24302a8ff8846211dc7bf6eaa8aec1f9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

24302a8ff8846211dc7bf6eaa8aec1f9_JaffaCakes118
Size

2.8MB
MD5

24302a8ff8846211dc7bf6eaa8aec1f9
SHA1

e75612808cec2996a7173c2633a940f90ef9d903
SHA256

148f10ab7d09aad597800b12f1ddf3965f4d693c092771554aa286b63a32d3c0
SHA512

32d852ac53ef6ede3df836019e4e3b693d5c860d950630358f1c086bb341215ae3ad5fff8bfc3d6968076b6a21ade2274278ef4868ff576e6015df6bf677a216
SSDEEP

49152:mcGccpccUccL7cc2ccOcc9cc4VcbcoHcIy9jum92mJLb1ogkaE+QgsYv1lLx7biR:mcGccpccUccL7cc2ccOcc9cc4VcbcoHX

Score

1^/10

Malware Config

Signatures

Files

24302a8ff8846211dc7bf6eaa8aec1f9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 580KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallHelper.dll
.dll windows:4 windows x86 arch:x86

a619476ec7ec29b5eb3ad3c4882bcc9c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:24:a5:3d:72:c1:34:23:a9:15:29:74:51:c1:a6:b3:df:dc:5a:b4
Signer

Actual PE Digest

78:24:a5:3d:72:c1:34:23:a9:15:29:74:51:c1:a6:b3:df:dc:5a:b4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\haiyan_proj\haiyan1.5\Basic\Install\NSIS\Plugins\InstallHelper.pdb

Imports

kernel32

CreateFileW
GlobalFree
lstrcpyW
CreateToolhelp32Snapshot
lstrcpynW
FindFirstFileW
GlobalAlloc
DeleteFileW
FindResourceW
FindNextFileW
Process32FirstW
FindClose
lstrcmpiW
MoveFileExW
CloseHandle
LoadLibraryW
GetProcAddress
GetLastError
SizeofResource
FreeLibrary
LockResource
OutputDebugStringW
LoadResource
FindResourceExW
SetFileAttributesW
GetFileAttributesW
GetModuleHandleW
TerminateProcess
OpenProcess
Sleep
MultiByteToWideChar
GetTickCount
Process32NextW
GetCurrentProcess
FlushFileBuffers
CreateFileA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCurrentThreadId
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
RtlUnwind
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
GetCPInfo
GetOEMCP
IsValidCodePage
LoadLibraryA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

FindWindowW
UnregisterClassA

advapi32

OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
QueryServiceStatus
StartServiceW
OpenServiceW
CloseServiceHandle
ChangeServiceConfig2W
CreateServiceW

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

SysStringLen
SysAllocString
SysFreeString

Exports

Exports

DeleteDirectory
DoInstallService
FireWallAddApp
Function1
Function10
Function2
Function3
Function4
Function5
Function6
Function7
Function8
Function9
InstallDrivers
IsProcessRunning
IsWow64
KillRunningProcess
RefreshPolicies
RenameAndDeleteFile
ReportInstallData
ReportUninstallData
UninstallDrivers

Sections

.text
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/20000802.xml
$_2_/AladdinAssistant.exe
.exe windows:4 windows x86 arch:x86

12cd25cf455e9f4c315e4436b2e49052

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\clientci\workspace\haiyan_v1.5_compile\basic\Output\BinRelease\AladdinAssistant.pdb

Imports

basedll

?SafeLoadLibrary@Library@Base@@YAPAUHINSTANCE__@@PB_WH@Z
?OutputDebugInfoEx@Log@Base@@YAXHPBD0IH0ZZ
?OutputDebugInfoEx@Log@Base@@YAXHPBD0IHPB_WZZ

utilsdll

?SetSupplyID@Misc@Utils@@YAHH@Z
?GetCrashCatcher@CrashCatcher@Utils@@YAPAVICrashCatcher@12@XZ
?GetInstallVer@Misc@Utils@@YAHPADK@Z
?GetSoftID@Misc@Utils@@YAIXZ
?GetSupplyID@Misc@Utils@@YAHAAH@Z

reportdll

ReleaseReportMgr
GetReportMgr

kernel32

Process32NextW
CreateFileW
lstrcpynW
WideCharToMultiByte
FindResourceExW
CreateEventA
Process32FirstW
CreateToolhelp32Snapshot
GetLocalTime
TerminateThread
ResetEvent
IsBadReadPtr
FormatMessageA
LocalFree
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
Sleep
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
MoveFileW
GetFileAttributesW
FlushInstructionCache
LockResource
IsBadWritePtr
GlobalHandle
FreeResource
GlobalFree
InterlockedExchange
CreateEventW
GetProcAddress
DeleteFileW
SetEvent
InitializeCriticalSection
GetModuleHandleW
GetCurrentProcess
EnterCriticalSection
SetLastError
MulDiv
InterlockedDecrement
InterlockedIncrement
RaiseException
GetModuleFileNameW
GetCurrentThreadId
lstrlenW
GlobalUnlock
CloseHandle
GetLastError
LeaveCriticalSection
GlobalLock
CreateMutexW
GlobalAlloc
FreeLibrary
lstrcmpiW
MultiByteToWideChar
DeleteCriticalSection
LoadResource
FindResourceW
LoadLibraryExW
SizeofResource
lstrcmpW
WaitForSingleObject
WriteFile

user32

GetWindowLongW
GetWindowTextW
CreateAcceleratorTableW
InvalidateRgn
GetMessageW
SetWindowPos
ReleaseDC
IsWindowEnabled
DrawEdge
ShowWindow
CreateDialogParamW
InflateRect
KillTimer
DrawFocusRect
SetTimer
MonitorFromWindow
LoadImageW
GetMonitorInfoW
OffsetRect
GetSystemMetrics
UpdateWindow
GetWindowRect
GetCapture
SystemParametersInfoW
SetWindowRgn
GetDlgCtrlID
GetMenu
AdjustWindowRectEx
PtInRect
PostMessageW
SetWindowContextHelpId
MapWindowPoints
MapDialogRect
CreateDialogIndirectParamW
IsDialogMessageW
EnableWindow
InvalidateRect
GetWindowTextLengthW
UnregisterClassA
GetDC
RegisterClassExW
RegisterWindowMessageW
GetClassNameW
IsWindow
EndPaint
GetClassInfoExW
CharNextW
FillRect
GetWindow
GetParent
SetCapture
BeginPaint
LoadCursorW
DefWindowProcW
SetFocus
DestroyWindow
GetFocus
CreateWindowExW
MoveWindow
IsChild
CallWindowProcW
GetClientRect
SendMessageW
ScreenToClient
GetSysColor
GetDlgItem
ClientToScreen
DestroyAcceleratorTable
DispatchMessageW
ReleaseCapture
RedrawWindow
TranslateMessage
PeekMessageW
SetWindowLongW
SetWindowTextW
GetDesktopWindow

gdi32

CreateDIBSection
SetDIBColorTable
GetTextExtentPoint32W
SetTextColor
RoundRect
CreateRoundRectRgn
CreatePen
GetDIBColorTable
StretchBlt
Rectangle
CreateFontW
LineTo
MoveToEx
SetViewportOrgEx
TextOutW
GetStockObject
GetDeviceCaps
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
CreateSolidBrush
GetObjectW
DeleteObject
SetBkMode

advapi32

RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegDeleteKeyW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW

shell32

ShellExecuteW
ShellExecuteExW

ole32

CoInitializeEx
IIDFromString
OleLockRunning
CoInitialize
CoTaskMemFree
CoUninitialize
CoGetInterfaceAndReleaseStream
OleUninitialize
StringFromGUID2
CoTaskMemAlloc
CreateStreamOnHGlobal
CLSIDFromProgID
CLSIDFromString
CoMarshalInterThreadInterfaceInStream
CoLoadLibrary
CoFreeLibrary
OleInitialize
CoGetClassObject
CoCreateInstance
CoTaskMemRealloc

oleaut32

SysAllocStringByteLen
DispCallFunc
SysAllocString
VariantClear
VariantInit
SysStringByteLen
LoadRegTypeLi
VarUI4FromStr
LoadTypeLi
SysStringLen
OleCreateFontIndirect
SysFreeString
SysAllocStringLen

comctl32

ImageList_Create
_TrackMouseEvent
InitCommonControlsEx
ImageList_Draw
ImageList_Add
ImageList_GetIconSize
ImageList_Destroy

msimg32

TransparentBlt
AlphaBlend

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCreateFromHDC
GdipDrawImageRectI
GdipLoadImageFromFile
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipDisposeImage
GdipCloneImage
GdipGetImageWidth
GdipBitmapLockBits
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDrawImageI
GdipFree
GdipAlloc
GdipBitmapUnlockBits
GdipGetImagePixelFormat

msvcp80

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIABV12@@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?push_back@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEX_W@Z
?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z
?rbegin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$reverse_iterator@V?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@XZ
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIPB_W@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V32@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ

msvcr80

??0exception@std@@QAE@ABQBD@Z
_wsplitpath_s
wcsncat_s
strncpy_s
_beginthreadex
strerror
_itoa
atoi
??0exception@std@@QAE@ABV01@@Z
_snwprintf
wcsrchr
malloc
memmove_s
memcpy_s
_recalloc
wcsncpy_s
??2@YAPAXI@Z
fclose
_controlfp_s
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
swprintf_s
fwrite
fopen
sprintf
_invalid_parameter_noinfo
_vswprintf
??_V@YAXPAX@Z
free
_time64
??3@YAXPAX@Z
?what@exception@std@@UBEPBDXZ
_purecall
??0exception@std@@QAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
wcscpy_s
_resetstkoflw
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
memset
vswprintf_s
_vscwprintf
_waccess
rand
srand
wcsstr
_wcsicmp
_wtoi
_wcsnicmp
_CxxThrowException
__iob_func
fprintf
fflush
_snprintf
memcpy
__CxxFrameHandler3
??1exception@std@@UAE@XZ

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetCloseHandle
HttpQueryInfoW
HttpSendRequestW
InternetReadFile
InternetCrackUrlW

sensapi

IsNetworkAlive

Sections

.text
Size: 272KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/AppUpdater.exe
.exe windows:4 windows x86 arch:x86

e37af4f1c8fadbb8dddd26c6eb8211d8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\clientci\workspace\haiyan_v1.5_compile\basic\Output\BinRelease\AppUpdater.pdb

Imports

basedll

?IsFileExist@FileMisc@Base@@YAHPB_W@Z
?OutputDebugInfoEx@Log@Base@@YAXHPBD0IH0ZZ
?OutputDebugInfoEx@Log@Base@@YAXHPBD0IHPB_WZZ

utilsdll

?GetCrashCatcher@CrashCatcher@Utils@@YAPAVICrashCatcher@12@XZ
?GetInstallVer@Misc@Utils@@YAHPADK@Z

reportdll

GetReportMgr

kernel32

GetFileAttributesW
MoveFileW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateFileW
CreateDirectoryW
GetProcAddress
LoadLibraryW
MulDiv
CreateIoCompletionPort
HeapSize
HeapReAlloc
HeapDestroy
InterlockedIncrement
GetModuleFileNameW
DeleteCriticalSection
GetLastError
CreateEventA
LeaveCriticalSection
SetEvent
CreateMutexW
InterlockedExchangeAdd
InterlockedExchange
EnterCriticalSection
CloseHandle
TlsAlloc
InterlockedDecrement
PostQueuedCompletionStatus
TlsFree
GlobalUnlock
InterlockedCompareExchange
GetProcessHeap
WaitForMultipleObjects
LoadResource
GetModuleHandleW
QueueUserAPC
SetWaitableTimer
TlsSetValue
HeapAlloc
LoadLibraryExW
FindResourceW
FindResourceExW
LockResource
GetLocalTime
WriteFile
IsBadReadPtr
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
CreateWaitableTimerA
SystemTimeToFileTime
GetTickCount
ResumeThread
ResetEvent
OpenEventA
GetCurrentProcessId
ReleaseSemaphore
GetSystemTimeAsFileTime
FormatMessageA
LocalFree
GetThreadLocale
GetLocaleInfoA
GetACP
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetVersionExA
WideCharToMultiByte
GetCurrentProcess
HeapFree
TlsGetValue
GlobalLock
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
lstrlenW
GetQueuedCompletionStatus
lstrcmpiW
FreeLibrary
GetTempPathW
CreateEventW
Sleep
GlobalFree
FreeResource
lstrcpynW
RaiseException
GlobalAlloc
InitializeCriticalSection
SetLastError
GetCurrentThreadId
MultiByteToWideChar
SizeofResource
FlushInstructionCache
lstrcmpW
TerminateThread

user32

DefWindowProcW
GetWindow
ReleaseCapture
GetClassInfoExW
ScreenToClient
CallWindowProcW
SetWindowPos
GetClassNameW
RegisterWindowMessageW
SetWindowTextW
ReleaseDC
LoadMenuW
GetCursorPos
EndPaint
PeekMessageW
CreateWindowExW
GetWindowTextLengthW
SetFocus
GetSysColor
DestroyWindow
MoveWindow
GetDlgItem
CreateAcceleratorTableW
PostMessageW
RedrawWindow
BeginPaint
GetDesktopWindow
SetCapture
RegisterClassExW
DispatchMessageW
ClientToScreen
GetClientRect
GetFocus
IsWindow
InvalidateRect
GetDC
OffsetRect
PtInRect
DrawFocusRect
SetWindowRgn
DrawEdge
GetMenu
GetDlgCtrlID
GetMonitorInfoW
FillRect
InvalidateRgn
GetParent
GetWindowTextW
GetSubMenu
TrackPopupMenu
SetForegroundWindow
GetMessageW
CharNextW
DestroyAcceleratorTable
LoadCursorW
TranslateMessage
SendMessageW
IsChild
MonitorFromWindow
UnregisterClassA
SetWindowLongW
DestroyMenu
KillTimer
SystemParametersInfoW
SetTimer
UpdateWindow
LoadImageW
GetCapture
GetSystemMetrics
IsWindowEnabled
ShowWindow
InflateRect
GetWindowRect
CreateDialogParamW
AdjustWindowRectEx
GetWindowLongW

gdi32

CreateRoundRectRgn
CreatePen
MoveToEx
GetDIBColorTable
StretchBlt
Rectangle
SetBkMode
TextOutW
SetTextColor
SetViewportOrgEx
CreateFontIndirectW
GetTextExtentPoint32W
GetObjectW
GetStockObject
DeleteDC
SelectObject
CreateCompatibleDC
CreateSolidBrush
GetDeviceCaps
CreateCompatibleBitmap
BitBlt
DeleteObject
SetDIBColorTable
CreateDIBSection
RoundRect

advapi32

RegQueryInfoKeyW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW

shell32

ShellExecuteExW
Shell_NotifyIconW

ole32

CLSIDFromString
StringFromGUID2
CoTaskMemFree
CoGetClassObject
CoInitialize
CoTaskMemAlloc
OleUninitialize
OleLockRunning
CoUninitialize
CLSIDFromProgID
CreateStreamOnHGlobal
OleInitialize
CoCreateInstance
CoTaskMemRealloc
CoLoadLibrary
CoFreeLibrary
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoInitializeEx
IIDFromString

oleaut32

SysFreeString
LoadRegTypeLi
SysAllocStringByteLen
VariantInit
VariantClear
OleCreateFontIndirect
LoadTypeLi
SysStringLen
SysStringByteLen
SysAllocStringLen
VarUI4FromStr
SysAllocString

comctl32

ImageList_Create
ImageList_Draw
ImageList_Add
ImageList_Destroy
_TrackMouseEvent
ImageList_GetIconSize
InitCommonControlsEx

msimg32

AlphaBlend
TransparentBlt

gdiplus

GdipGetImagePaletteSize
GdipBitmapUnlockBits
GdipGetImagePixelFormat
GdipBitmapLockBits
GdipGetImageWidth
GdipGetImageHeight
GdipGetImageGraphicsContext
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipDrawImageI
GdipCreateFontFamilyFromName
GdipCloneImage
GdipDeleteGraphics
GdipDeleteFont
GdipDeleteFontFamily
GdipCreateFont
GdipDisposeImage
GdipLoadImageFromFile
GdipGetLogFontW
GdipGetGenericFontFamilySansSerif
GdipAlloc
GdipDrawImageRectI
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCreateFromHDC
GdipCreateBitmapFromScan0

msvcp80

?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIABV12@@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIPB_W@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V32@@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?push_back@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEX_W@Z
?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z
?rbegin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$reverse_iterator@V?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@XZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

ws2_32

WSACleanup
WSAStartup

msvcr80

_invalid_parameter_noinfo
_itoa
swprintf_s
free
_recalloc
wcsncpy_s
memmove_s
wcscpy_s
_resetstkoflw
rand
_time64
swscanf
srand
printf
_vscprintf_p
_vscwprintf_p
_vswprintf_p
_vsprintf_p
strncpy_s
sprintf
_wtoi
_wsplitpath
_waccess
_wcsicmp
wcschr
tolower
memset
__CxxFrameHandler3
strerror
_gmtime64
_CxxThrowException
_beginthreadex
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
_snprintf
fflush
fprintf
__iob_func
memcpy
_snwprintf
_wsplitpath_s
wcsncat_s
_vscwprintf
vswprintf_s
_configthreadlocale
memcpy_s
malloc
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBDH@Z
??3@YAXPAX@Z
??2@YAPAXI@Z
_purecall
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??_V@YAXPAX@Z
??0exception@std@@QAE@ABQBD@Z

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wininet

HttpOpenRequestW
InternetReadFile
InternetCrackUrlW
HttpSendRequestW
HttpQueryInfoW
InternetOpenW
InternetConnectW
InternetCloseHandle

sensapi

IsNetworkAlive

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 356KB - Virtual size: 354KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/BDKitUtils.dll
.dll windows:4 windows x86 arch:x86

1f78e69b56ee87c438f5501a8265f830

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cd:e1:ff:c3:37:7d:1c:ec:53:48:dd:bf:66:f3:35:2f:15:22:f6:9e
Signer

Actual PE Digest

cd:e1:ff:c3:37:7d:1c:ec:53:48:dd:bf:66:f3:35:2f:15:22:f6:9e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\bdm_v3.0_fix2\Basic\kvoutput\binrelease\bdmantivirus\BDKitUtils.pdb

Imports

kernel32

CreateFileW
SetLastError
DeleteCriticalSection
CopyFileW
GetProcAddress
WaitForSingleObject
SetEvent
CloseHandle
CreateEventW
InterlockedIncrement
GetModuleFileNameW
GetWindowsDirectoryW
InitializeCriticalSection
LoadLibraryA
GetSystemInfo
FreeLibrary
GetModuleHandleA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetLastError
DeviceIoControl
GetFileAttributesExW
GetProcessHeap
GetModuleHandleW
GetCurrentProcess
OpenProcess
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
DeleteFileW
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId

user32

wsprintfW

advapi32

AdjustTokenPrivileges
CreateServiceW
OpenSCManagerW
LookupPrivilegeValueW
OpenServiceW
DeleteService
OpenProcessToken
StartServiceW
CloseServiceHandle
ControlService

msvcp80

?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z

msvcr80

_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_except_handler4_common
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CxxFrameHandler3
__clean_type_info_names_internal
memset
wcsncpy
free
??2@YAPAXI@Z
??3@YAXPAX@Z
??_V@YAXPAX@Z
wcscpy_s
wcscat_s
malloc
memcpy

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z
GetBDKitInterface
QueryInterfaceExist

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/BDSGProxyDll.dll
.dll windows:4 windows x86 arch:x86

9ba5012e3470049535983fab2e960226

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\bdsg\Basic\Output\BinRelease\testApp\BDSGProxyDll.pdb

