privateloader | SecuriteInfo[.]com[.]Trojan[.]DownLoader40[.]40259[.]3271[.]29415[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Trojan.DownLoader40.40259.3271.29415.exe
Size

34.0MB
MD5

d76e2f1b2d9ee7709ab0309c5ca71955
SHA1

5146d2934189b66333586086b91e871477618461
SHA256

c5d9bb6910afb276598d18843a7acdefabcd5a9ac60e051e9d727e6b3a9a8359
SHA512

047ff00c7b002e7149e34f2abab11e4ae5a95266143eb54597944b4ab87128980bf2f9fc2dfc31fdd50f1002c2f4579baac0120fc604c520d1cfb1433d6006cd
SSDEEP

786432:mqGCvMC7g911UbXLs2F3CdLW3sSFvZGf9Kvfwo7e04iRE:mqGOMnEXLNlscvkkv4o7y6E

Score

10^/10

privateloader

Malware Config

Signatures

Privateloader family
privateloader

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/FindProcDLL.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/KillProcDLL.dll
unpack001/$PLUGINSDIR/StdUtils.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/gameCore_cef.exe
unpack001/liehuo.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

SecuriteInfo.com.Trojan.DownLoader40.40259.3271.29415.exe
.exe windows:4 windows x86 arch:x86

b1a57b635b23ffd553b3fd1e0960b2bd

Code Sign

21:d6:d0:4a:4f:25:0f:c9:32:37:fc:aa:5e:12:8d:e9
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

06/10/2011, 08:39

Not After

06/10/2046, 08:39

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

60:1c:06:91:71:d5:13:56:07:14:d6:60:96:52:2a:5e
Certificate

Issuer

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Not Before

31/12/2021, 11:52

Not After

30/12/2024, 11:52

Subject

CN=成都七娱尚思科技有限公司,O=成都七娱尚思科技有限公司,L=成都市,ST=四川省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

26/05/2021, 06:46

Not After

18/05/2027, 06:46

Subject

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a2:e1:ce:52:22:92:32:c4:68:98:41:4e:ca:c8:a2:38:83:0c:98:3a:bd:1e:80:dd:80:6f:ab:5e:de:07:94:02
Signer

Actual PE Digest

a2:e1:ce:52:22:92:32:c4:68:98:41:4e:ca:c8:a2:38:83:0c:98:3a:bd:1e:80:dd:80:6f:ab:5e:de:07:94:02

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
SetFileAttributesA
CompareFileTime
SearchPathA
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
Sleep
lstrcmpiA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrcatA
GetSystemDirectoryA
WaitForSingleObject
SetFileTime
CloseHandle
GlobalFree
lstrcmpA
ExpandEnvironmentStringsA
GetExitCodeProcess
GlobalAlloc
GetCommandLineA
GetTempPathA
GetProcAddress
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
ReadFile
FindClose
GetPrivateProfileStringA
WritePrivateProfileStringA
WriteFile
MulDiv
MultiByteToWideChar
LoadLibraryExA
GetModuleHandleA
FreeLibrary

user32

SetCursor
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
EndDialog
ScreenToClient
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetForegroundWindow
GetWindowLongA
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
SetTimer
PostQuitMessage
SetWindowLongA
SendMessageTimeoutA
LoadImageA
wsprintfA
GetDlgItem
FindWindowExA
IsWindow
SetClipboardData
EmptyClipboard
OpenClipboard
EndPaint
CreateDialogParamA
DestroyWindow
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA
ShellExecuteA

advapi32

RegDeleteValueA
SetFileSecurityA
RegOpenKeyExA
RegDeleteKeyA
RegEnumValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_AddMasked
ImageList_Destroy
ImageList_Create
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:4 windows x86 arch:x86

8df26927f8978d4eb40ff179c0aa961b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
lstrcmpA
OpenProcess
lstrcpyA
LoadLibraryA
CloseHandle
FreeLibrary
GetVersionExA
lstrlenA
GlobalFree

user32

wsprintfA

Exports

Exports

FindProc

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

738dc9bb91549f627cf1953c2000e1d6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentDirectoryA
MultiByteToWideChar
SetCurrentDirectoryA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalAlloc
GlobalUnlock
GlobalLock

user32

GetDlgCtrlID
CloseClipboard
GetClipboardData
MapWindowPoints
LoadCursorA
GetClientRect
SetWindowRgn
LoadIconA
GetWindowLongA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
SetCursor
PtInRect
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
EnableMenuItem
DrawTextA
GetSystemMenu
OpenClipboard
LoadImageA

gdi32

SetTextColor
DeleteObject
CombineRgn
CreateRectRgn
GetDIBits
SelectObject
CreateCompatibleDC
GetObjectA

shell32

SHGetPathFromIDListA
ShellExecuteA
SHBrowseForFolderA
SHGetDesktopFolder

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
TerminateProcess
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
FreeLibrary
GlobalFree
lstrcpyA
DisableThreadLibraryCalls

msvcrt

strcmp
_strupr
toupper
strlen
free
_initterm
malloc
_adjust_fdiv
strcpy
_itoa

Exports

Exports

KillProc

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StdUtils.dll
.dll windows:5 windows x86 arch:x86

ea9b3ea5cd9e2014ad3724e31f62cf5e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

isspace
_msize
??2@YAPAXI@Z
iscntrl
isalpha
sscanf
abort
_beginthreadex
time
srand
rand
strncpy
isalnum
strchr
__getmainargs
_strnicmp
_stricmp
??3@YAXPAX@Z
calloc
free
_wcsicmp
_snprintf
memset
memcpy

shlwapi

ord176

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

GetVersion
InterlockedExchange
HeapValidate
InterlockedDecrement
InterlockedIncrement
GetSystemTime
OutputDebugStringA
DeleteCriticalSection
GetExitCodeProcess
InitializeCriticalSection
SystemTimeToFileTime
TerminateThread
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetCommandLineA
GetVersionExA
GetFileAttributesA
LoadLibraryW
GetModuleHandleW
FreeLibrary
CloseHandle
GetFileSizeEx
ReadFile
WriteFile
GlobalAlloc
lstrcpynA
GlobalFree
LeaveCriticalSection
EnterCriticalSection
GetTickCount
Sleep
VerSetConditionMask
GetVersionExW
VerifyVersionInfoW
GetLastError
LocalAlloc
LocalFree
CreateFileA
SetFilePointerEx
MultiByteToWideChar

user32

MessageBoxW
RegisterClassA
DispatchMessageA
UnregisterClassA
AllowSetForegroundWindow
SetTimer
DestroyWindow
wsprintfA
GetWindowThreadProcessId
LoadStringW
MessageBoxA
MsgWaitForMultipleObjects
KillTimer
PeekMessageA
CreateWindowExA

shell32

ShellExecuteExA
SHFileOperationA
ShellExecuteA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

VariantClear
SysFreeString
VariantInit
SysAllocString

Exports

Exports

AppendToFile
DisableVerboseMode
Dummy
EnableVerboseMode
ExecShellAsUser
ExecShellWaitEx
FormatStr
FormatStr2
FormatStr3
GetAllParameters
GetDays
GetHours
GetLibVersion
GetMinutes
GetOsEdition
GetParameter
GetRealOsBuildNo
GetRealOsName
GetRealOsVersion
HashFile
HashText
InvokeShellVerb
ParameterCnt
ParameterStr
Rand
RandList
RandMax
RandMinMax
RevStr
SHFileCopy
SHFileMove
ScanStr
ScanStr2
ScanStr3
TestParameter
Time
TimerCreate
TimerDestroy
TrimStr
TrimStrLeft
TrimStrRight
ValidFileName
ValidPathSpec
VerifyRealOsBuildNo
VerifyRealOsVersion
WaitForProcEx

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

f2ac1ab587d5531d5f1bf76c094aef4c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
GlobalAlloc
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 510B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
EasyHook.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:4f:f1:81:0e:4a:94:25:bf:80:e3:b8:bc:ae:ab:42
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

17/04/2017, 00:00

Not After

17/04/2019, 23:59

Subject

CN=上海硬通网络科技有限公司,OU=IT,O=上海硬通网络科技有限公司,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ae:59:56:50:07:b8:18:a8:0f:01:9b:65:57:d2:2e:36:61:e1:d9:ff
Signer

Actual PE Digest

ae:59:56:50:07:b8:18:a8:0f:01:9b:65:57:d2:2e:36:61:e1:d9:ff

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\37work\pc_code\gamebox\gamebox_dual\04代码\ThirdLibrary\Backup\EasyHook_SRC\EasyHook\obj\netfx3.5-Release\EasyHook.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EasyHook32.dll
.dll windows:5 windows x86 arch:x86

7b3b12ec5d4e8348e8bcab2c0454059c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:4f:f1:81:0e:4a:94:25:bf:80:e3:b8:bc:ae:ab:42
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

17/04/2017, 00:00

Not After

17/04/2019, 23:59

Subject

CN=上海硬通网络科技有限公司,OU=IT,O=上海硬通网络科技有限公司,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ae:79:04:ec:33:df:10:ed:c2:31:a0:fb:96:c6:c3:97:7c:b4:14:ef
Signer

Actual PE Digest

ae:79:04:ec:33:df:10:ed:c2:31:a0:fb:96:c6:c3:97:7c:b4:14:ef

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\37work\pc_code\gamebox\gamebox_dual\04代码\ThirdLibrary\Backup\EasyHook_SRC\Build\netfx3.5-Release\x86\EasyHook32.pdb

Imports

psapi

EnumProcessModules
GetModuleInformation

kernel32

TlsFree
GetCurrentThreadId
GetSystemInfo
GetLastError
GetCurrentProcess
GetProcAddress
GetModuleFileNameA
GetFullPathNameW
GetEnvironmentVariableW
SetEnvironmentVariableW
SetEvent
GetModuleHandleW
LoadLibraryW
GetModuleHandleA
CloseHandle
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
DeleteCriticalSection
GetThreadContext
SetThreadContext
WaitForSingleObject
OpenProcess
Thread32First
ReadProcessMemory
Thread32Next
VirtualAllocEx
OpenThread
CreateEventW
CreateToolhelp32Snapshot
DuplicateHandle
TlsAlloc
SuspendThread
ResumeThread
TlsGetValue
CreateProcessW
CreateRemoteThread
TlsSetValue
WideCharToMultiByte
TerminateProcess
lstrlenW
SetLastError
GetExitCodeThread
Module32FirstW
WaitForMultipleObjects
Module32NextW
GetCurrentProcessId
FatalAppExitW
GetModuleFileNameW
CreateFileW
HeapAlloc
HeapFree
IsBadReadPtr
InitializeCriticalSection
Sleep
LeaveCriticalSection
EnterCriticalSection
VirtualProtect
VirtualQuery
GetVersionExW
SetStdHandle
OutputDebugStringW
LoadLibraryA
HeapCreate
HeapDestroy
FreeLibrary
WriteConsoleW
SetEndOfFile
WriteProcessMemory
InterlockedExchange
LCMapStringW
EncodePointer
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
GetStdHandle
GetFileType
GetStartupInfoW
GetProcessHeap
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WriteFile
RtlUnwind
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
HeapReAlloc
LoadLibraryExW
ReadFile
ReadConsoleW
GetStringTypeW

advapi32

StartServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
OpenProcessToken

ole32

CoTaskMemFree
CoTaskMemAlloc

Exports

Exports

?GetRemoteModuleExportDirectory@@YGHPAXPAUHINSTANCE__@@PAU_IMAGE_EXPORT_DIRECTORY@@U_IMAGE_DOS_HEADER@@U_IMAGE_NT_HEADERS@@@Z
_DbgAttachDebugger@0
_DbgDetachDebugger@0
_DbgGetProcessIdByHandle@8
_DbgGetThreadIdByHandle@8
_DbgHandleToObjectName@16
_DbgIsAvailable@0
_DbgIsEnabled@0
_GacCreateContext@0
_GacInstallAssembly@16
_GacReleaseContext@4
_GacUninstallAssembly@16
_HookCompleteInjection@4
_LhBarrierBeginStackTrace@4
_LhBarrierCallStackTrace@12
_LhBarrierEndStackTrace@4
_LhBarrierGetAddressOfReturnAddress@4
_LhBarrierGetCallback@4
_LhBarrierGetCallingModule@4
_LhBarrierGetReturnAddress@4
_LhBarrierPointerToModule@8
_LhEnumModules@12
_LhGetHookBypassAddress@8
_LhInstallHook@16
_LhIsThreadIntercepted@12
_LhSetExclusiveACL@12
_LhSetGlobalExclusiveACL@8
_LhSetGlobalInclusiveACL@8
_LhSetInclusiveACL@12
_LhUninstallAllHooks@0
_LhUninstallHook@4
_LhUpdateModuleInformation@0
_LhWaitForPendingRemovals@0
_ReleaseTestFuncHookResults@8
_RhCreateAndInject@36
_RhCreateStealthRemoteThread@16
_RhGetProcessToken@8
_RhInjectLibrary@28
_RhInstallDriver@8
_RhInstallSupportDriver@0
_RhIsAdministrator@0
_RhIsX64Process@8
_RhIsX64System@0
_RhWakeUpProcess@0
_RtlCreateSuspendedProcess@20
_RtlGetLastError@0
_RtlGetLastErrorString@0
_RtlGetLastErrorStringCopy@0
_RtlInstallService@12
_TestFuncHooks@24

