5ef16ac61fec98777567341965b1c0ed_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5ef16ac61fec98777567341965b1c0ed_JaffaCakes118
Size

11.6MB
MD5

5ef16ac61fec98777567341965b1c0ed
SHA1

99249baae6baf9ccc5590cd19908b2ee2d55893d
SHA256

d415bca3d253fa15786d33e4969c61375781147af42fe39f64bedfeb733d5e43
SHA512

f9c13c774bcd6aa0654d451fb843b028f58b05dc586fad4fe96e6a5904400a37635db857763f469f3c0058de14f023159ff673791177867833a8d5514f6dcc86
SSDEEP

196608:5YmC0twM7CBevBm2dez4GhvlOcXDNtub14FQob+9n35CkErTK0qybQ6Wz3+3C/K:q4J2OBm2d8VlH3ub1eQLiTKGWz+3CS

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 3 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/$R0	acprotect
static1/unpack001/YoukuAgent.dll	acprotect
static1/unpack001/ikutm.dll	acprotect

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/$R0	upx
static1/unpack001/YoukuAgent.dll	upx
static1/unpack001/hao123-src=10016004_hao-.exe	upx
static1/unpack001/ikutm.dll	upx

Unsigned PE 26 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/BrandingURL.dll
unpack001/$PLUGINSDIR/GetVersion.dll
unpack001/$PLUGINSDIR/NSISdl.dll
unpack001/$PLUGINSDIR/Rfshdktp.dll
unpack001/$PLUGINSDIR/SkinnedControls.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UAC.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsProcess.dll
unpack002/out.upx
unpack001/$R2/NSIS.Library.RegTool.v3.$_56_.exe
unpack003/out.upx
unpack001/aapt.exe
unpack001/adb.exe
unpack001/ffmpeg.exe
unpack004/out.upx
unpack005/out.upx
unpack001/libmp3lame-0.dll
unpack006/$PLUGINSDIR/GetVersion.dll
unpack006/$PLUGINSDIR/Rfshdktp.dll
unpack006/$PLUGINSDIR/SkinnedControls.dll
unpack006/$PLUGINSDIR/System.dll
unpack006/$PLUGINSDIR/UAC.dll
unpack006/$PLUGINSDIR/inetc.dll
unpack006/$PLUGINSDIR/nsDialogs.dll
unpack006/$PLUGINSDIR/nsProcess.dll

Files

5ef16ac61fec98777567341965b1c0ed_JaffaCakes118
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

17:49:ab:5a:7d:e5:9c
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

18/10/2011, 07:16

Not After

20/10/2014, 12:58

Subject

CN=Youku.com Inc.,O=Youku.com Inc.,L=George Town,ST=George Town,C=KY,1.2.840.113549.1.9.1=#0c136c69756a696e67756f40796f756b752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

91:a2:4c:3d:25:30:47:57:45:9b:c0:8e:cc:95:f0:9c:1b:30:4d:c2
Signer

Actual PE Digest

91:a2:4c:3d:25:30:47:57:45:9b:c0:8e:cc:95:f0:9c:1b:30:4d:c2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/BrandingURL.dll
.dll windows:4 windows x86 arch:x86

135de77644e2add2fd9dd8176740e7e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GlobalFree

user32

GetWindowRect
SetCapture
InvalidateRect
SendMessageA
GetCapture
ClientToScreen
EnableWindow
LoadImageA
SetPropA
SetWindowLongA
GetWindowLongA
GetDlgItem
PtInRect
ReleaseCapture
SetCursor
GetPropA
CallWindowProcA
RedrawWindow

gdi32

GetObjectA
SetTextColor
CreateFontIndirectA

shell32

ShellExecuteA

Exports

Exports

Set
Unload

Sections

.text
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 839B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/BtmImg.bmp
$PLUGINSDIR/FP_AX_CAB_INSTALLER64.exe
.exe windows:5 windows x86 arch:x86

843d987be462af4b31fef46a49ea7204

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

15:e5:ac:0a:48:70:63:71:8e:39:da:52:30:1a:04:88
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

15/12/2010, 00:00

Not After

14/12/2012, 23:59

Subject

CN=Adobe Systems Incorporated,OU=Information Systems+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:ea:18:23:f1:be:7b:f4:29:af:72:39:82:3f:7a:3f:3c:17:60:b9
Signer

Actual PE Digest

04:ea:18:23:f1:be:7b:f4:29:af:72:39:82:3f:7a:3f:3c:17:60:b9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Morpheme.pdb

Imports

kernel32

GetLastError
CreateMutexW
CloseHandle
ExitProcess
GetEnvironmentVariableW
LocalFree
LocalAlloc
GetCurrentProcess
GetVersionExA
SetThreadLocale
GetExitCodeProcess
WaitForSingleObject
GetCommandLineW
GetModuleHandleW
HeapAlloc
GetProcessHeap
HeapFree
ReleaseMutex
QueueUserAPC
SetWaitableTimer
ExitThread
CreateWaitableTimerW
CreateThread
FindResourceW
CreateDirectoryW
ReadFile
GetFileSize
CreateFileW
MoveFileExW
WriteFile
GetTempFileNameW
GetTempPathW
RemoveDirectoryW
DeleteFileW
FreeLibrary
FreeResource
LockResource
SizeofResource
LoadResource
LoadLibraryW
SetFilePointer
GetProcAddress
GetSystemDirectoryW
GetSystemTime
FindResourceA
OutputDebugStringW
LoadLibraryA
GetThreadLocale
InterlockedExchange
RaiseException

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/GetVersion.dll
.dll windows:4 windows x86 arch:x86

5e41893d1528e7648e03f81030aca366

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
lstrcmpiA
GetSystemInfo
GlobalAlloc
lstrcpynA
GetModuleHandleA
lstrcatA
GetVersionExA

user32

wsprintfA
GetSystemMetrics

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Exports

Exports

WindowsName
WindowsPlatformArchitecture
WindowsPlatformId
WindowsServerName
WindowsServicePack
WindowsServicePackBuild
WindowsServicePackMajor
WindowsServicePackMinor
WindowsType
WindowsVersion

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 374B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Header.bmp
$PLUGINSDIR/LeftImg.bmp
$PLUGINSDIR/NSISdl.dll
.dll windows:5 windows x86 arch:x86

6b9d096578bad49648d82fb5a245a197

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
lstrlenA
lstrcpynA
lstrcatA
GlobalAlloc
GlobalFree
MulDiv
GetTickCount
lstrcpyA
Sleep
WriteFile
CreateFileA
lstrcpyW
lstrcpynW
WideCharToMultiByte
MultiByteToWideChar
CreateThread
WaitForSingleObject
DeleteFileA
CloseHandle
IsProcessorFeaturePresent

user32

GetWindowLongW
CreateWindowExW
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
SendMessageW
GetDlgItem
FindWindowExW
SetWindowTextA
SetDlgItemTextA
CharPrevA
SetWindowLongW
RegisterWindowMessageW
EnableWindow
DestroyWindow
CallWindowProcW
wsprintfA
GetFocus

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

ws2_32

inet_addr
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
closesocket
shutdown
ioctlsocket
htons
socket
WSACleanup
WSAStartup
gethostbyname

Exports

Exports

download
download_quiet

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 890B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Rfshdktp.dll
.dll windows:4 windows x86 arch:x86

042f3c184e7c0923b6325ab1dc09aed7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

SHGetSpecialFolderLocation
SHChangeNotify

Exports

Exports

refreshDesktop

Sections

.text
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 206B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ScrollBarImg.bmp
$PLUGINSDIR/SkinnedControls.dll
.dll windows:5 windows x86 arch:x86

0b5ebf524f3364a6e46fa57d8d2ff79c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetVersionExW
GetVersion
HeapFree
GetProcessHeap
GetModuleHandleW
HeapAlloc
lstrcmpW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
SetLastError
VirtualProtect
FlushInstructionCache
GetProcAddress
LoadLibraryA
VirtualQuery
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
Sleep
InterlockedDecrement
GetCurrentThreadId
InterlockedIncrement
TlsSetValue
TlsGetValue
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
lstrlenW
GetFileAttributesW
LocalFree
GetLastError
FormatMessageW
lstrcmpiW
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
lstrcpynW
lstrcpyW
MulDiv
GlobalFree

user32

IsWindowVisible
SetCursor
GetCursorPos
ScreenToClient
GetMessagePos
ReleaseCapture
KillTimer
SetCapture
SetTimer
PtInRect
MapWindowPoints
CopyRect
ReleaseDC
GetWindowDC
WindowFromDC
InflateRect
FrameRect
OffsetRect
GetWindowRect
GetSysColorBrush
GetSystemMetrics
SetRect
DrawFrameControl
GetSysColor
GetClientRect
CreateWindowExW
SendMessageW
SetWindowPos
ShowScrollBar
SetScrollRange
SetScrollPos
SetScrollInfo
GetScrollRange
GetScrollPos
GetScrollInfo
EnableScrollBar
FillRect
LoadImageW
ShowWindow
FindWindowExW
EnumChildWindows
RemovePropW
GetClassNameW
GetParent
UpdateWindow
SetPropW
GetDlgItem
SetWindowLongW
InvalidateRect
PostMessageW
CallWindowProcW
GetDlgItemTextW
GetClassLongW
GetWindowLongW
GetPropW
DrawTextW
wsprintfW
DrawEdge

gdi32

ExtTextOutW
SetBrushOrgEx
PatBlt
CreateBitmap
UnrealizeObject
CreateCompatibleBitmap
SetBkColor
GetObjectW
PlayEnhMetaFile
SetWindowOrgEx
SelectClipRgn
IntersectClipRect
CreatePatternBrush
CreateSolidBrush
GetStockObject
SetStretchBltMode
BitBlt
StretchBlt
SetBkMode
SetTextColor
DeleteObject
CreateCompatibleDC
SelectObject
GetPixel
DeleteDC

Exports

Exports

setskin
skinit
unskinit

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:5 windows x86 arch:x86

96b1473ae2c35072eabdf1009277c4fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\DevelopmentWorkspace\mtasa-blue\Shared\installer\NSIS dirs\Plugins\uac\Release\uac.pdb

Imports

kernel32

CloseHandle
LocalFree
GetCommandLineW
MapViewOfFile
UnmapViewOfFile
WaitForSingleObject
SetEvent
GetModuleHandleW
OpenProcess
Sleep
GetVersionExW
GetExitCodeProcess
SetLastError
GetProcAddress
CreateFileMappingW
GetExitCodeThread
lstrcatW
SetCurrentDirectoryW
lstrcmpiW
GetCurrentThreadId
DuplicateHandle
GetCurrentProcessId
CreateThread
GetCurrentProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LoadLibraryA
GlobalFree
GetLastError
GetPrivateProfileIntW
lstrlenW
GetModuleFileNameW
FormatMessageW
GlobalAlloc
GetPrivateProfileStringW
CreateEventW
CreateProcessW

user32

CreateWindowExW
FindWindowExW
CreateDialogParamW
SetWindowPos
GetClassNameW
PeekMessageW
LoadIconW
IsDialogMessageW
TranslateMessage
GetClientRect
CallNextHookEx
SetForegroundWindow
MsgWaitForMultipleObjects
SetWindowsHookExW
CharNextW
GetWindowRect
IsWindowVisible
CallWindowProcW
DefWindowProcW
GetWindowThreadProcessId
DispatchMessageW
DestroyWindow
LoadImageW
DialogBoxParamW
GetWindowLongW
GetDlgItem
SetWindowLongW
PostMessageW
UnhookWindowsHookEx
EnableWindow
SendMessageW
EndDialog
LoadStringW
ShowWindow
MessageBoxW
wsprintfW

advapi32

GetUserNameW
GetTokenInformation
EqualSid
QueryServiceStatus
OpenSCManagerW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
CloseServiceHandle
OpenServiceW

shell32

ShellExecuteExW

ole32

CoInitialize

msvcr90

_crt_debugger_hook
memset

Exports

Exports

_

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/banner_v40.bmp
$PLUGINSDIR/default.ini
$PLUGINSDIR/installing1_v40.bmp
$PLUGINSDIR/installing2_v40.bmp
$PLUGINSDIR/installing3_v40.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsProcess.dll
.dll windows:4 windows x86 arch:x86

c9fc7f6df8fedf8f8f1f9f820c072664

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
CloseHandle
TerminateProcess
OpenProcess
lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryA
GetVersionExA
GlobalFree
lstrcpynA
GlobalAlloc

