaceToFileA
D3DXCreateEffectEx
D3DXCreateEffectPool

dinput8

DirectInput8Create

physxloader

NxGetUtilLib
NxCreatePhysicsSDK

msimg32

AlphaBlend

x3daudio1_7

X3DAudioCalculate
X3DAudioInitialize

kernel32

CreateFileMappingA
OpenFileMappingA
SetProcessWorkingSetSize
MapViewOfFile
VirtualQuery
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileW
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
LCMapStringA
GetLocaleInfoA
LCMapStringW
FlushFileBuffers
SetStdHandle
SetFilePointer
GetConsoleMode
GetConsoleCP
RaiseException
GetTickCount
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
GetVersionExA
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
IsDebuggerPresent
TlsFree
QueryPerformanceFrequency
QueryPerformanceCounter
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTime
GetLocalTime
InterlockedIncrement
InterlockedDecrement
GetTempPathA
GetTempPathW
CreateDirectoryA
CreateDirectoryW
GetFileAttributesA
GetFileAttributesW
RemoveDirectoryW
SetFileAttributesW
DeleteFileA
DeleteFileW
CopyFileA
MoveFileExW
CreateFileA
GetFileTime
CloseHandle
SetFileTime
CreateEventA
SetEvent
ResetEvent
SignalObjectAndWait
WaitForSingleObjectEx
WaitForMultipleObjectsEx
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateMutexA
GetLastError
GetCurrentThreadId
GetCurrentProcessId
SetThreadPriority
CreateThread
ResumeThread
SetThreadAffinityMask
GlobalLock
GlobalUnlock
GlobalAlloc
GlobalFree
GetModuleFileNameA
Sleep
GetStdHandle
TerminateProcess
GetCurrentProcess
GetCommandLineA
SetEnvironmentVariableA
MultiByteToWideChar
WideCharToMultiByte
IsBadReadPtr
GetFileInformationByHandle
GetDiskFreeSpaceA
VirtualAlloc
ReadFileEx
CancelIo
VirtualFree
VirtualUnlock
VirtualLock
GetProcAddress
LoadLibraryA
GetModuleHandleA
UnmapViewOfFile
SleepEx
SetLastError
GlobalMemoryStatusEx
FormatMessageA
LocalFree
HeapAlloc
HeapFree
RtlUnwind
GetStartupInfoA
FindClose
FileTimeToLocalFileTime
FindFirstFileA
FindNextFileA
FindFirstFileW
FindNextFileW
GetSystemTimeAsFileTime
SetEndOfFile
GetProcessHeap
ReadFile
GetModuleHandleW
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapReAlloc
HeapCreate
WriteFile
TlsGetValue
TlsAlloc
TlsSetValue

user32

ClientToScreen
DrawTextA
SetWindowLongA
FillRect
GetWindowPlacement
GetWindowRect
ShowWindow
UpdateWindow
SetWindowPos
CreateWindowExW
GetRawInputData
DefRawInputProc
RegisterRawInputDevices
GetRawInputDeviceList
SetRect
LoadImageA
RegisterClassExW
GetClientRect
SetWindowTextW
DefWindowProcW
ValidateRect
PostQuitMessage
GetWindowLongA
AdjustWindowRect
GetDesktopWindow
GetDC
ReleaseDC
ClipCursor
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
SetClipboardData
MessageBoxA
ShowCursor
SetFocus
DispatchMessageA
TranslateMessage
PeekMessageA
GetMonitorInfoA

gdi32

BitBlt
GetDIBits
StretchBlt
SelectObject
SetStretchBltMode
GetStockObject
GdiFlush
CreateDIBSection
SetTextAlign
SetBkMode
DeleteObject
SetTextColor
GetTextExtentPoint32W
GetTextExtentPoint32A
CreateFontA
CreateCompatibleBitmap
CreateCompatibleDC

advapi32

RegCreateKeyA
GetUserNameW
RegOpenKeyA
RegCloseKey
RegSetValueExA
RegQueryValueExA

shell32

SHGetFolderPathA
SHGetFolderPathW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 360KB - Virtual size: 359KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 191KB - Virtual size: 7.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
farm2012.demo.exe
.exe windows:5 windows x86 arch:x86

28ee26adc361818bec3b86a74bab3883

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\prg\c\vs.insomnia\itools\iupdate\.build\launcher\Final\launcher.pdb

Imports

kernel32

GetFileAttributesA
MoveFileExA
CloseHandle
Sleep
GetExitCodeProcess
CreateProcessA
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
GetLocaleInfoA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
iupdate.dll
.exe windows:5 windows x86 arch:x86

870b47954af75213c8a156a2362f0aad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\prg\c\vs.insomnia\itools\iupdate\.build\iupdate\Final Public\iupdate.pdb