Imports

ws2_32

htons
ntohl
WSACleanup
WSAStartup

kernel32

WaitForMultipleObjects
TerminateThread
QueueUserAPC
WaitForSingleObject
CreateEventW
InitializeCriticalSection
DeleteCriticalSection
CreateIoCompletionPort
FindFirstFileW
SetWaitableTimer
FindNextFileW
GetQueuedCompletionStatus
GetCurrentProcessId
MultiByteToWideChar
WideCharToMultiByte
GetVersionExW
GetModuleFileNameW
GetFileAttributesW
DeleteFileW
CreateProcessW
MoveFileW
MoveFileExW
GetModuleHandleW
GetCurrentProcess
lstrcmpiW
GetCurrentThreadId
ProcessIdToSessionId
FreeLibrary
lstrlenA
lstrlenW
GetSystemDirectoryW
FormatMessageW
CreateMutexW
GetTickCount
RaiseException
HeapValidate
ConnectNamedPipe
ReadFile
CreateNamedPipeW
Sleep
WaitNamedPipeW
GetOverlappedResult
WriteFile
GetTimeFormatW
SystemTimeToFileTime
GetLocaleInfoW
GetDateFormatW
FileTimeToSystemTime
GetLocaleInfoA
GetCurrencyFormatW
GetNumberFormatW
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
GlobalReAlloc
GetCPInfo
ExpandEnvironmentStringsW
SetFilePointer
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetFileSizeEx
DebugBreak
GetSystemWow64DirectoryW
GetSystemWindowsDirectoryW
IsBadReadPtr
GetBinaryTypeW
CreateFileA
LocalAlloc
LocalFree
ReleaseMutex
OpenFileMappingW
GetLocalTime
OpenEventW
OutputDebugStringA
GetModuleFileNameA
LoadLibraryA
VirtualAlloc
HeapSize
GetStdHandle
LCMapStringW
LCMapStringA
RtlUnwind
HeapReAlloc
VirtualFree
InitializeCriticalSectionAndSpinCount
TlsSetValue
HeapFree
GetProcessHeap
HeapAlloc
SetLastError
ResetEvent
TlsGetValue
InterlockedCompareExchange
FindClose
CreateFileW
CreateEventA
CloseHandle
InterlockedExchangeAdd
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
LeaveCriticalSection
GetLastError
EnterCriticalSection
TlsAlloc
PostQueuedCompletionStatus
TlsFree
SetEvent
GetProcAddress
LoadLibraryW
OpenEventA
ResumeThread
CreateWaitableTimerA
FormatMessageA
GetThreadLocale
SetNamedPipeHandleState
VirtualQuery
HeapCreate
HeapDestroy
CreateThread
ExitThread
GetVersionExA
GetCommandLineA
ReleaseSemaphore
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
ExitProcess
GetModuleHandleA
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetUserDefaultLCID
EnumSystemLocalesA
SetStdHandle
GetStringTypeW
GetStringTypeA
IsValidLocale
SetHandleCount

user32

SendMessageTimeoutW
IsWindow
FindWindowA
DestroyIcon
SendMessageW
PostMessageW

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
QueryServiceStatus
StartServiceW
ChangeServiceConfig2W
CreateServiceW
RegCreateKeyExW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CloseServiceHandle
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
RegDeleteKeyW

shell32

SHGetFolderPathW

ole32

IIDFromString
StringFromIID
CoTaskMemFree

shlwapi

StrFromTimeIntervalW
StrFormatByteSizeW
PathRemoveFileSpecW
wnsprintfW
PathAppendW
PathAddBackslashW
StrFormatKBSizeW
PathFileExistsW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

imagehlp

MapAndLoad
UnMapAndLoad

Exports

Exports

CreateBDSafeGuard
CreateBDSafeSysKit
DestoryBDSafeGuard
DestoryBDSafeSysKit

Sections

.text
Size: 404KB - Virtual size: 403KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/BaseDll.dll
.dll windows:4 windows x86 arch:x86

f6810e18fa428beae8eae1482862e747

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\clientci\workspace\haiyan_v1.5_compile\basic\Output\BinRelease\BaseDll.pdb

Imports

wininet

InternetCrackUrlW

iphlpapi

GetIpForwardTable

psapi

EnumProcessModules
GetModuleBaseNameW
EnumProcesses
GetModuleFileNameExW

kernel32

FreeLibrary
SetFileAttributesW
ReadFile
SizeofResource
FindResourceExW
FindResourceW
LoadResource
LockResource
GlobalUnlock
CopyFileW
MoveFileExW
RemoveDirectoryW
GetCurrentProcess
GlobalAlloc
DeleteFileW
GetCurrentDirectoryW
WriteFile
GlobalLock
GetTempPathW
GetSystemDirectoryW
ExpandEnvironmentStringsW
GetTickCount
WaitForSingleObject
GetExitCodeProcess
Process32NextW
Process32FirstW
lstrcmpiW
GetProcessTimes
OpenProcess
CreateToolhelp32Snapshot
GetComputerNameW
GetDriveTypeW
MapViewOfFile
UnmapViewOfFile
GetFileSizeEx
CreateFileMappingW
DebugBreak
MoveFileW
IsBadReadPtr
GetBinaryTypeW
GetSystemWow64DirectoryW
GetSystemWindowsDirectoryW
LoadLibraryW
OpenEventW
GetModuleFileNameA
InitializeCriticalSection
SetEvent
LeaveCriticalSection
DeleteCriticalSection
SetLastError
OpenFileMappingW
GetCurrentProcessId
GetCurrentThreadId
EnterCriticalSection
OutputDebugStringA
InterlockedCompareExchange
CreateFileA
FileTimeToDosDateTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
VirtualFree
DosDateTimeToFileTime
SetFileTime
VirtualAlloc
DeviceIoControl
GetFileSize
ResetEvent
TerminateThread
GetExitCodeThread
CreateEventW
WaitForMultipleObjects
GetFileAttributesExW
HeapSize
SetEndOfFile
lstrcpynA
LockFileEx
SystemTimeToFileTime
GetDiskFreeSpaceW
QueryPerformanceCounter
HeapDestroy
LoadLibraryA
GetFileAttributesA
GetTempPathA
HeapCreate
CreateFileMappingA
LocalFree
HeapValidate
AreFileApisANSI
UnlockFile
GetFullPathNameW
DeleteFileA
LockFile
GetFullPathNameA
GetDiskFreeSpaceA
OutputDebugStringW
UnlockFileEx
HeapReAlloc
GetSystemTimeAsFileTime
FlushFileBuffers
CreateMutexW
FormatMessageA
CreateFileW
GetSystemTime
GetSystemDefaultLangID
CreateWaitableTimerA
ResumeThread
OpenEventA
ReleaseSemaphore
RaiseException
GetThreadLocale
GetLocaleInfoA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetModuleHandleA
QueryPerformanceFrequency
GetCurrentThread
SetThreadPriority
GetQueuedCompletionStatus
CreateWaitableTimerW
WaitForSingleObjectEx
TlsSetValue
SetWaitableTimer
QueueUserAPC
SleepEx
SetNamedPipeHandleState
InitializeCriticalSectionAndSpinCount
WaitNamedPipeA
GetNamedPipeInfo
InterlockedExchangeAdd
DisconnectNamedPipe
DuplicateHandle
InterlockedExchange
TlsAlloc
GetModuleFileNameW
PostQueuedCompletionStatus
TlsFree
CreateIoCompletionPort
CreateNamedPipeA
ConnectNamedPipe
GetSystemInfo
GetLocalTime
InterlockedDecrement
GetModuleHandleW
InterlockedIncrement
GetVersionExW
FindNextFileW
GetFileAttributesW
CreateDirectoryW
lstrcpynW
SetFilePointer
FindClose
FindFirstFileW
GetVersionExA
GetFileTime
GetProcAddress
CloseHandle
lstrlenA
lstrlenW
Sleep
HeapFree
GetWindowsDirectoryW
HeapAlloc
GetProcessHeap
MultiByteToWideChar
FormatMessageW
GetACP
GetLastError
WideCharToMultiByte
CreateEventA
TlsGetValue

user32

SetTimer
KillTimer
GetMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
FindWindowW
SetForegroundWindow
SendMessageW
DestroyIcon
CloseClipboard
SetClipboardData
EmptyClipboard
SetFocus
UnregisterClassA
FindWindowExW
BringWindowToTop
OpenClipboard
PostThreadMessageW
SendMessageTimeoutW
FindWindowA
GetParent
EnableWindow
SetWindowLongW
GetWindowLongW
SetWindowTextW
SetWindowPos
MessageBoxW
SetActiveWindow
SystemParametersInfoW
ShowWindow
GetClientRect
ExitWindowsEx
IsIconic
GetDesktopWindow
GetSystemMetrics
IsWindowVisible
GetWindowRect
GetWindowTextW
GetClassNameW
IsWindow
EnumWindows
LoadBitmapW
LoadImageW

gdi32

CreateDCW
GetObjectW
DeleteDC
DeleteObject
GetDeviceCaps

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegOpenKeyExA
RegQueryValueExA
GetUserNameW
AdjustTokenPrivileges
LookupAccountSidW
IsValidSid
LookupPrivilegeValueW
CheckTokenMembership
RegEnumKeyW
RegSetValueExW
RegEnumValueW
RegCreateKeyExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetKeySecurity
RegDeleteValueW
RegQueryValueExW
RegFlushKey
RegGetKeySecurity
RegNotifyChangeKeyValue
InitializeSecurityDescriptor
OpenProcessToken
InitializeAcl
FreeSid
SetSecurityDescriptorDacl
SetFileSecurityW
GetLengthSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
AddAccessAllowedAce
AllocateAndInitializeSid
RegDeleteKeyW

shell32

SHGetDesktopFolder
SHGetFolderPathW
SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteExW
SHCreateDirectoryExW
DuplicateIcon
ShellExecuteW
SHBrowseForFolderW
SHGetSpecialFolderPathW

ole32

CreateStreamOnHGlobal
CoCreateInstance

oleaut32

OleCreatePictureIndirect

msvcp80

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@0@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@I_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?find_first_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?_Tidy@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEX_NI@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V32@@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIABV12@@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

msvcr80

realloc
_beginthreadex
??8type_info@@QBE_NABV0@@Z
printf
??0exception@std@@QAE@ABQBDH@Z
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
__CxxFrameHandler3
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
memset
_gmtime64
_CxxThrowException
_except_handler3
memcpy
wcsstr
fclose
wcsncmp
_wfopen_s
fwrite
??3@YAXPAX@Z
??_V@YAXPAX@Z
wcschr
swprintf_s
fflush
wcstol
fread
??2@YAPAXI@Z
memmove
fseek
ftell
_purecall
__iob_func
isspace
tolower
fopen_s
atof
fprintf
fputc
sscanf_s
_vsnprintf_s
ferror
atoi
strncmp
strchr
isalnum
isalpha
wcsncpy_s
_invalid_parameter_noinfo
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
_wcsnicmp
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
wcsncat_s
??0exception@std@@QAE@ABV01@@Z
free
malloc
strncpy_s
_wcsicmp
strtoul
memmove_s
_errno
_snprintf_s
_strnicmp
_wtol
_snwprintf_s
_time64
wcsftime
_mktime64
swscanf_s
_localtime64_s
wcscpy_s
memcpy_s
_wcslwr_s
_wtoi
wcsrchr
wcstoul
_fsopen
setlocale
_memicmp
printf_s
_vsnwprintf_s
strrchr
rand
vswprintf_s
_mbsinc
calloc
strerror
_ftelli64
_fseeki64
fopen
isprint
_wmkdir
_wstat64
_wsplitpath_s
_vswprintf_c_l
wcstombs_s

shlwapi

StrStrIW
PathFindFileNameW
PathAppendW
StrRChrIW
PathFindExtensionW
SHDeleteValueW
PathIsDirectoryW
StrRStrIW
PathAddBackslashW
SHDeleteKeyW
StrChrW
StrRChrW
PathFileExistsW
PathRemoveFileSpecW
SHGetValueW

version

GetFileVersionInfoA
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA
VerQueryValueW
GetFileVersionInfoSizeA