Exports

Exports

_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 646B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/setup_welcome_v40.bmp
$R0
.dll regsvr32 windows:4 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

17:49:ab:5a:7d:e5:9c
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

18/10/2011, 07:16

Not After

20/10/2014, 12:58

Subject

CN=Youku.com Inc.,O=Youku.com Inc.,L=George Town,ST=George Town,C=KY,1.2.840.113549.1.9.1=#0c136c69756a696e67756f40796f756b752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

12:9c:d1:36:59:e2:b3:a6:94:f1:78:a4:28:5a:a2:17:0f:71:31:de
Signer

Actual PE Digest

12:9c:d1:36:59:e2:b3:a6:94:f1:78:a4:28:5a:a2:17:0f:71:31:de

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 57KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 267B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R2/NSIS.Library.RegTool.v3.$_56_.exe
.exe windows:5 windows x86 arch:x86

30847fe5521690f49dddc9ee5ed353d0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryW
GetModuleFileNameW
GlobalAlloc
FreeLibrary
LoadLibraryExW
lstrcmpiA
lstrlenA
CreateFileW
GetFileAttributesW
WriteFile
SetFilePointer
CreateProcessW
ReadFile
GetFileSize
lstrcatW
GetWindowsDirectoryW
WideCharToMultiByte
GetShortPathNameW
lstrcpyW
SetErrorMode
ExitProcess
GetCommandLineW
CloseHandle
WaitForSingleObject
GlobalFree
GetModuleHandleW
lstrcpyA
GetProcAddress

oleaut32

LoadTypeLi
RegisterTypeLi

advapi32

RegQueryValueExW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyExW
RegCloseKey

user32

wsprintfW
CharNextA
wsprintfA
CharNextW

ole32

OleInitialize
OleUninitialize

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
YoukuAgent.dll
.dll regsvr32 windows:4 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

17:49:ab:5a:7d:e5:9c
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

18/10/2011, 07:16

Not After

20/10/2014, 12:58

Subject

CN=Youku.com Inc.,O=Youku.com Inc.,L=George Town,ST=George Town,C=KY,1.2.840.113549.1.9.1=#0c136c69756a696e67756f40796f756b752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

12:9c:d1:36:59:e2:b3:a6:94:f1:78:a4:28:5a:a2:17:0f:71:31:de
Signer

Actual PE Digest

12:9c:d1:36:59:e2:b3:a6:94:f1:78:a4:28:5a:a2:17:0f:71:31:de

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 57KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 267B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
YoukuDesktop.exe
.exe windows:4 windows x86 arch:x86

dcf0b9f9859e6e39859e8b88a5798fd1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

17:49:ab:5a:7d:e5:9c
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

18/10/2011, 07:16

Not After

20/10/2014, 12:58

Subject

CN=Youku.com Inc.,O=Youku.com Inc.,L=George Town,ST=George Town,C=KY,1.2.840.113549.1.9.1=#0c136c69756a696e67756f40796f756b752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

d4:0e:a5:18:14:f3:cd:5c:a5:5c:cf:87:05:64:4d:a8:35:1d:55:98
Signer

Actual PE Digest

d4:0e:a5:18:14:f3:cd:5c:a5:5c:cf:87:05:64:4d:a8:35:1d:55:98

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\SVN\install.v3\src\ikucmc_44branch\build\bin\Publish\Youkudesktop.pdb

Imports

user32

GetSystemMetrics
SendMessageTimeoutW
FindWindowW
PostMessageW
SendMessageW

version

GetFileVersionInfoW
GetFileVersionInfoSizeA
GetFileVersionInfoA
GetFileVersionInfoSizeW
VerQueryValueW

advapi32

RegOpenKeyExW
GetUserNameA
SetNamedSecurityInfoA
SetSecurityDescriptorDacl
RegQueryValueExA
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
InitializeSecurityDescriptor
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegCloseKey

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

ws2_32

htons
ntohs
select
getaddrinfo
WSCEnumProtocols
send
recv
WSASocketW
socket
sendto
recvfrom
__WSAFDIsSet
gethostname
ioctlsocket
WSASetLastError
closesocket
WSAGetLastError
setsockopt
WSASend
WSACleanup
WSAStartup
accept
htonl
WSARecv
listen
bind
WSAStringToAddressA
shutdown
getsockopt
getpeername
connect
freeaddrinfo
ntohl
getsockname

kernel32

PeekNamedPipe
GetTimeZoneInformation
GetFileSize
GetConsoleMode
FlushFileBuffers
GetLocaleInfoA
GetUserDefaultLCID
GetDriveTypeA
GetFullPathNameA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
GetConsoleCP
ReadFile
SetFilePointer
IsValidCodePage
GetOEMCP
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStartupInfoA
GetFileType
SetHandleCount
GetVersionExW
GetWindowsDirectoryW
FreeLibrary
GetCurrentProcess
GetCurrentThreadId
OpenProcess
SetWaitableTimer
WaitForSingleObject
SetEvent
LeaveCriticalSection
GetProcAddress
InterlockedExchange
GetLastError
CloseHandle
GetSystemTimeAsFileTime
QueryPerformanceCounter
Process32NextW
CreateToolhelp32Snapshot
Module32FirstW
EnterCriticalSection
PostQueuedCompletionStatus
CreateEventW
InterlockedIncrement
Process32FirstW
InterlockedExchangeAdd
SleepEx
TlsFree
TerminateProcess
InterlockedDecrement
CreateWaitableTimerW
LoadLibraryW
TlsAlloc
CreateEventA
MultiByteToWideChar
WideCharToMultiByte
CreateProcessW
AllocConsole
SetConsoleOutputCP
GetACP
GetDriveTypeW
GetDiskFreeSpaceExW
FreeConsole
GetModuleFileNameW
Sleep
FindFirstFileA
FindClose
FileTimeToLocalFileTime
GetModuleHandleW
FileTimeToSystemTime
CopyFileW
GetTickCount
DeleteCriticalSection
QueueUserAPC
TerminateThread
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
GetQueuedCompletionStatus
SetLastError
HeapAlloc
GetProcessHeap
HeapFree
TlsSetValue
CreateIoCompletionPort
TlsGetValue
OpenMutexW
CreateMutexW
GlobalFree
GlobalAlloc
QueryPerformanceFrequency
ReleaseMutex
GetVersionExA
VirtualProtect
WriteProcessMemory
GlobalMemoryStatus
GetCurrentProcessId
CreateFileA
SetUnhandledExceptionFilter
GetLocalTime
GetCurrentThread
InitializeCriticalSection
VirtualQuery
GlobalMemoryStatusEx
GetLogicalDriveStringsW
GetCommandLineW
GetSystemDefaultLCID
GetEnvironmentVariableA
GetThreadContext
GetFileAttributesW
SuspendThread
ResumeThread
GetModuleFileNameA
GetCurrentDirectoryA
ReadProcessMemory
GetEnvironmentVariableW
OutputDebugStringA
CreateFileMappingA
OpenFileMappingA
LocalFree
MapViewOfFile
OpenEventA
ResetEvent
SystemTimeToFileTime
FormatMessageA
ReleaseSemaphore
CreateWaitableTimerA
SetEndOfFile
CreateFileW
RemoveDirectoryW
DeleteFileW
DeviceIoControl
FindFirstFileW
FindNextFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileInformationByHandle
CreateDirectoryW
GetModuleHandleA
AreFileApisANSI
ExitThread
CreateThread
ExitProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
SetEnvironmentVariableW
MoveFileW
HeapReAlloc
GetTimeFormatA
GetDateFormatA
LCMapStringA
LCMapStringW
RaiseException
RtlUnwind
GetStringTypeA
GetStringTypeW
GetCPInfo
HeapSize
WriteFile
GetStdHandle
LoadLibraryA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetStdHandle

wininet

InternetSetOptionW
InternetOpenW
HttpQueryInfoA
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
HttpQueryInfoW
InternetSetFilePointer
InternetTimeToSystemTimeA
InternetCloseHandle
InternetReadFile

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
YoukuMediaCenter.exe
.exe windows:4 windows x86 arch:x86

ff29a89809fb8c57dd10323bb81e041c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

17:49:ab:5a:7d:e5:9c
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

18/10/2011, 07:16

Not After

20/10/2014, 12:58

Subject

CN=Youku.com Inc.,O=Youku.com Inc.,L=George Town,ST=George Town,C=KY,1.2.840.113549.1.9.1=#0c136c69756a696e67756f40796f756b752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

1c:e1:83:c4:d4:d5:e5:b0:63:97:c1:8e:4b:c5:05:60:f2:d7:9a:5c
Signer

Actual PE Digest

1c:e1:83:c4:d4:d5:e5:b0:63:97:c1:8e:4b:c5:05:60:f2:d7:9a:5c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\SVN\install.v3\src\ikucmc_44branch\build\bin\Publish\YoukuMediaCenter.pdb

Imports

advapi32

OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
SetNamedSecurityInfoA
InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSecurityDescriptorSacl
RegQueryValueExA
GetUserNameA
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
DeregisterEventSource
ReportEventA
RegisterEventSourceA
CreateWellKnownSid
GetTokenInformation
CheckTokenMembership
SetSecurityDescriptorDacl

kernel32

SetConsoleCtrlHandler
LoadResource
CreateProcessW
LockResource
FreeResource
FindFirstFileA
AllocConsole
FindClose
SetConsoleOutputCP
FileTimeToLocalFileTime
GetModuleFileNameW
GetACP
FileTimeToSystemTime
FreeConsole
CopyFileW
MoveFileExW
GetTickCount
GetSystemDirectoryW
GetTempPathW
GetModuleHandleW
GetLogicalDrives
Sleep
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
GetQueuedCompletionStatus
SetLastError
HeapAlloc
GetProcessHeap
HeapFree
TlsSetValue
CreateIoCompletionPort
TlsGetValue
DeleteCriticalSection
QueueUserAPC
TerminateThread
WaitForMultipleObjects
OpenMutexW
CreateMutexW
SizeofResource
GlobalAlloc
GetFullPathNameA
CreateEventW
SetConsoleMode
ReadConsoleInputA
GetDriveTypeA
SleepEx
PostQueuedCompletionStatus
EnterCriticalSection
InterlockedIncrement
CreateToolhelp32Snapshot
Module32FirstW
InterlockedDecrement
FindResourceW
GetDiskFreeSpaceExW
GetDriveTypeW
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryW
FreeLibrary
TlsAlloc
CreateWaitableTimerW
InterlockedExchangeAdd
TerminateProcess
GetThreadLocale
GetVersionExW
VerifyVersionInfoW
VerSetConditionMask
GetFileSize
FlushConsoleInputBuffer
GetVersion
ExpandEnvironmentStringsA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetTimeZoneInformation
Process32FirstW
TlsFree
GlobalFree
SetFilePointer
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
Process32NextW
GetSystemTimeAsFileTime
GetLastError
CloseHandle
QueryPerformanceCounter
InterlockedExchange
GetProcAddress
LeaveCriticalSection
SetEvent
WaitForSingleObject
OpenProcess
GetCurrentProcess
SetWaitableTimer
GetCurrentThreadId
CreateEventA
HeapSize
GetStringTypeW
GetStringTypeA
RaiseException
RtlUnwind
GetCPInfo
QueryPerformanceFrequency
ReleaseMutex
VirtualQuery
GetVersionExA
GlobalMemoryStatus
VirtualProtect
WriteProcessMemory
GetCurrentProcessId
CreateFileA
SetUnhandledExceptionFilter
GetLocalTime
GetCurrentThread
InitializeCriticalSection
GlobalMemoryStatusEx
GetLogicalDriveStringsW
GetSystemDefaultLCID
GetWindowsDirectoryW
GetEnvironmentVariableA
GetThreadContext
GetFileAttributesW
SuspendThread
ResumeThread
GetModuleFileNameA
GetCurrentDirectoryA
ReadProcessMemory
GetEnvironmentVariableW
OpenFileMappingA
LocalFree
MapViewOfFile
UnmapViewOfFile
OutputDebugStringA
CreateFileMappingA
OpenEventA
ResetEvent
SystemTimeToFileTime
FlushFileBuffers
SetEndOfFile
DeviceIoControl
ReadFile
SetFilePointerEx
WriteFile
FormatMessageA
CreateFileW
GetExitCodeProcess
GetStartupInfoW
CreatePipe
GetSystemInfo
LoadLibraryA
DeleteFileW
GetModuleHandleA
DeleteFileA
FindResourceExW
lstrlenW
ReleaseSemaphore
CreateSemaphoreA
GetTempFileNameW
GetNativeSystemInfo
AssignProcessToJobObject
PeekNamedPipe
SetInformationJobObject
CreateJobObjectW
GetUserDefaultLCID
GetStringTypeExA
LCMapStringA
LCMapStringW
CreateWaitableTimerA
RemoveDirectoryW
FindFirstFileW
FindNextFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileInformationByHandle
GetFileAttributesExW
CreateDirectoryW
AreFileApisANSI
ExitThread
CreateThread
ExitProcess
UnhandledExceptionFilter
IsDebuggerPresent
SetEnvironmentVariableW
FindNextFileA
MoveFileW
GetTimeFormatA
GetDateFormatA
WriteConsoleW
GetFileType
GetStdHandle
MoveFileA
HeapReAlloc