Sections

.text
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EasyHook64.dll
.dll windows:6 windows x64 arch:x64

89b3da907b6f3934c4f9994c2aa723d3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:4f:f1:81:0e:4a:94:25:bf:80:e3:b8:bc:ae:ab:42
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

17/04/2017, 00:00

Not After

17/04/2019, 23:59

Subject

CN=上海硬通网络科技有限公司,OU=IT,O=上海硬通网络科技有限公司,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:14:fc:be:90:41:a5:38:fe:c9:d0:1e:25:f8:30:49:03:63:af:4c
Signer

Actual PE Digest

0c:14:fc:be:90:41:a5:38:fe:c9:d0:1e:25:f8:30:49:03:63:af:4c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Projects\Gits\EasyHook\Build\netfx3.5-Release\x64\EasyHook64.pdb

Imports

psapi

GetModuleInformation
EnumProcessModules

kernel32

GetCurrentThreadId
VirtualFree
VirtualAlloc
GetSystemInfo
GetLastError
GetModuleFileNameA
GetCurrentProcess
GetProcAddress
LoadLibraryW
GetCurrentProcessId
GetFullPathNameW
SetEnvironmentVariableW
GetEnvironmentVariableW
GetModuleHandleA
SetEvent
CloseHandle
GetModuleHandleW
InitializeCriticalSectionEx
RaiseException
DeleteCriticalSection
WriteProcessMemory
Thread32Next
Thread32First
WaitForSingleObject
SuspendThread
ResumeThread
DuplicateHandle
OpenProcess
CreateToolhelp32Snapshot
CreateEventW
TlsFree
VirtualAllocEx
ReadProcessMemory
SetThreadContext
OpenThread
TlsSetValue
SetLastError
lstrlenW
TerminateProcess
WaitForMultipleObjects
GetExitCodeThread
Module32FirstW
CreateProcessW
WideCharToMultiByte
CreateRemoteThread
TlsGetValue
Module32NextW
FatalAppExitW
GetModuleFileNameW
CreateFileW
VirtualProtect
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
Sleep
HeapAlloc
IsBadReadPtr
GetVersionExW
EncodePointer
FreeLibrary
HeapDestroy
TlsAlloc
LoadLibraryA
HeapCreate
RtlPcToFileHeader
GetThreadContext
SetEndOfFile
WriteConsoleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
RtlUnwindEx
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
GetACP
GetStdHandle
GetFileType
LCMapStringW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetCommandLineA
GetCommandLineW
HeapSize
HeapReAlloc
GetStringTypeW
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
ReadFile
ReadConsoleW
SetFilePointerEx

advapi32

OpenServiceW
OpenProcessToken
SystemFunction036
CreateServiceW
CloseServiceHandle
OpenSCManagerW
DeleteService
StartServiceW

ole32

CoTaskMemAlloc
CoTaskMemFree

Exports

Exports

?GetRemoteModuleExportDirectory@@YAHPEAXPEAUHINSTANCE__@@PEAU_IMAGE_EXPORT_DIRECTORY@@U_IMAGE_DOS_HEADER@@U_IMAGE_NT_HEADERS64@@@Z
DbgAttachDebugger
DbgDetachDebugger
DbgGetProcessIdByHandle
DbgGetThreadIdByHandle
DbgHandleToObjectName
DbgIsAvailable
DbgIsEnabled
GacCreateContext
GacInstallAssembly
GacReleaseContext
GacUninstallAssembly
HookCompleteInjection
LhBarrierBeginStackTrace
LhBarrierCallStackTrace
LhBarrierEndStackTrace
LhBarrierGetAddressOfReturnAddress
LhBarrierGetCallback
LhBarrierGetCallingModule
LhBarrierGetReturnAddress
LhBarrierPointerToModule
LhEnumModules
LhInstallHook
LhIsThreadIntercepted
LhSetExclusiveACL
LhSetGlobalExclusiveACL
LhSetGlobalInclusiveACL
LhSetInclusiveACL
LhUninstallAllHooks
LhUninstallHook
LhUpdateModuleInformation
LhWaitForPendingRemovals
ReleaseTestFuncHookResults
RhCreateAndInject
RhCreateStealthRemoteThread
RhGetProcessToken
RhInjectLibrary
RhInstallDriver
RhInstallSupportDriver
RhIsAdministrator
RhIsX64Process
RhIsX64System
RhWakeUpProcess
RtlCreateSuspendedProcess
RtlGetLastError
RtlGetLastErrorString
RtlGetLastErrorStringCopy
RtlInstallService
TestFuncHooks

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 82KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cef.pak
.js
cef_100_percent.pak
cef_200_percent.pak
d3dcompiler_43.dll
.dll windows:6 windows x86 arch:x86

6ba7b0e4e74a8eea96dca4fffc88b859

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:4f:f1:81:0e:4a:94:25:bf:80:e3:b8:bc:ae:ab:42
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

17/04/2017, 00:00

Not After

17/04/2019, 23:59

Subject

CN=上海硬通网络科技有限公司,OU=IT,O=上海硬通网络科技有限公司,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a0:dc:fd:f1:04:c6:f9:25:f4:de:ed:83:b3:1b:1c:9e:4a:d1:be:fb
Signer

Actual PE Digest

a0:dc:fd:f1:04:c6:f9:25:f4:de:ed:83:b3:1b:1c:9e:4a:d1:be:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D3DCompiler_43.pdb

Imports

msvcrt

??1type_info@@UAE@XZ
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_amsg_exit
_initterm
_XcptFilter
_CxxThrowException
memset
memcpy
isxdigit
atof
setlocale
_strdup
_mbstrlen
modf
isalnum
_isnan
ceil
_finite
strrchr
_clearfp
_controlfp
_strnicmp
_fpclass
_purecall
strncmp
isspace
strstr
getenv
_stricmp
memmove
qsort
isalpha
toupper
atoi
isdigit
tolower
free
malloc
??2@YAPAXI@Z
??3@YAXPAX@Z
strchr
_vsnprintf
_errno
__CxxFrameHandler
floor
_CIfmod
_CItanh
_CItan
_CIsinh
_CIsin
_CIlog
_CIpow
_CIexp
_CIsqrt
_CIcosh
_CIcos
_CIatan2
_CIatan
_CIasin
_CIacos

gdi32

DeleteObject

kernel32

UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
UnmapViewOfFile
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
VirtualFree
GetLastError
SetUnhandledExceptionFilter
WideCharToMultiByte
GetFullPathNameA
HeapCreate
OutputDebugStringA
LoadLibraryA
GetModuleHandleA
lstrcmpiA
TlsFree
TlsGetValue
HeapDestroy
TlsSetValue
InterlockedExchange
TlsAlloc
Sleep
InterlockedCompareExchange
FreeLibrary
GetSystemInfo
GetProcAddress
VirtualAlloc
GetProcessHeap
HeapFree
HeapAlloc
DisableThreadLibraryCalls
MultiByteToWideChar
GetVersion

Exports

Exports

D3DAssemble
D3DCompile
D3DCompressShaders
D3DCreateBlob
D3DDecompressShaders
D3DDisassemble
D3DDisassemble10Effect
D3DGetBlobPart
D3DGetDebugInfo
D3DGetInputAndOutputSignatureBlob
D3DGetInputSignatureBlob
D3DGetOutputSignatureBlob
D3DPreprocess
D3DReflect
D3DReturnFailure1
D3DStripShader
DebugSetMute

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d3dcompiler_47.dll
.dll windows:10 windows x86 arch:x86

323b4a980be6850b6d140bd6363118e2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:4f:f1:81:0e:4a:94:25:bf:80:e3:b8:bc:ae:ab:42
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

17/04/2017, 00:00

Not After

17/04/2019, 23:59

Subject

CN=上海硬通网络科技有限公司,OU=IT,O=上海硬通网络科技有限公司,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

29:f7:54:62:e0:86:50:d7:b3:7d:b3:8f:03:0f:e0:8a:ab:bb:b0:0c
Signer

Actual PE Digest

29:f7:54:62:e0:86:50:d7:b3:7d:b3:8f:03:0f:e0:8a:ab:bb:b0:0c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D3DCompiler_47.pdb

Imports

msvcrt

__dllonexit
_unlock
_lock
??1type_info@@UAE@XZ
_initterm
_amsg_exit
_XcptFilter
_callnewh
_isnan
__isascii
_clearfp
_controlfp
_strdup
_mbstrlen
_purecall
_vsnwprintf
strtoul
isxdigit
atof
strchr
setlocale
strnlen
modf
strrchr
tolower
_finite
_fpclass
memmove
strncmp
strncpy_s
isspace
wcsncmp
wcsncpy_s
_wcsicmp
memcpy
memset
fclose
bsearch
qsort
strcat_s
_onexit
_CxxThrowException
_snwprintf_s
__unDName
fread
fseek
_wfsopen
wcstoul
_fileno
sscanf_s
_filelengthi64
towlower
_wcsnicmp
_wsplitpath_s
wcscpy_s
wcsncat_s
wcsrchr
swprintf_s
_wmakepath_s
time
_wcsdup
_wgetenv
_wfullpath
_chsize_s
_close
_read
_write
_lseeki64
_get_osfhandle
_open_osfhandle
wcscat_s
ftell
_mbscmp
_memicmp
toupper
_atoi64
strtod
_errno
_strtoui64
?terminate@@YAXXZ
_except_handler4_common
strstr
malloc
_strnicmp
atoi
isdigit
isalpha
strcpy_s
memcpy_s
isalnum
getenv
free
_stricmp
sprintf_s
_vsnprintf
_wsopen
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
__CxxFrameHandler3
_ftol2
_ftol2_sse
ceil
floor

advapi32

RegOpenKeyExW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExW

kernel32

MapViewOfFileEx
SetFilePointer
InitializeCriticalSectionAndSpinCount
ExpandEnvironmentStringsW
DeviceIoControl
SetFilePointerEx
SetEndOfFile
GetFileType
DeleteFileW
FlushViewOfFile
SetFileAttributesW
GetFileAttributesW
SetLastError
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
LocalFree
LocalAlloc
LoadLibraryExW
GetProcAddress
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
lstrcmpiA
HeapCreate
GetEnvironmentVariableA
GetModuleFileNameA
LCMapStringW
DisableThreadLibraryCalls
MultiByteToWideChar
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringA
HeapAlloc
GetProcessHeap
HeapFree
FreeLibrary
WriteFile
VirtualFree
VirtualAlloc
GetSystemInfo
CreateFileW
GetLastError
GetFileSizeEx
ReadFile
CloseHandle
Sleep
TlsAlloc
TlsSetValue
HeapDestroy
TlsGetValue
TlsFree
GetFullPathNameW
GetFullPathNameA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
CreateFileA

rpcrt4

UuidCreate

Exports

Exports

D3DAssemble
D3DCompile
D3DCompile2
D3DCompileFromFile
D3DCompressShaders
D3DCreateBlob
D3DCreateFunctionLinkingGraph
D3DCreateLinker
D3DDecompressShaders
D3DDisassemble
D3DDisassemble10Effect
D3DDisassemble11Trace
D3DDisassembleRegion
D3DGetBlobPart
D3DGetDebugInfo
D3DGetInputAndOutputSignatureBlob
D3DGetInputSignatureBlob
D3DGetOutputSignatureBlob
D3DGetTraceInstructionOffsets
D3DLoadModule
D3DPreprocess
D3DReadFileToBlob
D3DReflect
D3DReflectLibrary
D3DReturnFailure1
D3DSetBlobPart
D3DStripShader
D3DWriteBlobToFile
DebugSetMute