netapi32

Netbios

ws2_32

WSAStartup
WSACleanup

Exports

Exports

??0?$json_auto@D@@QAE@I@Z
??0?$json_auto@PAVJSONNode@@@@QAE@I@Z
??0?$json_auto@_W@@QAE@XZ
??0CIPCClient@IPC@Base@@QAE@XZ
??0CIPCServer@IPC@Base@@QAE@XZ
??0CMarkup@Xml@Base@@QAE@ABV012@@Z
??0CMarkup@Xml@Base@@QAE@H@Z
??0CMarkup@Xml@Base@@QAE@UMCD_CSTR@@@Z
??0CMarkup@Xml@Base@@QAE@XZ
??0CShortcut@FileMisc@Base@@QAE@ABV012@@Z
??0CShortcut@FileMisc@Base@@QAE@H@Z
??0CShortcut@FileMisc@Base@@QAE@PB_WH@Z
??0CWin64Helper@Win64Helper@Base@@QAE@XZ
??0CWow64FsRedrt@Win64Helper@Base@@QAE@XZ
??0FileDefaultIconPicker@FileMisc@Base@@QAE@XZ
??0IBackupAndRecoveryRegister@Register@Base@@QAE@ABU012@@Z
??0IBackupAndRecoveryRegister@Register@Base@@QAE@XZ
??0IRegistryHandle@Register@Base@@QAE@ABV012@@Z
??0IRegistryHandle@Register@Base@@QAE@XZ
??0IShortcut@FileMisc@Base@@QAE@ABV012@@Z
??0IShortcut@FileMisc@Base@@QAE@XZ
??0JSONNode@@AAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??0JSONNode@@AAE@PAVinternalJSONNode@@@Z
??0JSONNode@@AAE@_NAAV0@@Z
??0JSONNode@@QAE@ABV0@@Z
??0JSONNode@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0@Z
??0JSONNode@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@D@Z
??0JSONNode@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@E@Z
??0JSONNode@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@F@Z
??0JSONNode@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@G@Z
??0JSONNode@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H@Z
??0JSONNode@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@I@Z
??0JSONNode@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@J@Z
??0JSONNode@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@K@Z
??0JSONNode@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@M@Z
??0JSONNode@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@N@Z
??0JSONNode@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@O@Z
??0JSONNode@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PB_W@Z
??0JSONNode@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_J@Z
??0JSONNode@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_K@Z
??0JSONNode@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_N@Z
??0JSONNode@@QAE@D@Z
??0Sqlite3Command@Database@Base@@QAE@AAVSqlite3Connection@12@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0Sqlite3Command@Database@Base@@QAE@AAVSqlite3Connection@12@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??0Sqlite3Command@Database@Base@@QAE@AAVSqlite3Connection@12@PBD@Z
??0Sqlite3Command@Database@Base@@QAE@AAVSqlite3Connection@12@PB_W@Z
??0Sqlite3Connection@Database@Base@@QAE@PBD@Z
??0Sqlite3Connection@Database@Base@@QAE@PB_W@Z
??0Sqlite3Connection@Database@Base@@QAE@XZ
??0Sqlite3Reader@Database@Base@@AAE@PAVSqlite3Command@12@@Z
??0Sqlite3Reader@Database@Base@@QAE@ABV012@@Z
??0Sqlite3Reader@Database@Base@@QAE@XZ
??0Sqlite3Transaction@Database@Base@@QAE@AAVSqlite3Connection@12@_N@Z
??0TiXmlAttribute@Xml@Base@@QAE@PBD0@Z
??0TiXmlAttribute@Xml@Base@@QAE@XZ
??0TiXmlAttributeSet@Xml@Base@@QAE@XZ
??0TiXmlBase@Xml@Base@@QAE@XZ
??0TiXmlComment@Xml@Base@@QAE@ABV012@@Z
??0TiXmlComment@Xml@Base@@QAE@PBD@Z
??0TiXmlComment@Xml@Base@@QAE@XZ
??0TiXmlCursor@Xml@Base@@QAE@XZ
??0TiXmlDeclaration@Xml@Base@@QAE@ABV012@@Z
??0TiXmlDeclaration@Xml@Base@@QAE@PBD00@Z
??0TiXmlDeclaration@Xml@Base@@QAE@XZ
??0TiXmlDocument@Xml@Base@@QAE@ABV012@@Z
??0TiXmlDocument@Xml@Base@@QAE@PBD@Z
??0TiXmlDocument@Xml@Base@@QAE@XZ
??0TiXmlElement@Xml@Base@@QAE@ABV012@@Z
??0TiXmlElement@Xml@Base@@QAE@PBD@Z
??0TiXmlHandle@Xml@Base@@QAE@ABV012@@Z
??0TiXmlHandle@Xml@Base@@QAE@PAVTiXmlNode@12@@Z
??0TiXmlNode@Xml@Base@@IAE@W4NodeType@012@@Z
??0TiXmlOutStream@Xml@Base@@QAE@ABV012@@Z
??0TiXmlOutStream@Xml@Base@@QAE@XZ
??0TiXmlParsingData@Xml@Base@@AAE@PBDHHH@Z
??0TiXmlPrinter@Xml@Base@@QAE@ABV012@@Z
??0TiXmlPrinter@Xml@Base@@QAE@XZ
??0TiXmlString@Xml@Base@@QAE@ABV012@@Z
??0TiXmlString@Xml@Base@@QAE@PBD@Z
??0TiXmlString@Xml@Base@@QAE@PBDI@Z
??0TiXmlString@Xml@Base@@QAE@XZ
??0TiXmlText@Xml@Base@@QAE@ABV012@@Z
??0TiXmlText@Xml@Base@@QAE@PBD@Z
??0TiXmlUnknown@Xml@Base@@QAE@ABV012@@Z
??0TiXmlUnknown@Xml@Base@@QAE@XZ
??0TiXmlVisitor@Xml@Base@@QAE@ABV012@@Z
??0TiXmlVisitor@Xml@Base@@QAE@XZ
??0iteratorKeeper@jsonChildren@@QAE@PAV1@AAPAPAVJSONNode@@_N@Z
??0jsonChildren@@QAE@XZ
??0md5_engine@Base@@QAE@XZ
??1?$json_auto@D@@QAE@XZ
??1?$json_auto@PAVJSONNode@@@@QAE@XZ
??1?$json_auto@_W@@QAE@XZ
??1CIPCClient@IPC@Base@@QAE@XZ
??1CIPCServer@IPC@Base@@QAE@XZ
??1CMarkup@Xml@Base@@QAE@XZ
??1CShortcut@FileMisc@Base@@UAE@XZ
??1CWin64Helper@Win64Helper@Base@@QAE@XZ
??1CWow64FsRedrt@Win64Helper@Base@@QAE@XZ
??1FileDefaultIconPicker@FileMisc@Base@@QAE@XZ
??1JSONNode@@QAE@XZ
??1Sqlite3Command@Database@Base@@QAE@XZ
??1Sqlite3Connection@Database@Base@@QAE@XZ
??1Sqlite3Reader@Database@Base@@QAE@XZ
??1Sqlite3Transaction@Database@Base@@QAE@XZ
??1TiXmlAttribute@Xml@Base@@UAE@XZ
??1TiXmlAttributeSet@Xml@Base@@QAE@XZ
??1TiXmlBase@Xml@Base@@UAE@XZ
??1TiXmlComment@Xml@Base@@UAE@XZ
??1TiXmlDeclaration@Xml@Base@@UAE@XZ
??1TiXmlDocument@Xml@Base@@UAE@XZ
??1TiXmlElement@Xml@Base@@UAE@XZ
??1TiXmlNode@Xml@Base@@UAE@XZ
??1TiXmlOutStream@Xml@Base@@QAE@XZ
??1TiXmlPrinter@Xml@Base@@UAE@XZ
??1TiXmlString@Xml@Base@@QAE@XZ
??1TiXmlText@Xml@Base@@UAE@XZ
??1TiXmlUnknown@Xml@Base@@UAE@XZ
??1TiXmlVisitor@Xml@Base@@UAE@XZ
??1iteratorKeeper@jsonChildren@@QAE@XZ
??1jsonChildren@@QAE@XZ
??4CIPCClient@IPC@Base@@QAEAAV012@ABV012@@Z
??4CIPCServer@IPC@Base@@QAEAAV012@ABV012@@Z
??4CMarkup@Xml@Base@@QAEXABV012@@Z
??4CShortcut@FileMisc@Base@@QAEAAV012@ABV012@@Z
??4CWin64Helper@Win64Helper@Base@@QAEAAV012@ABV012@@Z
??4CWorkerPool@Thread@Base@@QAEAAV012@ABV012@@Z
??4CWow64FsRedrt@Win64Helper@Base@@QAEAAV012@ABV012@@Z
??4FileDefaultIconPicker@FileMisc@Base@@QAEAAV012@ABV012@@Z
??4IBackupAndRecoveryRegister@Register@Base@@QAEAAU012@ABU012@@Z
??4IRegistryHandle@Register@Base@@QAEAAV012@ABV012@@Z
??4IShortcut@FileMisc@Base@@QAEAAV012@ABV012@@Z
??4JSONNode@@QAEAAV0@ABV0@@Z
??4JSONNode@@QAEAAV0@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??4JSONNode@@QAEAAV0@D@Z
??4JSONNode@@QAEAAV0@E@Z
??4JSONNode@@QAEAAV0@F@Z
??4JSONNode@@QAEAAV0@G@Z
??4JSONNode@@QAEAAV0@H@Z
??4JSONNode@@QAEAAV0@I@Z
??4JSONNode@@QAEAAV0@J@Z
??4JSONNode@@QAEAAV0@K@Z
??4JSONNode@@QAEAAV0@M@Z
??4JSONNode@@QAEAAV0@N@Z
??4JSONNode@@QAEAAV0@O@Z
??4JSONNode@@QAEAAV0@PB_W@Z
??4JSONNode@@QAEAAV0@_J@Z
??4JSONNode@@QAEAAV0@_K@Z
??4JSONNode@@QAEAAV0@_N@Z
??4NumberToString@@QAEAAV0@ABV0@@Z
??4Sqlite3Reader@Database@Base@@QAEAAV012@ABV012@@Z
??4TiXmlComment@Xml@Base@@QAEXABV012@@Z
??4TiXmlCursor@Xml@Base@@QAEAAU012@ABU012@@Z
??4TiXmlDeclaration@Xml@Base@@QAEXABV012@@Z
??4TiXmlDocument@Xml@Base@@QAEXABV012@@Z
??4TiXmlElement@Xml@Base@@QAEXABV012@@Z
??4TiXmlHandle@Xml@Base@@QAE?AV012@ABV012@@Z
??4TiXmlOutStream@Xml@Base@@QAEAAV012@ABV012@@Z
??4TiXmlParsingData@Xml@Base@@QAEAAV012@ABV012@@Z
??4TiXmlPrinter@Xml@Base@@QAEAAV012@ABV012@@Z
??4TiXmlString@Xml@Base@@QAEAAV012@ABV012@@Z
??4TiXmlString@Xml@Base@@QAEAAV012@PBD@Z
??4TiXmlText@Xml@Base@@QAEXABV012@@Z
??4TiXmlUnknown@Xml@Base@@QAEXABV012@@Z
??4TiXmlVisitor@Xml@Base@@QAEAAV012@ABV012@@Z
??4_Init_locks@std@@QAEAAV01@ABV01@@Z
??4tagLANGANDCODEPAGE@@QAEAAU0@ABU0@@Z
??6TiXmlOutStream@Xml@Base@@QAEAAV012@ABVTiXmlString@12@@Z
??6TiXmlOutStream@Xml@Base@@QAEAAV012@PBD@Z
??8IPC@Base@@YA_NV?$intrusive_ptr@VCIPCChannel@IPC@Base@@@boost@@0@Z
??8JSONNode@@QBE_NABV0@@Z
??8JSONNode@@QBE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??8JSONNode@@QBE_ND@Z
??8JSONNode@@QBE_NE@Z
??8JSONNode@@QBE_NF@Z
??8JSONNode@@QBE_NG@Z
??8JSONNode@@QBE_NH@Z
??8JSONNode@@QBE_NI@Z
??8JSONNode@@QBE_NJ@Z
??8JSONNode@@QBE_NK@Z
??8JSONNode@@QBE_NM@Z
??8JSONNode@@QBE_NN@Z
??8JSONNode@@QBE_NO@Z
??8JSONNode@@QBE_NPB_W@Z
??8JSONNode@@QBE_N_J@Z
??8JSONNode@@QBE_N_K@Z
??8JSONNode@@QBE_N_N@Z
??8TiXmlAttribute@Xml@Base@@QBE_NABV012@@Z
??9JSONNode@@QBE_NABV0@@Z
??9JSONNode@@QBE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??9JSONNode@@QBE_ND@Z
??9JSONNode@@QBE_NE@Z
??9JSONNode@@QBE_NF@Z
??9JSONNode@@QBE_NG@Z
??9JSONNode@@QBE_NH@Z
??9JSONNode@@QBE_NI@Z
??9JSONNode@@QBE_NJ@Z
??9JSONNode@@QBE_NK@Z
??9JSONNode@@QBE_NM@Z
??9JSONNode@@QBE_NN@Z
??9JSONNode@@QBE_NO@Z
??9JSONNode@@QBE_NPB_W@Z
??9JSONNode@@QBE_N_J@Z
??9JSONNode@@QBE_N_K@Z
??9JSONNode@@QBE_N_N@Z
??AJSONNode@@QAEAAV0@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??AJSONNode@@QAEAAV0@I@Z
??AJSONNode@@QBEABV0@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??AJSONNode@@QBEABV0@I@Z
??ATiXmlString@Xml@Base@@QBEAADI@Z
??AjsonChildren@@QBEPAVJSONNode@@I@Z
??MTiXmlAttribute@Xml@Base@@QBE_NABV012@@Z
??OTiXmlAttribute@Xml@Base@@QBE_NABV012@@Z
??YTiXmlString@Xml@Base@@QAEAAV012@ABV012@@Z
??YTiXmlString@Xml@Base@@QAEAAV012@D@Z
??YTiXmlString@Xml@Base@@QAEAAV012@PBD@Z
??_7CShortcut@FileMisc@Base@@6B@
??_7IRegistryHandle@Register@Base@@6B@
??_7IShortcut@FileMisc@Base@@6B@
??_7TiXmlAttribute@Xml@Base@@6B@
??_7TiXmlBase@Xml@Base@@6B@
??_7TiXmlComment@Xml@Base@@6B@
??_7TiXmlDeclaration@Xml@Base@@6B@
??_7TiXmlDocument@Xml@Base@@6B@
??_7TiXmlElement@Xml@Base@@6B@
??_7TiXmlNode@Xml@Base@@6B@
??_7TiXmlPrinter@Xml@Base@@6B@
??_7TiXmlText@Xml@Base@@6B@
??_7TiXmlUnknown@Xml@Base@@6B@
??_7TiXmlVisitor@Xml@Base@@6B@
??_FCShortcut@FileMisc@Base@@QAEXXZ
??_FJSONNode@@QAEXXZ
?Accept@TiXmlComment@Xml@Base@@UBE_NPAVTiXmlVisitor@23@@Z
?Accept@TiXmlDeclaration@Xml@Base@@UBE_NPAVTiXmlVisitor@23@@Z
?Accept@TiXmlDocument@Xml@Base@@UBE_NPAVTiXmlVisitor@23@@Z
?Accept@TiXmlElement@Xml@Base@@UBE_NPAVTiXmlVisitor@23@@Z
?Accept@TiXmlText@Xml@Base@@UBE_NPAVTiXmlVisitor@23@@Z
?Accept@TiXmlUnknown@Xml@Base@@UBE_NPAVTiXmlVisitor@23@@Z
?ActivePopupChild@SysMisc@Base@@YAPAUHWND__@@PAU3@@Z
?Add@TiXmlAttributeSet@Xml@Base@@QAEXPAVTiXmlAttribute@23@@Z
?AddAttrib@CMarkup@Xml@Base@@QAE_NUMCD_CSTR@@0@Z
?AddAttrib@CMarkup@Xml@Base@@QAE_NUMCD_CSTR@@H@Z
?AddChildAttrib@CMarkup@Xml@Base@@QAE_NUMCD_CSTR@@0@Z
?AddChildAttrib@CMarkup@Xml@Base@@QAE_NUMCD_CSTR@@H@Z
?AddChildElem@CMarkup@Xml@Base@@QAE_NUMCD_CSTR@@0H@Z
?AddChildElem@CMarkup@Xml@Base@@QAE_NUMCD_CSTR@@HH@Z
?AddChildSubDoc@CMarkup@Xml@Base@@QAE_NUMCD_CSTR@@@Z
?AddElem@CMarkup@Xml@Base@@QAE_NUMCD_CSTR@@0H@Z
?AddElem@CMarkup@Xml@Base@@QAE_NUMCD_CSTR@@HH@Z
?AddFileToZip@ZipUnZip@Base@@YAHPAXPB_W1@Z
?AddMemoryToZip@ZipUnZip@Base@@YAHPAXPB_W0H@Z
?AddNode@CMarkup@Xml@Base@@QAE_NHUMCD_CSTR@@@Z
?AddSubDoc@CMarkup@Xml@Base@@QAE_NUMCD_CSTR@@@Z
?AddZipMemoryToZip@ZipUnZip@Base@@YAHPAXPB_W0HH@Z
?AsynConnect@CIPCClient@IPC@Base@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Attribute@TiXmlElement@Xml@Base@@QBEPBDPBD@Z
?Attribute@TiXmlElement@Xml@Base@@QBEPBDPBDPAH@Z
?Attribute@TiXmlElement@Xml@Base@@QBEPBDPBDPAN@Z
?BOOLTobool@DataMisc@Base@@YA_NH@Z
?BackupAndRecoveryRegisterGetModule@Register@Base@@YAJPAPAX@Z
?Base64Decode@Crypt@Base@@YAHPBEHPAEH@Z
?Base64Decode@Crypt@Base@@YAHPBEHPAEPAH@Z
?Base64DecodeStr@Crypt@Base@@YAHPB_WPA_WHW4CodePage@@@Z
?Base64Encode@Crypt@Base@@YAHPBEHPAEH@Z
?Base64Encode@Crypt@Base@@YAHPBEHPAEPAH@Z
?Base64EncodeStr@Crypt@Base@@YAHPB_WPA_WHW4CodePage@@@Z
?Blank@TiXmlText@Xml@Base@@IBE_NXZ
?BuildEveryoneSD@FileMisc@Base@@YAPAXKPAX@Z
?CDATA@TiXmlText@Xml@Base@@QBE_NXZ
?CRC32@MD5@Base@@YGKPBEHK@Z
?CRC32@MD5@Base@@YGKPB_WK@Z
?CStr@TiXmlPrinter@Xml@Base@@QAEPBDXZ
?CancelWaitExecute@CWorkerPool@Thread@Base@@SAPAXI@Z
?CheckFullScreenWindow@SysMisc@Base@@YAHAAHPAPAUHWND__@@@Z
?CheckProcess@SysMisc@Base@@YAHPB_W@Z
?Child@TiXmlHandle@Xml@Base@@QBE?AV123@H@Z
?Child@TiXmlHandle@Xml@Base@@QBE?AV123@PBDH@Z
?ChildElement@TiXmlHandle@Xml@Base@@QBE?AV123@H@Z
?ChildElement@TiXmlHandle@Xml@Base@@QBE?AV123@PBDH@Z
?Clear@TiXmlCursor@Xml@Base@@QAEXXZ
?Clear@TiXmlNode@Xml@Base@@QAEXXZ
?ClearError@TiXmlDocument@Xml@Base@@QAEXXZ
?ClearThis@TiXmlElement@Xml@Base@@IAEXXZ
?Clone@TiXmlComment@Xml@Base@@UBEPAVTiXmlNode@23@XZ
?Clone@TiXmlDeclaration@Xml@Base@@UBEPAVTiXmlNode@23@XZ
?Clone@TiXmlDocument@Xml@Base@@MBEPAVTiXmlNode@23@XZ
?Clone@TiXmlElement@Xml@Base@@UBEPAVTiXmlNode@23@XZ
?Clone@TiXmlText@Xml@Base@@MBEPAVTiXmlNode@23@XZ
?Clone@TiXmlUnknown@Xml@Base@@UBEPAVTiXmlNode@23@XZ
?Close@CIPCClient@IPC@Base@@QAEXXZ
?Close@CWow64FsRedrt@Win64Helper@Base@@QAEHXZ
?CloseZip@ZipUnZip@Base@@YAXPAX_N@Z
?CloseZipFile@ZipUnZip@Base@@YAXPAX@Z
?Column@TiXmlBase@Xml@Base@@QBEHXZ
?Compress@ZipUnZip@Base@@YAHPBXHPAXHAAK@Z
?Connect@CIPCClient@IPC@Base@@QAEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@K@Z
?ConvertUTF32ToUTF8@TiXmlBase@Xml@Base@@KAXKPADPAH@Z
?CopyFilePath@FileMisc@Base@@YAXPB_W@Z
?CopyFilePath@FileMisc@Base@@YAXV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?CopyFileW@FileMisc@Base@@YAHPB_W0H@Z
?CopyKeyValue@Register@Base@@YAHPAUHKEY__@@PB_W01@Z
?CopyRegKey@Register@Base@@YAHPAUHKEY__@@0@Z
?CopyRegKey@Register@Base@@YAHPB_W0@Z
?CopyTextToClipboard@SysMisc@Base@@YAHPB_W@Z
?CopyTo@TiXmlComment@Xml@Base@@IBEXPAV123@@Z
?CopyTo@TiXmlDeclaration@Xml@Base@@IBEXPAV123@@Z
?CopyTo@TiXmlDocument@Xml@Base@@ABEXPAV123@@Z
?CopyTo@TiXmlElement@Xml@Base@@IBEXPAV123@@Z
?CopyTo@TiXmlNode@Xml@Base@@IBEXPAV123@@Z
?CopyTo@TiXmlText@Xml@Base@@IBEXPAV123@@Z
?CopyTo@TiXmlUnknown@Xml@Base@@IBEXPAV123@@Z
?CreateDir@FileMisc@Base@@YAHPB_W@Z
?CreateDirectoryNested@FileMisc@Base@@YAHPB_W@Z
?CreateFileNoRedirect@CWin64Helper@Win64Helper@Base@@QAEPAXPB_WKKPAU_SECURITY_ATTRIBUTES@@KKPAX@Z
?CreateRegKey@Register@Base@@YAHPAUHKEY__@@PB_W@Z
?CreateRegKey@Register@Base@@YAHPB_WKPAPAUHKEY__@@PAK@Z
?CreateRegKeyForce@Register@Base@@YAHPB_WKPAPAUHKEY__@@PAK@Z
?CreateShortCut@FileMisc@Base@@YAHPB_W00000HGH@Z
?CreateZip@ZipUnZip@Base@@YAPAXPB_W_N@Z
?CreateZipFile@ZipUnZip@Base@@YAPAXPB_W@Z
?Cursor@TiXmlParsingData@Xml@Base@@QAEABUTiXmlCursor@23@XZ
?DatastrToHex@DataMisc@Base@@YAHPB_W@Z
?DecodeCharUTF16@CMarkup@Xml@Base@@SAHAAPBGPBG@Z
?DecodeCharUTF8@CMarkup@Xml@Base@@SAHAAPBDPBD@Z
?DelSubKey@Register@Base@@YAHPAUHKEY__@@PB_W@Z
?DelSubKeyForce@Register@Base@@YAHPAUHKEY__@@PB_W@Z
?DeleteFileAfterReboot@FileMisc@Base@@YAXPA_W@Z
?DeleteFileEx@FileMisc@Base@@YAHPB_W@Z
?DeleteFileNoRedirect@CWin64Helper@Win64Helper@Base@@QAEHPB_W@Z
?DeleteKeyValue@Register@Base@@YAHPAUHKEY__@@PB_W1@Z
?DeleteKeyValue@Register@Base@@YAHPB_W0ABH@Z
?DeleteKeyValueForce@Register@Base@@YAHPAUHKEY__@@PB_W1@Z
?DeleteRegKey@Register@Base@@YAHPAUHKEY__@@PB_W@Z
?DeleteRegKey@Register@Base@@YAHPB_WH@Z
?DetectUTF8@CMarkup@Xml@Base@@SA_NPBDHPAHPA_N@Z
?DirSelectDlg@SysMisc@Base@@YAHPAUHWND__@@PA_WHPAUHICON__@@HPB_W333IPAH@Z
?DirSelectDlgSimple@SysMisc@Base@@YAHPAUHWND__@@PA_WHPAUHICON__@@PB_W3@Z
?DisableFileRedirect@CWin64Helper@Win64Helper@Base@@QAEHXZ
?DllGetVersion@FileMisc@Base@@YAHPB_WAAU_DLLVERSIONINFO@@@Z
?Do@CWorkerPool@Thread@Base@@KGXPAX@Z
?DoIndent@TiXmlPrinter@Xml@Base@@AAEXXZ
?DoLineBreak@TiXmlPrinter@Xml@Base@@AAEXXZ
?DoubleValue@TiXmlAttribute@Xml@Base@@QBENXZ
?Element@TiXmlHandle@Xml@Base@@QBEPAVTiXmlElement@23@XZ
?EnableDebugPrivilege@SysMisc@Base@@YAHH@Z
?EnableProcessPrivilege@SysMisc@Base@@YAHPAXPA_WH@Z
?EncodeCharUTF16@CMarkup@Xml@Base@@SAXHPAGAAH@Z
?EncodeCharUTF8@CMarkup@Xml@Base@@SAXHPADAAH@Z
?EncodeString@TiXmlBase@Xml@Base@@SAXABVTiXmlString@23@PAV423@@Z
?Encoding@TiXmlDeclaration@Xml@Base@@QBEPBDXZ
?EnumFileOfDir@FileMisc@Base@@YAHPB_WAAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@HPA_W@Z
?EnumFolderOfDir@FileMisc@Base@@YAHPB_WAAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@Z
?EnumSubKeys@Register@Base@@YAHPAUHKEY__@@PAPA_WKPAK@Z
?EnumSubKeys@Register@Base@@YAHPAUHKEY__@@PB_WPAPA_WKPAKH@Z
?EnumSubKeys@Register@Base@@YAHPB_WPAPA_WKPAKH@Z
?EnumValues@Register@Base@@YAHPAUHKEY__@@PAPA_WKPAK@Z
?EnumValues@Register@Base@@YAHPAUHKEY__@@PB_WPAPA_WKPAK@Z
?EnumValues@Register@Base@@YAHPB_WPAPA_WKPAKH@Z
?Error@TiXmlDocument@Xml@Base@@QBE_NXZ
?ErrorCol@TiXmlDocument@Xml@Base@@QBEHXZ
?ErrorDesc@TiXmlDocument@Xml@Base@@QBEPBDXZ
?ErrorId@TiXmlDocument@Xml@Base@@QBEHXZ
?ErrorRow@TiXmlDocument@Xml@Base@@QBEHXZ
?EscapeText@CMarkup@Xml@Base@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@UMCD_CSTR@@H@Z
?Execute@CWorkerPool@Thread@Base@@SA_NP6GXPAX@Z0@Z
?ExecuteExeAsAdmin@SysMisc@Base@@YAHPB_W0PAK@Z
?FileGetDefaultIcon@FileDefaultIconPicker@FileMisc@Base@@SAPAUHICON__@@PB_W@Z
?FileSelectDlg@SysMisc@Base@@YAHPA_WPB_W11HPAUHWND__@@1@Z
?Find@TiXmlAttributeSet@Xml@Base@@QAEPAVTiXmlAttribute@23@PBD@Z
?Find@TiXmlAttributeSet@Xml@Base@@QBEPBVTiXmlAttribute@23@PBD@Z
?FindChildElem@CMarkup@Xml@Base@@QAE_NUMCD_CSTR@@@Z
?FindElem@CMarkup@Xml@Base@@QAE_NUMCD_CSTR@@@Z
?FindNode@CMarkup@Xml@Base@@QAEHH@Z
?First@TiXmlAttributeSet@Xml@Base@@QAEPAVTiXmlAttribute@23@XZ
?First@TiXmlAttributeSet@Xml@Base@@QBEPBVTiXmlAttribute@23@XZ
?FirstAttribute@TiXmlElement@Xml@Base@@QAEPAVTiXmlAttribute@23@XZ
?FirstAttribute@TiXmlElement@Xml@Base@@QBEPBVTiXmlAttribute@23@XZ
?FirstChild@TiXmlHandle@Xml@Base@@QBE?AV123@PBD@Z
?FirstChild@TiXmlHandle@Xml@Base@@QBE?AV123@XZ
?FirstChild@TiXmlNode@Xml@Base@@QAEPAV123@PBD@Z
?FirstChild@TiXmlNode@Xml@Base@@QAEPAV123@XZ
?FirstChild@TiXmlNode@Xml@Base@@QBEPBV123@PBD@Z
?FirstChild@TiXmlNode@Xml@Base@@QBEPBV123@XZ
?FirstChildElement@TiXmlHandle@Xml@Base@@QBE?AV123@PBD@Z
?FirstChildElement@TiXmlHandle@Xml@Base@@QBE?AV123@XZ
?FirstChildElement@TiXmlNode@Xml@Base@@QAEPAVTiXmlElement@23@PBD@Z
?FirstChildElement@TiXmlNode@Xml@Base@@QAEPAVTiXmlElement@23@XZ
?FirstChildElement@TiXmlNode@Xml@Base@@QBEPBVTiXmlElement@23@PBD@Z
?FirstChildElement@TiXmlNode@Xml@Base@@QBEPBVTiXmlElement@23@XZ
?FlushDNS@SysMisc@Base@@YAHXZ
?ForbidLoadLibrarySearchCurrentDirectory@Library@Base@@YAXXZ
?FormatFileSize@FileMisc@Base@@YAHKPA_WK@Z
?GetAllAccessSecurityAttributes@SysMisc@Base@@YAPBU_SECURITY_ATTRIBUTES@@XZ
?GetAllAccessSecurityAttributesEx@SysMisc@Base@@YAHAAU_SECURITY_ATTRIBUTES@@AAU_SECURITY_DESCRIPTOR@@@Z
?GetArgs@CShortcut@FileMisc@Base@@UAEHPA_WH@Z
?GetAttrib@CMarkup@Xml@Base@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@UMCD_CSTR@@@Z
?GetAttribName@CMarkup@Xml@Base@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H@Z
?GetBitmapSize@FileMisc@Base@@YAHIPAJ0@Z
?GetBitmapSize@FileMisc@Base@@YAHPAUHBITMAP__@@PAJ1@Z
?GetBufferMd5@MD5@Base@@YGHPBEHPAE@Z
?GetBufferMd5@MD5@Base@@YGHPBEHPA_W@Z
?GetBufferMd5A@MD5@Base@@YGHPBEHPAD@Z
?GetBufferMd5W@MD5@Base@@YGHPBEHPA_W@Z
?GetCLSIDInfo@Register@Base@@YAHPB_WPA_W1@Z
?GetChar@TiXmlBase@Xml@Base@@KAPBDPBDPADPAHW4TiXmlEncoding@23@@Z
?GetChildAttrib@CMarkup@Xml@Base@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@UMCD_CSTR@@@Z
?GetChildData@CMarkup@Xml@Base@@QAE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetChildSubDoc@CMarkup@Xml@Base@@QAE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetChildTagName@CMarkup@Xml@Base@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetComputerNameW@SysMisc@Base@@YAHPA_WK@Z
?GetCurDate@DataMisc@Base@@YAXPA_WH@Z
?GetCurFile@CShortcut@FileMisc@Base@@UAEHPA_WH@Z
?GetCurPEVersionA@FileMisc@Base@@YAHPADHPB_W@Z
?GetCurPathRootPath@FileMisc@Base@@YAHPA_WKK@Z
?GetCurrentProcessPath@FileMisc@Base@@YAHPA_WK@Z
?GetData@CMarkup@Xml@Base@@QAE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetDateStamp@DataMisc@Base@@YAHPA_WH@Z
?GetDeclaredEncoding@CMarkup@Xml@Base@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@UMCD_CSTR@@@Z
?GetDefaultBrowser@SysMisc@Base@@YAHPA_WPAK@Z
?GetDesc@CShortcut@FileMisc@Base@@UAEHPA_WH@Z
?GetDir@CShortcut@FileMisc@Base@@UAEHPA_WH@Z
?GetDoc@CMarkup@Xml@Base@@QBEABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetDocFlags@CMarkup@Xml@Base@@QBEHXZ
?GetDocument@TiXmlNode@Xml@Base@@QAEPAVTiXmlDocument@23@XZ
?GetDocument@TiXmlNode@Xml@Base@@QBEPBVTiXmlDocument@23@XZ
?GetDrTempFile@FileMisc@Base@@YAHPA_WHPB_W1@Z
?GetDwordIp@DataMisc@Base@@YAKABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?GetElemContent@CMarkup@Xml@Base@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetElemDoc@CMarkup@Xml@Base@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetEncodingCodePage@CMarkup@Xml@Base@@SAHUMCD_CSTR@@@Z
?GetEntity@TiXmlBase@Xml@Base@@KAPBDPBDPADPAHW4TiXmlEncoding@23@@Z
?GetError@CMarkup@Xml@Base@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetFileInfo@FileMisc@Base@@YAHPB_WPA_W11@Z
?GetFileMD5@MD5@Base@@YGHPB_WPAE@Z
?GetFileMD5@MD5@Base@@YGHPB_WPA_W@Z
?GetFileMD5A@MD5@Base@@YGHPBDPAD@Z
?GetFileMD5A@MD5@Base@@YGHPBDPAE@Z
?GetFileMD5W@MD5@Base@@YGHPB_WPAE@Z
?GetFileMD5W@MD5@Base@@YGHPB_WPA_W@Z
?GetFileSingleInfo@FileMisc@Base@@YAHPB_W0PA_WPAH@Z
?GetFileSizeEx@FileMisc@Base@@YAKPB_W@Z
?GetFileSizeWow64@Win64Helper@Base@@YG_KPB_W@Z
?GetFileTimeFlex@FileMisc@Base@@YAHPB_WPAU_FILETIME@@11@Z
?GetFileVerInfoA@FileMisc@Base@@YAHPBDPADH@Z
?GetFileVerInfoW@FileMisc@Base@@YAHPB_WPA_WH@Z
?GetFileVersion@FileMisc@Base@@YAHPB_WAAI111@Z
?GetFolderSize@FileMisc@Base@@YA_KPB_WPAK1@Z
?GetGuid@GUID@Base@@YGHPAEH@Z
?GetGuid@GUID@Base@@YGHPA_WH@Z
?GetGuidA@GUID@Base@@YGHPADH@Z
?GetGuidW@GUID@Base@@YGHPA_WH@Z
?GetHotKey@CShortcut@FileMisc@Base@@UAEHPAG@Z
?GetIEFullPath@SysMisc@Base@@YAHPA_WPAK@Z
?GetIEHistoryPath@FileMisc@Base@@YAHPA_WK@Z
?GetIETempPath@FileMisc@Base@@YAHPA_WK@Z
?GetIEVersion@FileMisc@Base@@YAJXZ
?GetIco@CShortcut@FileMisc@Base@@UAEHPA_WHPAH@Z
?GetIcon@FileMisc@Base@@YAPAUHICON__@@HI@Z
?GetKeyRedirectInfo@CWin64Helper@Win64Helper@Base@@QAEHPAUHKEY__@@PB_WAAI@Z
?GetList@CShortcut@FileMisc@Base@@UAEHPAPAU_ITEMIDLIST@@@Z
?GetLocalPath@FileMisc@Base@@YAHPA_WPAK@Z
?GetMainPath@FileMisc@Base@@YAHPA_WKH@Z
?GetModuleFileNameW@FileMisc@Base@@YAHPA_WKPAUHINSTANCE__@@@Z
?GetNativeSystemDir@CWin64Helper@Win64Helper@Base@@QAEIPA_WI@Z
?GetNodeType@CMarkup@Xml@Base@@QAEHXZ
?GetNumberVerFromStringVer@FileMisc@Base@@YAHPAI000PB_W@Z
?GetOSVersion@SysMisc@Base@@YAHAAI0@Z
?GetOSVersion@SysMisc@Base@@YAJXZ
?GetOSVersionEx@SysMisc@Base@@YAJAAK0@Z
?GetPEVersion@FileMisc@Base@@YAHPAI000PB_W@Z
?GetParentProcessPath@SysMisc@Base@@YAHKPA_WKPAK@Z
?GetPath@CShortcut@FileMisc@Base@@UAEHPA_WHPAU_WIN32_FIND_DATAW@@K@Z
?GetProcessName@SysMisc@Base@@YAHKPA_WK@Z
?GetProcessUserName@SysMisc@Base@@YAHKPA_WK0K@Z
?GetProcessorsCount@SysMisc@Base@@YAKXZ
?GetRealPathInX64@Win64Helper@Base@@YGHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PA_WH@Z
?GetResult@CMarkup@Xml@Base@@QBEABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetRootKeyByDesc@Register@Base@@YAHPB_WPAPAUHKEY__@@@Z
?GetRootKeyDesc@Register@Base@@YAHPAUHKEY__@@PA_WH@Z
?GetScreenSize@SysMisc@Base@@YAJH@Z
?GetShortCutInfo@FileMisc@Base@@YAHPB_WPA_W1111PAHPAG2@Z
?GetShow@CShortcut@FileMisc@Base@@UAEHPAH@Z
?GetSpecialPath@FileMisc@Base@@YAHPA_WH@Z
?GetSqlite3DB@Sqlite3Connection@Database@Base@@QAEPAUsqlite3@@XZ
?GetStrIp@DataMisc@Base@@YAHKPA_WH@Z
?GetSubDoc@CMarkup@Xml@Base@@QAE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetSysTempPath@FileMisc@Base@@YAHPA_WK@Z
?GetSystemDirectoryW@FileMisc@Base@@YAHPA_WK@Z
?GetTagName@CMarkup@Xml@Base@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetText@TiXmlElement@Xml@Base@@QBEPBDXZ
?GetTimeString@DataMisc@Base@@YAH_JPA_WH@Z
?GetUserData@TiXmlBase@Xml@Base@@QAEPAXXZ
?GetUserData@TiXmlBase@Xml@Base@@QBEPBXXZ
?GetUserNameW@SysMisc@Base@@YAHPA_WK@Z
?GetWindowsVersion@SysMisc@Base@@YAHAAKPA_WH@Z
?GetWow64Dir@CWin64Helper@Win64Helper@Base@@QAEIPA_WI@Z
?GzipCompress@ZipUnZip@Base@@YAHPAEPAKPBEK@Z
?GzipUncompress@ZipUnZip@Base@@YAHPAEPAKPBEK@Z
?Identify@TiXmlNode@Xml@Base@@IAEPAV123@PBDW4TiXmlEncoding@23@@Z
?Indent@TiXmlPrinter@Xml@Base@@QAEPBDXZ