user32

GetDesktopWindow
ExitWindowsEx
MessageBoxA
GetProcessWindowStation
SendMessageTimeoutW
PostMessageW
FindWindowW
GetUserObjectInformationW
UnregisterClassA
LoadStringA
GetSystemMetrics
SendMessageW

ws2_32

freeaddrinfo
connect
getpeername
getsockopt
shutdown
WSAStringToAddressA
ntohl
listen
WSARecv
htonl
WSARecvFrom
getaddrinfo
getsockname
accept
select
WSASendTo
ntohs
htons
WSASocketW
WSAIoctl
send
socket
recv
inet_ntoa
gethostbyname
inet_addr
WSAAddressToStringA
WSCEnumProtocols
WSASetLastError
closesocket
WSAGetLastError
setsockopt
__WSAFDIsSet
sendto
gethostname
recvfrom
WSAStartup
WSASend
ioctlsocket
WSACleanup
bind

mswsock

AcceptEx
GetAcceptExSockaddrs

iphlpapi

GetIpAddrTable
NotifyAddrChange
GetAdaptersInfo

wininet

HttpQueryInfoA
HttpQueryInfoW
InternetSetFilePointer
InternetReadFile
InternetCloseHandle
InternetOpenW
HttpSendRequestW
InternetConnectW
HttpOpenRequestW
InternetSetOptionW
InternetTimeToSystemTimeA

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstanceIdW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW

psapi

GetModuleFileNameExW

version

GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoA

shell32

ShellExecuteExW
SHChangeNotify
ShellExecuteW
ord680
SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoUninitialize
CoInitializeEx
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 195KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 325KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
aapt.exe
.exe windows:4 windows x86 arch:x86

6cae795410282b03a8c84b120ba75b69

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CreateEventA
CreateFileMappingA
CreateMutexA
CreateSemaphoreA
CreateThread
DeleteCriticalSection
EnterCriticalSection
ExitProcess
GetCurrentThreadId
GetFileAttributesA
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemInfo
GetSystemTimeAsFileTime
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByteEx
LeaveCriticalSection
MapViewOfFile
MultiByteToWideChar
ReleaseMutex
ReleaseSemaphore
SetLastError
SetUnhandledExceptionFilter
SignalObjectAndWait
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnmapViewOfFile
WaitForSingleObject
WideCharToMultiByte

msvcrt

_access
_close
_dup
_fdopen
_fstat
_getpid
_lseek
_open
_read
_stat
_strdup
_unlink
_write
__getmainargs
__lc_codepage
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_cexit
_chsize
_errno
_filbuf
_findclose
_findfirst
_findnext
_fullpath
_get_osfhandle
_iob
_isctype
_lseeki64
_mkdir
_onexit
_pctype
_setjmp
_setmode
_stricmp
_strnicmp
abort
atexit
atoi
calloc
exit
fclose
fflush
fopen
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
getenv
gmtime
localeconv
localtime
longjmp
malloc
memchr
memcpy
memmove
memset
mktime
pow
printf
putchar
puts
qsort
rand
realloc
remove
rewind
signal
sprintf
srand
strcat
strchr
strcmp
strcpy
strerror
strftime
strlen
strncmp
strncpy
strrchr
strstr
strtok
strtol
time
tolower
toupper
wcslen

Sections

.text
Size: 682KB - Virtual size: 681KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
adb.exe
.exe windows:4 windows x86 arch:x86

e16d22097e3080c933d4edd906a052e9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Workplace\iku\adb\adb\release\adb.pdb

Imports

ws2_32

gethostbyname
setsockopt
recv
WSAStartup
bind
socket
htonl
WSACreateEvent
WSAGetLastError
WSAEnumNetworkEvents
closesocket
htons
WSAEventSelect
send
shutdown
listen
connect
WSACleanup
accept

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces

winusb

WinUsb_ReadPipe
WinUsb_GetOverlappedResult
WinUsb_Free
WinUsb_QueryInterfaceSettings
WinUsb_GetDescriptor
WinUsb_GetCurrentAlternateSetting
WinUsb_QueryPipe
WinUsb_Initialize
WinUsb_SetPipePolicy
WinUsb_WritePipe

kernel32

WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LCMapStringW
LCMapStringA
GetCommandLineW
GetCommandLineA
GetTimeZoneInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetStdHandle
GetCurrentDirectoryA
GetFullPathNameA
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
CreateProcessW
ReadFile
GetModuleFileNameW
CloseHandle
SetConsoleCtrlHandler
GetTempPathA
SetHandleInformation
Sleep
GetStdHandle
GetLastError
CreatePipe
LeaveCriticalSection
EnterCriticalSection
WriteFile
GetModuleFileNameA
WideCharToMultiByte
FindClose
GetLocalTime
GetFullPathNameW
CompareStringA
FindNextFileW
FindFirstFileW
CreateFileA
DeleteCriticalSection
GetFileSize
SetFilePointer
CreateFileW
WaitForSingleObject
InterlockedCompareExchange
SetEvent
ResetEvent
InitializeCriticalSection
CreateEventW
WaitForMultipleObjects
SetLastError
GetCurrentThreadId
GetProcAddress
GetModuleHandleA
GetVersion
GetFileType
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
FreeLibrary
LoadLibraryA
GetVersionExA
FlushConsoleInputBuffer
InterlockedIncrement
InterlockedDecrement
DeviceIoControl
GetOverlappedResult
RaiseException
RtlUnwind
FlushFileBuffers
TlsFree
TlsSetValue
TlsAlloc
CompareStringW
GetFileAttributesA
SetEnvironmentVariableA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetEnvironmentVariableW
SetEndOfFile
MultiByteToWideChar
TlsGetValue
GetConsoleCP
GetStartupInfoA
SetHandleCount
HeapFree
HeapAlloc
ExitProcess
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
CreateDirectoryW
DeleteFileW
SetFileAttributesW
GetFileAttributesW
ExitThread
ResumeThread
CreateThread
GetDriveTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapReAlloc
GetProcessHeap
GetSystemTimeAsFileTime
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc

user32

GetUserObjectInformationW
wsprintfW
GetProcessWindowStation
GetDesktopWindow
MessageBoxA

advapi32

RegisterEventSourceA
ReportEventA
DeregisterEventSource

shell32

SHGetFolderPathA

ole32

CoCreateInstance

Exports

Exports

??0AdbEndpointObject@@QAE@ABV0@@Z
??0AdbEndpointObject@@QAE@PAVAdbInterfaceObject@@EE@Z
??0AdbIOCompletion@@QAE@ABV0@@Z
??0AdbIOCompletion@@QAE@PAVAdbEndpointObject@@KPAX@Z
??0AdbInterfaceObject@@QAE@ABV0@@Z
??0AdbInterfaceObject@@QAE@PB_W@Z
??0AdbObjectHandle@@QAE@ABV0@@Z
??0AdbObjectHandle@@QAE@W4AdbObjectType@@@Z
??1AdbEndpointObject@@MAE@XZ
??1AdbIOCompletion@@MAE@XZ
??1AdbInterfaceObject@@MAE@XZ
??1AdbObjectHandle@@MAE@XZ
??4AdbEndpointObject@@QAEAAV0@ABV0@@Z
??4AdbIOCompletion@@QAEAAV0@ABV0@@Z
??4AdbInterfaceObject@@QAEAAV0@ABV0@@Z
??4AdbObjectHandle@@QAEAAV0@ABV0@@Z
??_7AdbEndpointObject@@6B@
??_7AdbIOCompletion@@6B@
??_7AdbInterfaceObject@@6B@
??_7AdbObjectHandle@@6B@
?AddRef@AdbObjectHandle@@UAEJXZ
?AsyncRead@AdbEndpointObject@@UAEPAXPAXKPAK0K@Z
?AsyncWrite@AdbEndpointObject@@UAEPAXPAXKPAK0K@Z
?CloseHandle@AdbObjectHandle@@UAE_NXZ
?CreateHandle@AdbObjectHandle@@UAEPAXXZ
?GetEndpointInformation@AdbEndpointObject@@UAE_NPAU_AdbEndpointInformation@@@Z
?GetInterfaceName@AdbInterfaceObject@@UAE_NPAXPAK_N@Z
?GetParentInterfaceHandle@AdbEndpointObject@@QBEPAXXZ
?GetParentObjectHandle@AdbIOCompletion@@QBEPAXXZ
?GetUsbConfigurationDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_CONFIGURATION_DESCRIPTOR@@@Z
?GetUsbDeviceDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_DEVICE_DESCRIPTOR@@@Z
?GetUsbInterfaceDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_INTERFACE_DESCRIPTOR@@@Z
?IsCompleted@AdbIOCompletion@@UAE_NXZ
?IsObjectOfType@AdbObjectHandle@@UAE_NW4AdbObjectType@@@Z
?IsOpened@AdbObjectHandle@@QAE_NXZ
?LastReferenceReleased@AdbObjectHandle@@MAEXXZ
?Lookup@AdbObjectHandle@@SAPAV1@PAX@Z
?Release@AdbObjectHandle@@UAEJXZ
?SyncRead@AdbEndpointObject@@UAE_NPAXKPAKK@Z
?SyncWrite@AdbEndpointObject@@UAE_NPAXKPAKK@Z
?Type@AdbEndpointObject@@SA?AW4AdbObjectType@@XZ
?Type@AdbIOCompletion@@SA?AW4AdbObjectType@@XZ
?Type@AdbInterfaceObject@@SA?AW4AdbObjectType@@XZ
?adb_handle@AdbObjectHandle@@QAEPAXXZ
?endpoint_id@AdbEndpointObject@@QBEEXZ
?endpoint_index@AdbEndpointObject@@QBEEXZ
?interface_name@AdbInterfaceObject@@QBEABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?object_type@AdbObjectHandle@@QAE?AW4AdbObjectType@@XZ
?overlapped@AdbIOCompletion@@QAEPAU_OVERLAPPED@@XZ
?parent_interface@AdbEndpointObject@@QBEPAVAdbInterfaceObject@@XZ
?parent_io_object@AdbIOCompletion@@QBEPAVAdbEndpointObject@@XZ
?usb_config_descriptor@AdbInterfaceObject@@QBEPBU_USB_CONFIGURATION_DESCRIPTOR@@XZ
?usb_device_descriptor@AdbInterfaceObject@@QBEPBU_USB_DEVICE_DESCRIPTOR@@XZ
?usb_interface_descriptor@AdbInterfaceObject@@QBEPBU_USB_INTERFACE_DESCRIPTOR@@XZ
AdbCloseHandle
AdbCreateInterface
AdbCreateInterfaceByName
AdbEnumInterfaces
AdbGetDefaultBulkReadEndpointInformation
AdbGetDefaultBulkWriteEndpointInformation
AdbGetEndpointInformation
AdbGetEndpointInterface
AdbGetInterfaceName
AdbGetOvelappedIoResult
AdbGetSerialNumber
AdbGetUsbConfigurationDescriptor
AdbGetUsbDeviceDescriptor
AdbGetUsbInterfaceDescriptor
AdbHasOvelappedIoComplated
AdbNextInterface
AdbOpenDefaultBulkReadEndpoint
AdbOpenDefaultBulkWriteEndpoint
AdbOpenEndpoint
AdbQueryInformationEndpoint
AdbReadEndpointAsync
AdbReadEndpointSync
AdbResetInterfaceEnum
AdbWriteEndpointAsync
AdbWriteEndpointSync
InstantiateWinUsbInterface