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
devtools_resources.pak
gameCore_cef.exe
.exe windows:5 windows x86 arch:x86

0e730887710d59d256191ecb6fb46e51

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\37work\pc_code\gamebox\gamebox\04代码\bin\tabGame_cef.pdb

Imports

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CoInitialize
CoTaskMemRealloc
CoTaskMemFree
CoCreateGuid
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoCreateInstance
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
OleUninitialize
CoUninitialize

oleaut32

SafeArrayUnaccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
VarUI4FromStr
SysAllocStringLen
OleCreateFontIndirect
LoadTypeLi
LoadRegTypeLi
SafeArrayPutElement
SafeArrayCreate
VariantClear
VariantInit
SysFreeString
SysStringLen
SysAllocString
DispCallFunc

advapi32

RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA

libcef

cef_cookie_manager_get_global_manager
cef_string_multimap_free
cef_string_multimap_alloc
cef_request_create
cef_post_data_create
cef_post_data_element_create
cef_process_message_create
cef_v8context_get_current_context
cef_string_list_append
cef_string_map_append
cef_string_multimap_append
cef_string_map_value
cef_string_map_key
cef_string_map_size
cef_string_multimap_value
cef_string_multimap_key
cef_string_multimap_size
cef_string_list_value
cef_string_list_size
cef_v8value_create_bool
cef_v8value_create_int
cef_v8value_create_string
cef_v8value_create_function
cef_string_list_copy
cef_string_map_alloc
cef_string_map_free
cef_string_userfree_utf16_free
cef_browser_host_create_browser
cef_string_list_alloc
cef_command_line_create
cef_register_extension
cef_post_task
cef_parse_csscolor
cef_base64encode
cef_get_mime_type
cef_string_utf16_cmp
cef_get_current_platform_thread_id
cef_time_to_timet
cef_string_list_free
cef_string_ascii_to_utf16
cef_string_utf16_set
cef_string_utf16_to_utf8
cef_string_utf8_clear
cef_string_utf16_clear
cef_string_utf8_to_utf16
cef_initialize
cef_execute_process
cef_currently_on
cef_quit_message_loop
cef_run_message_loop
cef_shutdown
cef_command_line_get_global
cef_api_hash

comctl32

_TrackMouseEvent

shlwapi

PathFileExistsW

kernel32

GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetHandleCount
HeapCreate
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
GetFullPathNameA
GetDriveTypeA
VirtualQuery
GetFileType
GetStartupInfoA
VirtualProtect
DeleteFileA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrlenW
InterlockedIncrement
InterlockedDecrement
IsBadWritePtr
WaitForSingleObject
GetCurrentProcessId
CreateEventW
SetEvent
CloseHandle
lstrcpyA
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleFileNameW
GetLastError
GetCurrentThreadId
RaiseException
SetLastError
GetCurrentProcess
FlushInstructionCache
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpW
MultiByteToWideChar
GetCommandLineW
DeleteFileW
OpenFileMappingW
CreateFileMappingW
GetConsoleCP
UnmapViewOfFile
GetTempPathW
CreateDirectoryW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
WideCharToMultiByte
GetStdHandle
FindClose
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
CreateFileW
WriteProcessMemory
SetUnhandledExceptionFilter
lstrcmpiW
LoadLibraryExW
InterlockedExchange
WriteFile
Sleep
TerminateThread
GetTickCount
ReadFile
GetVersionExW
GetProcessAffinityMask
SetProcessAffinityMask
SetPriorityClass
DeviceIoControl
GetSystemInfo
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
QueryPerformanceFrequency
MoveFileA
GetTimeZoneInformation
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
CreateThread
ExitThread
GetSystemTimeAsFileTime
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetConsoleMode
SetFilePointer
FlushFileBuffers
FindFirstFileW
ExitProcess
GetTimeFormatA
GetDateFormatA
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetCurrentDirectoryA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleHandleA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoW
CreateFileA
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
MapViewOfFile

user32

GetDlgItem
GetClassNameW
GetSysColor
CharNextW
RedrawWindow
GetClassInfoExW
CreateWindowExW
CreateAcceleratorTableW
ClientToScreen
GetParent
ScreenToClient
MoveWindow
SetCapture
ReleaseCapture
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
UnregisterClassA
RegisterWindowMessageW
LoadStringW
TranslateAcceleratorW
GetWindow
LoadAcceleratorsW
MessageBoxW
EnableWindow
SetWindowRgn
IsIconic
SystemParametersInfoW
InflateRect
DrawTextW
OffsetRect
SetCursor
FillRect
InvalidateRgn
InvalidateRect
GetDC
ReleaseDC
GetDesktopWindow
PtInRect
LoadIconW
EndPaint
IsDialogMessageW
IsChild
SendMessageW
SetWindowPos
SetWindowLongW
GetWindowLongW
IsWindow
SetFocus
DestroyWindow
SetTimer
PostMessageW
PostQuitMessage
KillTimer
DefWindowProcW
GetClientRect
DestroyAcceleratorTable
LoadCursorW
PeekMessageW
GetMessageW
TranslateMessage
BeginPaint
RegisterClassExW
CallWindowProcW
SetParent
ShowWindow
UpdateWindow
GetKeyState
GetAncestor
GetFocus
SetForegroundWindow
DispatchMessageW

gdi32

CreateFontW
SetBkColor
CreateRoundRectRgn
RestoreDC
DeleteDC
SetBkMode
SaveDC
SetDIBColorTable
GetDIBColorTable
CreateDIBSection
CreateSolidBrush
CreateCompatibleBitmap
GetStockObject
GetDeviceCaps
GetObjectW
SelectObject
DeleteObject
BitBlt
CreateCompatibleDC
SetTextColor

msimg32

AlphaBlend
TransparentBlt

gdiplus

GdipBitmapUnlockBits
GdiplusShutdown
GdiplusStartup
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipFree
GdipAlloc
GdipGetImageGraphicsContext
GdipDisposeImage

easyhook32

_LhWaitForPendingRemovals@0
_LhUninstallHook@4
_LhInstallHook@16
_LhSetExclusiveACL@12
_LhUninstallAllHooks@0

dbghelp

MiniDumpWriteDump

wininet

HttpQueryInfoW
InternetCrackUrlW
InternetOpenW
InternetConnectW
InternetCloseHandle
InternetReadFile
InternetGetConnectedState
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW

winmm

waveOutSetVolume
waveOutClose
waveOutOpen
waveOutGetVolume

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 991KB - Virtual size: 991KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
icudtl.dat
lander.ini
libEGL.dll
.dll windows:5 windows x86 arch:x86

1f1ea96193635656f86269a5cfe486d0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:4f:f1:81:0e:4a:94:25:bf:80:e3:b8:bc:ae:ab:42
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

17/04/2017, 00:00

Not After

17/04/2019, 23:59

Subject

CN=上海硬通网络科技有限公司,OU=IT,O=上海硬通网络科技有限公司,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7d:e8:b3:37:20:30:b9:cb:72:17:9b:30:65:9d:8c:73:dd:6e:b7:e9
Signer

Actual PE Digest

7d:e8:b3:37:20:30:b9:cb:72:17:9b:30:65:9d:8c:73:dd:6e:b7:e9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Win-2623\download\chromium\src\out\Release\libEGL.dll.pdb

Imports

libglesv2

?ReleaseDeviceANGLE@egl@@YGIPAX@Z
?CreateDeviceANGLE@egl@@YGPAXHPAXPBH@Z
?DestroyImageKHR@egl@@YGIPAX0@Z
?CreateImageKHR@egl@@YGPAXPAX0I0PBH@Z
?QueryDeviceStringEXT@egl@@YGPBDPAXH@Z
?QueryDeviceAttribEXT@egl@@YGIPAXHPAH@Z
?QueryDisplayAttribEXT@egl@@YGIPAXHPAH@Z
?GetPlatformDisplayEXT@egl@@YGPAXIPAXPBH@Z
?PostSubBufferNV@egl@@YGIPAX0HHHH@Z
?QuerySurfacePointerANGLE@egl@@YGIPAX0HPAPAX@Z
?WaitSync@egl@@YGIPAX0H@Z
?CreatePlatformPixmapSurface@egl@@YGPAXPAX00PBH@Z
?CreatePlatformWindowSurface@egl@@YGPAXPAX00PBH@Z
?GetPlatformDisplay@egl@@YGPAXIPAXPBH@Z
?DestroyImage@egl@@YGIPAX0@Z
?CreateImage@egl@@YGPAXPAX0I0PBH@Z
?GetSyncAttrib@egl@@YGIPAX0HPAH@Z
?ClientWaitSync@egl@@YGHPAX0H_K@Z
?DestroySync@egl@@YGIPAX0@Z
?CreateSync@egl@@YGPAXPAXIPBH@Z
?GetCurrentContext@egl@@YGPAXXZ
?WaitClient@egl@@YGIXZ
?ReleaseThread@egl@@YGIXZ
?CreatePbufferFromClientBuffer@egl@@YGPAXPAXI00PBH@Z
?QueryAPI@egl@@YGIXZ
?BindAPI@egl@@YGII@Z
?SwapInterval@egl@@YGIPAXH@Z
?SurfaceAttrib@egl@@YGIPAX0HH@Z
?ReleaseTexImage@egl@@YGIPAX0H@Z
?BindTexImage@egl@@YGIPAX0H@Z
?WaitNative@egl@@YGIH@Z
?WaitGL@egl@@YGIXZ
?Terminate@egl@@YGIPAX@Z
?SwapBuffers@egl@@YGIPAX0@Z
?QuerySurface@egl@@YGIPAX0HPAH@Z
?QueryString@egl@@YGPBDPAXH@Z
?QueryContext@egl@@YGIPAX0HPAH@Z
?MakeCurrent@egl@@YGIPAX000@Z
?Initialize@egl@@YGIPAXPAH1@Z
?GetProcAddress@egl@@YGP6AXXZPBD@Z
?GetError@egl@@YGHXZ
?GetDisplay@egl@@YGPAXPAUHDC__@@@Z
?GetCurrentSurface@egl@@YGPAXH@Z
?GetCurrentDisplay@egl@@YGPAXXZ
?GetConfigs@egl@@YGIPAXPAPAXHPAH@Z
?GetConfigAttrib@egl@@YGIPAX0HPAH@Z
?DestroySurface@egl@@YGIPAX0@Z
?DestroyContext@egl@@YGIPAX0@Z
?CreateWindowSurface@egl@@YGPAXPAX0PAUHWND__@@PBH@Z
?CreatePixmapSurface@egl@@YGPAXPAX0PAUHBITMAP__@@PBH@Z
?CreatePbufferSurface@egl@@YGPAXPAX0PBH@Z
?CreateContext@egl@@YGPAXPAX00PBH@Z
?CopyBuffers@egl@@YGIPAX0PAUHBITMAP__@@@Z
?ChooseConfig@egl@@YGIPAXPBHPAPAXHPAH@Z

kernel32

CreateFileW
CloseHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
LCMapStringW
HeapSize
OutputDebugStringW
GetStringTypeW
HeapReAlloc
HeapAlloc
RtlUnwind
LoadLibraryExW
GetModuleFileNameW
WriteFile
IsProcessorFeaturePresent
IsDebuggerPresent
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
Sleep
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCommandLineA
GetCurrentThreadId
GetLastError
SetLastError
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
HeapFree
QueryPerformanceCounter

Exports

Exports

eglBindAPI
eglBindTexImage
eglChooseConfig
eglClientWaitSync
eglCopyBuffers
eglCreateContext
eglCreateDeviceANGLE
eglCreateImage
eglCreateImageKHR
eglCreatePbufferFromClientBuffer
eglCreatePbufferSurface
eglCreatePixmapSurface
eglCreatePlatformPixmapSurface
eglCreatePlatformWindowSurface
eglCreateSync
eglCreateWindowSurface
eglDestroyContext
eglDestroyImage
eglDestroyImageKHR
eglDestroySurface
eglDestroySync
eglGetConfigAttrib
eglGetConfigs
eglGetCurrentContext
eglGetCurrentDisplay
eglGetCurrentSurface
eglGetDisplay
eglGetError
eglGetPlatformDisplay
eglGetPlatformDisplayEXT
eglGetProcAddress
eglGetSyncAttrib
eglInitialize
eglMakeCurrent
eglPostSubBufferNV
eglQueryAPI
eglQueryContext
eglQueryDeviceAttribEXT
eglQueryDeviceStringEXT
eglQueryDisplayAttribEXT
eglQueryString
eglQuerySurface
eglQuerySurfacePointerANGLE
eglReleaseDeviceANGLE
eglReleaseTexImage
eglReleaseThread
eglSurfaceAttrib
eglSwapBuffers
eglSwapInterval
eglTerminate
eglWaitClient
eglWaitGL
eglWaitNative
eglWaitSync