Sections

.text
Size: 852KB - Virtual size: 848KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 236KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/BugReport.exe
.exe windows:4 windows x86 arch:x86

cddb727dc4fefe7df8390ff1a5ebf2fc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\clientci\workspace\haiyan_v1.5_compile\basic\Output\BinRelease\BugReport.pdb

Imports

basedll

?ZipCompress@ZipUnZip@Base@@YAHPAXPB_W_N@Z
?Compress@ZipUnZip@Base@@YAHPBXHPAXHAAK@Z
?CloseZip@ZipUnZip@Base@@YAXPAX_N@Z
?CreateZip@ZipUnZip@Base@@YAPAXPB_W_N@Z
?OutputDebugInfoEx@Log@Base@@YAXHPBD0IHPB_WZZ
?SafeLoadLibrary@Library@Base@@YAPAUHINSTANCE__@@PB_WH@Z
?GetFileMD5@MD5@Base@@YGHPB_WPAE@Z
?Md5ToStringA@MD5@Base@@YGXPBEPAD@Z
?OutputDebugInfoEx@Log@Base@@YAXHPBD0IH0ZZ
?QueryKeyValue@Register@Base@@YAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0PA_WPAK@Z

utilsdll

?UnInit@CConfig@Config@Utils@@UAGJPAX@Z
?Init@CConfig@Config@Utils@@UAGJPAX@Z
?Read@CConfig@Config@Utils@@UAEHPB_WPAXKPAK@Z
?Release@CConfig@Config@Utils@@UAGKXZ
?Write@CConfig@Config@Utils@@UAEHPB_WPAXK@Z
?AddRef@CConfig@Config@Utils@@UAGKXZ
?Init@CConfig@Config@Utils@@UAEHHPB_W@Z
??1CConfig@Config@Utils@@MAE@XZ
??0CConfig@Config@Utils@@QAE@XZ
?dec_ref@?$EnableIntrusive@VCConfig@Config@Utils@@@@QAEJXZ
?add_ref@?$EnableIntrusive@VCConfig@Config@Utils@@@@QAEJXZ
?GetInstallVer@Misc@Utils@@YAHPADK@Z
?GetSoftID@Misc@Utils@@YAIXZ
?GetSupplyID@Misc@Utils@@YAHAAH@Z

dbghelp

SymGetLineFromAddr64
SymCleanup
SymGetModuleInfo
SymLoadModule
SymGetSymFromAddr
SymInitialize
SymSetOptions

psapi

GetModuleFileNameExW
GetModuleFileNameExA

wininet

InternetCloseHandle

comctl32

InitCommonControlsEx
ImageList_Create
ImageList_ReplaceIcon

kernel32

InterlockedExchange
GetVersionExA
RaiseException
HeapSize
HeapReAlloc
HeapDestroy
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
Sleep
GlobalAlloc
GetACP
GetLocaleInfoA
GetThreadLocale
InterlockedCompareExchange
ReadProcessMemory
VirtualQueryEx
GetThreadSelectorEntry
FindClose
ExpandEnvironmentStringsW
FindFirstFileW
FindNextFileW
SetFilePointer
GetCurrentThreadId
ReadFile
CreateDirectoryW
CreateFileW
CloseHandle
GetTempPathW
GetTickCount
DeleteFileW
GetCurrentProcessId
lstrcpynW
GetModuleFileNameW
GetProcessId
SizeofResource
FindResourceExW
FindResourceW
GetModuleHandleW
GetVersionExW
WideCharToMultiByte
LocalFree
GetStartupInfoW
LoadResource
LocalAlloc
WriteProcessMemory
MultiByteToWideChar
OpenThread
GetProcAddress
CreateFileA
HeapAlloc
WriteFile
VirtualProtect
GetFileSize
HeapFree
SetDllDirectoryW
GetProcessHeap
SetEvent
CreateEventW
OpenProcess
CreateProcessW
WaitForSingleObject
SetCurrentDirectoryW
InterlockedDecrement
InterlockedIncrement
GlobalLock
GlobalFree
GlobalUnlock
LockResource

user32

GetKeyState
FillRect
CallWindowProcW
BeginPaint
SetClipboardData
EndPaint
LoadIconW
ClientToScreen
GetDlgItem
SendMessageW
SetDlgItemTextW
GetWindow
GetWindowRect
ScreenToClient
OpenClipboard
LoadImageW
RegisterClipboardFormatW
EmptyClipboard
SetWindowTextW
ShowWindow
CloseClipboard
DrawIconEx
SendDlgItemMessageW
EndDialog
DialogBoxParamW
EnumChildWindows
GetClassNameW
GetGuiResources
GetWindowThreadProcessId
GetParent
EnumWindows
SetWindowLongW
SetWindowPos
UnregisterClassA

gdi32

SetBkColor
CreateSolidBrush
DeleteObject

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

ShellExecuteW
SHGetDesktopFolder
ord155
SHBindToParent
SHGetFileInfoW

ole32

DoDragDrop
OleInitialize
OleUninitialize

oleaut32

SysStringByteLen
SysStringLen
SysAllocStringByteLen
SysAllocString
SysFreeString

msvcp80

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ

msvcr80

vsprintf_s
_amsg_exit
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
memset
_CxxThrowException
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__iob_func
memcpy
__CxxFrameHandler3
fprintf
fflush
toupper
fgets
strstr
strcpy_s
__RTDynamicCast
srand
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
malloc
wcsncmp
swscanf
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
??3@YAXPAX@Z
wcschr
_invalid_parameter_noinfo
memmove_s
?what@exception@std@@UBEPBDXZ
??2@YAPAXI@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
memcpy_s
??_V@YAXPAX@Z
_wassert
_purecall
wcsrchr
vswprintf_s
_gmtime32
_snwprintf
_vscwprintf
fclose
strrchr
_mbscmp
_wfopen
_wtol
_vscprintf
fread
_snprintf
wcsncpy
_mbslwr_s
__argc
sprintf_s
_beginthreadex
free
__wargv
_wcsnicmp
__wgetmainargs

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/DriverManager.dll
.dll windows:4 windows x86 arch:x86

e0ad35b921e5c3c3a19f33444d87af76

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\clientci\workspace\haiyan_v1.5_compile\basic\Output\BinRelease\DriverManager.pdb

Imports

msvcp80

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z

ntdll

ZwReplyWaitReceivePortEx
ZwCreatePort
_wcsnicmp
ZwReplyPort
ZwRequestPort
ZwRequestWaitReplyPort
ZwClose
ZwConnectPort
RtlInitUnicodeString
ZwCompleteConnectPort
ZwAcceptConnectPort
ZwCreateSection
_wcsicmp
wcsstr
wcschr
toupper
wcsrchr
memset
memcpy
_chkstk

kernel32

GetModuleHandleW
QueryPerformanceCounter
QueryPerformanceFrequency
GetFileTime
GetCurrentProcess
DeviceIoControl
CreateFileW
CopyFileW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
FormatMessageA
LocalFree
CreateWaitableTimerA
SystemTimeToFileTime
ResumeThread
ResetEvent
OpenEventA
GetCurrentProcessId
ReleaseSemaphore
GetSystemDirectoryW
DeleteFileW
lstrcpynW
GetProcAddress
GetProcessHeap
InterlockedExchangeAdd
GetModuleFileNameW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
OutputDebugStringW
CloseHandle
WaitForMultipleObjects
TlsGetValue
TerminateThread
QueueUserAPC
WaitForSingleObject
SetEvent
TlsFree
PostQueuedCompletionStatus
CreateMutexW
TlsSetValue
CreateIoCompletionPort
SetWaitableTimer
TlsAlloc
GetLastError
GetQueuedCompletionStatus
CreateEventA
InterlockedCompareExchange
InterlockedIncrement
SetLastError
InterlockedExchange
LoadLibraryW
InterlockedDecrement
FreeLibrary
HeapAlloc
GetEnvironmentVariableW
QueryDosDeviceW
InitializeCriticalSection
CreateEventW
lstrlenW
CompareFileTime
GetTickCount
MoveFileExW
Sleep
GetSystemTimeAsFileTime

advapi32

AdjustTokenPrivileges
OpenProcessToken
RegDeleteValueW
RegCreateKeyExW
RegCloseKey
CloseServiceHandle
RegOpenKeyExW
RegQueryValueExW
DeleteService
CreateServiceW
ControlService
StartServiceW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
RegSetValueExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shlwapi

PathAppendW
PathCombineW
PathRemoveFileSpecW
SHDeleteKeyW

ws2_32

WSACleanup
WSAStartup

msvcr80

_lock
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__CppXcptFilter
_adjust_fdiv
_amsg_exit
??3@YAXPAX@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBDH@Z
_invalid_parameter_noinfo
??1exception@std@@UAE@XZ
_snwprintf_s
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
_purecall
swprintf_s
malloc
wcscpy_s
?what@exception@std@@UBEPBDXZ
??_V@YAXPAX@Z
wcsncpy_s
wcscat_s
memmove_s
??8type_info@@QBE_NABV0@@Z
wcsncat_s
swscanf_s
_beginthreadex
_gmtime64
__CxxFrameHandler3
_CxxThrowException
strerror
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_initterm_e
_onexit
_decode_pointer
_malloc_crt
free
_encoded_null
_initterm

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

CreateHIPSMgr
InitDriverManager
InstallDrivers
ReleseHIPSMgr
UninitDriverManager
UninstallDrivers

Sections

.text
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/ProtocolDll.dll
.dll windows:4 windows x86 arch:x86

beff2381a8fbe26f1e0bbf2cfc6a331b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\clientci\workspace\haiyan_v1.5_compile\basic\Output\BinRelease\ProtocolDll.pdb