Sections

.text
Size: 568KB - Virtual size: 565KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
controller.dll
.dll windows:4 windows x86 arch:x86

8d6b701de5f08bef15561e32ad6edf72

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

17:49:ab:5a:7d:e5:9c
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

18/10/2011, 07:16

Not After

20/10/2014, 12:58

Subject

CN=Youku.com Inc.,O=Youku.com Inc.,L=George Town,ST=George Town,C=KY,1.2.840.113549.1.9.1=#0c136c69756a696e67756f40796f756b752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

52:39:d5:2e:70:45:dc:ca:0a:90:b1:36:2f:44:61:b3:7a:ac:d8:cd
Signer

Actual PE Digest

52:39:d5:2e:70:45:dc:ca:0a:90:b1:36:2f:44:61:b3:7a:ac:d8:cd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\SVN\install.v3\src\ikucmc_44branch\build\bin\Publish\controller.pdb

Imports

gdiplus

GdipCreateHBITMAPFromBitmap
GdipSetImageAttributesWrapMode
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDrawImageRectRectI
GdipDrawCachedBitmap
GdipGetImageWidth
GdipDrawString
GdipCreateCachedBitmap
GdipDeleteCachedBitmap
GdipGetImageType
GdipMeasureString
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipDeleteFont
GdipGetImageHeight
GdipCreateSolidFill
GdipDeleteStringFormat
GdipFillRectangle
GdipSetLineSigmaBlend
GdipGetImageEncoders
GdipCreateStringFormat
GdipSaveImageToFile
GdipGetImageGraphicsContext
GdipGetImageHorizontalResolution
GdipGetImageVerticalResolution
GdipBitmapSetResolution
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdiplusShutdown
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipCreateFontFromLogfontW
GdipCreateFontFromDC
GdipCreateFontFamilyFromName
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetGenericFontFamilySansSerif
GdipDrawImageRectRect
GdipDrawLineI
GdipDrawRectangleI
GdipDeletePen
GdipCreatePen1
GdipCloneStringFormat
GdipCloneFont
GdipDrawImageRectI
GdipDrawImagePointRectI
GdipFillRectangleI
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateFont
GdipGetFontUnit
GdipGetFontStyle
GdipGetFontSize
GdipCloneBrush
GdipGetFamilyName
GdipGetFamily
GdipDeleteBrush
GdipDeleteFontFamily
GdipGetLogFontW
GdipAlloc
GdipFree
GdipSetStringFormatTrimming
GdipCreateFromHWNDICM
GdipCreateFromHWND
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDrawImageI
GdipCreateLineBrushFromRectWithAngleI
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipCreateRegionRectI
GdipDeleteRegion
GdipCombineRegionRegion
GdipFillRegion
GdipGetImageEncodersSize
GdipSetStringFormatFlags

kernel32

GetModuleFileNameW
HeapAlloc
GetProcessHeap
HeapFree
InitializeCriticalSectionAndSpinCount
TlsSetValue
TlsGetValue
CreateIoCompletionPort
QueueUserAPC
TerminateThread
InterlockedCompareExchange
WaitForMultipleObjects
GetQueuedCompletionStatus
WideCharToMultiByte
GetDiskFreeSpaceExW
QueryPerformanceCounter
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToSystemTime
GetACP
CopyFileW
GetTickCount
CreateThread
OpenFileMappingA
LocalFree
MapViewOfFile
CreateFileMappingA
GetCurrentProcessId
SystemTimeToFileTime
FormatMessageA
ReadFile
PeekNamedPipe
GetFileType
GetStdHandle
SetLastError
ExpandEnvironmentStringsA
GetVersionExW
GetSystemInfo
GetVersion
GetCurrentDirectoryW
GetPrivateProfileStringW
GetVersionExA
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GetModuleHandleA
FormatMessageW
SetErrorMode
ResumeThread
CompareStringA
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
GetThreadLocale
LocalAlloc
GlobalReAlloc
GlobalHandle
LocalReAlloc
GlobalFlags
lstrlenA
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
FindFirstFileW
GetVolumeInformationW
GetFullPathNameW
CreateFileW
GetFileAttributesW
GetFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
HeapReAlloc
GetCommandLineA
CreateDirectoryW
GetFileInformationByHandle
GetDriveTypeA
RtlUnwind
ExitProcess
HeapSize
VirtualProtect
VirtualAlloc
VirtualQuery
GetModuleFileNameA
GetTimeZoneInformation
HeapDestroy
HeapCreate
VirtualFree
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
SetStdHandle
GetFullPathNameA
GetCurrentDirectoryA
GetLocaleInfoA
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
MulDiv
DeleteCriticalSection
IsBadWritePtr
RaiseException
GetModuleHandleW
lstrcmpW
lstrcmpiW
OutputDebugStringA
lstrlenW
InitializeCriticalSection
FlushInstructionCache
FreeLibrary
FreeResource
Sleep
DeleteFileW
LoadLibraryW
GetProcAddress
WritePrivateProfileStringW
GetPrivateProfileIntW
MultiByteToWideChar
InterlockedDecrement
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
FindResourceW
LoadResource
LockResource
SizeofResource
CreateEventW
InterlockedIncrement
SleepEx
GetSystemTimeAsFileTime
PostQueuedCompletionStatus
LeaveCriticalSection
InterlockedExchange
EnterCriticalSection
CreateWaitableTimerW
InterlockedExchangeAdd
SetWaitableTimer
GetCurrentThreadId
CloseHandle
SetEvent
GetLastError
WaitForSingleObject
TlsFree
TlsAlloc
CreateEventA
UnhandledExceptionFilter
LoadLibraryExW
IsProcessorFeaturePresent
ReleaseSemaphore
OpenEventA
ResetEvent
CreateWaitableTimerA
DeviceIoControl
GetFileAttributesExW
AreFileApisANSI
LoadLibraryA

user32

PeekMessageW
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
GetTopWindow
GetLastActivePopup
GetForegroundWindow
RemovePropW
GetPropW
SetPropW
GetClassLongW
CallNextHookEx
SetWindowsHookExW
GetCapture
WinHelpW
SendDlgItemMessageA
SendDlgItemMessageW
IsDialogMessageW
IsWindowEnabled
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
CheckMenuItem
GetMenuState
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetWindowThreadProcessId
UnregisterClassW
ValidateRect
MapDialogRect
SetWindowContextHelpId
DestroyMenu
GetSysColorBrush
CharUpperW
CopyAcceleratorTableW
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatW
PostThreadMessageW
GetMenuItemCount
RegisterClassW
AdjustWindowRectEx
EqualRect
GetDlgCtrlID
SystemParametersInfoA
SetActiveWindow
GetMenuItemID
TrackPopupMenu
SetMenuDefaultItem
LoadImageW
LoadMenuW
GetWindowPlacement
FindWindowExW
SendMessageTimeoutW
DispatchMessageW
RegisterDeviceNotificationW
GetMessageW
FindWindowW
PostQuitMessage
UpdateLayeredWindow
GetWindowDC
MoveWindow
GetDlgItem
RegisterClassExW
GetClassInfoExW
IsChild
SetFocus
RegisterWindowMessageW
GetWindow
GetWindowTextLengthW
GetWindowTextW
RedrawWindow
SetWindowTextW
CallWindowProcW
GetClassNameW
ShowWindow
InvalidateRgn
CharNextW
ReleaseDC
EndPaint
FillRect
BeginPaint
CreateAcceleratorTableW
GetFocus
DestroyAcceleratorTable
IsZoomed
GetKeyState
UnregisterHotKey
DrawIcon
GetDesktopWindow
UpdateWindow
RegisterHotKey
PostMessageW
IsIconic
SetClipboardData
EmptyClipboard
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
SetMenu
InflateRect
ScreenToClient
LoadIconW
DrawMenuBar
EnableMenuItem
ModifyMenuW
GetSubMenu
InsertMenuW
GetSystemMetrics
GetDC
MessageBoxW
CreateWindowExW
DestroyWindow
SetRect
IntersectRect
IsRectEmpty
DefWindowProcW
GetClassInfoW
GetActiveWindow
ClientToScreen
SetCapture
GetParent
WindowFromPoint
PtInRect
MapWindowPoints
TrackMouseEvent
ShowCursor
TabbedTextOutW
SetWindowPos
SystemParametersInfoW
DrawTextW
DrawTextExW
EnableWindow
GrayStringW
IsWindow
KillTimer
SetTimer
GetWindowLongW
SetWindowRgn
SetWindowLongW
SetForegroundWindow
IsWindowVisible
GetWindowRect
SetLayeredWindowAttributes
ReleaseCapture
GetClientRect
CopyRect
OffsetRect
EnumChildWindows
InvalidateRect
wsprintfW
GetCursorPos
SendMessageW
LoadCursorW
SetCursor
TranslateMessage
GetMenu
UnregisterClassA
GetSysColor

gdi32

GetBkMode
GetCurrentObject
GetBkColor
GetTextColor
GetObjectW
GetStockObject
DeleteDC
GetDeviceCaps
CreateDIBSection
GetTextAlign
SetTextColor
StretchBlt
GetClipBox
SetBkColor
SaveDC
RestoreDC
SetBkMode
SetStretchBltMode
SetMapMode
Escape
CreateFontIndirectW
CreateCompatibleDC
DeleteObject
SelectObject
GetViewportExtEx
GetWindowExtEx
CreateRectRgnIndirect
GetMapMode
GetRgnBox
ScaleViewportExtEx
BitBlt
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
CreatePolygonRgn
CreateCompatibleBitmap
PtVisible
CreateBitmap
ExtSelectClipRgn
ScaleWindowExtEx
CreateSolidBrush
RectVisible
TextOutW
ExtTextOutW
SetWindowExtEx

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegEnumKeyW
RegOpenKeyW
SetSecurityDescriptorDacl
SetNamedSecurityInfoA
InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSecurityDescriptorSacl
RegQueryValueExA
RegDeleteKeyW
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
DragQueryPoint
DragQueryFileW
DragAcceptFiles
SHGetMalloc
ShellExecuteW
Shell_NotifyIconW
SHGetSpecialFolderPathW
SHGetFolderPathW

comctl32

_TrackMouseEvent

shlwapi

PathFindExtensionW
PathFindFileNameW
PathFileExistsW
PathStripToRootW
PathIsDirectoryW
PathIsUNCW

ole32

CreateStreamOnHGlobal
CoInitialize
ProgIDFromCLSID
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoTaskMemAlloc
CoTaskMemFree
StringFromGUID2
OleUninitialize
OleInitialize
CoTaskMemRealloc
CoGetClassObject
CLSIDFromProgID
OleLockRunning
CLSIDFromString
CoCreateInstance
CoUninitialize

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString
LoadTypeLi
LoadRegTypeLi
DispCallFunc
SysAllocString
SysStringByteLen
SysStringLen
VariantInit
VarUI4FromStr
SysAllocStringLen
OleCreateFontIndirect
VariantClear
VariantChangeType
VariantCopy
SafeArrayDestroy

oledlg

OleUIBusyW

urlmon

URLDownloadToFileW

ws2_32

getsockopt
WSASetLastError
ntohs
getpeername
getsockname
recv
send
WSAGetLastError
WSAIoctl
setsockopt
WSACleanup
htons
closesocket
socket
freeaddrinfo
bind
getaddrinfo
sendto
recvfrom
listen
accept
__WSAFDIsSet
select
ioctlsocket
gethostname
connect
WSAStartup

wininet

InternetTimeToSystemTimeA

Exports

Exports

IKUStartup

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 288KB - Virtual size: 287KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 307KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ffmpeg.exe
.exe windows:4 windows x86 arch:x86

aff8bb9d64707a215deac17804c05a5b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

libmp3lame-0

lame_close
lame_encode_buffer
lame_encode_buffer_interleaved
lame_encode_flush
lame_get_framesize
lame_init
lame_init_params
lame_set_VBR
lame_set_VBR_q
lame_set_bWriteVbrTag
lame_set_brate
lame_set_disable_reservoir
lame_set_in_samplerate
lame_set_mode
lame_set_num_channels
lame_set_out_samplerate
lame_set_quality

kernel32

AddAtomA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindAtomA
FreeLibrary
GetAtomNameA
GetCurrentProcess
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessTimes
GetSystemTimeAsFileTime
InitializeCriticalSection
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