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libGLESv2.dll
.dll windows:5 windows x86 arch:x86

d965d87567563d5be903d8a8b1ea467c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:4f:f1:81:0e:4a:94:25:bf:80:e3:b8:bc:ae:ab:42
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

17/04/2017, 00:00

Not After

17/04/2019, 23:59

Subject

CN=上海硬通网络科技有限公司,OU=IT,O=上海硬通网络科技有限公司,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:08:18:07:5e:7e:92:e1:ac:4a:6e:e6:a2:1d:af:74:30:d7:7d:8a
Signer

Actual PE Digest

0d:08:18:07:5e:7e:92:e1:ac:4a:6e:e6:a2:1d:af:74:30:d7:7d:8a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Win-2623\download\chromium\src\out\Release\libGLESv2.dll.pdb

Imports

kernel32

LoadLibraryW
GetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
VerSetConditionMask
VerifyVersionInfoW
GetCurrentProcessId
GetTempFileNameA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
Sleep
LoadLibraryA
GetProcAddress
GetModuleHandleW
GetTempPathA
FreeLibrary
SetEndOfFile
CreateFileW
ReadConsoleW
OutputDebugStringW
WriteConsoleW
SetStdHandle
LoadLibraryExW
SetFilePointerEx
ReadFile
FlushFileBuffers
GetModuleFileNameW
GetConsoleMode
GetConsoleCP
WriteFile
CloseHandle
GetOEMCP
GetACP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
GetStringTypeW
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
HeapFree
HeapAlloc
ExitProcess
GetModuleHandleExW
AreFileApisANSI
HeapReAlloc
RaiseException
RtlUnwind
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
GetStartupInfoW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapSize
GetProcessHeap
GetStdHandle
GetFileType
GetModuleFileNameA
GetSystemTimeAsFileTime

gdi32

SwapBuffers
SetPixelFormat
DescribePixelFormat
ChoosePixelFormat
GetPixelFormat

user32

WindowFromDC
DefWindowProcW
RegisterClassA
UnregisterClassA
CreateWindowExA
InvalidateRect
GetWindowThreadProcessId
CreateWindowExW
GetClientRect
IsIconic
LoadCursorA
ReleaseDC
GetDC
DestroyWindow
IsWindow

d3d9

D3DPERF_BeginEvent
D3DPERF_EndEvent
D3DPERF_SetMarker
D3DPERF_GetStatus
Direct3DCreate9