Imports

kernel32

GetProcAddress
CopyFileA
EnterCriticalSection
GetModuleFileNameA
GetModuleHandleA
LoadLibraryExA
DeleteCriticalSection
GetCurrentThreadId
GetVersionExA
CloseHandle
GetTempPathA
GetComputerNameA
GlobalMemoryStatus
GetNativeSystemInfo
GetLocaleInfoA
GetSystemTimeAsFileTime
lstrcmpiA
SetLastError
GetLastError
RaiseException
FlushInstructionCache
lstrlenW
IsProcessorFeaturePresent
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
FlushFileBuffers
SetStdHandle
SetFilePointer
MultiByteToWideChar
GetConsoleCP
RtlUnwind
GetTickCount
GetFileType
SetHandleCount
IsDBCSLeadByte
TerminateProcess
LeaveCriticalSection
SizeofResource
WideCharToMultiByte
OpenProcess
InitializeCriticalSection
WaitForSingleObject
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WriteFile
HeapReAlloc
HeapCreate
ReadFile
GetProcessHeap
SetEndOfFile
FindNextFileA
FindFirstFileA
FileTimeToLocalFileTime
FindClose
GetStartupInfoA
ExitProcess
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualProtect
HeapSize
HeapAlloc
HeapFree
LoadLibraryA
VirtualFree
CancelIo
ReadFileEx
VirtualAlloc
GetDiskFreeSpaceA
LoadResource
FreeLibrary
lstrlenA
GetConsoleMode
FindResourceA
InterlockedCompareExchange
QueryPerformanceFrequency
QueryPerformanceCounter
FileTimeToSystemTime
CreateDirectoryA
GetFileAttributesA
RemoveDirectoryA
SetFileAttributesA
DeleteFileA
MoveFileExA
CreateFileA
CreateEventA
ResetEvent
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
CreateThread
Sleep
GetStdHandle
CreateProcessA
GetCommandLineA
SetEnvironmentVariableA
GetFileInformationByHandle

user32

GetParent
MapWindowPoints
UnregisterClassA
SetWindowTextA
GetActiveWindow
ShowWindow
SetWindowPos
EndDialog
GetDlgItem
MonitorFromWindow
GetWindowLongA
MessageBoxA
SetWindowLongA
GetAsyncKeyState
GetWindowTextA
GetMonitorInfoA
GetWindow
SetDlgItemTextA
DialogBoxParamA
GetDlgItemTextA
SendMessageA
SetFocus
SystemParametersInfoA
GetSystemMetrics
GetKeyboardLayoutNameA
DestroyWindow
GetMessageA
GetWindowRect
PostQuitMessage
SetForegroundWindow
GetClientRect
CharNextA
EnableWindow

advapi32

RegCreateKeyExA
RegCreateKeyA
RegOpenKeyA
GetUserNameA
RegQueryValueExA
RegCloseKey
RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegSetValueExA

shell32

SHGetFolderPathA
ShellExecuteExA

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance

oleaut32

VariantClear
VarUI4FromStr

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

psapi

GetModuleBaseNameA
EnumProcessModules
EnumProcesses

ws2_32

connect
ioctlsocket
WSACleanup
recv
WSAStartup
inet_addr
htons
socket
closesocket
gethostbyname
send

d3d9

Direct3DCreate9

dsound

ord2
ord11

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
system.log.html
.html .js polyglot
system/actions.icom
system/device.icom
system/settings.icom
system/system.icom
system/user.icom
uninstall.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 76KB

.rsrc Size: 25KB - Virtual size: 24KB

ed83f419402bc3b83a08e3aaf8b5b5b7

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 348B

.reloc Size: 1024B - Virtual size: 780B

0d87660e15e4e2499d63742f6c9630fd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 598B

.rdata Size: 512B - Virtual size: 413B

.data Size: 512B - Virtual size: 28B

.rsrc Size: 512B - Virtual size: 176B

.reloc Size: 512B - Virtual size: 110B

9b6b6a7858e17fb0b17e1c1428330343

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 697B

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 320B

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 148KB - Virtual size: 148KB

DATA Size: 3KB - Virtual size: 2KB

BSS Size: - Virtual size: 2KB

.idata Size: 4KB - Virtual size: 3KB

.edata Size: 1KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 76KB

.rsrc
Size: 25KB - Virtual size: 24KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 348B

.reloc
Size: 1024B - Virtual size: 780B

.text
Size: 1024B - Virtual size: 598B

.rdata
Size: 512B - Virtual size: 413B

.data
Size: 512B - Virtual size: 28B

.rsrc
Size: 512B - Virtual size: 176B

.reloc
Size: 512B - Virtual size: 110B

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 697B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 320B

CODE
Size: 148KB - Virtual size: 148KB

DATA
Size: 3KB - Virtual size: 2KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 3KB

.edata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 7KB - Virtual size: 7KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 572B

.text
Size: 144KB - Virtual size: 144KB

.rdata
Size: 42KB - Virtual size: 41KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 12KB - Virtual size: 11KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

3a:f8:20:a6:90:76:99:58:04:10:05:52:28:ec:ad:df
Certificate