_close
_fstat
_getch
_isatty
_kbhit
_open
_read
_setmode
_tempnam
_write
__getmainargs
__lc_codepage
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
__wgetmainargs
_assert
_atoi64
_cexit
_errno
_filbuf
_iob
_isctype
_lseeki64
_onexit
_pctype
_setmode
_stricmp
_strnicmp
_winmajor
_wopen
abort
acos
asin
atan
atexit
atof
atoi
bsearch
calloc
ceil
cos
cosh
exit
exp
fclose
fflush
floor
fopen
fputc
fputs
fread
free
frexp
fscanf
fseek
ftell
fwrite
getenv
gmtime
isalpha
isprint
isspace
ldexp
localeconv
localtime
log
log10
malloc
memchr
memcmp
memcpy
memmove
memset
mktime
perror
pow
qsort
realloc
signal
sin
sinh
sscanf
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncat
strncmp
strncpy
strrchr
strspn
strstr
strtol
tan
tanh
time
toupper
vfprintf
wcslen

psapi

GetProcessMemoryInfo

ws2_32

WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
bind
closesocket
connect
gethostbyaddr
gethostbyname
gethostname
getpeername
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
socket

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
guide.swf
hao123-src=10016004_hao-.exe
.exe windows:4 windows x86 arch:x86

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/02/2012, 09:18

Not After

22/02/2015, 09:18

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 584KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 184KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 624KB - Virtual size: 622KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ikuacc.dll
.dll windows:4 windows x86 arch:x86

785dcc7eb88eddc71d2293b099d58c19

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

17:49:ab:5a:7d:e5:9c
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

18/10/2011, 07:16

Not After

20/10/2014, 12:58

Subject

CN=Youku.com Inc.,O=Youku.com Inc.,L=George Town,ST=George Town,C=KY,1.2.840.113549.1.9.1=#0c136c69756a696e67756f40796f756b752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

23:9b:8b:4d:35:29:3b:ed:fc:c8:b3:83:54:fc:e9:0b:2a:96:74:a6
Signer

Actual PE Digest

23:9b:8b:4d:35:29:3b:ed:fc:c8:b3:83:54:fc:e9:0b:2a:96:74:a6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\SVN\install.v3\src\ikuacc_44tag\build\bin\Publish_dll\ikuacc.pdb

Imports

kernel32

SetLastError
HeapAlloc
GetProcessHeap
HeapFree
GetFileAttributesW
SetFileAttributesW
GetFileTime
SetFileTime
FindFirstFileW
FindNextFileW
FindClose
LocalFree
FormatMessageA
CreateFileW
DeviceIoControl
ReadFile
WriteFile
FlushFileBuffers
SetFilePointerEx
SetEndOfFile
CreateFileMappingA
OutputDebugStringA
GetCurrentProcessId
OpenMutexW
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
ResetEvent
CreateProcessW
MultiByteToWideChar
FileTimeToLocalFileTime
GetModuleFileNameW
GetLogicalDrives
GetTickCount
GetACP
GetModuleHandleW
FreeConsole
SetConsoleCtrlHandler
GetSystemDirectoryW
MoveFileExW
FileTimeToSystemTime
GetDriveTypeW
AllocConsole
TlsGetValue
CopyFileW
CreateMutexW
ReleaseSemaphore
DuplicateHandle
GetCurrentProcess
CreateSemaphoreA
GlobalAlloc
GetVersionExW
GetModuleHandleA
FreeEnvironmentStringsA
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
TlsSetValue
Sleep
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
WaitForMultipleObjects
TerminateThread
QueueUserAPC
CreateIoCompletionPort
DeleteCriticalSection
InterlockedDecrement
CreateWaitableTimerW
SetWaitableTimer
GetSystemTimeAsFileTime
CreateEventW
SleepEx
GlobalFree
InterlockedCompareExchange
QueryPerformanceCounter
InterlockedExchangeAdd
WideCharToMultiByte
SetFilePointer
GetModuleFileNameA
HeapSize
VirtualAlloc
SetConsoleMode
ReadConsoleInputA
QueryPerformanceFrequency
VirtualFree
HeapCreate
FreeLibrary
HeapDestroy
GetProcAddress
LoadLibraryA
InterlockedIncrement
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
CreateEventA
InterlockedExchange
CloseHandle
GetCurrentThreadId
SetEvent
WaitForSingleObject
GetLastError
TlsFree
GetDiskFreeSpaceExW
TlsAlloc
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
FlushConsoleInputBuffer
GlobalMemoryStatus
GetVersion
GetStdHandle
SetHandleCount
GetThreadLocale
SetEnvironmentVariableA
CreateFileA
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetStringTypeW
GetStringTypeA
CompareStringW
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetConsoleOutputCP
OpenEventA
CreateWaitableTimerA
InitializeCriticalSection
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeExA
LCMapStringA
LCMapStringW
ResumeThread
SystemTimeToFileTime
RemoveDirectoryW
DeleteFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileInformationByHandle
GetFileAttributesExW
CreateDirectoryW
AreFileApisANSI
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
GetTimeFormatA
GetDateFormatA
GetCommandLineA
GetVersionExA
HeapReAlloc
MoveFileW
SetEnvironmentVariableW
RtlUnwind
RaiseException
GetCPInfo
ExitProcess
CompareStringA
EnumSystemLocalesA

user32

MessageBoxA
LoadStringA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
FindWindowW
SendMessageW

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW
SetNamedSecurityInfoA
GetSecurityDescriptorSacl
InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetSecurityDescriptorDacl
RegSetValueExW
DeregisterEventSource
ReportEventA
RegisterEventSourceA
CryptAcquireContextA
CryptEnumProvidersA
CryptReleaseContext
CryptGenRandom
RegQueryValueExA

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

SysFreeString
SysAllocStringLen

ws2_32

WSASendTo
WSARecvFrom
shutdown
ntohs
accept
__WSAFDIsSet
bind
getsockname
inet_addr
listen
WSAStringToAddressA
select
connect
getaddrinfo
getsockopt
getpeername
WSARecv
freeaddrinfo
WSASocketW
htonl
WSAStartup
WSACleanup
ntohl
WSAAddressToStringA
htons
WSASetLastError
WSAGetLastError
WSASend
setsockopt
closesocket
ioctlsocket

mswsock

AcceptEx
GetAcceptExSockaddrs

wininet

InternetQueryOptionA
InternetQueryOptionW

iphlpapi

GetAdaptersInfo
NotifyAddrChange
GetTcpTable

Exports

Exports

IKUStartup

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 672KB - Virtual size: 672KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ikutm.dll
.dll windows:4 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

17:49:ab:5a:7d:e5:9c
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

18/10/2011, 07:16

Not After

20/10/2014, 12:58

Subject

CN=Youku.com Inc.,O=Youku.com Inc.,L=George Town,ST=George Town,C=KY,1.2.840.113549.1.9.1=#0c136c69756a696e67756f40796f756b752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

01:5d:81:42:e7:75:0f:ed:81:f3:6f:8e:89:63:4c:52:aa:21:b6:18
Signer

Actual PE Digest

01:5d:81:42:e7:75:0f:ed:81:f3:6f:8e:89:63:4c:52:aa:21:b6:18

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetLspGuid
IKUStartup
Ioctl
WSPStartup

Sections

UPX0
Size: - Virtual size: 152KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ikutmco.dll
.dll windows:4 windows x86 arch:x86

4eb3de6604ea58926a35880b1f004020

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

17:49:ab:5a:7d:e5:9c
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

18/10/2011, 07:16

Not After

20/10/2014, 12:58

Subject

CN=Youku.com Inc.,O=Youku.com Inc.,L=George Town,ST=George Town,C=KY,1.2.840.113549.1.9.1=#0c136c69756a696e67756f40796f756b752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

be:e6:2f:ba:a5:58:f9:1e:a2:a9:e6:96:b9:6c:82:48:ca:95:91:dc
Signer

Actual PE Digest

be:e6:2f:ba:a5:58:f9:1e:a2:a9:e6:96:b9:6c:82:48:ca:95:91:dc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\SVN\install.v3\src\ikuacc_44tag\build\bin\ikutmco.pdb

Imports

kernel32

EnterCriticalSection
ResetEvent
CreateThread
InterlockedIncrement
TlsFree
GetModuleHandleW
GetProcAddress
LoadLibraryW
InterlockedDecrement
InterlockedExchange
TlsAlloc
InterlockedExchangeAdd
CreateEventA
PostQueuedCompletionStatus
CreateSemaphoreW
DebugBreak
WaitForMultipleObjectsEx
WaitForSingleObjectEx
ReleaseSemaphore
GetQueuedCompletionStatus
GetSystemInfo
CreateIoCompletionPort
HeapDestroy
HeapCreate
LoadLibraryA
HeapFree
InitializeCriticalSection
ExpandEnvironmentStringsW
WideCharToMultiByte
FreeLibrary
LeaveCriticalSection
ExpandEnvironmentStringsA
DeleteCriticalSection
GetVersionExW
CreateProcessW
GetTickCount
Sleep
TlsGetValue
TlsSetValue
GetModuleFileNameW
MultiByteToWideChar
OpenEventA
FormatMessageA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
ReadFile
SetEvent
CreateEventW
GetExitCodeThread
ExitThread
WaitForSingleObject
LocalFree
OpenFileMappingA
CreateFileMappingA
GetLastError
UnmapViewOfFile
GetCurrentProcessId
MapViewOfFile
CloseHandle
OutputDebugStringA
HeapAlloc
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
RaiseException
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
SetLastError
LCMapStringA
LCMapStringW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSize
VirtualFree
VirtualAlloc
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetFilePointer
GetConsoleCP

user32

CreateWindowExW
PostQuitMessage
TranslateMessage
GetMessageW
DefWindowProcW
DestroyWindow
RegisterClassW
SetWindowLongW
RegisterClassExW
IsWindow
RegisterDeviceNotificationW
KillTimer
SetTimer
GetWindowLongW
ShowWindow
DispatchMessageW
UnregisterClassW
PostMessageW

advapi32

InitializeSecurityDescriptor
SetNamedSecurityInfoA
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegQueryValueExW
GetSecurityDescriptorSacl
RegQueryValueExA

ws2_32

WSAGetLastError
WSACleanup
WSAStartup
WPUCompleteOverlappedRequest
WSCEnumProtocols
WSCGetProviderPath
WSASetLastError

Exports

Exports

GetLspGuid
IKUStartup
Ioctl
WSPStartup

Sections

.text
Size: 164KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
insa64.exe
.exe windows:6 windows x64 arch:x64

3eacb9638877275335da4b58e52824f8

Code Sign

61:15:23:0f:00:00:00:00:00:0a
Certificate

Issuer

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 21:57

Not After

07/03/2011, 21:57

Subject

CN=Microsoft Windows,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:16:b5:29:00:00:00:00:00:10
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/01/2010, 21:12

Not After

04/01/2013, 21:22

Subject

CN=Microsoft Time-Stamp Service,OU=nCipher+OU=nCipher DSE ESN:ACD3-AE66-E0B5,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:16:b5:29:00:00:00:00:00:10
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/01/2010, 21:12

Not After

04/01/2013, 21:22

Subject

CN=Microsoft Time-Stamp Service,OU=nCipher+OU=nCipher DSE ESN:ACD3-AE66-E0B5,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

79:ad:16:a1:4a:a0:a5:ad:4c:73:58:f4:07:13:2e:65
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