Exports

Exports

?ActiveTexture@gl@@YGXI@Z
?AttachShader@gl@@YGXII@Z
?BeginQuery@gl@@YGXII@Z
?BeginQueryEXT@gl@@YGXII@Z
?BeginTransformFeedback@gl@@YGXI@Z
?BindAPI@egl@@YGII@Z
?BindAttribLocation@gl@@YGXIIPBD@Z
?BindBuffer@gl@@YGXII@Z
?BindBufferBase@gl@@YGXIII@Z
?BindBufferRange@gl@@YGXIIIJJ@Z
?BindFramebuffer@gl@@YGXII@Z
?BindRenderbuffer@gl@@YGXII@Z
?BindSampler@gl@@YGXII@Z
?BindTexImage@egl@@YGIPAX0H@Z
?BindTexture@gl@@YGXII@Z
?BindTransformFeedback@gl@@YGXII@Z
?BindVertexArray@gl@@YGXI@Z
?BindVertexArrayOES@gl@@YGXI@Z
?BlendColor@gl@@YGXMMMM@Z
?BlendEquation@gl@@YGXI@Z
?BlendEquationSeparate@gl@@YGXII@Z
?BlendFunc@gl@@YGXII@Z
?BlendFuncSeparate@gl@@YGXIIII@Z
?BlitFramebuffer@gl@@YGXHHHHHHHHII@Z
?BlitFramebufferANGLE@gl@@YGXHHHHHHHHII@Z
?BufferData@gl@@YGXIJPBXI@Z
?BufferSubData@gl@@YGXIJJPBX@Z
?CheckFramebufferStatus@gl@@YGII@Z
?ChooseConfig@egl@@YGIPAXPBHPAPAXHPAH@Z
?Clear@gl@@YGXI@Z
?ClearBufferfi@gl@@YGXIHMH@Z
?ClearBufferfv@gl@@YGXIHPBM@Z
?ClearBufferiv@gl@@YGXIHPBH@Z
?ClearBufferuiv@gl@@YGXIHPBI@Z
?ClearColor@gl@@YGXMMMM@Z
?ClearDepthf@gl@@YGXM@Z
?ClearStencil@gl@@YGXH@Z
?ClientWaitSync@egl@@YGHPAX0H_K@Z
?ClientWaitSync@gl@@YGIPAU__GLsync@@I_K@Z
?ColorMask@gl@@YGXEEEE@Z
?CompileShader@gl@@YGXI@Z
?CompressedTexImage2D@gl@@YGXIHIHHHHPBX@Z
?CompressedTexImage3D@gl@@YGXIHIHHHHHPBX@Z
?CompressedTexSubImage2D@gl@@YGXIHHHHHIHPBX@Z
?CompressedTexSubImage3D@gl@@YGXIHHHHHHHIHPBX@Z
?CopyBufferSubData@gl@@YGXIIJJJ@Z
?CopyBuffers@egl@@YGIPAX0PAUHBITMAP__@@@Z
?CopyTexImage2D@gl@@YGXIHIHHHHH@Z
?CopyTexSubImage2D@gl@@YGXIHHHHHHH@Z
?CopyTexSubImage3D@gl@@YGXIHHHHHHHH@Z
?CreateContext@egl@@YGPAXPAX00PBH@Z
?CreateDeviceANGLE@egl@@YGPAXHPAXPBH@Z
?CreateImage@egl@@YGPAXPAX0I0PBH@Z
?CreateImageKHR@egl@@YGPAXPAX0I0PBH@Z
?CreatePbufferFromClientBuffer@egl@@YGPAXPAXI00PBH@Z
?CreatePbufferSurface@egl@@YGPAXPAX0PBH@Z
?CreatePixmapSurface@egl@@YGPAXPAX0PAUHBITMAP__@@PBH@Z
?CreatePlatformPixmapSurface@egl@@YGPAXPAX00PBH@Z
?CreatePlatformWindowSurface@egl@@YGPAXPAX00PBH@Z
?CreateProgram@gl@@YGIXZ
?CreateShader@gl@@YGII@Z
?CreateSync@egl@@YGPAXPAXIPBH@Z
?CreateWindowSurface@egl@@YGPAXPAX0PAUHWND__@@PBH@Z
?CullFace@gl@@YGXI@Z
?DebugMessageCallbackKHR@gl@@YGXP6GXIIIIHPBDPBX@Z1@Z
?DebugMessageControlKHR@gl@@YGXIIIHPBIE@Z
?DebugMessageInsertKHR@gl@@YGXIIIIHPBD@Z
?DeleteBuffers@gl@@YGXHPBI@Z
?DeleteFencesNV@gl@@YGXHPBI@Z
?DeleteFramebuffers@gl@@YGXHPBI@Z
?DeleteProgram@gl@@YGXI@Z
?DeleteQueries@gl@@YGXHPBI@Z
?DeleteQueriesEXT@gl@@YGXHPBI@Z
?DeleteRenderbuffers@gl@@YGXHPBI@Z
?DeleteSamplers@gl@@YGXHPBI@Z
?DeleteShader@gl@@YGXI@Z
?DeleteSync@gl@@YGXPAU__GLsync@@@Z
?DeleteTextures@gl@@YGXHPBI@Z
?DeleteTransformFeedbacks@gl@@YGXHPBI@Z
?DeleteVertexArrays@gl@@YGXHPBI@Z
?DeleteVertexArraysOES@gl@@YGXHPBI@Z
?DepthFunc@gl@@YGXI@Z
?DepthMask@gl@@YGXE@Z
?DepthRangef@gl@@YGXMM@Z
?DestroyContext@egl@@YGIPAX0@Z
?DestroyImage@egl@@YGIPAX0@Z
?DestroyImageKHR@egl@@YGIPAX0@Z
?DestroySurface@egl@@YGIPAX0@Z
?DestroySync@egl@@YGIPAX0@Z
?DetachShader@gl@@YGXII@Z
?Disable@gl@@YGXI@Z
?DisableVertexAttribArray@gl@@YGXI@Z
?DiscardFramebufferEXT@gl@@YGXIHPBI@Z
?DrawArrays@gl@@YGXIHH@Z
?DrawArraysInstanced@gl@@YGXIHHH@Z
?DrawArraysInstancedANGLE@gl@@YGXIHHH@Z
?DrawBuffers@gl@@YGXHPBI@Z
?DrawBuffersEXT@gl@@YGXHPBI@Z
?DrawElements@gl@@YGXIHIPBX@Z
?DrawElementsInstanced@gl@@YGXIHIPBXH@Z
?DrawElementsInstancedANGLE@gl@@YGXIHIPBXH@Z
?DrawRangeElements@gl@@YGXIIIHIPBX@Z
?EGLImageTargetRenderbufferStorageOES@gl@@YGXIPAX@Z
?EGLImageTargetTexture2DOES@gl@@YGXIPAX@Z
?Enable@gl@@YGXI@Z
?EnableVertexAttribArray@gl@@YGXI@Z
?EndQuery@gl@@YGXI@Z
?EndQueryEXT@gl@@YGXI@Z
?EndTransformFeedback@gl@@YGXXZ
?FenceSync_@gl@@YGPAU__GLsync@@II@Z
?Finish@gl@@YGXXZ
?FinishFenceNV@gl@@YGXI@Z
?Flush@gl@@YGXXZ
?FlushMappedBufferRange@gl@@YGXIJJ@Z
?FlushMappedBufferRangeEXT@gl@@YGXIJJ@Z
?FramebufferRenderbuffer@gl@@YGXIIII@Z
?FramebufferTexture2D@gl@@YGXIIIIH@Z
?FramebufferTextureLayer@gl@@YGXIIIHH@Z
?FrontFace@gl@@YGXI@Z
?GenBuffers@gl@@YGXHPAI@Z
?GenFencesNV@gl@@YGXHPAI@Z
?GenFramebuffers@gl@@YGXHPAI@Z
?GenQueries@gl@@YGXHPAI@Z
?GenQueriesEXT@gl@@YGXHPAI@Z
?GenRenderbuffers@gl@@YGXHPAI@Z
?GenSamplers@gl@@YGXHPAI@Z
?GenTextures@gl@@YGXHPAI@Z
?GenTransformFeedbacks@gl@@YGXHPAI@Z
?GenVertexArrays@gl@@YGXHPAI@Z
?GenVertexArraysOES@gl@@YGXHPAI@Z
?GenerateMipmap@gl@@YGXI@Z
?GetActiveAttrib@gl@@YGXIIHPAH0PAIPAD@Z
?GetActiveUniform@gl@@YGXIIHPAH0PAIPAD@Z
?GetActiveUniformBlockName@gl@@YGXIIHPAHPAD@Z
?GetActiveUniformBlockiv@gl@@YGXIIIPAH@Z
?GetActiveUniformsiv@gl@@YGXIHPBIIPAH@Z
?GetAttachedShaders@gl@@YGXIHPAHPAI@Z
?GetAttribLocation@gl@@YGHIPBD@Z
?GetBooleanv@gl@@YGXIPAE@Z
?GetBufferParameteri64v@gl@@YGXIIPA_J@Z
?GetBufferParameteriv@gl@@YGXIIPAH@Z
?GetBufferPointerv@gl@@YGXIIPAPAX@Z
?GetBufferPointervOES@gl@@YGXIIPAPAX@Z
?GetConfigAttrib@egl@@YGIPAX0HPAH@Z
?GetConfigs@egl@@YGIPAXPAPAXHPAH@Z
?GetCurrentContext@egl@@YGPAXXZ
?GetCurrentDisplay@egl@@YGPAXXZ
?GetCurrentSurface@egl@@YGPAXH@Z
?GetDebugMessageLogKHR@gl@@YGIIHPAI000PAHPAD@Z
?GetDisplay@egl@@YGPAXPAUHDC__@@@Z
?GetError@egl@@YGHXZ
?GetError@gl@@YGIXZ
?GetFenceivNV@gl@@YGXIIPAH@Z
?GetFloatv@gl@@YGXIPAM@Z
?GetFragDataLocation@gl@@YGHIPBD@Z
?GetFramebufferAttachmentParameteriv@gl@@YGXIIIPAH@Z
?GetGraphicsResetStatusEXT@gl@@YGIXZ
?GetInteger64i_v@gl@@YGXIIPA_J@Z
?GetInteger64v@gl@@YGXIPA_J@Z
?GetIntegeri_v@gl@@YGXIIPAH@Z
?GetIntegerv@gl@@YGXIPAH@Z
?GetInternalformativ@gl@@YGXIIIHPAH@Z
?GetObjectLabelKHR@gl@@YGXIIHPAHPAD@Z
?GetObjectPtrLabelKHR@gl@@YGXPBXHPAHPAD@Z
?GetPlatformDisplay@egl@@YGPAXIPAXPBH@Z
?GetPlatformDisplayEXT@egl@@YGPAXIPAXPBH@Z
?GetPointervKHR@gl@@YGXIPAPAX@Z
?GetProcAddress@egl@@YGP6AXXZPBD@Z
?GetProgramBinary@gl@@YGXIHPAHPAIPAX@Z
?GetProgramBinaryOES@gl@@YGXIHPAHPAIPAX@Z
?GetProgramInfoLog@gl@@YGXIHPAHPAD@Z
?GetProgramiv@gl@@YGXIIPAH@Z
?GetQueryObjectuiv@gl@@YGXIIPAI@Z
?GetQueryObjectuivEXT@gl@@YGXIIPAI@Z
?GetQueryiv@gl@@YGXIIPAH@Z
?GetQueryivEXT@gl@@YGXIIPAH@Z
?GetRenderbufferParameteriv@gl@@YGXIIPAH@Z
?GetSamplerParameterfv@gl@@YGXIIPAM@Z
?GetSamplerParameteriv@gl@@YGXIIPAH@Z
?GetShaderInfoLog@gl@@YGXIHPAHPAD@Z
?GetShaderPrecisionFormat@gl@@YGXIIPAH0@Z
?GetShaderSource@gl@@YGXIHPAHPAD@Z
?GetShaderiv@gl@@YGXIIPAH@Z
?GetString@gl@@YGPBEI@Z
?GetStringi@gl@@YGPBEII@Z
?GetSyncAttrib@egl@@YGIPAX0HPAH@Z
?GetSynciv@gl@@YGXPAU__GLsync@@IHPAH1@Z
?GetTexParameterfv@gl@@YGXIIPAM@Z
?GetTexParameteriv@gl@@YGXIIPAH@Z
?GetTransformFeedbackVarying@gl@@YGXIIHPAH0PAIPAD@Z
?GetTranslatedShaderSourceANGLE@gl@@YGXIHPAHPAD@Z
?GetUniformBlockIndex@gl@@YGIIPBD@Z
?GetUniformIndices@gl@@YGXIHPBQBDPAI@Z
?GetUniformLocation@gl@@YGHIPBD@Z
?GetUniformfv@gl@@YGXIHPAM@Z
?GetUniformiv@gl@@YGXIHPAH@Z
?GetUniformuiv@gl@@YGXIHPAI@Z
?GetVertexAttribIiv@gl@@YGXIIPAH@Z
?GetVertexAttribIuiv@gl@@YGXIIPAI@Z
?GetVertexAttribPointerv@gl@@YGXIIPAPAX@Z
?GetVertexAttribfv@gl@@YGXIIPAM@Z
?GetVertexAttribiv@gl@@YGXIIPAH@Z
?GetnUniformfvEXT@gl@@YGXIHHPAM@Z
?GetnUniformivEXT@gl@@YGXIHHPAH@Z
?Hint@gl@@YGXII@Z
?Initialize@egl@@YGIPAXPAH1@Z
?InsertEventMarkerEXT@gl@@YGXHPBD@Z
?InvalidateFramebuffer@gl@@YGXIHPBI@Z
?InvalidateSubFramebuffer@gl@@YGXIHPBIHHHH@Z
?IsBuffer@gl@@YGEI@Z
?IsEnabled@gl@@YGEI@Z
?IsFenceNV@gl@@YGEI@Z
?IsFramebuffer@gl@@YGEI@Z
?IsProgram@gl@@YGEI@Z
?IsQuery@gl@@YGEI@Z
?IsQueryEXT@gl@@YGEI@Z
?IsRenderbuffer@gl@@YGEI@Z
?IsSampler@gl@@YGEI@Z
?IsShader@gl@@YGEI@Z
?IsSync@gl@@YGEPAU__GLsync@@@Z
?IsTexture@gl@@YGEI@Z
?IsTransformFeedback@gl@@YGEI@Z
?IsVertexArray@gl@@YGEI@Z
?IsVertexArrayOES@gl@@YGEI@Z
?LineWidth@gl@@YGXM@Z
?LinkProgram@gl@@YGXI@Z
?MakeCurrent@egl@@YGIPAX000@Z
?MapBufferOES@gl@@YGPAXII@Z
?MapBufferRange@gl@@YGPAXIJJI@Z
?MapBufferRangeEXT@gl@@YGPAXIJJI@Z
?ObjectLabelKHR@gl@@YGXIIHPBD@Z
?ObjectPtrLabelKHR@gl@@YGXPBXHPBD@Z
?PauseTransformFeedback@gl@@YGXXZ
?PixelStorei@gl@@YGXIH@Z
?PolygonOffset@gl@@YGXMM@Z
?PopDebugGroupKHR@gl@@YGXXZ
?PopGroupMarkerEXT@gl@@YGXXZ
?PostSubBufferNV@egl@@YGIPAX0HHHH@Z
?ProgramBinary@gl@@YGXIIPBXH@Z
?ProgramBinaryOES@gl@@YGXIIPBXH@Z
?ProgramParameteri@gl@@YGXIIH@Z
?PushDebugGroupKHR@gl@@YGXIIHPBD@Z
?PushGroupMarkerEXT@gl@@YGXHPBD@Z
?QueryAPI@egl@@YGIXZ
?QueryContext@egl@@YGIPAX0HPAH@Z
?QueryDeviceAttribEXT@egl@@YGIPAXHPAH@Z
?QueryDeviceStringEXT@egl@@YGPBDPAXH@Z
?QueryDisplayAttribEXT@egl@@YGIPAXHPAH@Z
?QueryString@egl@@YGPBDPAXH@Z
?QuerySurface@egl@@YGIPAX0HPAH@Z
?QuerySurfacePointerANGLE@egl@@YGIPAX0HPAPAX@Z
?ReadBuffer@gl@@YGXI@Z
?ReadPixels@gl@@YGXHHHHIIPAX@Z
?ReadnPixelsEXT@gl@@YGXHHHHIIHPAX@Z
?ReleaseDeviceANGLE@egl@@YGIPAX@Z
?ReleaseShaderCompiler@gl@@YGXXZ
?ReleaseTexImage@egl@@YGIPAX0H@Z
?ReleaseThread@egl@@YGIXZ
?RenderbufferStorage@gl@@YGXIIHH@Z
?RenderbufferStorageMultisample@gl@@YGXIHIHH@Z
?RenderbufferStorageMultisampleANGLE@gl@@YGXIHIHH@Z
?ResumeTransformFeedback@gl@@YGXXZ
?SampleCoverage@gl@@YGXME@Z
?SamplerParameterf@gl@@YGXIIM@Z
?SamplerParameterfv@gl@@YGXIIPBM@Z
?SamplerParameteri@gl@@YGXIIH@Z
?SamplerParameteriv@gl@@YGXIIPBH@Z
?Scissor@gl@@YGXHHHH@Z
?SetFenceNV@gl@@YGXII@Z
?ShaderBinary@gl@@YGXHPBIIPBXH@Z
?ShaderSource@gl@@YGXIHPBQBDPBH@Z
?StencilFunc@gl@@YGXIHI@Z
?StencilFuncSeparate@gl@@YGXIIHI@Z
?StencilMask@gl@@YGXI@Z
?StencilMaskSeparate@gl@@YGXII@Z
?StencilOp@gl@@YGXIII@Z
?StencilOpSeparate@gl@@YGXIIII@Z
?SurfaceAttrib@egl@@YGIPAX0HH@Z
?SwapBuffers@egl@@YGIPAX0@Z
?SwapInterval@egl@@YGIPAXH@Z
?Terminate@egl@@YGIPAX@Z
?TestFenceNV@gl@@YGEI@Z
?TexImage2D@gl@@YGXIHHHHHIIPBX@Z
?TexImage3D@gl@@YGXIHHHHHHIIPBX@Z
?TexParameterf@gl@@YGXIIM@Z
?TexParameterfv@gl@@YGXIIPBM@Z
?TexParameteri@gl@@YGXIIH@Z
?TexParameteriv@gl@@YGXIIPBH@Z
?TexStorage2D@gl@@YGXIHIHH@Z
?TexStorage2DEXT@gl@@YGXIHIHH@Z
?TexStorage3D@gl@@YGXIHIHHH@Z
?TexSubImage2D@gl@@YGXIHHHHHIIPBX@Z
?TexSubImage3D@gl@@YGXIHHHHHHHIIPBX@Z
?TransformFeedbackVaryings@gl@@YGXIHPBQBDI@Z
?Uniform1f@gl@@YGXHM@Z
?Uniform1fv@gl@@YGXHHPBM@Z
?Uniform1i@gl@@YGXHH@Z
?Uniform1iv@gl@@YGXHHPBH@Z
?Uniform1ui@gl@@YGXHI@Z
?Uniform1uiv@gl@@YGXHHPBI@Z
?Uniform2f@gl@@YGXHMM@Z
?Uniform2fv@gl@@YGXHHPBM@Z
?Uniform2i@gl@@YGXHHH@Z
?Uniform2iv@gl@@YGXHHPBH@Z
?Uniform2ui@gl@@YGXHII@Z
?Uniform2uiv@gl@@YGXHHPBI@Z
?Uniform3f@gl@@YGXHMMM@Z
?Uniform3fv@gl@@YGXHHPBM@Z
?Uniform3i@gl@@YGXHHHH@Z
?Uniform3iv@gl@@YGXHHPBH@Z
?Uniform3ui@gl@@YGXHIII@Z
?Uniform3uiv@gl@@YGXHHPBI@Z
?Uniform4f@gl@@YGXHMMMM@Z
?Uniform4fv@gl@@YGXHHPBM@Z
?Uniform4i@gl@@YGXHHHHH@Z
?Uniform4iv@gl@@YGXHHPBH@Z
?Uniform4ui@gl@@YGXHIIII@Z
?Uniform4uiv@gl@@YGXHHPBI@Z
?UniformBlockBinding@gl@@YGXIII@Z
?UniformMatrix2fv@gl@@YGXHHEPBM@Z
?UniformMatrix2x3fv@gl@@YGXHHEPBM@Z
?UniformMatrix2x4fv@gl@@YGXHHEPBM@Z
?UniformMatrix3fv@gl@@YGXHHEPBM@Z
?UniformMatrix3x2fv@gl@@YGXHHEPBM@Z
?UniformMatrix3x4fv@gl@@YGXHHEPBM@Z
?UniformMatrix4fv@gl@@YGXHHEPBM@Z
?UniformMatrix4x2fv@gl@@YGXHHEPBM@Z
?UniformMatrix4x3fv@gl@@YGXHHEPBM@Z
?UnmapBuffer@gl@@YGEI@Z
?UnmapBufferOES@gl@@YGEI@Z
?UseProgram@gl@@YGXI@Z
?ValidateProgram@gl@@YGXI@Z
?VertexAttrib1f@gl@@YGXIM@Z
?VertexAttrib1fv@gl@@YGXIPBM@Z
?VertexAttrib2f@gl@@YGXIMM@Z
?VertexAttrib2fv@gl@@YGXIPBM@Z
?VertexAttrib3f@gl@@YGXIMMM@Z
?VertexAttrib3fv@gl@@YGXIPBM@Z
?VertexAttrib4f@gl@@YGXIMMMM@Z
?VertexAttrib4fv@gl@@YGXIPBM@Z
?VertexAttribDivisor@gl@@YGXII@Z
?VertexAttribDivisorANGLE@gl@@YGXII@Z
?VertexAttribI4i@gl@@YGXIHHHH@Z
?VertexAttribI4iv@gl@@YGXIPBH@Z
?VertexAttribI4ui@gl@@YGXIIIII@Z
?VertexAttribI4uiv@gl@@YGXIPBI@Z
?VertexAttribIPointer@gl@@YGXIHIHPBX@Z
?VertexAttribPointer@gl@@YGXIHIEHPBX@Z
?Viewport@gl@@YGXHHHH@Z
?WaitClient@egl@@YGIXZ
?WaitGL@egl@@YGIXZ
?WaitNative@egl@@YGIH@Z
?WaitSync@egl@@YGIPAX0H@Z
?WaitSync@gl@@YGXPAU__GLsync@@I_K@Z
ANGLEPlatformCurrent
ANGLEPlatformInitialize
ANGLEPlatformShutdown
glActiveTexture
glAttachShader
glBeginQuery
glBeginQueryEXT
glBeginTransformFeedback
glBindAttribLocation
glBindBuffer
glBindBufferBase
glBindBufferRange
glBindFramebuffer
glBindRenderbuffer
glBindSampler
glBindTexture
glBindTransformFeedback
glBindVertexArray
glBindVertexArrayOES
glBlendColor
glBlendEquation
glBlendEquationSeparate
glBlendFunc
glBlendFuncSeparate
glBlitFramebuffer
glBlitFramebufferANGLE
glBufferData
glBufferSubData
glCheckFramebufferStatus
glClear
glClearBufferfi
glClearBufferfv
glClearBufferiv
glClearBufferuiv
glClearColor
glClearDepthf
glClearStencil
glClientWaitSync
glColorMask
glCompileShader
glCompressedTexImage2D
glCompressedTexImage3D
glCompressedTexSubImage2D
glCompressedTexSubImage3D
glCopyBufferSubData
glCopyTexImage2D
glCopyTexSubImage2D
glCopyTexSubImage3D
glCreateProgram
glCreateShader
glCullFace
glDebugMessageCallbackKHR
glDebugMessageControlKHR
glDebugMessageInsertKHR
glDeleteBuffers
glDeleteFencesNV
glDeleteFramebuffers
glDeleteProgram
glDeleteQueries
glDeleteQueriesEXT
glDeleteRenderbuffers
glDeleteSamplers
glDeleteShader
glDeleteSync
glDeleteTextures
glDeleteTransformFeedbacks
glDeleteVertexArrays
glDeleteVertexArraysOES
glDepthFunc
glDepthMask
glDepthRangef
glDetachShader
glDisable
glDisableVertexAttribArray
glDiscardFramebufferEXT
glDrawArrays
glDrawArraysInstanced
glDrawArraysInstancedANGLE
glDrawBuffers
glDrawBuffersEXT
glDrawElements
glDrawElementsInstanced
glDrawElementsInstancedANGLE
glDrawRangeElements
glEGLImageTargetRenderbufferStorageOES
glEGLImageTargetTexture2DOES
glEnable
glEnableVertexAttribArray
glEndQuery
glEndQueryEXT
glEndTransformFeedback
glFenceSync
glFinish
glFinishFenceNV
glFlush
glFlushMappedBufferRange
glFlushMappedBufferRangeEXT
glFramebufferRenderbuffer
glFramebufferTexture2D
glFramebufferTextureLayer
glFrontFace
glGenBuffers
glGenFencesNV
glGenFramebuffers
glGenQueries
glGenQueriesEXT
glGenRenderbuffers
glGenSamplers
glGenTextures
glGenTransformFeedbacks
glGenVertexArrays
glGenVertexArraysOES
glGenerateMipmap
glGetActiveAttrib
glGetActiveUniform
glGetActiveUniformBlockName
glGetActiveUniformBlockiv
glGetActiveUniformsiv
glGetAttachedShaders
glGetAttribLocation
glGetBooleanv
glGetBufferParameteri64v
glGetBufferParameteriv
glGetBufferPointerv
glGetBufferPointervOES
glGetDebugMessageLogKHR
glGetError
glGetFenceivNV
glGetFloatv
glGetFragDataLocation
glGetFramebufferAttachmentParameteriv
glGetGraphicsResetStatusEXT
glGetInteger64i_v
glGetInteger64v
glGetIntegeri_v
glGetIntegerv
glGetInternalformativ
glGetObjectLabelKHR
glGetObjectPtrLabelKHR
glGetPointervKHR
glGetProgramBinary
glGetProgramBinaryOES
glGetProgramInfoLog
glGetProgramiv
glGetQueryObjectuiv
glGetQueryObjectuivEXT