Imports

basedll

?GetOSVersionEx@SysMisc@Base@@YAJAAK0@Z
?IsX64System@Win64Helper@Base@@YGHAAH@Z
?GetGuidA@GUID@Base@@YGHPADH@Z
?OutputDebugInfoEx@Log@Base@@YAXHPBD0IHPB_WZZ
?OutputDebugInfoEx@Log@Base@@YAXHPBD0IH0ZZ
?TeaDecryptCBC2@Crypt@Base@@YAHPBEH0PAEPAH@Z
?TeaEncryptCBC2Len@Crypt@Base@@YAHH@Z
?TeaDecryptCBC2Len@Crypt@Base@@YAHPBEH0@Z
?TeaEncryptCBC2@Crypt@Base@@YAXPBEH0PAEPAH@Z
?GzipCompress@ZipUnZip@Base@@YAHPAEPAKPBEK@Z
?GzipUncompress@ZipUnZip@Base@@YAHPAEPAKPBEK@Z

kernel32

CloseHandle
CreateEventA
WaitForSingleObject
SetEvent
TlsAlloc
TlsGetValue
PostQueuedCompletionStatus
GetLastError
InterlockedExchange
TlsFree
InterlockedExchangeAdd
InterlockedIncrement
LeaveCriticalSection
InterlockedDecrement
EnterCriticalSection
SetWaitableTimer
SetLastError
DeleteCriticalSection
SleepEx
GetQueuedCompletionStatus
TlsSetValue
CreateIoCompletionPort
InterlockedCompareExchange
TerminateThread
CreateEventW
QueueUserAPC
WaitForMultipleObjects
CreateWaitableTimerW
InitializeCriticalSectionAndSpinCount
Sleep
GetProcessHeap
HeapAlloc
HeapFree
GetTickCount
VirtualQuery
GetModuleFileNameA
InitializeCriticalSection
ReleaseSemaphore
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
OpenEventA
ResetEvent
ResumeThread
SystemTimeToFileTime
CreateWaitableTimerA
LocalFree
FormatMessageA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime

msvcp80

??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
?allocate@?$allocator@D@std@@QAEPADI@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?uncaught_exception@std@@YA_NXZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PADH@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@H@2@V32@H@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@H@2@JHH@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPBDH@Z
?_Xsgetn_s@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPADIH@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPADH@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Register@facet@locale@std@@QAEXXZ
?_Incref@facet@locale@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??Bid@locale@std@@QAEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@1@0@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??1locale@std@@QAE@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?id@?$ctype@D@std@@2V0locale@2@A
??1_Lockit@std@@QAE@XZ
??0locale@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@PBD1@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@V?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@0ABV12@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@V?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@0PBD1@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@V32@0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@0@Z
?destroy@?$allocator@D@std@@QAEXPAD@Z
?construct@?$allocator@D@std@@QAEXPADABD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z

msvcr80

_beginthreadex
_stricmp
_itoa_s
_atoi64
isdigit
_i64toa_s
_configthreadlocale
isupper
isspace
atoi
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
sprintf
_stat64i32
strcspn
ispunct
strchr
tolower
isalnum
__CxxFrameHandler3
_snprintf
fflush
fprintf
__iob_func
_CxxThrowException
memcpy
_gmtime64
strerror
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
free
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
??3@YAXPAX@Z
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
_purecall
??_V@YAXPAX@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABQBDH@Z
strtoul
??8type_info@@QBE_NABV0@@Z
_invalid_parameter_noinfo
vsprintf_s
memmove
memmove_s
memset

ws2_32

bind
getsockopt
listen
shutdown
ioctlsocket
getsockname
__WSAFDIsSet
connect
getaddrinfo
WSAGetLastError
inet_addr
freeaddrinfo
accept
closesocket
WSASend
select
WSASocketW
WSAStartup
WSACleanup
setsockopt
WSASetLastError
WSARecv

winmm

timeGetTime

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z
CreateAuroraService
InitProductParam
ResetAccountParam
SetAccountParam
SetCompress
SetCrypt
SetCryptKey
SetServiceUrl

Sections

.text
Size: 252KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/ReportDll.dll
.dll windows:4 windows x86 arch:x86

3d2d296b3280ee54dd2b35b922850b6a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\clientci\workspace\haiyan_v1.5_compile\basic\Output\BinRelease\ReportDll.pdb

Imports

basedll

?OutputDebugInfoEx@Log@Base@@YAXHPBD0IHPB_WZZ
?OutputDebugInfoEx@Log@Base@@YAXHPBD0IH0ZZ

utilsdll

??0CConfig@Config@Utils@@QAE@XZ
?GetSupplyID@Misc@Utils@@YAHAAH@Z
?GetUserStorePath@Misc@Utils@@YAHPA_W@Z
?GetSoftID@Misc@Utils@@YAIXZ
?GetInstallVer@Misc@Utils@@YAHPADK@Z

protocoldll

CreateAuroraService
InitProductParam
SetServiceUrl

kernel32

Sleep
FormatMessageA
LocalFree
TlsSetValue
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
InterlockedIncrement
CreateEventW
InterlockedDecrement
GetTickCount
CloseHandle
CreateEventA
SetEvent
WideCharToMultiByte
UnhandledExceptionFilter
ReadFile
SetFilePointer
ResetEvent
GetFileSize
GetLastError
CreateFileW
SetEndOfFile
ExpandEnvironmentStringsW
WriteFile
OpenEventA
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapFree
GetProcessHeap
TlsAlloc
TlsFree
TlsGetValue
InterlockedExchange

msvcp80

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?uncaught_exception@std@@YA_NXZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

msvcr80

_snprintf
fflush
fprintf
__iob_func
_CxxThrowException
memcpy
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_malloc_crt
free
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__clean_type_info_names_internal
__CxxFrameHandler3
_beginthreadex
wcscpy_s
strcpy_s
atoi
memmove_s
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
_time64
??3@YAXPAX@Z
??_V@YAXPAX@Z
_purecall
??2@YAPAXI@Z
strerror
??0exception@std@@QAE@ABQBDH@Z
memset

Exports

Exports

GetReportMgr
ReleaseReportMgr

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/ReportRecordDll.dll
.dll windows:4 windows x86 arch:x86

189934570039c1fb214aa8027ce95db3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\clientci\workspace\haiyan_v1.5_compile\basic\Output\BinRelease\ReportRecordDll.pdb

Imports

basedll

?RegSmartGetValue@Register@Base@@YAHPB_W0AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H@Z
?GetWindowsVersion@SysMisc@Base@@YAHAAKPA_WH@Z

utilsdll

??0CConfig@Config@Utils@@QAE@XZ

reportdll

GetReportMgr

kernel32

CreateEventA
SetEvent
WaitForSingleObject
CloseHandle
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
GetLastError
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TlsSetValue
ResetEvent
TlsGetValue
TlsFree
TlsAlloc
GetProcessHeap
HeapFree
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
FormatMessageA
LocalFree
OpenEventA

msvcp80

?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

msvcr80

fprintf
__iob_func
_CxxThrowException
strerror
?terminate@@YAXXZ
_unlock
fflush
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
free
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
__clean_type_info_names_internal
_snprintf
memcpy
__CxxFrameHandler3
memmove_s
_time64
atoi
??0exception@std@@QAE@XZ
??_V@YAXPAX@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBDH@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
??3@YAXPAX@Z
__dllonexit
_purecall
memset

Exports

Exports

??0CLauchReportRecord@ReportRecord@@QAE@ABV01@@Z
??0CLauchReportRecord@ReportRecord@@QAE@XZ
??1CLauchReportRecord@ReportRecord@@UAE@XZ
??4CLauchReportRecord@ReportRecord@@QAEAAV01@ABV01@@Z
??_7CLauchReportRecord@ReportRecord@@6B@
?ReadDataCfg@CLauchReportRecord@ReportRecord@@QAEHW4CMD@Report@@@Z
?Serialize@CLauchReportRecord@ReportRecord@@UAEHXZ
?SetExitMode@CLauchReportRecord@ReportRecord@@QAEXI@Z
?SetExitReason@CLauchReportRecord@ReportRecord@@QAEXI@Z
?SetExpendTimeOnLaunch@CLauchReportRecord@ReportRecord@@QAEXI@Z
?SetLastCrashFlag@CLauchReportRecord@ReportRecord@@QAEXI@Z
?SetLastLaunchIntervalAndLastStartTime@CLauchReportRecord@ReportRecord@@QAEHXZ
?SetLastRunLength@CLauchReportRecord@ReportRecord@@QAEXI@Z
?SetLastUpdateTime@CLauchReportRecord@ReportRecord@@QAEXI@Z
?SetStartMode@CLauchReportRecord@ReportRecord@@QAEXI@Z
?SetSupplyID@CLauchReportRecord@ReportRecord@@QAEXI@Z
?WriteDataCfg@CLauchReportRecord@ReportRecord@@QAEHXZ
GetInstallReportRecord
GetMiniDownloadReportRecord
GetMiniDownloadStateReportRecord
GetUnInstallReportRecord

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/UtilsDll.dll
.dll windows:4 windows x86 arch:x86

ba963b15a92ad6af01a525c2ed8ecb9c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\clientci\workspace\haiyan_v1.5_compile\basic\Output\BinRelease\UtilsDll.pdb

Imports

ws2_32

gethostbyname
inet_ntoa

basedll

?RC4Encrypt@Crypt@Base@@YGHPBEHPAEH0H@Z
?RC4Decrypt@Crypt@Base@@YGHPBEHPAEH0H@Z
?OutputDebugInfoEx@Log@Base@@YAXHPBD0IHPB_WZZ
?CreateDir@FileMisc@Base@@YAHPB_W@Z
?IsDirectoryExist@FileMisc@Base@@YAHPB_W@Z
?IsFileExist@FileMisc@Base@@YAHPB_W@Z
?CreateDirectoryNested@FileMisc@Base@@YAHPB_W@Z
?GetFileVerInfoW@FileMisc@Base@@YAHPB_WPA_WH@Z
?GetModuleFileNameW@FileMisc@Base@@YAHPA_WKPAUHINSTANCE__@@@Z
?Unqueue@CWorkerPool@Thread@Base@@SAXI@Z
?Queue@CWorkerPool@Thread@Base@@SAIP6GXPAX@Z0IH@Z
?GetAllAccessSecurityAttributes@SysMisc@Base@@YAPBU_SECURITY_ATTRIBUTES@@XZ

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
UnhandledExceptionFilter
ExpandEnvironmentStringsW
WaitForSingleObject
GetLastError
CloseHandle
ReleaseMutex
InterlockedDecrement
CreateMutexW
DeleteFileW
LocalFree
lstrcmpiW
GetModuleHandleW
WideCharToMultiByte
LocalAlloc
OpenProcess
GetCurrentProcess
InterlockedIncrement
GetModuleFileNameW
InterlockedExchange
GetSystemTimeAsFileTime
VirtualAllocEx
GetCurrentThreadId
TlsGetValue
DuplicateHandle
GetProcessTimes
ExitProcess
WaitForMultipleObjects
TlsSetValue
TlsAlloc
SetErrorMode
CreateProcessW
HeapAlloc
TerminateProcess
SetUnhandledExceptionFilter
GetCurrentProcessId
SystemTimeToFileTime
GetProcessHeap
GlobalMemoryStatusEx
CreateEventW
GetSystemTime
SearchPathW
RaiseException
ResetEvent
SetEvent
PulseEvent
FormatMessageW
InterlockedCompareExchange
Sleep
GetProcAddress
GetCommandLineW

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

shell32

CommandLineToArgvW
SHGetFolderPathW

ole32

CoInitialize
StgIsStorageFile
StgCreateDocfile
CoUninitialize
StgOpenStorage

msvcr80

?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
__CxxFrameHandler3
strncpy_s
_vscwprintf_p
_vswprintf_p
_vswprintf
_vsnwprintf_s
_set_purecall_handler
_set_invalid_parameter_handler
_purecall
_wtoi
_wcsnicmp
swscanf_s
memcpy
_snwscanf_s
wcschr
??_U@YAPAXI@Z
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??2@YAPAXI@Z
wcsstr
memmove_s
wcsncpy_s
free
wcscat_s
malloc
wcsncat_s
??_V@YAXPAX@Z
??3@YAXPAX@Z
_wcsicmp
memset
_CxxThrowException
wcscpy_s
wcsrchr

msvcp80

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXID@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??$?PDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

shlwapi

PathRemoveFileSpecW
StrCpyNW
PathFileExistsW
StrRChrW

psapi

GetModuleBaseNameW
GetModuleFileNameExW
EnumProcessModules
EnumProcesses

Exports

Exports

??0?$EnableIntrusive@VCConfig@Config@Utils@@@@QAE@XZ
??0CAutoResetEvent@Event@Utils@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_N@Z
??0CAutoResetEvent@Event@Utils@@QAE@_N@Z
??0CCmdParser@Misc@Utils@@QAE@ABV012@@Z
??0CCmdParser@Misc@Utils@@QAE@PB_WQAPB_WH@Z
??0CConfig@Config@Utils@@QAE@XZ
??0CEvent@Event@Utils@@QAE@PAU_SECURITY_ATTRIBUTES@@_N1@Z
??0CEvent@Event@Utils@@QAE@PAU_SECURITY_ATTRIBUTES@@_N1ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??0CManualResetEvent@Event@Utils@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_N@Z
??0CManualResetEvent@Event@Utils@@QAE@PAU_SECURITY_ATTRIBUTES@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_N@Z
??0CManualResetEvent@Event@Utils@@QAE@_N@Z
??0CWin32Exception@Exception@Utils@@QAE@ABV012@@Z
??0CWin32Exception@Exception@Utils@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@K@Z
??0InstanceHandler@0Utils@@QAE@XZ
??1CAutoResetEvent@Event@Utils@@UAE@XZ
??1CCmdParser@Misc@Utils@@UAE@XZ
??1CConfig@Config@Utils@@MAE@XZ
??1CEvent@Event@Utils@@UAE@XZ
??1CManualResetEvent@Event@Utils@@UAE@XZ
??1CWin32Exception@Exception@Utils@@UAE@XZ
??1InstanceHandler@0Utils@@QAE@XZ
??4CCmdParser@Misc@Utils@@QAEAAV012@ABV012@@Z
??4InstanceHandler@0Utils@@QAEAAV001@ABV001@@Z
??_7CAutoResetEvent@Event@Utils@@6B@
??_7CCmdParser@Misc@Utils@@6B@
??_7CConfig@Config@Utils@@6B@
??_7CEvent@Event@Utils@@6B@
??_7CManualResetEvent@Event@Utils@@6B@
??_7CWin32Exception@Exception@Utils@@6B@
??_FCAutoResetEvent@Event@Utils@@QAEXXZ
??_FCManualResetEvent@Event@Utils@@QAEXXZ
?AddRef@CConfig@Config@Utils@@UAGKXZ
?DecryptBuffer@CConfig@Config@Utils@@AAEHPAEK@Z
?EncryptBuffer@CConfig@Config@Utils@@AAEHPAEK@Z
?GetAccountStorePath@Misc@Utils@@YAHPA_W_K@Z
?GetAppdataFolderNotWithSlash@Misc@Utils@@YAPB_WXZ
?GetBuildVer@Misc@Utils@@YAIXZ
?GetCommonCfgContext@CConfig@Config@Utils@@AAEJPB_WPAXKPAK@Z
?GetCrashCatcher@CrashCatcher@Utils@@YAPAVICrashCatcher@12@XZ
?GetDstVersionByStr@Misc@Utils@@YAIABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?GetError@CWin32Exception@Exception@Utils@@QBEKXZ
?GetEvent@CEvent@Event@Utils@@QBEPAXXZ
?GetExeFileName@Misc@Utils@@YAPB_WXZ
?GetExeFolderNotWithSlash@Misc@Utils@@YAPB_WXZ
?GetHostByUrl@Misc@Utils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V34@@Z
?GetIEVersion@Misc@Utils@@YAKXZ
?GetInstallDir@Misc@Utils@@YAHPA_WK@Z
?GetInstallRegPath@Misc@Utils@@YAHPAPAUHKEY__@@PA_WK@Z
?GetInstallVer@Misc@Utils@@YAHPADK@Z
?GetInstallVer@Misc@Utils@@YAHPA_WK@Z
?GetInstanceHandle@InstanceHandler@1Utils@@QAEPAXXZ
?GetLastErrorMessage@Error@Utils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@K@Z
?GetLogicTaskMgr@LogicTaskMgr@Utils@@YAPAVILogicTaskMgr@12@XZ
?GetModuleDirectory@Misc@Utils@@YAPA_WPA_WH@Z
?GetOption@CCmdParser@Misc@Utils@@QBEPB_WH@Z
?GetRawCmdLine@CCmdParser@Misc@Utils@@QBEPB_WXZ
?GetRawCmdWithoutExe@CCmdParser@Misc@Utils@@QBEPB_WXZ
?GetSoftID@Misc@Utils@@YAIXZ
?GetStorePath@Misc@Utils@@YAHPA_W@Z
?GetSupplyID@Misc@Utils@@YAHAAH@Z
?GetUserStorePath@Misc@Utils@@YAHPA_W@Z
?Init@CConfig@Config@Utils@@UAEHHPB_W@Z
?Init@CConfig@Config@Utils@@UAGJPAX@Z
?Init@InstanceHandler@1Utils@@QAEHPB_WPAU_SECURITY_ATTRIBUTES@@@Z
?IsInnerNet@Misc@Utils@@YAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?IsOptionEqual@CCmdParser@Misc@Utils@@QBEHHPB_WH@Z
?IsOptionPresent@CCmdParser@Misc@Utils@@QBEHH@Z
?IsOptionValuePresent@CCmdParser@Misc@Utils@@QBEHH@Z
?IsValid@CCmdParser@Misc@Utils@@QBEHXZ
?Pulse@CEvent@Event@Utils@@QAEXXZ
?Read@CConfig@Config@Utils@@UAEHPB_WPAXKPAK@Z
?ReadInternal@CConfig@Config@Utils@@AAEHPB_WPAXKPAK@Z
?Release@CConfig@Config@Utils@@UAGKXZ
?Reset@CEvent@Event@Utils@@QAEXXZ
?Set@CEvent@Event@Utils@@QAEXXZ
?SetCommonCfgContext@CConfig@Config@Utils@@AAEJPB_WPAXKPAK@Z
?SetConfigFilePath@CConfig@Config@Utils@@AAEJPA_WH@Z
?SetConfigRootDir@CConfig@Config@Utils@@CAXPB_W@Z
?SetSupplyID@Misc@Utils@@YAHH@Z
?UnInit@CConfig@Config@Utils@@UAGJPAX@Z
?Wait@CEvent@Event@Utils@@QBEXXZ
?Wait@CEvent@Event@Utils@@QBE_NK@Z
?Write@CConfig@Config@Utils@@UAEHPB_WPAXK@Z
?WriteInternal@CConfig@Config@Utils@@AAEHPB_WPAXK@Z
?_Parse@CCmdParser@Misc@Utils@@AAEHXZ
?add_ref@?$EnableIntrusive@VCConfig@Config@Utils@@@@QAEJXZ
?dec_ref@?$EnableIntrusive@VCConfig@Config@Utils@@@@QAEJXZ
?ref_count@?$EnableIntrusive@VCConfig@Config@Utils@@@@QBEJXZ
?s_tszConfigRootDir@CConfig@Config@Utils@@0PA_WA

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/bddlsvc.exe
.exe windows:4 windows x86 arch:x86

12fa84f78c7118befcceb5ee619aeea0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\clientci\workspace\haiyan_v1.5_compile\basic\Output\BinRelease\bddlsvc.pdb