09/05/2001, 23:19

Not After

09/05/2021, 23:28

Subject

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:07:02:dc:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

15/09/2005, 21:55

Not After

15/03/2016, 22:05

Subject

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

bf:2c:50:54:a4:3a:a3:54:81:e2:9a:d4:b6:4d:5c:bc:8e:cd:ae:c6
Signer

Actual PE Digest

bf:2c:50:54:a4:3a:a3:54:81:e2:9a:d4:b6:4d:5c:bc:8e:cd:ae:c6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

DpInst.pdb

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
IsTextUnicode
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetEntriesInAclW
DeleteService
CloseServiceHandle
ControlService
StartServiceW
OpenServiceW
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenSCManagerW
QueryServiceStatus
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
CheckTokenMembership

kernel32

CreateMutexW
ReleaseMutex
SetFilePointer
HeapAlloc
GetProcessHeap
HeapFree
LoadLibraryW
GetProcAddress
GetStdHandle
GetConsoleMode
SetConsoleMode
ReadConsoleOutputW
FillConsoleOutputCharacterW
SetConsoleCursorPosition
FreeConsole
FreeLibrary
WriteConsoleOutputW
WriteConsoleW
IsValidLocale
VirtualProtect
Sleep
GetFileAttributesW
DeleteFileW
FormatMessageW
RaiseException
CopyFileW
SetFileAttributesW
GetTempFileNameW
FindClose
FindNextFileW
CompareStringW
lstrcmpW
FindFirstFileW
lstrlenW
UnmapViewOfFile
GetConsoleScreenBufferInfo
CreateFileMappingW
LCMapStringW
WaitForMultipleObjectsEx
WaitForSingleObjectEx
SetEndOfFile
CreateEventW
SetEvent
LocalReAlloc
DeviceIoControl
VerifyVersionInfoW
VerSetConditionMask
GetSystemDirectoryW
GetCurrentDirectoryW
GetSystemWindowsDirectoryW
GetShortPathNameW
RemoveDirectoryW
MoveFileExW
CreateDirectoryW
GetFullPathNameW
SetLastError
GetLocaleInfoW
LoadLibraryExW
GetSystemDefaultUILanguage
SearchPathW
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
OutputDebugStringA
GetStartupInfoW
GetEnvironmentVariableW
lstrcmpiW
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapSize
HeapReAlloc
HeapDestroy
GetFileSize
CreateThread
SetThreadLocale
GetThreadLocale
WriteFile
CreateFileW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
GetCurrentProcess
GetVersionExW
GetLocalTime
GetWindowsDirectoryW
SetCurrentDirectoryW
GetUserDefaultUILanguage
EnumResourceLanguagesW
GetModuleFileNameW
GetExitCodeProcess
WaitForSingleObject
LocalFree
GlobalFree
LocalAlloc
GetLastError
GetCommandLineW
CloseHandle
MapViewOfFile

gdi32

CreateBitmap
CreateCompatibleBitmap
GetObjectW
DeleteDC
SetLayout
CreateCompatibleDC
EndPage
StartPage
EndDoc
StartDocW
GetTextMetricsW
CreateFontIndirectW
GetDeviceCaps
DeleteObject
SelectObject

user32

DestroyIcon
CreateIconIndirect
DrawIconEx
GetIconInfo
LoadIconW
LoadBitmapW
CharLowerW
UnregisterClassA
PostQuitMessage
DefWindowProcW
RegisterClassExW
CreateWindowExW
ShowWindow
AllowSetForegroundWindow
DialogBoxParamW
SetDlgItemTextW
EndDialog
MessageBoxW
GetDlgItem
SendMessageW
GetProcessWindowStation
GetUserObjectInformationW
LoadImageW
SetWindowTextW
PostMessageW
GetParent
IsDlgButtonChecked
CheckDlgButton
SetFocus
CallWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
SendDlgItemMessageW
InvalidateRect
GetSystemMetrics
GetSysColor
DestroyWindow
SetWindowLongW
SystemParametersInfoW
GetDC
ReleaseDC
DrawTextExW

msvcrt

_wcmdln
exit
_cexit
_exit
_XcptFilter
__wgetmainargs
_resetstkoflw
__C_specific_handler
memset
_wcsupr
_wcslwr
_errno
__CxxFrameHandler
fread
_initterm
fclose
fwprintf
_wfopen
realloc
??2@YAPEAX_K@Z
wcsstr
_wcsicmp
_wtol
_vscwprintf
free
malloc
??_V@YAXPEAX@Z
??3@YAXPEAX@Z
_amsg_exit
__setusermatherr
_commode
_fmode
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
??1type_info@@UEAA@XZ
memcpy
memmove
_CxxThrowException
mbtowc
__mb_cur_max
isleadbyte
_iob
_snprintf
_itoa
ferror
__badioinfo
__pioinfo
_fileno
_lseeki64
_write
_isatty
_wcsnicmp
_vsnwprintf
wcsncmp
bsearch
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
iswalpha
??_U@YAPEAX_K@Z
wcschr
wcspbrk
wcsrchr
iswdigit
feof
memcmp

ntdll

NtQueryInformationToken
RtlNtStatusToDosError
NtClose
NtOpenThreadToken
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtOpenProcessToken

shell32

ord59
CommandLineToArgvW
SHGetFolderPathW
ShellExecuteExW

setupapi

SetupDiSetDeviceRegistryPropertyW
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status
SetupDiOpenDevRegKey
SetupDiEnumDeviceInfo
pSetupSetGlobalFlags
SetupDefaultQueueCallbackW
pSetupGetGlobalFlags
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupGetFieldCount
SetupGetIntField
SetupGetStringFieldW
SetupFindNextMatchLineW
SetupFindNextLine
SetupInstallServicesFromInfSectionW
SetupInstallFromInfSectionW
SetupPromptReboot
SetupDiGetDeviceInstanceIdW
SetupFindFirstLineW
SetupOpenAppendInfFileW
SetupGetLineCountW
SetupDiGetActualSectionToInstallW
SetupCloseInfFile
SetupOpenInfFileW
SetupDiGetSelectedDriverW
SetupCommitFileQueueW
SetupTermDefaultQueueCallback
SetupInitDefaultQueueCallbackEx
SetupQueueCopyW
CMP_WaitNoPendingInstallEvents
SetupCloseFileQueue
SetupOpenFileQueue
SetupDiGetDriverInfoDetailW
SetupDiSetClassInstallParamsW
SetupDiOpenDeviceInfoW
SetupDiSetSelectedDevice
SetupDiCreateDeviceInfoList
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupDiBuildDriverInfoList
SetupInstallFilesFromInfSectionW
SetupDiCallClassInstaller
SetupDiClassNameFromGuidW
SetupDiOpenClassRegKey
CM_Enumerate_Classes
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_SizeW
CM_Locate_DevNodeW
CM_Query_And_Remove_SubTreeW
CM_Setup_DevNode
CM_Get_Device_IDW
SetupCopyOEMInfW
SetupGetTargetPathW

wintrust

CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance
StringFromCLSID

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString
VariantChangeType

comctl32

PropertySheetW
CreatePropertySheetPageW
ImageList_Create
ImageList_ReplaceIcon
ImageList_SetBkColor

comdlg32

PrintDlgExW
GetSaveFileNameW

crypt32

CertFreeCTLContext
CertFreeCertificateContext
CertGetCTLContextProperty
CryptQueryObject

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 510KB - Virtual size: 510KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 470KB - Virtual size: 472KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
insi64.exe
inst32.exe
.exe windows:6 windows x86 arch:x86

3ab7cc62e4963955ad408cd420cd8ef1

Code Sign

61:03:dc:f6:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:12

Not After

25/07/2011, 19:22

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:159C-A3F7-2570,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:15:23:0f:00:00:00:00:00:0a
Certificate

Issuer

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 21:57

Not After

07/03/2011, 21:57

Subject

CN=Microsoft Windows,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:07:02:dc:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

15/09/2005, 21:55

Not After

15/03/2016, 22:05

Subject

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

71:85:11:e5:d1:4c:f1:de:16:92:e6:78:64:21:75:0c:36:76:a6:9e
Signer

Actual PE Digest

71:85:11:e5:d1:4c:f1:de:16:92:e6:78:64:21:75:0c:36:76:a6:9e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

DpInst.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
IsTextUnicode
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
SetEntriesInAclW
DeleteService
StartServiceW
ControlService
OpenSCManagerW
CloseServiceHandle
OpenServiceW
QueryServiceStatus
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
CheckTokenMembership
ConvertStringSecurityDescriptorToSecurityDescriptorW

kernel32

GetFileAttributesW
DeleteFileW
ReleaseMutex
SetFilePointer
HeapFree
GetProcessHeap
HeapAlloc
CreateMutexW
FreeConsole
SetConsoleMode
SetConsoleCursorPosition
GetConsoleScreenBufferInfo
FreeLibrary
FillConsoleOutputCharacterW
ReadConsoleOutputW
GetConsoleMode
GetStdHandle
GetProcAddress
LoadLibraryW
WriteConsoleW
IsValidLocale
lstrlenW
lstrcmpW
CompareStringW
GetTempFileNameW
FindFirstFileW
FindNextFileW
FindClose
CopyFileW
SetFileAttributesW
FormatMessageW
RaiseException
GetFileSize
CreateFileMappingW
MapViewOfFile
WriteConsoleOutputW
UnmapViewOfFile
InterlockedDecrement
InterlockedIncrement
CreateFileW
WriteFile
CreateThread
WaitForMultipleObjectsEx
InterlockedCompareExchange
WaitForSingleObjectEx
SetEvent
CreateEventW
GetExitCodeProcess
DeviceIoControl
VerSetConditionMask
VerifyVersionInfoW
CreateDirectoryW
RemoveDirectoryW
GetCurrentDirectoryW
GetShortPathNameW
GetFullPathNameW
GetSystemDirectoryW
GetSystemWindowsDirectoryW
MoveFileExW
SearchPathW
GetSystemDefaultUILanguage
LoadLibraryExW
CreateFileA
SetEndOfFile
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetConsoleCP
GetLocaleInfoA
Sleep
LoadLibraryExA
ReadFile
LCMapStringW
LCMapStringA
GetThreadLocale
SetThreadLocale
GetUserDefaultUILanguage
GetVersionExW
GetLocalTime
GetWindowsDirectoryW
GetModuleFileNameW
SetCurrentDirectoryW
WaitForSingleObject
GetOEMCP
GetACP
GetCPInfo
UnhandledExceptionFilter
TerminateProcess
OutputDebugStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
ExitProcess
GetModuleHandleA
SetUnhandledExceptionFilter
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualAlloc
VirtualProtect
GetStartupInfoW
GetEnvironmentVariableW
lstrcmpiW
WideCharToMultiByte
InterlockedExchange
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetCommandLineW
LocalAlloc
GlobalFree
LocalFree
MultiByteToWideChar
GetCurrentProcess
GetLastError
CloseHandle
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
EnumResourceLanguagesW
LocalReAlloc
EnterCriticalSection

gdi32

SetLayout
DeleteDC
GetObjectW
CreateCompatibleBitmap
CreateBitmap
SelectObject
StartPage
EndPage
StartDocW
EndDoc
GetTextMetricsW
GetDeviceCaps
CreateFontIndirectW
DeleteObject
CreateCompatibleDC

user32

AllowSetForegroundWindow
DefWindowProcW
PostQuitMessage
GetUserObjectInformationW
GetProcessWindowStation
GetIconInfo
DrawIconEx
CreateIconIndirect
LoadIconW
LoadBitmapW
DrawTextExW
LoadImageW
GetSystemMetrics
GetSysColor
DestroyWindow
GetWindowLongW
SendDlgItemMessageW
InvalidateRect
SystemParametersInfoW
GetDC
ReleaseDC
SetWindowLongW
SetWindowTextW
GetParent
PostMessageW
IsDlgButtonChecked
CheckDlgButton
SetFocus
CallWindowProcW
DestroyIcon
DialogBoxParamW
SetDlgItemTextW
CharLowerW
GetDlgItem
SendMessageW
MessageBoxW
RegisterClassExW
CreateWindowExW
ShowWindow
UnregisterClassA
EndDialog