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 338KB - Virtual size: 338KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libcef.dll
.dll windows:5 windows x86 arch:x86

9d117b5efe02256e602fa880c1a29d0c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:4f:f1:81:0e:4a:94:25:bf:80:e3:b8:bc:ae:ab:42
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

17/04/2017, 00:00

Not After

17/04/2019, 23:59

Subject

CN=上海硬通网络科技有限公司,OU=IT,O=上海硬通网络科技有限公司,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

81:b7:26:49:63:7c:ff:a9:e4:31:61:4a:fa:69:57:4c:b0:c2:e6:6d
Signer

Actual PE Digest

81:b7:26:49:63:7c:ff:a9:e4:31:61:4a:fa:69:57:4c:b0:c2:e6:6d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Win-2623\download\chromium\src\out\Release\libcef.dll.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

usp10

ScriptStringFree
ScriptFreeCache
ScriptShape
ScriptStringOut
ScriptItemize
ScriptStringAnalyse

psapi

EnumProcessModules
QueryWorkingSet
GetProcessMemoryInfo

shlwapi

PathFindExtensionW
PathRemoveExtensionW
PathFindFileNameW
PathGetCharTypeW

advapi32

CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptGetHashParam
CryptSetHashParam
CryptDestroyKey
CryptGenKey
StartTraceW
ControlTraceW
ConvertStringSidToSidW
GetAce
GetKernelObjectSecurity
GetLengthSid
GetSecurityDescriptorSacl
SetKernelObjectSecurity
SetTokenInformation
CreateProcessAsUserW
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
RegCreateKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumValueW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegEnumKeyExW
RegCloseKey
RegSetValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
InitializeAcl
SystemFunction036
RegOpenKeyExA
RegQueryValueExA
ImpersonateAnonymousToken
RevertToSelf
CryptAcquireContextW
OpenTraceW
ProcessTrace
CloseTrace
CryptReleaseContext
CryptGenRandom
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDisablePredefinedCache
SetThreadToken
GetSecurityInfo
CopySid
CreateWellKnownSid
CreateRestrictedToken
DuplicateToken
DuplicateTokenEx
EqualSid
LookupPrivilegeValueW
SetEntriesInAclW

gdi32

GetEnhMetaFileBits
GetEnhMetaFileHeader
PlayEnhMetaFile
PlayEnhMetaFileRecord
SetEnhMetaFileBits
CancelDC
CreateDCW
StartDocW
EndDoc
SetAbortProc
RestoreDC
SaveDC
StartPage
EndPage
GetRgnBox
GetDIBits
IntersectClipRect
EnumFontFamiliesExA
CreateFontIndirectA
GetCharWidthW
GetOutlineTextMetricsW
CreateFontA
CreatePen
GetClipBox
GetClipRgn
GetObjectType
LineTo
CloseFigure
FillPath
SelectClipPath
SetMiterLimit
StrokeAndFillPath
StrokePath
WidenPath
MoveToEx
PolyBezierTo
GetTextFaceA
GetRegionData
EqualRgn
ExtEscape
EnumFontFamiliesExW
GetFontData
CreateRectRgn
ExtTextOutW
GetWorldTransform
StretchBlt
CreateBitmap
EnumEnhMetaFile
DeleteEnhMetaFile
CreateEnhMetaFileW
CloseEnhMetaFile
GetTextMetricsW
SetMapMode
GetTextExtentPoint32W
GetStockObject
ModifyWorldTransform
StretchDIBits
SetRectRgn
GetDeviceCaps
CombineRgn
GetTextFaceW
CreateFontW
CreateFontIndirectW
SetDIBitsToDevice
CreateCompatibleBitmap
SetBrushOrgEx
SetArcDirection
SetStretchBltMode
SetROP2
SetGraphicsMode
SetBkMode
SetDCPenColor
SetDCBrushColor
PolyBezier
CreateCompatibleDC
GetCurrentObject
GetObjectW
CreateSolidBrush
DeleteObject
GetBkColor
SelectObject
SetBkColor
PathToRegion
EndPath
SetTextColor
BitBlt
DeleteDC
GdiAlphaBlend
CreateDIBSection
GetGlyphIndicesW
SetTextAlign
GetGlyphOutlineW
AddFontMemResourceEx
GetCharABCWidthsW
GetFontUnicodeRanges
GetTextExtentPointI
BeginPath
AbortPath
SetWorldTransform
SetPolyFillMode
SelectClipRgn
RemoveFontMemResourceEx
ChoosePixelFormat
SetPixelFormat
SwapBuffers
SetDIBits
GetICMProfileW
CreateRectRgnIndirect
ExtCreatePen
GdiFlush

kernel32

OpenFileMappingW
SetEndOfFile
SetFilePointerEx
UnlockFile
LockFile
SetFileTime
FlushFileBuffers
GetFileSizeEx
GetFileInformationByHandle
Process32FirstW
GetProcessId
Process32NextW
CreateToolhelp32Snapshot
FreeLibrary
LoadLibraryW
lstrcmpiA
VirtualProtect
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
GlobalMemoryStatusEx
GetDiskFreeSpaceExW
QueueUserWorkItem
GetUserDefaultLangID
GetSystemDirectoryW
GetWindowsDirectoryW
RegisterWaitForSingleObject
UnregisterWaitEx
GetModuleHandleExA
GetProcessHeaps
HeapUnlock
GetEnvironmentVariableW
HeapWalk
SetEnvironmentVariableW
VirtualQueryEx
GetSystemInfo
SwitchToThread
InitializeCriticalSection
ReleaseSemaphore
ReleaseMutex
CreateMutexW
CreateSemaphoreW
GetTimeZoneInformation
VirtualAlloc
VirtualFree
GetSystemTime
IsWow64Process
GetLocaleInfoW
GetLocaleInfoA
GetNumberFormatW
GetCurrencyFormatW
GetDateFormatW
GetVolumeInformationW
LoadLibraryA
GetThreadLocale
GetGeoInfoW
GetUserGeoID
CreateFileA
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
GetPrivateProfileStringW
FormatMessageW
CancelIo
LoadLibraryExW
GetComputerNameExW
SetFilePointer
lstrcmpiW
MultiByteToWideChar
GetModuleFileNameA
ConnectNamedPipe
CreateNamedPipeW
WaitNamedPipeW
GetNamedPipeInfo
GetFileSize
WideCharToMultiByte
GetTempFileNameA
GetFileType
GetThreadTimes
GetTempPathA
DeleteFileA
CreateSemaphoreA
GetOverlappedResult
OpenThread
SuspendThread
GetThreadContext
GetLocalTime
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
DecodePointer
SetUnhandledExceptionFilter
CreateRemoteThread
VirtualAllocEx
VirtualFreeEx
RtlCaptureContext
SetNamedPipeHandleState
TransactNamedPipe
LoadResource
SizeofResource
FindResourceW
FlushInstructionCache
SetThreadExecutionState
DefineDosDeviceW
DeviceIoControl
GetUserDefaultLCID
EnumSystemLocalesW
GetDriveTypeW
ClearCommBreak
ClearCommError
EscapeCommFunction
GetCommModemStatus
GetCommState
PurgeComm
SetCommBreak
SetCommMask
SetCommState
SetCommTimeouts
WaitCommEvent
GetACP
FindFirstFileExA
RtlUnwind
GetWindowsDirectoryA
GetSystemDirectoryA
GlobalDeleteAtom
GlobalAddAtomW
SetConsoleCtrlHandler
GetFullPathNameW
AreFileApisANSI
ExitProcess
VerifyVersionInfoW
VerSetConditionMask
VirtualQuery
GetFileAttributesExW
QueryDosDeviceW
RemoveDirectoryW
SetCurrentDirectoryW
CreateFileMappingW
MoveFileW
GetLongPathNameW
GetCurrentDirectoryW
GetTempPathW
ReplaceFileW
GetFileAttributesW
CopyFileW
GetVolumePathNameW
CreateDirectoryW
MoveFileExW
UnmapViewOfFile
SetStdHandle
GetConsoleMode
GetConsoleCP
MapViewOfFile
GetTempFileNameW
ResumeThread
GetCommandLineA
IsProcessorFeaturePresent
EncodePointer
LoadLibraryExA
AttachConsole
GetStdHandle
ReadFile
AssignProcessToJobObject
SetHandleInformation
CreateProcessW
AllocConsole
SetInformationJobObject
TerminateProcess
GetExitCodeProcess
OpenProcess
GetPriorityClass
SetPriorityClass
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
GetVersionExW
GetNativeSystemInfo
QueryPerformanceFrequency
FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime
SearchPathW
GetSystemTimeAsFileTime
QueryPerformanceCounter
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
WaitForMultipleObjects
CreateEventW
DebugBreak
ReadProcessMemory
SignalObjectAndWait
GetProcessHandleCount
CreateJobObjectW
TerminateJobObject
WriteProcessMemory
VirtualProtectEx
ProcessIdToSessionId
QueueUserAPC
CreateWaitableTimerW
SleepEx
QueryInformationJobObject
IsProcessInJob
HeapCompact
WaitForSingleObjectEx
UnlockFileEx
HeapDestroy
GetFileAttributesA
HeapCreate
HeapValidate
LockFileEx
GetDiskFreeSpaceW
CreateFileMappingA
GetDiskFreeSpaceA
CreateEventA
GetProcessAffinityMask
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetEnvironmentVariableA
GetSystemPowerStatus
FindCloseChangeNotification
FindFirstChangeNotificationW
RtlCaptureStackBackTrace
LockResource
GetUserDefaultUILanguage
SetEnvironmentVariableA
GetFullPathNameA
OutputDebugStringW
HeapQueryInformation
ResetEvent
SetEvent
CreateThread
DuplicateHandle
ExitThread
FileTimeToLocalFileTime
PeekNamedPipe
IsDebuggerPresent
GetThreadPriority
RaiseException
SetThreadPriority
Sleep
GetCurrentThread
WaitForSingleObject
GetCurrentProcess
TlsFree
TlsAlloc
TlsSetValue
TlsGetValue
LocalFree
GetCurrentProcessId
DeleteFileW
CloseHandle
OutputDebugStringA
SetLastError
GetLastError
CreateFileW
WriteFile
FormatMessageA
GetTickCount
HeapSetInformation
GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc
GetCurrentThreadId
GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameW
SetErrorMode
GetProcAddress
GetModuleHandleA
FindNextFileW
FindClose
FindFirstFileExW
FindFirstFileW
ExpandEnvironmentStringsW
SetFileAttributesW
lstrlenW
GetCommandLineW
GetTimeFormatW
HeapSize
UnhandledExceptionFilter
GetStartupInfoW
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadConsoleW
IsValidCodePage
GetOEMCP
GetCPInfo
GetStringTypeW
WriteConsoleW
IsValidLocale
CompareStringW
HeapLock
FindNextFileA
LCMapStringW