Imports

basedll

?GetAllAccessSecurityAttributesEx@SysMisc@Base@@YAHAAU_SECURITY_ATTRIBUTES@@AAU_SECURITY_DESCRIPTOR@@@Z
?intrusive_ptr_add_ref@IPC@Base@@YAXPAVCIPCChannel@12@@Z
?intrusive_ptr_release@IPC@Base@@YAXPAVCIPCChannel@12@@Z
??0CIPCServer@IPC@Base@@QAE@XZ
??1CIPCServer@IPC@Base@@QAE@XZ
?Start@CIPCServer@IPC@Base@@QAEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Stop@CIPCServer@IPC@Base@@QAEXXZ
?SendTo@CIPCServer@IPC@Base@@QAEXV?$intrusive_ptr@VCIPCChannel@IPC@Base@@@boost@@HABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?SendTo@CIPCServer@IPC@Base@@QAEXV?$intrusive_ptr@VCIPCChannel@IPC@Base@@@boost@@HPBDI@Z
?SetNotify@CIPCServer@IPC@Base@@QAEHPAVCIPCServerMsgNotify@23@@Z
?RemoveNotify@CIPCServer@IPC@Base@@QAEHPAVCIPCServerMsgNotify@23@@Z
??8IPC@Base@@YA_NV?$intrusive_ptr@VCIPCChannel@IPC@Base@@@boost@@0@Z
?begin@JSONNode@@QAE?AUiterator@1@XZ
?end@JSONNode@@QAE?AUiterator@1@XZ
?parse@Libjson@Base@@YA?AVJSONNode@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??1JSONNode@@QAE@XZ
?name@JSONNode@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?as_string@JSONNode@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?OutputDebugInfoEx@Log@Base@@YAXHPBD0IHPB_WZZ
?OutputDebugInfoEx@Log@Base@@YAXHPBD0IH0ZZ

reportdll

GetReportMgr

protocoldll

CreateAuroraService
InitProductParam
SetServiceUrl

utilsdll

?GetInstallVer@Misc@Utils@@YAHPA_WK@Z
?GetCrashCatcher@CrashCatcher@Utils@@YAPAVICrashCatcher@12@XZ
?Set@CEvent@Event@Utils@@QAEXXZ
?GetEvent@CEvent@Event@Utils@@QBEPAXXZ
??1CEvent@Event@Utils@@UAE@XZ
?GetInstallVer@Misc@Utils@@YAHPADK@Z
??0CManualResetEvent@Event@Utils@@QAE@PAU_SECURITY_ATTRIBUTES@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_N@Z
?Init@InstanceHandler@1Utils@@QAEHPB_WPAU_SECURITY_ATTRIBUTES@@@Z
??1InstanceHandler@0Utils@@QAE@XZ
??0InstanceHandler@0Utils@@QAE@XZ
?GetLogicTaskMgr@LogicTaskMgr@Utils@@YAPAVILogicTaskMgr@12@XZ
?GetSupplyID@Misc@Utils@@YAHAAH@Z
?GetModuleDirectory@Misc@Utils@@YAPA_WPA_WH@Z

reportrecorddll

?SetLastLaunchIntervalAndLastStartTime@CLauchReportRecord@ReportRecord@@QAEHXZ
?WriteDataCfg@CLauchReportRecord@ReportRecord@@QAEHXZ
?ReadDataCfg@CLauchReportRecord@ReportRecord@@QAEHW4CMD@Report@@@Z
??0CLauchReportRecord@ReportRecord@@QAE@XZ

kernel32

InterlockedExchange
WaitForSingleObject
LeaveCriticalSection
SetEvent
CreateMutexW
EnterCriticalSection
InterlockedExchangeAdd
InterlockedDecrement
PostQueuedCompletionStatus
GetLastError
CloseHandle
GetSystemTimeAsFileTime
SleepEx
CreateWaitableTimerW
TlsGetValue
CreateEventW
SetWaitableTimer
InitializeCriticalSectionAndSpinCount
TlsSetValue
GetProcessHeap
GetQueuedCompletionStatus
TerminateThread
HeapAlloc
HeapFree
TlsFree
CreateIoCompletionPort
InterlockedCompareExchange
QueueUserAPC
WaitForMultipleObjects
InitializeCriticalSection
DeleteCriticalSection
LoadLibraryW
GetTempPathW
SetLastError
GetCurrentThreadId
SetProcessWorkingSetSize
OpenEventW
GetCurrentProcess
SetProcessShutdownParameters
SetConsoleCtrlHandler
GetModuleFileNameW
GetFileAttributesW
MoveFileW
CreateToolhelp32Snapshot
Process32FirstW
ProcessIdToSessionId
SetFileAttributesW
Process32NextW
OpenProcess
CreateFileW
lstrcpynW
MultiByteToWideChar
WideCharToMultiByte
CreateFileA
WriteFile
SetFilePointer
ReadFile
CreateEventA
Sleep
InterlockedIncrement
TlsAlloc
GetTickCount
IsDebuggerPresent
QueryPerformanceCounter
IsBadReadPtr
lstrlenW
GetLocalTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
FormatMessageA
LocalFree
CreateWaitableTimerA
SystemTimeToFileTime
ResumeThread
ResetEvent
OpenEventA
GetCurrentProcessId
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
GetProcAddress
ReleaseSemaphore

advapi32

LookupPrivilegeValueW
OpenServiceW
CloseServiceHandle
QueryServiceStatusEx
OpenSCManagerW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
ChangeServiceConfigW
ChangeServiceConfig2W
DuplicateTokenEx
CreateProcessAsUserW
SetServiceStatus
DeleteService
StartServiceW
StartServiceCtrlDispatcherW
CreateServiceW
RegisterServiceCtrlHandlerExW
QueryServiceStatus
GetTokenInformation
OpenProcessToken
ControlService

shell32

SHCreateDirectoryExW

ole32

CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoInitializeEx
IIDFromString
CoFreeLibrary
CoLoadLibrary
CoUninitialize

oleaut32

SysAllocStringByteLen
SysFreeString

ws2_32

closesocket
inet_addr
WSACleanup
WSAStartup
socket
bind
recv
htons
send
accept
inet_ntoa
listen

userenv

CreateEnvironmentBlock

msvcp80

??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z

msvcr80

_invoke_watson
wcscpy_s
_snwprintf
_wsplitpath_s
wcsncat_s
rand
srand
strncpy_s
_controlfp_s
sprintf
??3@YAXPAX@Z
_purecall
??2@YAPAXI@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
wprintf
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABQBDH@Z
??_V@YAXPAX@Z
??0exception@std@@QAE@ABV01@@Z
_wcsicmp
_time64
_beginthreadex
memmove_s
_gmtime64
??8type_info@@QBE_NABV0@@Z
_invalid_parameter_noinfo
_difftime64
_localtime64
_mktime64
printf
strstr
sprintf_s
wcsncpy
atoi
_wtoi
_wsplitpath
malloc
free
_vscwprintf_p
_vswprintf_p
__CxxFrameHandler3
_snprintf
fflush
fprintf
__iob_func
_CxxThrowException
memcpy
fputs
strerror
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
__winitenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
memset

sensapi

IsNetworkAlive

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQueryUserToken

wininet

HttpSendRequestW
InternetOpenW
HttpQueryInfoW
InternetReadFile
HttpOpenRequestW
InternetConnectW
InternetCloseHandle
InternetCrackUrlW

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 264KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/bdrcdl.exe
.exe windows:4 windows x86 arch:x86

2d8dd4ae7f5df577cf1e62b3e92601ea

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\clientci\workspace\haiyan_v1.5_compile\basic\Output\BinRelease\bdrcdl.pdb

Imports

basedll

?begin@JSONNode@@QAE?AUiterator@1@XZ
?SetNotify@CIPCClient@IPC@Base@@QAEHPAVCIPCClientMsgNotify@23@@Z
?Close@CIPCClient@IPC@Base@@QAEXXZ
?AsynConnect@CIPCClient@IPC@Base@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?IsFileExist@FileMisc@Base@@YAHPB_W@Z
?as_int@JSONNode@@QBEJXZ
?as_string@JSONNode@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?name@JSONNode@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
??1JSONNode@@QAE@XZ
?parse@Libjson@Base@@YA?AVJSONNode@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?close@Sqlite3Connection@Database@Base@@QAEXXZ
??1Sqlite3Connection@Database@Base@@QAE@XZ
??0Sqlite3Connection@Database@Base@@QAE@PB_W@Z
?getstring16@Sqlite3Reader@Database@Base@@QAE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H@Z
?getint64@Sqlite3Reader@Database@Base@@QAE_JH@Z
?end@JSONNode@@QAE?AUiterator@1@XZ
?read@Sqlite3Reader@Database@Base@@QAE_NXZ
??1Sqlite3Reader@Database@Base@@QAE@XZ
?executenonquery@Sqlite3Command@Database@Base@@QAEXXZ
?executereader@Sqlite3Command@Database@Base@@QAE?AVSqlite3Reader@23@XZ
?bind@Sqlite3Command@Database@Base@@QAEXHH@Z
?bind@Sqlite3Command@Database@Base@@QAEXH_J@Z
?bind@Sqlite3Command@Database@Base@@QAEXHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??1Sqlite3Command@Database@Base@@QAE@XZ
??0Sqlite3Command@Database@Base@@QAE@AAVSqlite3Connection@12@PBD@Z
?executenonquery@Sqlite3Connection@Database@Base@@QAEXPBD@Z
?DeleteFileEx@FileMisc@Base@@YAHPB_W@Z
??0CIPCClient@IPC@Base@@QAE@XZ
?Send@CIPCClient@IPC@Base@@QAEXHPBDI@Z
?OutputDebugInfoEx@Log@Base@@YAXHPBD0IH0ZZ
?Attribute@TiXmlElement@Xml@Base@@QBEPBDPBD@Z
??1TiXmlPrinter@Xml@Base@@UAE@XZ
?SetAttribute@TiXmlElement@Xml@Base@@QAEXPBDH@Z
?OutputDebugInfoEx@Log@Base@@YAXHPBD0IHPB_WZZ
?GetCurrentProcessPath@FileMisc@Base@@YAHPA_WK@Z
?SetAttribute@TiXmlElement@Xml@Base@@QAEXPBD0@Z
?GetSpecialPath@FileMisc@Base@@YAHPA_WH@Z
?ZlibRC4EnBufToFile@Crypt@Base@@YGHPAEKPB_W0H@Z
?ZlibRC4DeFileToBuf@Crypt@Base@@YGHPB_WPAPAEKPAEHPAK@Z
?FirstChildElement@TiXmlNode@Xml@Base@@QAEPAVTiXmlElement@23@PBD@Z
??0TiXmlDocument@Xml@Base@@QAE@XZ
?LoadFile@TiXmlDocument@Xml@Base@@QAE_NPB_WW4TiXmlEncoding@23@@Z
?Accept@TiXmlDocument@Xml@Base@@UBE_NPAVTiXmlVisitor@23@@Z
??1TiXmlDocument@Xml@Base@@UAE@XZ
??0TiXmlPrinter@Xml@Base@@QAE@XZ
?Attribute@TiXmlElement@Xml@Base@@QBEPBDPBDPAH@Z
??1CIPCClient@IPC@Base@@QAE@XZ
?SafeLoadLibrary@Library@Base@@YAPAUHINSTANCE__@@PB_WH@Z
?getint@Sqlite3Reader@Database@Base@@QAEHH@Z

utilsdll

?GetInstallVer@Misc@Utils@@YAHPADK@Z
?GetSoftID@Misc@Utils@@YAIXZ
?GetSupplyID@Misc@Utils@@YAHAAH@Z
?GetCrashCatcher@CrashCatcher@Utils@@YAPAVICrashCatcher@12@XZ
?GetModuleDirectory@Misc@Utils@@YAPA_WPA_WH@Z

reportdll

GetReportMgr

kernel32

MoveFileW
CreateFileW
lstrcpynW
CreateDirectoryW
GetFileAttributesW
GetTickCount
GetCurrentDirectoryW
GetACP
LockResource
GetFileSize
ReadFile
WriteFile
DosDateTimeToFileTime
SetFilePointer
SystemTimeToFileTime
GetFileType
GetLocalTime
CloseHandle
InterlockedDecrement
GetProcAddress
CreateEventW
SetEvent
EnterCriticalSection
PostQueuedCompletionStatus
InterlockedExchange
TlsFree
TlsAlloc
DeleteCriticalSection
FreeLibrary
GetLastError
CreateEventA
LoadLibraryW
LeaveCriticalSection
InterlockedExchangeAdd
WaitForSingleObject
lstrcmpiW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GlobalUnlock
SetLastError
GlobalAlloc
LoadLibraryExW
MulDiv
LoadResource
GetCurrentProcess
FlushInstructionCache
GlobalLock
InitializeCriticalSection
lstrcmpW
SizeofResource
MultiByteToWideChar
RaiseException
FindResourceW
GetCurrentThreadId
GetModuleFileNameW
lstrlenW
GetModuleHandleW
FreeResource
SetWaitableTimer
GetQueuedCompletionStatus
CreateWaitableTimerW
InterlockedCompareExchange
TlsSetValue
GetProcessHeap
QueueUserAPC
FindResourceExW
IsBadReadPtr
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
FormatMessageA
LocalFree
CreateWaitableTimerA
ResumeThread
OpenEventA
ReleaseSemaphore
GetThreadLocale
GetLocaleInfoA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetVersionExA
HeapSize
HeapReAlloc
HeapDestroy
WideCharToMultiByte
ResetEvent
GetCurrentProcessId
WaitForMultipleObjects
SleepEx
HeapAlloc
CreateIoCompletionPort
TlsGetValue
HeapFree
InitializeCriticalSectionAndSpinCount
TerminateThread
Sleep
GetSystemTimeAsFileTime
GetTempPathW
CreateMutexW
MoveFileExA
InterlockedIncrement

user32

OffsetRect
GetWindowTextW
RegisterClassExW
BeginPaint
CreateAcceleratorTableW
GetDC
CharNextW
DestroyAcceleratorTable
SetCapture
CreateWindowExW
GetSysColor
EndPaint
GetClientRect
SendMessageW
DefWindowProcW
ScreenToClient
GetDesktopWindow
CallWindowProcW
GetWindowTextLengthW
ReleaseCapture
SetWindowLongW
InvalidateRect
LoadCursorW
RegisterWindowMessageW
IsWindow
PostMessageW
RedrawWindow
SetWindowTextW
ShowWindow
GetWindow
InvalidateRgn
GetFocus
CreatePopupMenu
LoadIconW
TrackPopupMenu
MonitorFromWindow
PostQuitMessage
DialogBoxParamW
MoveWindow
SetWindowPos
DestroyWindow
GetDlgItem
IsChild
ClientToScreen
SetForegroundWindow
UnregisterClassA
GetCursorPos
DestroyMenu
MonitorFromPoint
IsIconic
AppendMenuW
GetMonitorInfoW
SetWindowRgn
IsZoomed
GetWindowRect
GetActiveWindow
CharPrevW
SetRect
DrawTextW
IntersectRect
GetSystemMetrics
LoadImageW
GetPropW
SetPropW
EndDialog
EnableWindow
FindWindowW
GetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
BringWindowToTop
TranslateMessage
DispatchMessageW
SetTimer
KillTimer
GetUpdateRect
ReleaseDC
GetWindowLongW
GetClassInfoExW
RegisterClassW
SetCursor
wvsprintfW
GetParent
IsRectEmpty
PtInRect
MapWindowPoints
GetClassNameW
FillRect
SetFocus
GetKeyState
GetMessageW
InflateRect

gdi32

TextOutW
GetTextExtentPoint32W
StretchBlt
GetCharABCWidthsW
CombineRgn
ExtSelectClipRgn
SetTextColor
CreateRectRgnIndirect
SetBkMode
GetClipBox
RoundRect
SelectClipRgn
LineTo
MoveToEx
CreatePenIndirect
ExtTextOutW
GetObjectA
SetWindowOrgEx
RestoreDC
CreatePen
SaveDC
CreateFontIndirectW
GetTextMetricsW
CreateDIBSection
CreateRoundRectRgn
GetObjectW
CreateCompatibleBitmap
BitBlt
SelectObject
GetDeviceCaps
GetStockObject
DeleteDC
CreateSolidBrush
CreateCompatibleDC
DeleteObject
SetStretchBltMode
SetBkColor
Rectangle

advapi32

RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
ChangeServiceConfig2W
OpenSCManagerW
ChangeServiceConfigW
StartServiceW
CreateServiceW
OpenServiceW
QueryServiceStatusEx
CloseServiceHandle
QueryServiceStatus
RegQueryValueExW
RegQueryInfoKeyW
RegCloseKey

shell32

Shell_NotifyIconW
SHGetPathFromIDListW
ShellExecuteW
SHBrowseForFolderW
ShellExecuteExW

ole32

CoMarshalInterThreadInterfaceInStream
CoInitializeEx
CoFreeLibrary
IIDFromString
CoGetInterfaceAndReleaseStream
CLSIDFromProgID
OleLockRunning
StringFromGUID2
CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemAlloc
OleUninitialize
CoCreateInstance
CLSIDFromString
CoGetClassObject
CoInitialize
OleInitialize
CoUninitialize
CoTaskMemFree
CoLoadLibrary

oleaut32

SysAllocString
SysAllocStringByteLen
SysFreeString
VarUI4FromStr
LoadTypeLi
VariantClear
VariantInit
SysAllocStringLen
SysStringLen
OleCreateFontIndirect
SysStringByteLen
LoadRegTypeLi

shlwapi

PathFileExistsW

comctl32

_TrackMouseEvent
ord17
InitCommonControlsEx

gdiplus

GdipCloneImage
GdipGetImageGraphicsContext
GdipFree
GdipDrawImageRectI
GdipAlloc
GdipGetImageEncodersSize
GdipGetImageHeight
GdiplusStartup
GdipDisposeImage
GdipSetInterpolationMode
GdipCreateBitmapFromFile
GdipGetImageWidth
GdipGetImagePixelFormat
GdipGetImageEncoders
GdiplusShutdown
GdipCreateBitmapFromScan0
GdipDeleteGraphics
GdipDeleteBrush
GdipCloneBrush
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipCreateFromHDC
GdipSetTextRenderingHint
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipDrawString
GdipCreateLineBrushI
GdipSaveImageToFile

msvcp80

??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??0?$codecvt@DDH@std@@QAE@I@Z
?do_max_length@codecvt_base@std@@MBEHXZ
?do_encoding@codecvt_base@std@@MBEHXZ
?do_in@?$codecvt@DDH@std@@MBEHAAHPBD1AAPBDPAD3AAPAD@Z
?do_out@?$codecvt@DDH@std@@MBEHAAHPBD1AAPBDPAD3AAPAD@Z
?do_unshift@?$codecvt@DDH@std@@MBEHAAHPAD1AAPAD@Z
?do_length@?$codecvt@DDH@std@@MBEHABHPBD1I@Z
??_7facet@locale@std@@6B@
??_7codecvt_base@std@@6B@
??_7?$codecvt@DDH@std@@6B@
??1locale@std@@QAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?pubimbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPAV123@PAVfacet@23@I@Z
??1_Lockit@std@@QAE@XZ
?_Id_cnt@id@locale@std@@0HA
??0_Lockit@std@@QAE@H@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
??0_Locimp@locale@std@@AAE@ABV012@@Z
??1_Locimp@locale@std@@MAE@XZ
?classic@locale@std@@SAABV12@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIABV12@@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?push_back@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEX_W@Z
?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z
?rbegin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$reverse_iterator@V?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@XZ
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIPB_W@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V32@@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?str@?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z
??_D?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?sgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPADH@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

msvcr80

strncpy_s
_vscwprintf_p
_vswprintf_p
_vsprintf_p
_vscprintf_p
__CxxFrameHandler3
memcpy
_snprintf
fflush
fprintf
__iob_func
_CxxThrowException
free
wcschr
tolower
wcscpy_s
wcsncpy
wcstol
realloc
memmove
_wcslwr
wcsrchr
wcstoul
wcsncmp
iswalnum
calloc
memset
strerror
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
__RTDynamicCast
_waccess
_snwprintf
_wsplitpath_s
_itow_s
_wtoi
??8type_info@@QBE_NABV0@@Z
_time64
_beginthreadex
srand
_gmtime64
_wfopen
_localtime64_s
wcsftime
fclose
sprintf_s
_lock
_onexit
_decode_pointer
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
fseek
_localtime64
fread
ftell
sprintf
wcsncat_s
??9type_info@@QBE_NABV0@@Z
rand
fopen
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_invoke_watson
_controlfp_s
swscanf
_filelength
_wsplitpath
toupper
isdigit
_itoa
_stricmp
_fileno
?before@type_info@@QBEHABV1@@Z
fwrite
??3@YAXPAX@Z
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
atoi
_purecall
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??_V@YAXPAX@Z
??0exception@std@@QAE@ABQBD@Z
??2@YAPAXI@Z
??0exception@std@@QAE@ABQBDH@Z
_wcsicmp
_vscwprintf
wcsstr
vswprintf_s
memmove_s
memcpy_s
_recalloc
swprintf_s
wcsncpy_s
_beginthread
malloc

ws2_32

WSAStartup
WSACleanup
connect
htons
inet_addr
socket
send
closesocket
recv
ntohl

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

HttpSendRequestW
InternetCrackUrlW
InternetOpenW
InternetCloseHandle
InternetConnectW
InternetReadFile
HttpOpenRequestW
HttpQueryInfoW