ntdll

RtlNtStatusToDosError
NtOpenThreadToken
NtQueryInformationToken
NtOpenProcessToken
RtlUnwind
NtClose

shell32

SHGetFolderPathW
ShellExecuteExW
ord59
CommandLineToArgvW

setupapi

SetupDiClassNameFromGuidW
SetupDiOpenClassRegKey
SetupInstallFilesFromInfSectionW
SetupPromptReboot
SetupInstallFromInfSectionW
SetupInstallServicesFromInfSectionW
SetupDiGetActualSectionToInstallW
SetupFindNextLine
SetupFindNextMatchLineW
SetupOpenInfFileW
SetupGetLineCountW
SetupCloseInfFile
SetupFindFirstLineW
SetupGetStringFieldW
pSetupSetGlobalFlags
pSetupGetGlobalFlags
SetupGetFieldCount
SetupGetIntField
SetupOpenAppendInfFileW
SetupDiSetClassInstallParamsW
SetupDiGetClassDevsW
SetupDiGetSelectedDriverW
SetupDiGetDriverInfoDetailW
CM_Enumerate_Classes
CM_Get_DevNode_Status
SetupDiCreateDeviceInfoList
SetupDiSetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdW
SetupDiOpenDevRegKey
SetupDiOpenDeviceInfoW
SetupDiSetSelectedDevice
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupDiBuildDriverInfoList
SetupDiCallClassInstaller
SetupDiGetDeviceRegistryPropertyW
SetupGetTargetPathW
SetupQueueCopyIndirectW
SetupQueueCopyW
SetupOpenFileQueue
SetupInitDefaultQueueCallbackEx
SetupDefaultQueueCallbackW
SetupCommitFileQueueW
SetupTermDefaultQueueCallback
SetupCloseFileQueue
SetupCopyOEMInfW
CM_Locate_DevNodeW
CM_Get_Device_ID_List_SizeW
CM_Get_Device_ID_ListW
CM_Get_Device_IDW
CM_Setup_DevNode
SetupDiEnumDeviceInfo
CMP_WaitNoPendingInstallEvents
CM_Query_And_Remove_SubTreeW

wintrust

WinVerifyTrust
CryptCATAdminCalcHashFromFileHandle

ole32

CoTaskMemFree
StringFromCLSID
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantInit
VariantClear
VariantChangeType
SysAllocString
SysFreeString

comctl32

CreatePropertySheetPageW
ImageList_ReplaceIcon
ImageList_SetBkColor
PropertySheetW
ImageList_Create

comdlg32

PrintDlgExW
GetSaveFileNameW

crypt32

CertFreeCertificateContext
CertFreeCTLContext
CertGetCTLContextProperty
CryptQueryObject

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 392KB - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 470KB - Virtual size: 472KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libmp3lame-0.dll
.dll windows:4 windows x86 arch:x86

3aec5b220cfae7bc000883cb7dbdadda

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
DeleteCriticalSection
EnterCriticalSection
FindAtomA
FreeLibrary
GetAtomNameA
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

__dllonexit
__lc_codepage
__mb_cur_max
_assert
_errno
_iob
_winmajor
abort
atoi
calloc
exit
exp
fflush
fputc
fread
free
fseek
ftell
fwrite
getenv
localeconv
malloc
memcpy
memmove
pow
qsort
strchr
strlen
strncpy
strtol
tolower
toupper
vfprintf
wcslen

Exports

Exports

ABR_iteration_loop
ATHformula
AddVbrFrame
AnalyzeSamples
BitrateIndex
CBR_iteration_loop
CRC_writeheader
ExitMP3
FindNearestBitrate
GetTitleGain
GetVbrTag
InitGainAnalysis
InitMP3
InitVbrTag
L3psycho_anal_vbr
PutVbrTag
ResvAdjust
ResvFrameBegin
ResvFrameEnd
ResvMaxBits
SmpFrqIndex
UpdateMusicCRC
VBR_encode_frame
VBR_new_iteration_loop
VBR_old_iteration_loop
_get_output_format
add_dummy_byte
adj43asm
alloc_0
alloc_1
alloc_2
alloc_3
alloc_4
apply_preset
athAdjust
audiodata_precedesframes
best_huffman_divide
best_scalefac_store
bitrate_table
calc_noise
calc_xmin
compute_flushbits
copy_buffer
count_bits
dct64
decodeMP3
decodeMP3_unclipped
decode_header
decode_layer1_frame
decode_layer1_sideinfo
decode_layer2_frame
decode_layer2_sideinfo
decode_layer3_frame
decode_layer3_sideinfo
decode_reset
decwin
disable_FPE
fast_log2
fft_long
fft_short
fill_buffer
flush_bitstream
format_bitstream
free_aligned
free_id3tag
freegfc
freq2bark
freqs
get_lame_os_bitness
get_lame_short_version
get_lame_tag_encoder_short_version
get_lame_url
get_lame_version
get_lame_version_numerical
get_lame_very_short_version
get_leq_16_bits
get_leq_8_bits
get_max_frame_buffer_size_by_constraint
get_psy_version
getbits
getbits_fast
getframebits
has_3DNow
has_MMX
has_SSE
has_SSE2
head_check
hip_decode
hip_decode1
hip_decode1_headers
hip_decode1_headersB
hip_decode1_unclipped
hip_decode_exit
hip_decode_headers
hip_decode_init
hip_init_tables_layer1
hip_init_tables_layer2
hip_init_tables_layer3
hip_set_debugf
hip_set_errorf
hip_set_msgf
hip_set_pinfo
ht
huffman_init
id3tag_add_v2
id3tag_genre_list
id3tag_init
id3tag_pad_v2
id3tag_set_album
id3tag_set_albumart
id3tag_set_artist
id3tag_set_comment
id3tag_set_comment_latin1
id3tag_set_comment_ucs2
id3tag_set_comment_utf16
id3tag_set_fieldvalue
id3tag_set_fieldvalue_ucs2
id3tag_set_fieldvalue_utf16
id3tag_set_genre
id3tag_set_pad
id3tag_set_textinfo_latin1
id3tag_set_textinfo_ucs2
id3tag_set_textinfo_utf16
id3tag_set_title
id3tag_set_track
id3tag_set_year
id3tag_space_v1
id3tag_v1_only
id3tag_v2_only
id3tag_write_v1
id3tag_write_v2
init_bit_stream_w
init_fft
init_log_table
init_xrpow_core_init
ipow20
isResamplingNecessary
is_lame_global_flags_valid
is_lame_internal_flags_valid
iteration_init
lame_bitrate_block_type_hist
lame_bitrate_hist
lame_bitrate_kbps
lame_bitrate_stereo_mode_hist
lame_block_type_hist
lame_close
lame_debugf
lame_decode
lame_decode1
lame_decode1_headers
lame_decode1_headersB
lame_decode_exit
lame_decode_headers
lame_decode_init
lame_encode_buffer
lame_encode_buffer_float
lame_encode_buffer_ieee_double
lame_encode_buffer_ieee_float
lame_encode_buffer_int
lame_encode_buffer_interleaved
lame_encode_buffer_interleaved_ieee_double
lame_encode_buffer_interleaved_ieee_float
lame_encode_buffer_long
lame_encode_buffer_long2
lame_encode_finish
lame_encode_flush
lame_encode_flush_nogap
lame_encode_mp3_frame
lame_errorf
lame_get_ATHcurve
lame_get_ATHlower
lame_get_ATHonly
lame_get_ATHshort
lame_get_ATHtype
lame_get_AudiophileGain
lame_get_PeakSample
lame_get_RadioGain
lame_get_ReplayGain_decode
lame_get_ReplayGain_input
lame_get_VBR
lame_get_VBR_hard_min
lame_get_VBR_max_bitrate_kbps
lame_get_VBR_mean_bitrate_kbps
lame_get_VBR_min_bitrate_kbps
lame_get_VBR_q
lame_get_VBR_quality
lame_get_allow_diff_short
lame_get_analysis
lame_get_athaa_loudapprox
lame_get_athaa_sensitivity
lame_get_athaa_type
lame_get_bWriteVbrTag
lame_get_bitrate
lame_get_brate
lame_get_compression_ratio
lame_get_copyright
lame_get_cwlimit
lame_get_decode_on_the_fly
lame_get_decode_only
lame_get_disable_reservoir
lame_get_emphasis
lame_get_encoder_delay
lame_get_encoder_padding
lame_get_error_protection
lame_get_exp_nspsytune
lame_get_experimentalX
lame_get_experimentalY
lame_get_experimentalZ
lame_get_extension
lame_get_findPeakSample
lame_get_findReplayGain
lame_get_force_ms
lame_get_force_short_blocks
lame_get_frameNum
lame_get_framesize
lame_get_free_format
lame_get_highpassfreq
lame_get_highpasswidth
lame_get_id3v1_tag
lame_get_id3v2_tag
lame_get_in_samplerate
lame_get_interChRatio
lame_get_lametag_frame
lame_get_lowpassfreq
lame_get_lowpasswidth
lame_get_maskingadjust
lame_get_maskingadjust_short
lame_get_mf_samples_to_encode
lame_get_mode
lame_get_mode_automs
lame_get_msfix
lame_get_noATH
lame_get_no_short_blocks
lame_get_noclipGainChange
lame_get_noclipScale
lame_get_nogap_currentindex
lame_get_nogap_total
lame_get_num_channels
lame_get_num_samples
lame_get_ogg
lame_get_original
lame_get_out_samplerate
lame_get_padding_type
lame_get_quality
lame_get_quant_comp
lame_get_quant_comp_short
lame_get_samplerate
lame_get_scale
lame_get_scale_left
lame_get_scale_right
lame_get_sfscale
lame_get_short_threshold_lrm
lame_get_short_threshold_s
lame_get_size_mp3buffer
lame_get_strict_ISO
lame_get_subblock_gain
lame_get_substep
lame_get_totalframes
lame_get_useTemporal
lame_get_version
lame_get_write_id3tag_automatic
lame_init
lame_init_bitstream
lame_init_params
lame_mp3_tags_fid
lame_msgf
lame_print_config
lame_print_internals
lame_report_def
lame_report_fnc
lame_set_ATHcurve
lame_set_ATHlower
lame_set_ATHonly
lame_set_ATHshort
lame_set_ATHtype
lame_set_ReplayGain_decode
lame_set_ReplayGain_input
lame_set_VBR
lame_set_VBR_hard_min
lame_set_VBR_max_bitrate_kbps
lame_set_VBR_mean_bitrate_kbps
lame_set_VBR_min_bitrate_kbps
lame_set_VBR_q
lame_set_VBR_quality
lame_set_allow_diff_short
lame_set_analysis
lame_set_asm_optimizations
lame_set_athaa_loudapprox
lame_set_athaa_sensitivity
lame_set_athaa_type
lame_set_bWriteVbrTag
lame_set_brate
lame_set_compression_ratio
lame_set_copyright
lame_set_cwlimit
lame_set_debugf
lame_set_decode_on_the_fly
lame_set_decode_only
lame_set_disable_reservoir
lame_set_emphasis
lame_set_error_protection
lame_set_errorf
lame_set_exp_nspsytune
lame_set_experimentalX
lame_set_experimentalY
lame_set_experimentalZ
lame_set_extension
lame_set_findPeakSample
lame_set_findReplayGain
lame_set_force_ms
lame_set_force_short_blocks
lame_set_free_format
lame_set_highpassfreq
lame_set_highpasswidth
lame_set_in_samplerate
lame_set_interChRatio
lame_set_lowpassfreq
lame_set_lowpasswidth
lame_set_maskingadjust
lame_set_maskingadjust_short
lame_set_mode
lame_set_mode_automs
lame_set_msfix
lame_set_msgf
lame_set_noATH
lame_set_no_short_blocks
lame_set_nogap_currentindex
lame_set_nogap_total
lame_set_num_channels
lame_set_num_samples
lame_set_ogg
lame_set_original
lame_set_out_samplerate
lame_set_padding_type
lame_set_preset
lame_set_preset_expopts
lame_set_preset_notune
lame_set_quality
lame_set_quant_comp
lame_set_quant_comp_short
lame_set_scale
lame_set_scale_left
lame_set_scale_right
lame_set_sfscale
lame_set_short_threshold
lame_set_short_threshold_lrm
lame_set_short_threshold_s
lame_set_strict_ISO
lame_set_subblock_gain
lame_set_substep
lame_set_tune
lame_set_useTemporal
lame_set_write_id3tag_automatic
lame_stereo_mode_hist
largetbl
layer3_audiodata_precedesframes
make_decode_tables
malloc_aligned
map2MP3Frequency
mdct_sub48
muls
nearestBitrateFullIndex
noquant_count_bits
nr_of_sfb_block
on_pe
pnts
pow20
pow43
pretab
psymodel_init
reduce_side
remove_buf
samplerate_table
scale_bitcount
scfsi_band
set_frame_pinfo
set_pointer
sfBandIndex
slen1_tab
slen2_tab
synth_1to1
synth_1to1_mono
synth_1to1_mono_unclipped
synth_1to1_unclipped
t1l
t32l
t33l
table23
table56
tabsel_123