winspool.drv

DeviceCapabilitiesW
GetPrinterDriverW
EnumPrintersW
OpenPrinterW
ClosePrinter
ord203
DocumentPropertiesW
GetPrinterW

comdlg32

GetSaveFileNameW
PrintDlgExW
GetOpenFileNameW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
ReleaseStgMedium
CoCreateGuid
StringFromGUID2
PropVariantClear
CLSIDFromString
CoTaskMemFree
OleInitialize
CoInitialize
CoUninitialize
CreateStreamOnHGlobal
GetHGlobalFromStream
RevokeDragDrop
DoDragDrop
RegisterDragDrop
OleDuplicateData
OleUninitialize
CoInitializeEx

oleaut32

VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysAllocString
SysFreeString
VariantInit
VariantClear

winhttp

WinHttpSetTimeouts
WinHttpCloseHandle
WinHttpOpen
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
GetProfileType

urlmon

CoInternetCreateSecurityManager

dhcpcsvc

DhcpCApiInitialize
DhcpRequestParams

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

comctl32

InitCommonControlsEx

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

winmm

midiInUnprepareHeader
midiInPrepareHeader
midiInClose
midiInOpen
midiInGetDevCapsW
midiInGetNumDevs
midiOutGetID
midiOutReset
midiOutLongMsg
midiOutShortMsg
midiOutUnprepareHeader
midiOutPrepareHeader
midiOutClose
midiOutOpen
midiOutGetDevCapsW
midiOutGetNumDevs
waveOutReset
waveOutRestart
midiInAddBuffer
waveOutWrite
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutClose
waveOutOpen
waveInReset
waveInStart
waveInAddBuffer
waveInUnprepareHeader
waveInPrepareHeader
waveInClose
waveInOpen
timeBeginPeriod
timeGetTime
timeEndPeriod
timeKillEvent
waveOutGetDevCapsW
waveInMessage
waveInGetNumDevs
waveOutGetNumDevs
midiInStart
midiInReset
midiInGetID
timeSetEvent
waveOutPause
waveInGetDevCapsW

ws2_32

WSASocketW
ntohs
WSAWaitForMultipleEvents
WSASetEvent
send
WSCEnumProtocols
ioctlsocket
gethostname
accept
bind
closesocket
connect
getsockname
listen
recv
setsockopt
shutdown
WSAGetLastError
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetOverlappedResult
WSAIoctl
WSAResetEvent
WSASend
WSAStartup
WSALookupServiceBeginW
WSALookupServiceNextW
WSALookupServiceEnd
getaddrinfo
freeaddrinfo
socket
getpeername
getsockopt
htonl
recvfrom
sendto
WSARecvFrom
WSASendTo
htons
ntohl
WSASetServiceW

secur32

InitializeSecurityContextA
CompleteAuthToken
QuerySecurityPackageInfoW
FreeContextBuffer
AcquireCredentialsHandleW
DeleteSecurityContext
InitializeSecurityContextW
FreeCredentialsHandle
AcquireCredentialsHandleA

crypt32

CryptSignAndEncodeCertificate
CryptExportPublicKeyInfoEx
CryptAcquireCertificatePrivateKey
CryptDecodeObjectEx
CryptFindOIDInfo
CertOpenStore
CertCloseStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertAddEncodedCertificateToStore
CertAddCertificateContextToStore
CertAddSerializedElementToStore
CertCompareCertificateName
CertGetPublicKeyLength
CryptHashCertificate
CertFindExtension
CertSetCertificateContextProperty
CertGetCertificateContextProperty
CertVerifyTimeValidity
CertGetIntendedKeyUsage
CertOpenSystemStoreW
CertFindChainInStore
CertRDNValueToStrW
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertCreateCertificateChainEngine
CryptEncodeObjectEx

iphlpapi

IpReleaseAddress
GetInterfaceInfo
CancelIPChangeNotify
NotifyAddrChange
GetAdaptersAddresses
IpRenewAddress

imm32

ImmGetConversionStatus
ImmGetCompositionStringW
ImmSetOpenStatus
ImmAssociateContextEx
ImmReleaseContext
ImmGetContext
ImmDisableTextFrameService
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmSetConversionStatus

rpcrt4

UuidToStringW
UuidCreateSequential
RpcStringFreeW

Exports

Exports

ClearBreakpadPipeEnvironmentVariable
ClearCrashKeyValueImpl
CrashForException
DumpProcess
DumpProcessWithoutCrash
GetHandleVerifier
InjectDumpForHangDebugging
InjectDumpProcessWithoutCrash
IsSandboxedProcess
SetCrashKeyValueImpl
TerminateProcessWithoutDump
cef_add_cross_origin_whitelist_entry
cef_add_web_plugin_directory
cef_add_web_plugin_path
cef_api_hash
cef_base64decode
cef_base64encode
cef_begin_tracing
cef_binary_value_create
cef_browser_host_create_browser
cef_browser_host_create_browser_sync
cef_clear_cross_origin_whitelist
cef_clear_scheme_handler_factories
cef_command_line_create
cef_command_line_get_global
cef_cookie_manager_create_manager
cef_cookie_manager_get_global_manager
cef_create_url
cef_currently_on
cef_dictionary_value_create
cef_do_message_loop_work
cef_drag_data_create
cef_enable_highdpi_support
cef_end_tracing
cef_execute_process
cef_force_web_plugin_shutdown
cef_format_url_for_security_display
cef_get_current_platform_thread_handle
cef_get_current_platform_thread_id
cef_get_extensions_for_mime_type
cef_get_geolocation
cef_get_mime_type
cef_get_min_log_level
cef_get_path
cef_get_vlog_level
cef_initialize
cef_is_web_plugin_unstable
cef_launch_process
cef_list_value_create
cef_log
cef_now_from_system_trace_time
cef_parse_csscolor
cef_parse_json
cef_parse_jsonand_return_error
cef_parse_url
cef_post_data_create
cef_post_data_element_create
cef_post_delayed_task
cef_post_task
cef_print_settings_create
cef_process_message_create
cef_quit_message_loop
cef_refresh_web_plugins
cef_register_extension
cef_register_scheme_handler_factory
cef_register_web_plugin_crash
cef_remove_cross_origin_whitelist_entry
cef_remove_web_plugin_path
cef_request_context_create_context
cef_request_context_get_global_context
cef_request_create
cef_resource_bundle_get_global
cef_response_create
cef_run_message_loop
cef_set_osmodal_loop
cef_shutdown
cef_stream_reader_create_for_data
cef_stream_reader_create_for_file
cef_stream_reader_create_for_handler
cef_stream_writer_create_for_file
cef_stream_writer_create_for_handler
cef_string_ascii_to_utf16
cef_string_ascii_to_wide
cef_string_list_alloc
cef_string_list_append
cef_string_list_clear
cef_string_list_copy
cef_string_list_free
cef_string_list_size
cef_string_list_value
cef_string_map_alloc
cef_string_map_append
cef_string_map_clear
cef_string_map_find
cef_string_map_free
cef_string_map_key
cef_string_map_size
cef_string_map_value
cef_string_multimap_alloc
cef_string_multimap_append
cef_string_multimap_clear
cef_string_multimap_enumerate
cef_string_multimap_find_count
cef_string_multimap_free
cef_string_multimap_key
cef_string_multimap_size
cef_string_multimap_value
cef_string_userfree_utf16_alloc
cef_string_userfree_utf16_free
cef_string_userfree_utf8_alloc
cef_string_userfree_utf8_free
cef_string_userfree_wide_alloc
cef_string_userfree_wide_free
cef_string_utf16_clear
cef_string_utf16_cmp
cef_string_utf16_set
cef_string_utf16_to_utf8
cef_string_utf16_to_wide
cef_string_utf8_clear
cef_string_utf8_cmp
cef_string_utf8_set
cef_string_utf8_to_utf16
cef_string_utf8_to_wide
cef_string_wide_clear
cef_string_wide_cmp
cef_string_wide_set
cef_string_wide_to_utf16
cef_string_wide_to_utf8
cef_task_runner_get_for_current_thread
cef_task_runner_get_for_thread
cef_time_delta
cef_time_from_doublet
cef_time_from_timet
cef_time_now
cef_time_to_doublet
cef_time_to_timet
cef_trace_counter
cef_trace_counter_id
cef_trace_event_async_begin
cef_trace_event_async_end
cef_trace_event_async_step_into
cef_trace_event_async_step_past
cef_trace_event_begin
cef_trace_event_end
cef_trace_event_instant
cef_translator_test_create
cef_translator_test_object_child_child_create
cef_translator_test_object_child_create
cef_translator_test_object_create
cef_unregister_internal_web_plugin
cef_uridecode
cef_uriencode
cef_urlrequest_create
cef_v8context_get_current_context
cef_v8context_get_entered_context
cef_v8context_in_context
cef_v8stack_trace_get_current
cef_v8value_create_array
cef_v8value_create_bool
cef_v8value_create_date
cef_v8value_create_double
cef_v8value_create_function
cef_v8value_create_int
cef_v8value_create_null
cef_v8value_create_object
cef_v8value_create_string
cef_v8value_create_uint
cef_v8value_create_undefined
cef_value_create
cef_version_info
cef_visit_web_plugin_info
cef_write_json
cef_xml_reader_create
cef_zip_reader_create
create_context_shared

Sections

.text
Size: 36.0MB - Virtual size: 36.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9.1MB - Virtual size: 9.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 185KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
liehuo.exe
.exe windows:5 windows x86 arch:x86

b5d675bc45be02805150afd33e6b3781

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\37Work\pc_code\lander\template\lianyun_cef\Bin\lander.pdb