sensapi

IsNetworkAlive

Exports

Exports

??0?$oserializer@Vbinary_oarchive@archive@boost@@UNormalTaskInfo@@@detail@archive@boost@@QAE@XZ
??0?$oserializer@Vbinary_oarchive@archive@boost@@URecomSoft@@@detail@archive@boost@@QAE@XZ
??0?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@URecomSoft@@V?$allocator@URecomSoft@@@std@@@std@@@detail@archive@boost@@QAE@XZ
??4_Init_locks@std@@QAEAAV01@ABV01@@Z
??_B?1??get_instance@?$singleton@V?$extended_type_info_typeid@UNormalTaskInfo@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@UNormalTaskInfo@@@23@XZ@51
??_B?1??get_instance@?$singleton@V?$extended_type_info_typeid@URecomSoft@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@URecomSoft@@@23@XZ@51
??_B?1??get_instance@?$singleton@V?$extended_type_info_typeid@V?$vector@URecomSoft@@V?$allocator@URecomSoft@@@std@@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@V?$vector@URecomSoft@@V?$allocator@URecomSoft@@@std@@@std@@@23@XZ@51
??_B?1??get_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@UNormalTaskInfo@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vbinary_iarchive@archive@boost@@UNormalTaskInfo@@@detail@archive@3@XZ@51
??_B?1??get_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@URecomSoft@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vbinary_iarchive@archive@boost@@URecomSoft@@@detail@archive@3@XZ@51
??_B?1??get_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@URecomSoft@@V?$allocator@URecomSoft@@@std@@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@URecomSoft@@V?$allocator@URecomSoft@@@std@@@std@@@detail@archive@3@XZ@51
??_B?1??get_instance@?$singleton@V?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@CAAAV?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@3@XZ@51
??_B?1??get_instance@?$singleton@V?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@CAAAV?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@3@XZ@51
??_B?1??get_instance@?$singleton@V?$map@Vnaked_binary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@CAAAV?$map@Vnaked_binary_iarchive@archive@boost@@@extra_detail@detail@archive@3@XZ@51
??_B?1??get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ@51
??_B?1??get_instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ@51
??_B?1??get_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@UNormalTaskInfo@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vbinary_oarchive@archive@boost@@UNormalTaskInfo@@@detail@archive@3@XZ@51
??_B?1??get_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@URecomSoft@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vbinary_oarchive@archive@boost@@URecomSoft@@@detail@archive@3@XZ@51
??_B?1??get_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@URecomSoft@@V?$allocator@URecomSoft@@@std@@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@URecomSoft@@V?$allocator@URecomSoft@@@std@@@std@@@detail@archive@3@XZ@51
??_B?1??get_instance@?$singleton@V?$set@PBVvoid_caster@void_cast_detail@serialization@boost@@Uvoid_caster_compare@234@V?$allocator@PBVvoid_caster@void_cast_detail@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$set@PBVvoid_caster@void_cast_detail@serialization@boost@@Uvoid_caster_compare@234@V?$allocator@PBVvoid_caster@void_cast_detail@serialization@boost@@@std@@@std@@XZ@51
?get_const_instance@?$singleton@V?$extended_type_info_typeid@UNormalTaskInfo@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@UNormalTaskInfo@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@URecomSoft@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@URecomSoft@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@V?$vector@URecomSoft@@V?$allocator@URecomSoft@@@std@@@std@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@V?$vector@URecomSoft@@V?$allocator@URecomSoft@@@std@@@std@@@23@XZ
?get_const_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@UNormalTaskInfo@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vbinary_iarchive@archive@boost@@UNormalTaskInfo@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@URecomSoft@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vbinary_iarchive@archive@boost@@URecomSoft@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@URecomSoft@@V?$allocator@URecomSoft@@@std@@@std@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@URecomSoft@@V?$allocator@URecomSoft@@@std@@@std@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAABV?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAABV?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$map@Vnaked_binary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAABV?$map@Vnaked_binary_iarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ
?get_const_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@UNormalTaskInfo@@@detail@archive@boost@@@serialization@boost@@SAABV?$oserializer@Vbinary_oarchive@archive@boost@@UNormalTaskInfo@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@URecomSoft@@@detail@archive@boost@@@serialization@boost@@SAABV?$oserializer@Vbinary_oarchive@archive@boost@@URecomSoft@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@URecomSoft@@V?$allocator@URecomSoft@@@std@@@std@@@detail@archive@boost@@@serialization@boost@@SAABV?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@URecomSoft@@V?$allocator@URecomSoft@@@std@@@std@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$set@PBVvoid_caster@void_cast_detail@serialization@boost@@Uvoid_caster_compare@234@V?$allocator@PBVvoid_caster@void_cast_detail@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$set@PBVvoid_caster@void_cast_detail@serialization@boost@@Uvoid_caster_compare@234@V?$allocator@PBVvoid_caster@void_cast_detail@serialization@boost@@@std@@@std@@XZ
?get_instance@?$singleton@V?$extended_type_info_typeid@UNormalTaskInfo@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@UNormalTaskInfo@@@23@XZ
?get_instance@?$singleton@V?$extended_type_info_typeid@URecomSoft@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@URecomSoft@@@23@XZ
?get_instance@?$singleton@V?$extended_type_info_typeid@V?$vector@URecomSoft@@V?$allocator@URecomSoft@@@std@@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@V?$vector@URecomSoft@@V?$allocator@URecomSoft@@@std@@@std@@@23@XZ
?get_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@UNormalTaskInfo@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vbinary_iarchive@archive@boost@@UNormalTaskInfo@@@detail@archive@3@XZ
?get_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@URecomSoft@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vbinary_iarchive@archive@boost@@URecomSoft@@@detail@archive@3@XZ
?get_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@URecomSoft@@V?$allocator@URecomSoft@@@std@@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@URecomSoft@@V?$allocator@URecomSoft@@@std@@@std@@@detail@archive@3@XZ
?get_instance@?$singleton@V?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@CAAAV?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_instance@?$singleton@V?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@CAAAV?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_instance@?$singleton@V?$map@Vnaked_binary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@CAAAV?$map@Vnaked_binary_iarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ
?get_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@UNormalTaskInfo@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vbinary_oarchive@archive@boost@@UNormalTaskInfo@@@detail@archive@3@XZ
?get_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@URecomSoft@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vbinary_oarchive@archive@boost@@URecomSoft@@@detail@archive@3@XZ
?get_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@URecomSoft@@V?$allocator@URecomSoft@@@std@@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@URecomSoft@@V?$allocator@URecomSoft@@@std@@@std@@@detail@archive@3@XZ
?get_instance@?$singleton@V?$set@PBVvoid_caster@void_cast_detail@serialization@boost@@Uvoid_caster_compare@234@V?$allocator@PBVvoid_caster@void_cast_detail@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$set@PBVvoid_caster@void_cast_detail@serialization@boost@@Uvoid_caster_compare@234@V?$allocator@PBVvoid_caster@void_cast_detail@serialization@boost@@@std@@@std@@XZ
?get_mutable_instance@?$singleton@V?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAAV?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_mutable_instance@?$singleton@V?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAAV?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_mutable_instance@?$singleton@V?$map@Vnaked_binary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAAV?$map@Vnaked_binary_iarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_mutable_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_mutable_instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ
?get_mutable_instance@?$singleton@V?$set@PBVvoid_caster@void_cast_detail@serialization@boost@@Uvoid_caster_compare@234@V?$allocator@PBVvoid_caster@void_cast_detail@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$set@PBVvoid_caster@void_cast_detail@serialization@boost@@Uvoid_caster_compare@234@V?$allocator@PBVvoid_caster@void_cast_detail@serialization@boost@@@std@@@std@@XZ
?instance@?$singleton@V?$extended_type_info_typeid@UNormalTaskInfo@@@serialization@boost@@@serialization@boost@@0AAV?$extended_type_info_typeid@UNormalTaskInfo@@@23@A
?instance@?$singleton@V?$extended_type_info_typeid@URecomSoft@@@serialization@boost@@@serialization@boost@@0AAV?$extended_type_info_typeid@URecomSoft@@@23@A
?instance@?$singleton@V?$extended_type_info_typeid@V?$vector@URecomSoft@@V?$allocator@URecomSoft@@@std@@@std@@@serialization@boost@@@serialization@boost@@0AAV?$extended_type_info_typeid@V?$vector@URecomSoft@@V?$allocator@URecomSoft@@@std@@@std@@@23@A
?instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@UNormalTaskInfo@@@detail@archive@boost@@@serialization@boost@@0AAV?$iserializer@Vbinary_iarchive@archive@boost@@UNormalTaskInfo@@@detail@archive@3@A
?instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@URecomSoft@@@detail@archive@boost@@@serialization@boost@@0AAV?$iserializer@Vbinary_iarchive@archive@boost@@URecomSoft@@@detail@archive@3@A
?instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@URecomSoft@@V?$allocator@URecomSoft@@@std@@@std@@@detail@archive@boost@@@serialization@boost@@0AAV?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@URecomSoft@@V?$allocator@URecomSoft@@@std@@@std@@@detail@archive@3@A
?instance@?$singleton@V?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@0AAV?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@3@A
?instance@?$singleton@V?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@0AAV?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@3@A
?instance@?$singleton@V?$map@Vnaked_binary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@0AAV?$map@Vnaked_binary_iarchive@archive@boost@@@extra_detail@detail@archive@3@A
?instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@0AAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@A
?instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@0AAV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@A
?instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@UNormalTaskInfo@@@detail@archive@boost@@@serialization@boost@@0AAV?$oserializer@Vbinary_oarchive@archive@boost@@UNormalTaskInfo@@@detail@archive@3@A
?instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@URecomSoft@@@detail@archive@boost@@@serialization@boost@@0AAV?$oserializer@Vbinary_oarchive@archive@boost@@URecomSoft@@@detail@archive@3@A
?instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@URecomSoft@@V?$allocator@URecomSoft@@@std@@@std@@@detail@archive@boost@@@serialization@boost@@0AAV?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@URecomSoft@@V?$allocator@URecomSoft@@@std@@@std@@@detail@archive@3@A
?instance@?$singleton@V?$set@PBVvoid_caster@void_cast_detail@serialization@boost@@Uvoid_caster_compare@234@V?$allocator@PBVvoid_caster@void_cast_detail@serialization@boost@@@std@@@std@@@serialization@boost@@0AAV?$set@PBVvoid_caster@void_cast_detail@serialization@boost@@Uvoid_caster_compare@234@V?$allocator@PBVvoid_caster@void_cast_detail@serialization@boost@@@std@@@std@@A
?is_destroyed@?$singleton@V?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SA_NXZ
?is_destroyed@?$singleton@V?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SA_NXZ
?is_destroyed@?$singleton@V?$map@Vnaked_binary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SA_NXZ
?is_destroyed@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ
?is_destroyed@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ
?is_destroyed@?$singleton@V?$set@PBVvoid_caster@void_cast_detail@serialization@boost@@Uvoid_caster_compare@234@V?$allocator@PBVvoid_caster@void_cast_detail@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@UNormalTaskInfo@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@URecomSoft@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@URecomSoft@@V?$allocator@URecomSoft@@@std@@@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@UNormalTaskInfo@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@URecomSoft@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@URecomSoft@@V?$allocator@URecomSoft@@@std@@@std@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?t@?1??get_instance@?$singleton@V?$extended_type_info_typeid@UNormalTaskInfo@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@UNormalTaskInfo@@@34@XZ@4V?$singleton_wrapper@V?$extended_type_info_typeid@UNormalTaskInfo@@@serialization@boost@@@detail@34@A
?t@?1??get_instance@?$singleton@V?$extended_type_info_typeid@URecomSoft@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@URecomSoft@@@34@XZ@4V?$singleton_wrapper@V?$extended_type_info_typeid@URecomSoft@@@serialization@boost@@@detail@34@A
?t@?1??get_instance@?$singleton@V?$extended_type_info_typeid@V?$vector@URecomSoft@@V?$allocator@URecomSoft@@@std@@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@V?$vector@URecomSoft@@V?$allocator@URecomSoft@@@std@@@std@@@34@XZ@4V?$singleton_wrapper@V?$extended_type_info_typeid@V?$vector@URecomSoft@@V?$allocator@URecomSoft@@@std@@@std@@@serialization@boost@@@detail@34@A
?t@?1??get_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@UNormalTaskInfo@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vbinary_iarchive@archive@boost@@UNormalTaskInfo@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@UNormalTaskInfo@@@detail@archive@boost@@@634@A
?t@?1??get_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@URecomSoft@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vbinary_iarchive@archive@boost@@URecomSoft@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@URecomSoft@@@detail@archive@boost@@@634@A
?t@?1??get_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@URecomSoft@@V?$allocator@URecomSoft@@@std@@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@URecomSoft@@V?$allocator@URecomSoft@@@std@@@std@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@URecomSoft@@V?$allocator@URecomSoft@@@std@@@std@@@detail@archive@boost@@@634@A
?t@?1??get_instance@?$singleton@V?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@CAAAV?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@4@XZ@4V?$singleton_wrapper@V?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@734@A
?t@?1??get_instance@?$singleton@V?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@CAAAV?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@4@XZ@4V?$singleton_wrapper@V?$map@Vbinary_oarchive@archive@boost@@@extra_detail@detail@archive@boost@@@734@A
?t@?1??get_instance@?$singleton@V?$map@Vnaked_binary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@CAAAV?$map@Vnaked_binary_iarchive@archive@boost@@@extra_detail@detail@archive@4@XZ@4V?$singleton_wrapper@V?$map@Vnaked_binary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@734@A
?t@?1??get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ@4V?$singleton_wrapper@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@detail@34@A
?t@?1??get_instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ@4V?$singleton_wrapper@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@detail@34@A
?t@?1??get_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@UNormalTaskInfo@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vbinary_oarchive@archive@boost@@UNormalTaskInfo@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@UNormalTaskInfo@@@detail@archive@boost@@@634@A
?t@?1??get_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@URecomSoft@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vbinary_oarchive@archive@boost@@URecomSoft@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@URecomSoft@@@detail@archive@boost@@@634@A
?t@?1??get_instance@?$singleton@V?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@URecomSoft@@V?$allocator@URecomSoft@@@std@@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@URecomSoft@@V?$allocator@URecomSoft@@@std@@@std@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@URecomSoft@@V?$allocator@URecomSoft@@@std@@@std@@@detail@archive@boost@@@634@A
?t@?1??get_instance@?$singleton@V?$set@PBVvoid_caster@void_cast_detail@serialization@boost@@Uvoid_caster_compare@234@V?$allocator@PBVvoid_caster@void_cast_detail@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$set@PBVvoid_caster@void_cast_detail@serialization@boost@@Uvoid_caster_compare@234@V?$allocator@PBVvoid_caster@void_cast_detail@serialization@boost@@@std@@@std@@XZ@4V?$singleton_wrapper@V?$set@PBVvoid_caster@void_cast_detail@serialization@boost@@Uvoid_caster_compare@234@V?$allocator@PBVvoid_caster@void_cast_detail@serialization@boost@@@std@@@std@@@detail@34@A

Sections

.text
Size: 728KB - Virtual size: 725KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 220KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/config.xml
$_2_/dl.dll
.dll regsvr32 windows:4 windows x86 arch:x86

03a75a771f296321ceaaa2ef88e4f307

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f6:75:2c:a5:6e:4e:1d:ef:5a:de:60:62:53:4f:96:43:9a:3e:b1:19
Signer

Actual PE Digest

f6:75:2c:a5:6e:4e:1d:ef:5a:de:60:62:53:4f:96:43:9a:3e:b1:19

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\code\minidl\bin\releasestatic\dl.pdb

Imports

ws2_32

gethostname
htonl
ntohl
getpeername
htons
WSAGetLastError
inet_addr
__WSAFDIsSet
inet_ntoa
WSACleanup
select
ntohs
ioctlsocket
closesocket
getsockname
accept
connect
socket
listen
bind
setsockopt
WSASetLastError
recv
send
recvfrom
sendto
WSAStartup
gethostbyname

kernel32

GetFileAttributesW
CreateEventA
SetEvent
ResetEvent
GetTickCount
TerminateThread
DeleteFileW
MoveFileExW
CreateFileW
InterlockedExchange
OutputDebugStringA
OpenMutexA
FindFirstFileW
CreateMutexA
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
RaiseException
lstrlenA
lstrcmpiA
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
GetModuleFileNameA
DisableThreadLibraryCalls
SetThreadLocale
GetThreadLocale
FindClose
WaitForSingleObject
CloseHandle
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetFilePointerEx
GetVolumeInformationA
GetLastError
OpenEventA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetDriveTypeA
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetTimeZoneInformation
GetFullPathNameW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
GetStartupInfoA
ReleaseSemaphore
GetCurrentThreadId
CreateSemaphoreA
WaitForMultipleObjects
GetFileSize
FlushFileBuffers
WriteFile
ReadFile
SetFilePointer
GetVolumeInformationW
GetVersionExA
GetModuleFileNameW
Module32Next
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
GetCurrentThread
GlobalFree
GlobalAlloc
GetCurrentDirectoryA
GetTempPathA
MapViewOfFileEx
CreateFileMappingA
UnmapViewOfFile
ReleaseMutex
CopyFileW
CreateFileA
GetProcAddress
DeviceIoControl
LoadLibraryA
GetSystemDirectoryA
SetFileAttributesA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
ExitThread
CreateThread
HeapFree
GetSystemTimeAsFileTime
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetCommandLineA
GetProcessHeap
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
CreateDirectoryW
LCMapStringA
LCMapStringW
GetCPInfo
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
HeapDestroy
HeapCreate
VirtualFree
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStdHandle
GetFileType

user32

UnregisterClassA
CharNextA

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
AccessCheck
RegEnumKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegCreateKeyA
RegOpenKeyA
IsTextUnicode
GetFileSecurityW
ImpersonateSelf
OpenThreadToken
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
MapGenericMask
RevertToSelf
RegQueryValueExA

ole32

CoInitialize
CoCreateGuid
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance
OleRun

oleaut32

SafeArrayDestroy
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
VariantInit
SafeArrayCreate
SafeArrayCreateVector
GetErrorInfo
SysFreeString
VariantClear
SafeArrayPutElement
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
VarUI4FromStr

netapi32

NetApiBufferFree
Netbios
NetWkstaTransportEnum

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile

shell32

SHGetSpecialFolderPathA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ReleaseCommLib

Sections

.text
Size: 760KB - Virtual size: 759KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/drivers/BDArKit.sys
.sys windows:6 windows x64 arch:x64

599dc629e049fbd25904fb7d6432a0e3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b9:60:d9:99:d5:54:dc:ba:40:06:d8:41:ac:6f:47:7f:71:f8:5a:33
Signer

Actual PE Digest

b9:60:d9:99:d5:54:dc:ba:40:06:d8:41:ac:6f:47:7f:71:f8:5a:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

e:\mysvncode\tempbackup\bdarkit_v2.0.13.21_develop\source\bdarkit\Output\BinRelease\amd64\BDArKit.pdb