Sections

.text
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 187KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 128B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 512B - Virtual size: 235B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/35
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/47
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/61
Size: 1024B - Virtual size: 1003B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/73
Size: 512B - Virtual size: 228B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/86
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/97
Size: 512B - Virtual size: 272B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
swfc.dll
.dll windows:4 windows x86 arch:x86

1fad120ca6d85961b1c5cf8972aff637

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

17:49:ab:5a:7d:e5:9c
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

18/10/2011, 07:16

Not After

20/10/2014, 12:58

Subject

CN=Youku.com Inc.,O=Youku.com Inc.,L=George Town,ST=George Town,C=KY,1.2.840.113549.1.9.1=#0c136c69756a696e67756f40796f756b752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

9d:95:3c:66:fb:25:75:22:88:a4:91:7d:f9:17:df:35:25:6c:37:e0
Signer

Actual PE Digest

9d:95:3c:66:fb:25:75:22:88:a4:91:7d:f9:17:df:35:25:6c:37:e0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\SVN\install.v3\src\ikucmc_44branch\build\bin\Publish\swfc.pdb

Imports

ws2_32

WSACleanup
WSAStartup

kernel32

HeapDestroy
EnterCriticalSection
TlsAlloc
GetLastError
CreateEventA
LeaveCriticalSection
InterlockedExchange
SetEvent
CloseHandle
TlsFree
InterlockedExchangeAdd
InterlockedDecrement
InterlockedIncrement
LocalFree
FormatMessageA
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsSetValue
SetLastError
Sleep
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
VirtualAlloc
LoadLibraryA
InitializeCriticalSection
MultiByteToWideChar
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
WaitForSingleObject
OpenEventA
ResetEvent

Exports

Exports

IKUStartup

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninstall.exe
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

17:49:ab:5a:7d:e5:9c
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

18/10/2011, 07:16

Not After

20/10/2014, 12:58

Subject

CN=Youku.com Inc.,O=Youku.com Inc.,L=George Town,ST=George Town,C=KY,1.2.840.113549.1.9.1=#0c136c69756a696e67756f40796f756b752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

35:84:95:a9:7e:61:2b:b0:e4:59:06:ed:bf:30:f6:f4:fb:3c:cf:10
Signer

Actual PE Digest

35:84:95:a9:7e:61:2b:b0:e4:59:06:ed:bf:30:f6:f4:fb:3c:cf:10

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/BtmImg.bmp
$PLUGINSDIR/GetVersion.dll
.dll windows:4 windows x86 arch:x86

5e41893d1528e7648e03f81030aca366

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
lstrcmpiA
GetSystemInfo
GlobalAlloc
lstrcpynA
GetModuleHandleA
lstrcatA
GetVersionExA

user32

wsprintfA
GetSystemMetrics

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Exports

Exports

WindowsName
WindowsPlatformArchitecture
WindowsPlatformId
WindowsServerName
WindowsServicePack
WindowsServicePackBuild
WindowsServicePackMajor
WindowsServicePackMinor
WindowsType
WindowsVersion

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 374B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Header.bmp
$PLUGINSDIR/LeftImg.bmp
$PLUGINSDIR/Rfshdktp.dll
.dll windows:4 windows x86 arch:x86

042f3c184e7c0923b6325ab1dc09aed7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

SHGetSpecialFolderLocation
SHChangeNotify

Exports

Exports

refreshDesktop

Sections

.text
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 206B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ScrollBarImg.bmp
$PLUGINSDIR/SkinnedControls.dll
.dll windows:5 windows x86 arch:x86

0b5ebf524f3364a6e46fa57d8d2ff79c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetVersionExW
GetVersion
HeapFree
GetProcessHeap
GetModuleHandleW
HeapAlloc
lstrcmpW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
SetLastError
VirtualProtect
FlushInstructionCache
GetProcAddress
LoadLibraryA
VirtualQuery
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
Sleep
InterlockedDecrement
GetCurrentThreadId
InterlockedIncrement
TlsSetValue
TlsGetValue
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
lstrlenW
GetFileAttributesW
LocalFree
GetLastError
FormatMessageW
lstrcmpiW
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
lstrcpynW
lstrcpyW
MulDiv
GlobalFree

user32

IsWindowVisible
SetCursor
GetCursorPos
ScreenToClient
GetMessagePos
ReleaseCapture
KillTimer
SetCapture
SetTimer
PtInRect
MapWindowPoints
CopyRect
ReleaseDC
GetWindowDC
WindowFromDC
InflateRect
FrameRect
OffsetRect
GetWindowRect
GetSysColorBrush
GetSystemMetrics
SetRect
DrawFrameControl
GetSysColor
GetClientRect
CreateWindowExW
SendMessageW
SetWindowPos
ShowScrollBar
SetScrollRange
SetScrollPos
SetScrollInfo
GetScrollRange
GetScrollPos
GetScrollInfo
EnableScrollBar
FillRect
LoadImageW
ShowWindow
FindWindowExW
EnumChildWindows
RemovePropW
GetClassNameW
GetParent
UpdateWindow
SetPropW
GetDlgItem
SetWindowLongW
InvalidateRect
PostMessageW
CallWindowProcW
GetDlgItemTextW
GetClassLongW
GetWindowLongW
GetPropW
DrawTextW
wsprintfW
DrawEdge

gdi32

ExtTextOutW
SetBrushOrgEx
PatBlt
CreateBitmap
UnrealizeObject
CreateCompatibleBitmap
SetBkColor
GetObjectW
PlayEnhMetaFile
SetWindowOrgEx
SelectClipRgn
IntersectClipRect
CreatePatternBrush
CreateSolidBrush
GetStockObject
SetStretchBltMode
BitBlt
StretchBlt
SetBkMode
SetTextColor
DeleteObject
CreateCompatibleDC
SelectObject
GetPixel
DeleteDC

Exports

Exports

setskin
skinit
unskinit

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:5 windows x86 arch:x86

96b1473ae2c35072eabdf1009277c4fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\DevelopmentWorkspace\mtasa-blue\Shared\installer\NSIS dirs\Plugins\uac\Release\uac.pdb

Imports

kernel32

CloseHandle
LocalFree
GetCommandLineW
MapViewOfFile
UnmapViewOfFile
WaitForSingleObject
SetEvent
GetModuleHandleW
OpenProcess
Sleep
GetVersionExW
GetExitCodeProcess
SetLastError
GetProcAddress
CreateFileMappingW
GetExitCodeThread
lstrcatW
SetCurrentDirectoryW
lstrcmpiW
GetCurrentThreadId
DuplicateHandle
GetCurrentProcessId
CreateThread
GetCurrentProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LoadLibraryA
GlobalFree
GetLastError
GetPrivateProfileIntW
lstrlenW
GetModuleFileNameW
FormatMessageW
GlobalAlloc
GetPrivateProfileStringW
CreateEventW
CreateProcessW

user32

CreateWindowExW
FindWindowExW
CreateDialogParamW
SetWindowPos
GetClassNameW
PeekMessageW
LoadIconW
IsDialogMessageW
TranslateMessage
GetClientRect
CallNextHookEx
SetForegroundWindow
MsgWaitForMultipleObjects
SetWindowsHookExW
CharNextW
GetWindowRect
IsWindowVisible
CallWindowProcW
DefWindowProcW
GetWindowThreadProcessId
DispatchMessageW
DestroyWindow
LoadImageW
DialogBoxParamW
GetWindowLongW
GetDlgItem
SetWindowLongW
PostMessageW
UnhookWindowsHookEx
EnableWindow
SendMessageW
EndDialog
LoadStringW
ShowWindow
MessageBoxW
wsprintfW

advapi32

GetUserNameW
GetTokenInformation
EqualSid
QueryServiceStatus
OpenSCManagerW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
CloseServiceHandle
OpenServiceW

shell32

ShellExecuteExW

ole32

CoInitialize

msvcr90

_crt_debugger_hook
memset

Exports

Exports

_

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/banner_v40.bmp
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

3f1149a3053980fe6b461521d2b55a2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_mbschr
_adjust_fdiv
malloc
_initterm
free
_mbsrchr
strtoul
memset
_mbsstr
strtol

kernel32

CloseHandle
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrlenA
WriteFile
ReadFile
lstrcmpA
lstrcpynA
GetLastError
GlobalFree
lstrcmpiA
DeleteFileA
SleepEx
SetFilePointer
GetTickCount
lstrcatA
GetFileSize
CreateFileA

user32

MessageBoxA
GetParent
ShowWindow
PostMessageA
SetWindowTextA
GetWindowTextA
IsWindow
GetDlgItem
SetDlgItemTextA
SendDlgItemMessageA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
SetWindowLongA
GetWindowLongA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindowVisible
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
SendMessageA

wininet

HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/installing1_v40.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsProcess.dll
.dll windows:4 windows x86 arch:x86

c9fc7f6df8fedf8f8f1f9f820c072664

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
CloseHandle
TerminateProcess
OpenProcess
lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryA
GetVersionExA
GlobalFree
lstrcpynA
GlobalAlloc

Exports

Exports

_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 646B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

19:9d:f8:79Certificate

Key Usages

17:49:ab:5a:7d:e5:9cCertificate

Extended Key Usages

Key Usages

39Certificate

Key Usages

01Certificate

Key Usages

91:a2:4c:3d:25:30:47:57:45:9b:c0:8e:cc:95:f0:9c:1b:30:4d:c2Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 415KB

.ndata Size: - Virtual size: 1.8MB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 4KB - Virtual size: 3KB

135de77644e2add2fd9dd8176740e7e0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 992B

.rdata Size: 1024B - Virtual size: 839B

.data Size: 512B - Virtual size: 336B

.reloc Size: 512B - Virtual size: 220B

843d987be462af4b31fef46a49ea7204

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

15:e5:ac:0a:48:70:63:71:8e:39:da:52:30:1a:04:88Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

04:ea:18:23:f1:be:7b:f4:29:af:72:39:82:3f:7a:3f:3c:17:60:b9Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 44KB - Virtual size: 44KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

19:9d:f8:79
Certificate

17:49:ab:5a:7d:e5:9c
Certificate

39
Certificate

01
Certificate

91:a2:4c:3d:25:30:47:57:45:9b:c0:8e:cc:95:f0:9c:1b:30:4d:c2
Signer

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 415KB

.ndata
Size: - Virtual size: 1.8MB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 1024B - Virtual size: 992B

.rdata
Size: 1024B - Virtual size: 839B

.data
Size: 512B - Virtual size: 336B

.reloc
Size: 512B - Virtual size: 220B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

15:e5:ac:0a:48:70:63:71:8e:39:da:52:30:1a:04:88
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

04:ea:18:23:f1:be:7b:f4:29:af:72:39:82:3f:7a:3f:3c:17:60:b9
Signer

.text
Size: 44KB - Virtual size: 44KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 304B

.rsrc
Size: 25KB - Virtual size: 25KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 374B

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: - Virtual size: 24KB

.CRT
Size: 512B - Virtual size: 4B

.reloc
Size: 1024B - Virtual size: 890B

.text
Size: 512B - Virtual size: 84B

.rdata
Size: 512B - Virtual size: 206B

.data
Size: - Virtual size: 20B

.reloc
Size: 512B - Virtual size: 48B

.text
Size: 48KB - Virtual size: 48KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 8KB - Virtual size: 7KB