Imports

kernel32

ReadFile
GetCommandLineW
FindResourceExW
GetSystemInfo
InterlockedIncrement
InterlockedDecrement
IsBadWritePtr
GetExitCodeThread
OutputDebugStringW
CreateProcessW
OpenProcess
TerminateProcess
GetModuleFileNameW
MulDiv
lstrcmpW
FreeLibrary
GetProcAddress
GetModuleHandleW
lstrcmpiW
LoadLibraryExW
OpenFileMappingW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateDirectoryW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
FindFirstFileW
FindNextFileW
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
GetCurrentProcessId
MultiByteToWideChar
FreeEnvironmentStringsW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
GetSystemTimeAsFileTime
CreateThread
ExitThread
VirtualQuery
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
QueryPerformanceCounter
WideCharToMultiByte
GetTickCount
LockResource
ResumeThread
TerminateThread
DeleteFileW
WaitForSingleObject
Sleep
WriteFile
CreateFileW
GetLastError
SetEvent
CloseHandle
CreateEventW
DeleteCriticalSection
InitializeCriticalSection
lstrlenW
GlobalFree
GlobalUnlock
GlobalLock
SizeofResource
GlobalAlloc
FreeResource
EnterCriticalSection
LoadResource
FindResourceW
InterlockedExchange
FlushInstructionCache
GetCurrentProcess
SetLastError
RaiseException
GetCurrentThreadId
LeaveCriticalSection
GetEnvironmentStringsW

user32

CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW
LoadImageW
SendMessageW
UnregisterClassA
RedrawWindow
GetClientRect
OffsetRect
PtInRect
PostMessageW
SetCursor
IsWindowVisible
GetForegroundWindow
GetWindowLongW
SetWindowLongW
CallWindowProcW
DrawTextW
InflateRect
SetWindowTextW
SetFocus
SystemParametersInfoW
SetWindowPos
ShowWindow
UpdateWindow
IsIconic
SetForegroundWindow
DestroyWindow
BeginPaint
EndPaint
ScreenToClient
SetWindowRgn
GetDC
ReleaseDC
UpdateLayeredWindow
DefWindowProcW
ClientToScreen
IsChild
MessageBoxW
LoadMenuW
GetSubMenu
RemoveMenu
DestroyMenu
TrackPopupMenu
GetCursorPos
LoadIconW
DestroyAcceleratorTable
GetDesktopWindow
InvalidateRect
InvalidateRgn
FillRect
ReleaseCapture
SetCapture
MoveWindow
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadStringW
GetKeyState
PostQuitMessage
SetLayeredWindowAttributes
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
GetFocus
GetWindow
GetDlgItem
IsWindow
GetClassNameW
GetSysColor
CharNextW
CreateAcceleratorTableW
GetParent

gdi32

GetDeviceCaps
CreateCompatibleBitmap
CreateFontW
SetBkColor
StretchBlt
CreateRoundRectRgn
RestoreDC
SetTextColor
SetBkMode
GetStockObject
GetDIBColorTable
DeleteObject
BitBlt
GetObjectW
SetDIBColorTable
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteDC
SaveDC
CreateSolidBrush

advapi32

GetTokenInformation
OpenProcessToken
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegCloseKey
RegOpenKeyExW
GetUserNameW

shell32

ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderPathW
Shell_NotifyIconW

ole32

CoCreateGuid
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CoInitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoCreateInstance
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
OleUninitialize
CreateStreamOnHGlobal

oleaut32

VarUI4FromStr
SysAllocStringLen
OleCreateFontIndirect
DispCallFunc
LoadTypeLi
LoadRegTypeLi
SafeArrayPutElement
SafeArrayCreate
VariantClear
VariantInit
SysStringLen
SafeArrayUnaccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SysFreeString
SysAllocString

shlwapi

PathFileExistsW
StrCpyW

comctl32

_TrackMouseEvent

msimg32

TransparentBlt
AlphaBlend

gdiplus

GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageWidth
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdipGetImageHeight

wininet

InternetGetCookieExW
FindCloseUrlCache
FindNextUrlCacheEntryW
DeleteUrlCacheEntryW
InternetCloseHandle
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
InternetSetCookieW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetCrackUrlW
FindFirstUrlCacheEntryW

Sections

.text
Size: 283KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
natives_blob.bin
.js
pepflashplayer.dll
.dll windows:6 windows x86 arch:x86

bf9dd7c95f070cdf9b688ecd2f0a4b6d

Code Sign

06:f0:47:88:03:10:55:d3:1d:ef:fe:fc:d0:26:d6:c5
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

15/03/2017, 00:00

Not After

20/03/2019, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Systems Incorporated,OU=Flash Player,O=Adobe Systems Incorporated,POSTALCODE=95110,STREET=345 Park Avenue,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5f:c1:a3:cf:7a:2b:62:4d:38:6a:37:85:14:f9:66:48:49:49:5f:61:8f:e5:54:c0:e9:7b:02:fd:98:73:65:84
Signer

Actual PE Digest

5f:c1:a3:cf:7a:2b:62:4d:38:6a:37:85:14:f9:66:48:49:49:5f:61:8f:e5:54:c0:e9:7b:02:fd:98:73:65:84

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\r\ws\St_Make\code\products\player\pepper\gypbuild\Release\pepflashplayer.pdb

Imports

crypt32

CertCloseStore
CertVerifySubjectCertificateContext
CertCreateCertificateContext
CertFreeCertificateContext
CryptGetMessageCertificates
CryptVerifyMessageSignature
CertCompareCertificate
CertFindCertificateInStore

shlwapi

UrlCanonicalizeW
ord12
AssocQueryStringW

gdiplus

GdipFree
GdipAlloc
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawImageRect
GdipSetInterpolationMode
GdipGetImageWidth
GdipDeleteGraphics

kernel32

DebugBreak
OutputDebugStringA
TlsAlloc
TlsFree
CloseHandle
SetEvent
ResetEvent
WaitForSingleObject
SleepEx
CreateEventW
QueueUserAPC
CreateThread
OpenThread
SetThreadPriority
ExitThread
VirtualQuery
GetFileSizeEx
ReadFile
SetFilePointerEx
WriteFile
GetCurrentProcess
GetVersionExW
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
CreateFileW
GetLastError
ConnectNamedPipe
DisconnectNamedPipe
GetCurrentProcessId
GetTickCount
MultiByteToWideChar
DeleteFileW
GetFileAttributesW
GetFileSize
SetLastError
ReleaseMutex
CreateMutexA
CreateProcessW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
WideCharToMultiByte
CreateDirectoryW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesExW
RemoveDirectoryW
GetSystemTimeAsFileTime
HeapSize
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
HeapFree
GetProcessHeap
GetSystemTime
SystemTimeToFileTime
GetTimeZoneInformation
DecodePointer
RaiseException
TlsSetValue
ReleaseSemaphore
CreateSemaphoreW
GetProcessAffinityMask
FreeLibrary
LoadLibraryA
VirtualAlloc
VirtualFree
CreateEventA
SetWaitableTimer
CancelWaitableTimer
GetCurrentThread
WaitForMultipleObjects
CreateWaitableTimerA
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
RtlCaptureStackBackTrace
GetNumberFormatW
GetCurrencyFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapCreate
HeapDestroy
HeapLock
HeapUnlock
HeapWalk
VirtualProtect
IsDebuggerPresent
GetProcessTimes
GlobalMemoryStatusEx
SetSystemTime
GetModuleFileNameA
FileTimeToSystemTime
GetACP
ResumeThread
CreateWaitableTimerW
CreateTimerQueueTimer
DeleteTimerQueueTimer
GetStdHandle
GetFileType
GlobalMemoryStatus
LoadLibraryW
FlushConsoleInputBuffer
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTempFileNameW
GetFullPathNameW
CopyFileW
MoveFileExW
FlushFileBuffers
SetEndOfFile
EncodePointer
GetStringTypeW
GetCPInfo
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
GetStartupInfoW
OutputDebugStringW
lstrlenW
lstrcpynW
LocalFree
LocalAlloc
GetNativeSystemInfo
InterlockedDecrement
TlsGetValue
GetCurrentThreadId
SwitchToThread
Sleep
DeleteCriticalSection
InterlockedIncrement
DeviceIoControl
CreateFileA
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VerSetConditionMask
VerifyVersionInfoW
FormatMessageA
ExpandEnvironmentStringsA
GetLocaleInfoW
GetSystemInfo
InitializeCriticalSectionAndSpinCount
FindNextFileA
FindFirstFileExA
GetConsoleCP
CreateProcessA
GetExitCodeProcess
HeapReAlloc
SetConsoleMode
ReadConsoleInputA
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
SetConsoleCtrlHandler
ReadConsoleW
GetConsoleMode
FreeLibraryAndExitThread
ExitProcess
SetStdHandle
InterlockedFlushSList
RtlUnwind
LoadLibraryExW

user32

SetRectEmpty
GetCursorPos
EnumDisplayMonitors
GetMonitorInfoW
GetMonitorInfoA
GetDC
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
GetForegroundWindow
WaitForInputIdle
wsprintfW
GetSystemMetrics
MonitorFromRect
EnumDisplayDevicesA
GetWindowRect
GetClientRect
WindowFromDC

advapi32

GetTokenInformation
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptGenRandom
SystemFunction036
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
IsValidSid
CryptEncrypt
CryptImportKey
CryptExportKey
CryptDestroyKey
CryptGenKey
CryptReleaseContext

ole32

CoTaskMemAlloc
CoSetProxyBlanket
CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance
CoFreeUnusedLibraries

shell32

SHGetFolderPathW
ShellExecuteW
ShellExecuteExW
ord165
SHCreateDirectoryExW

oleaut32

SysFreeString
SysStringLen
VariantInit
VariantClear
SysAllocString

gdi32

SelectObject
EnumFontFamiliesExW
DeleteObject
DeleteDC
CreateFontIndirectW
CreateCompatibleDC
GetFontData
CreateDCW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

bind
getsockname
WSACleanup
ntohl
htons
ntohs
htonl
WSAGetLastError
WSASetLastError
shutdown
send
recv
closesocket
getsockopt
select
setsockopt
WSAIoctl
ioctlsocket
gethostname

psapi

GetProcessImageFileNameW
GetProcessMemoryInfo

winmm

timeKillEvent
timeSetEvent
timeGetTime

Exports

Exports

IAEModule_AEModule_PutKernel
IAEModule_IAEKernel_LoadModule
IAEModule_IAEKernel_UnloadModule
PPP_GetInterface
PPP_InitializeBroker
PPP_InitializeModule
PPP_ShutdownBroker
PPP_ShutdownModule
curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape

Sections

.text
Size: 12.3MB - Virtual size: 12.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 798KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 495KB - Virtual size: 495KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
snapshot_blob.bin
uninst.exe.nsis

Sharing

General

Malware Config

Signatures

Files

b1a57b635b23ffd553b3fd1e0960b2bd

Code Sign

21:d6:d0:4a:4f:25:0f:c9:32:37:fc:aa:5e:12:8d:e9Certificate

Key Usages

60:1c:06:91:71:d5:13:56:07:14:d6:60:96:52:2a:5eCertificate

Extended Key Usages

Key Usages

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

a2:e1:ce:52:22:92:32:c4:68:98:41:4e:ca:c8:a2:38:83:0c:98:3a:bd:1e:80:dd:80:6f:ab:5e:de:07:94:02Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 108KB

.ndata Size: - Virtual size: 64KB

.rsrc Size: 196KB - Virtual size: 196KB

8df26927f8978d4eb40ff179c0aa961b

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 104B

738dc9bb91549f627cf1953c2000e1d6

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 172B

ea9b3ea5cd9e2014ad3724e31f62cf5e

21:d6:d0:4a:4f:25:0f:c9:32:37:fc:aa:5e:12:8d:e9
Certificate

60:1c:06:91:71:d5:13:56:07:14:d6:60:96:52:2a:5e
Certificate

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

a2:e1:ce:52:22:92:32:c4:68:98:41:4e:ca:c8:a2:38:83:0c:98:3a:bd:1e:80:dd:80:6f:ab:5e:de:07:94:02
Signer

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 108KB

.ndata
Size: - Virtual size: 64KB

.rsrc
Size: 196KB - Virtual size: 196KB

.text
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 104B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 172B

.text
Size: 75KB - Virtual size: 75KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 512B - Virtual size: 510B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

08:4f:f1:81:0e:4a:94:25:bf:80:e3:b8:bc:ae:ab:42
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

ae:59:56:50:07:b8:18:a8:0f:01:9b:65:57:d2:2e:36:61:e1:d9:ff
Signer

.text
Size: 50KB - Virtual size: 49KB

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 512B - Virtual size: 12B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

08:4f:f1:81:0e:4a:94:25:bf:80:e3:b8:bc:ae:ab:42
Certificate