Imports

ntoskrnl.exe

MmIsAddressValid
KdDisableDebugger
IoCreateDevice
CmUnRegisterCallback
ProbeForRead
ExGetPreviousMode
ProbeForWrite
RtlUnicodeStringToAnsiString
IoIs32bitProcess
IofCompleteRequest
RtlFreeAnsiString
KeBugCheckEx
ExAllocatePoolWithTag
ZwReadFile
RtlInitUnicodeString
IoCreateFile
IoQueryFileInformation
KeUnstackDetachProcess
IoFileObjectType
ZwClose
ObReferenceObjectByHandle
ObfDereferenceObject
KeStackAttachProcess
ZwCreateKey
RtlQueryRegistryValues
ZwSetValueKey
ExDeleteResourceLite
ExInitializeResourceLite
KeReadStateEvent
_wcsnicmp
MmGetSystemRoutineAddress
ZwQuerySystemInformation
IoCancelIrp
KeDelayExecutionThread
RtlFreeUnicodeString
ObQueryNameString
ZwQueryValueKey
KeWaitForSingleObject
ZwDuplicateObject
PsGetVersion
RtlCompareUnicodeString
ZwOpenProcess
ZwQueryInformationProcess
ObfReferenceObject
RtlCopyUnicodeString
ZwOpenKey
IoFreeWorkItem
ZwCreateFile
IoAllocateWorkItem
RtlCompareMemory
IoQueueWorkItem
ZwQueryInformationFile
ZwWriteFile
ZwQueryObject
ObOpenObjectByPointer
KeClearEvent
KeSetEvent
IoCreateSymbolicLink
IoEnqueueIrp
ObInsertObject
MmBuildMdlForNonPagedPool
IoFreeMdl
ZwUnmapViewOfSection
ExEventObjectType
MmCreateSection
MmMapViewOfSection
IoFreeIrp
IoAllocateIrp
ExAllocatePoolWithQuotaTag
IoAllocateMdl
IofCallDriver
ObOpenObjectByName
PsGetCurrentProcessId
ZwSetInformationFile
IoGetBaseFileSystemDeviceObject
PsLookupProcessByProcessId
NtClose
ZwDeleteFile
ZwSetInformationObject
ZwOpenFile
MmProbeAndLockPages
RtlEqualUnicodeString
ExAllocatePool
RtlAssert
PsProcessType
ZwTerminateProcess
MmMapLockedPagesSpecifyCache
MmUnlockPages
wcschr
ZwDeleteValueKey
ZwFlushKey
DbgPrint
ZwEnumerateValueKey
ZwDeleteKey
ZwEnumerateKey
ZwLoadDriver
ExReleaseFastMutex
ExAcquireFastMutex
IoDetachDevice
PsSetCreateProcessNotifyRoutine
IoDriverObjectType
IoGetDeviceObjectPointer
PsSetCreateProcessNotifyRoutineEx
KeQueryActiveProcessorCountEx
KeQueryMaximumProcessorCountEx
IoAttachDeviceToDeviceStack
IoAttachDevice
ObReferenceObjectByName
IoGetCurrentProcess
IoDeleteDevice
CmRegisterCallbackEx
PsGetProcessImageFileName
IoRegisterShutdownNotification
ExFreePoolWithTag
IoDeleteSymbolicLink
KeInitializeEvent
ExInitializeNPagedLookasideList
ExpInterlockedPushEntrySList
ExpInterlockedPopEntrySList
ExQueryDepthSList
ExDeleteNPagedLookasideList
_stricmp
__C_specific_handler

fltmgr.sys

FltAcquireResourceShared
FltReleaseFileNameInformation
FltGetFileNameInformation
FltStartFiltering
FltRegisterFilter
FltAcquireResourceExclusive
FltUnregisterFilter
FltReleaseResource

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 466B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/drivers/BDMWrench_x64.sys
.sys windows:6 windows x64 arch:x64

869d5ccabc1c4af5c0291b59d94c0eaf

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fb:67:bd:2e:c5:fb:4c:0f:ef:cf:d3:4e:d7:a5:5f:49:bd:dd:f0:a3
Signer

Actual PE Digest

fb:67:bd:2e:c5:fb:4c:0f:ef:cf:d3:4e:d7:a5:5f:49:bd:dd:f0:a3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

f:\work\bdmwrench_x64_1.0.0.5\source\wrenchsys_x64\wrench_x64\objfre_win7_amd64\amd64\BDMWrench_x64.pdb

Imports

ntoskrnl.exe

IoDeleteDevice
KeInitializeEvent
IoGetCurrentProcess
IofCompleteRequest
KeWaitForSingleObject
IoCreateSymbolicLink
PsGetCurrentProcessId
MmIsAddressValid
IoCreateDevice
IoRegisterShutdownNotification
KeSetEvent
RtlGetVersion
IoUnregisterShutdownNotification
PsProcessType
ExFreePoolWithTag
KeInitializeMutex
MmGetSystemRoutineAddress
KeUnstackDetachProcess
FsRtlIsNameInExpression
KeReleaseMutex
RtlFreeUnicodeString
ZwClose
ObReferenceObjectByHandle
ZwFlushKey
RtlCompareUnicodeString
ZwOpenProcess
ObfDereferenceObject
KeStackAttachProcess
ProbeForRead
IoGetAttachedDevice
IoGetRelatedDeviceObject
_wcslwr
MmUserProbeAddress
IoFileObjectType
IoGetDeviceObjectPointer
ExAllocatePoolWithTag
ExInitializeNPagedLookasideList
RtlInitUnicodeString
ExpInterlockedPopEntrySList
ExQueryDepthSList
ExDeleteResourceLite
ObfReferenceObject
ExInitializeResourceLite
ExDeleteNPagedLookasideList
ZwCreateKey
ZwDeleteValueKey
ZwSetValueKey
ZwQueryValueKey
ZwEnumerateValueKey
ZwDeleteKey
ZwEnumerateKey
ZwOpenKey
PsLookupProcessByProcessId
IoCreateFile
ZwQuerySystemInformation
KeDelayExecutionThread
ExAllocatePool
ZwQueryInformationProcess
ObOpenObjectByPointer
KeBugCheckEx
PsGetProcessImageFileName
IoDeleteSymbolicLink
ExpInterlockedPushEntrySList
ExQueueWorkItem
PsGetProcessPeb
ZwReadFile
IoQueryFileInformation
__C_specific_handler
_local_unwind

fltmgr.sys

FltReleaseResource
FltAcquireResourceShared
FltAcquireResourceExclusive

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/drivers/BDSafeBrowser.sys
.sys windows:6 windows x64 arch:x64

6969bf0cc9b8d066cd9c028bd349dbe1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:14:7f:f2:10:57:8a:f7:0c:ad:96:0f:25:a2:22:5b:fc:71:ed:b8
Signer

Actual PE Digest

6b:14:7f:f2:10:57:8a:f7:0c:ad:96:0f:25:a2:22:5b:fc:71:ed:b8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\工作\杀毒\aq3_trunk_develop\source\safebrowsersys\safebrowsersys\objfre_win7_amd64\amd64\BDSafeBrowser.pdb

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
PsProcessType
ExFreePoolWithTag
_snwprintf
NtBuildNumber
PsLookupProcessByProcessId
ZwReadFile
IoGetRelatedDeviceObject
ZwMapViewOfSection
RtlInitUnicodeString
KeSetEvent
MmGetSystemRoutineAddress
IoCreateFile
KeInitializeEvent
IoQueryFileInformation
ZwQuerySystemInformation
RtlEqualUnicodeString
IoFreeMdl
KeUnstackDetachProcess
MmUserProbeAddress
ObQueryNameString
IoFileObjectType
wcsrchr
ZwUnmapViewOfSection
ExAllocatePool
ZwQueryDirectoryFile
IoGetCurrentProcess
ZwClose
ObReferenceObjectByHandle
KeWaitForSingleObject
IoCreateFileSpecifyDeviceObjectHint
ZwFlushKey
IoFreeIrp
IoAllocateIrp
ObfReferenceObject
MmIsAddressValid
ObfDereferenceObject
ZwCreateSection
_strnicmp
ZwOpenFile
RtlImageNtHeader
ObOpenObjectByPointer
KeStackAttachProcess
IofCallDriver
ZwOpenKey
RtlGetVersion
PsGetVersion
ExReleaseFastMutex
ExAcquireFastMutex
RtlCompareUnicodeString
ExInitializeNPagedLookasideList
ExpInterlockedPushEntrySList
ExpInterlockedPopEntrySList
ExQueryDepthSList
ExInitializeResourceLite
PsGetProcessImageFileName
strstr
_strupr
wcsstr
_wcsupr
FsRtlIsNameInExpression
ExGetPreviousMode
KeDelayExecutionThread
IoGetDeviceObjectPointer
KeClearEvent
MmMapLockedPages
KeReleaseSpinLock
MmBuildMdlForNonPagedPool
ExEventObjectType
IoAllocateMdl
KeAcquireSpinLockRaiseToDpc
IoDeleteSymbolicLink
IoDeleteDevice
IofCompleteRequest
IoIsWdmVersionAvailable
IoCreateSymbolicLink
PsGetCurrentProcessId
IoCreateDevice
KeBugCheckEx
PsGetProcessPeb
_stricmp
wcschr
__C_specific_handler

fltmgr.sys

FltReleaseResource
FltAcquireResourceShared
FltAcquireResourceExclusive

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/drivers/bd0001.sys
.sys windows:6 windows x64 arch:x64

41f648e476e067735a7490a830956a3c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

80:2b:5d:4a:0a:6e:03:4e:bb:4f:01:1d:d6:9d:5d:08:89:0f:4c:3f
Signer

Actual PE Digest

80:2b:5d:4a:0a:6e:03:4e:bb:4f:01:1d:d6:9d:5d:08:89:0f:4c:3f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\svn\driver_reconstitution\avdriver_proj\Driver\bd0001_x64\src\kernel\objfre64\amd64\bd0001.pdb

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoDeleteSymbolicLink
ExFreePoolWithTag
RtlInitUnicodeString
IoDeleteDevice
ProbeForWrite
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
IoRegisterShutdownNotification
PsSetLoadImageNotifyRoutine
PsRemoveCreateThreadNotifyRoutine
MmGetSystemRoutineAddress
PsSetCreateThreadNotifyRoutine
IoUnregisterShutdownNotification
PsRemoveLoadImageNotifyRoutine
PsThreadType
CmRegisterCallback
CmUnRegisterCallback
_stricmp
_wcsicmp
KeInitializeGuardedMutex
PsLookupProcessByProcessId
KeAcquireGuardedMutex
ExGetPreviousMode
KeReleaseSpinLock
IoFreeMdl
KeUnstackDetachProcess
KeReleaseGuardedMutex
MmUserProbeAddress
ZwCreateFile
MmMapLockedPagesSpecifyCache
IoGetCurrentProcess
ZwClose
ObReferenceObjectByHandle
MmProbeAndLockPages
MmUnlockPages
PsGetCurrentProcessId
ObfDereferenceObject
ZwQuerySection
RtlImageNtHeader
ObOpenObjectByPointer
KeStackAttachProcess
IoAllocateMdl
KeAcquireSpinLockRaiseToDpc
PsGetProcessSectionBaseAddress
PsGetProcessPeb
_wcsnicmp
MmUnmapViewOfSection
RtlGetVersion
ZwQuerySystemInformation
MmMapViewInSystemSpace
ZwQueryValueKey
InitSafeBootMode
MmUnmapViewInSystemSpace
MmMapViewOfSection
RtlRandom
ZwCreateSection
ZwOpenFile
ZwQueryInformationFile
PsGetProcessWow64Process
RtlImageDirectoryEntryToData
MmIsAddressValid
wcsrchr
ExWaitForRundownProtectionRelease
ExAcquireRundownProtection
ExReleaseRundownProtection
ExInitializeRundownProtection
KeBugCheckEx
__C_specific_handler

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/drivers/bd0004.sys
.sys windows:6 windows x64 arch:x64

341f3966bbbf4b84567b2a0e3ab196de

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:37:95:93:3b:13:3c:56:73:8d:dd:69:7a:15:0d:8b:c7:49:a6:31
Signer

Actual PE Digest

65:37:95:93:3b:13:3c:56:73:8d:dd:69:7a:15:0d:8b:c7:49:a6:31

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\工作\杀毒\avdriver_proj_aq2_trunk\driver\bd0004_x64\objfre_wnet_amd64\amd64\bd0004.pdb

Imports

ntoskrnl.exe

ExFreePoolWithTag
PsLookupProcessByProcessId
RtlInitUnicodeString
IoDeleteDevice
InitSafeBootMode
IofCompleteRequest
IoCreateSymbolicLink
ObfDereferenceObject
IoCreateDevice
wcschr
_stricmp
PsGetProcessPeb
_strnicmp
IoThreadToProcess
ExAllocatePoolWithTag
PsProcessType
RtlVolumeDeviceToDosName
_snwprintf
NtBuildNumber
_wcsnicmp
ZwReadFile
IoGetRelatedDeviceObject
ZwMapViewOfSection
KeSetEvent
MmGetSystemRoutineAddress
IoCreateFile
KeInitializeEvent
IoQueryFileInformation
ZwQuerySystemInformation
wcsncat
IoFreeMdl
KeUnstackDetachProcess
MmUserProbeAddress
RtlFreeUnicodeString
ObQueryNameString
IoFileObjectType
IoDriverObjectType
wcsrchr
ZwQueryValueKey
ZwUnmapViewOfSection
IoGetCurrentProcess
ZwClose
ObReferenceObjectByHandle
KeWaitForSingleObject
IoCreateFileSpecifyDeviceObjectHint
ZwFlushKey
IoFreeIrp
PsThreadType
IoAllocateIrp
ZwQueryInformationProcess
ObfReferenceObject
MmIsAddressValid
ZwCreateSection
ObReferenceObjectByName
RtlImageNtHeader
IoQueryFileDosDeviceName
ObOpenObjectByPointer
KeStackAttachProcess
MmSectionObjectType
PsLookupThreadByThreadId
IofCallDriver
ZwOpenKey
_wcsicmp
PsGetProcessSectionBaseAddress
KeInitializeApc
wcsncpy
KeInsertQueueApc
RtlEqualUnicodeString
FsRtlIsNameInExpression
ZwSetInformationFile
wcsstr
MmMapLockedPagesSpecifyCache
ExAllocatePool
ZwFreeVirtualMemory
NtClose
MmProbeAndLockPages
MmUnlockPages
PsGetProcessId
PsGetProcessWow64Process
IoAllocateMdl
ZwAllocateVirtualMemory
ZwConnectPort
ExReleaseFastMutex
ExAcquireFastMutex
MmUnmapViewOfSection
ZwQueryObject
ZwRequestWaitReplyPort
PsCreateSystemThread
PsTerminateSystemThread
MmMapViewOfSection
PsGetCurrentThreadId
PsGetCurrentProcessId
PsIsSystemProcess
ExAcquireResourceExclusiveLite
RtlWalkFrameChain
KeLeaveCriticalRegion
swprintf
KeEnterCriticalRegion
RtlImageDirectoryEntryToData
IoGetDeviceObjectPointer
ExAcquireResourceSharedLite
ExReleaseResourceLite
ZwDuplicateObject
ExInitializeResourceLite
PsGetProcessWin32Process
ProbeForRead
ObOpenObjectByName
PsGetProcessImageFileName
ExGetPreviousMode
ProbeForWrite
PsGetVersion
PsGetCurrentThreadWin32Thread
PsInitialSystemProcess
KeBugCheckEx
__C_specific_handler

Sections

.text
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 13.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/drivers/bd64_x64.dll
.dll windows:5 windows x64 arch:x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fb:79:2d:73:a6:75:9c:10:63:2c:63:bd:dc:85:f5:f9:ae:dc:94:93
Signer

Actual PE Digest

fb:79:2d:73:a6:75:9c:10:63:2c:63:bd:dc:85:f5:f9:ae:dc:94:93

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\svn\aq2_trunk\avdriver_proj\Driver\bd0001_x64\src\dll\objfre64\amd64\bd0001.pdb

Exports

Exports

BdFileInformation

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/drivers/bd64_x86.dll
.dll windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:8e:69:92:6e:92:28:cb:91:34:5e:75:1e:03:28:ac:43:e4:b0:1a
Signer

Actual PE Digest

2e:8e:69:92:6e:92:28:cb:91:34:5e:75:1e:03:28:ac:43:e4:b0:1a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BdFileInformation

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 438B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/ieBDSoftHelperPlug.dll
.dll regsvr32 windows:4 windows x86 arch:x86

97941119c8e67a6a3ff021cfcbe999d8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\work\haiyan\trunk\Basic\Output\BinRelease\ieBDSoftHelperPlug.pdb

Imports

ws2_32

setsockopt
WSACleanup
recv
closesocket
send
connect
socket
WSAStartup
inet_addr
htons

kernel32

SetFilePointer
GetCurrentProcess
GetProcAddress
GetModuleHandleW
WideCharToMultiByte
GetModuleFileNameW
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
SetStdHandle
InterlockedIncrement
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
SetThreadLocale
GetThreadLocale
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CloseHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
lstrcmpiW
HeapFree
SetEnvironmentVariableA
CompareStringW
CompareStringA
ReadFile
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
LoadLibraryA
IsValidCodePage
GetOEMCP
InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
RtlUnwind
HeapAlloc
GetCPInfo
HeapReAlloc
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSize
Sleep
GetTimeZoneInformation
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId

user32

CharNextW
UnregisterClassA

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegEnumKeyExW

ole32

CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc

oleaut32

LoadTypeLi
SysAllocStringLen
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadRegTypeLi
SysAllocString
SysFreeString
SysStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/mindownload.ico
$_2_/npBDSoftHelperPlug.dll
.dll windows:4 windows x86 arch:x86

e72c09f38ee97f18cb3c19fda0611612

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\work\haiyan\trunk\Basic\Output\BinRelease\npBDSoftHelperPlug.pdb

Imports

ws2_32

closesocket
recv
send
connect
htons
inet_addr
setsockopt
socket
WSACleanup
WSAStartup

kernel32

SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CloseHandle
ReadFile
GetProcAddress
CompareStringA
GetCurrentProcess
GetModuleFileNameA
SetFilePointer
GetLocaleInfoA
CompareStringW
SetEnvironmentVariableA
GetModuleHandleA
GetFileType
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
RaiseException
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
GetTimeZoneInformation
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
CreateFileA
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
VirtualAlloc
HeapReAlloc
HeapSize
WriteFile
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
MultiByteToWideChar
LoadLibraryA
InitializeCriticalSection
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

DefWindowProcA
SetWindowLongA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/uninstaller.exe
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:3b:bb:e0:7c:4a:6a:c0:c0:6b:19:26:59:9f:7d:07:d2:41:c1:33
Signer

Actual PE Digest

76:3b:bb:e0:7c:4a:6a:c0:c0:6b:19:26:59:9f:7d:07:d2:41:c1:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 596KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallHelper.dll
.dll windows:4 windows x86 arch:x86

a619476ec7ec29b5eb3ad3c4882bcc9c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:24:a5:3d:72:c1:34:23:a9:15:29:74:51:c1:a6:b3:df:dc:5a:b4
Signer

Actual PE Digest

78:24:a5:3d:72:c1:34:23:a9:15:29:74:51:c1:a6:b3:df:dc:5a:b4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\haiyan_proj\haiyan1.5\Basic\Install\NSIS\Plugins\InstallHelper.pdb

Imports

kernel32

CreateFileW
GlobalFree
lstrcpyW
CreateToolhelp32Snapshot
lstrcpynW
FindFirstFileW
GlobalAlloc
DeleteFileW
FindResourceW
FindNextFileW
Process32FirstW
FindClose
lstrcmpiW
MoveFileExW
CloseHandle
LoadLibraryW
GetProcAddress
GetLastError
SizeofResource
FreeLibrary
LockResource
OutputDebugStringW
LoadResource
FindResourceExW
SetFileAttributesW
GetFileAttributesW
GetModuleHandleW
TerminateProcess
OpenProcess
Sleep
MultiByteToWideChar
GetTickCount
Process32NextW
GetCurrentProcess
FlushFileBuffers
CreateFileA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCurrentThreadId
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
RtlUnwind
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
GetCPInfo
GetOEMCP
IsValidCodePage
LoadLibraryA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

FindWindowW
UnregisterClassA

advapi32

OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
QueryServiceStatus
StartServiceW
OpenServiceW
CloseServiceHandle
ChangeServiceConfig2W
CreateServiceW

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

SysStringLen
SysAllocString
SysFreeString

Exports

Exports

DeleteDirectory
DoInstallService
FireWallAddApp
Function1
Function10
Function2
Function3
Function4
Function5
Function6
Function7
Function8
Function9
InstallDrivers
IsProcessRunning
IsWow64
KillRunningProcess
RefreshPolicies
RenameAndDeleteFile
ReportInstallData
ReportUninstallData
UninstallDrivers

Sections

.text
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 415KB

.ndata Size: - Virtual size: 580KB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 4KB - Virtual size: 3KB

a619476ec7ec29b5eb3ad3c4882bcc9c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

78:24:a5:3d:72:c1:34:23:a9:15:29:74:51:c1:a6:b3:df:dc:5a:b4Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 144KB - Virtual size: 141KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 12KB - Virtual size: 9KB

12cd25cf455e9f4c315e4436b2e49052

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 415KB

.ndata
Size: - Virtual size: 580KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 4KB - Virtual size: 3KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

78:24:a5:3d:72:c1:34:23:a9:15:29:74:51:c1:a6:b3:df:dc:5a:b4
Signer

.text
Size: 144KB - Virtual size: 141KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 12KB - Virtual size: 9KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 272KB - Virtual size: 270KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 52KB - Virtual size: 50KB

.reloc
Size: 28KB - Virtual size: 25KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate