bootsect.pdb
Static task
static1
1 signatures
General
-
Target
7601.24214.180801-1700.win7sp1_ldr_escrow_CLIENT_ULTIMATE_x86FRE_en-us.iso
-
Size
18.0MB
-
MD5
449ec03e814dd53c167b5261dda95ab2
-
SHA1
d48e0b8f00e2468bb290205e09c4ec7773923f69
-
SHA256
b4d1cf3075589d3bcde0def5540bca2b4902726b13e184e96800baa4a1bb78a3
-
SHA512
f949a40c68c9fa5b8eae3db4dd175858930f4f3df5725ee14907f56360a9b4878e443e7134289ea2540a6215cf98004d922d9bcdcb6533765986934ed7769993
-
SSDEEP
196608:CcYLJ5smSpDpExGPSnv5fAcIIWkqojQRljrffo1feRTC+k:8TsnJLSnvIIFjeljrffowRc
Score
3/10
Malware Config
Signatures
-
Unsigned PE 9 IoCs
Checks for missing Authenticode signature.
resource unpack002/boot/bootsect.exe unpack002/sources/actionqueue.dll unpack002/sources/admtv3check.dll unpack002/sources/apds.dll unpack002/sources/apircl.dll unpack002/sources/apss.dll unpack002/sources/arunimg.dll unpack002/sources/arunres.dll unpack002/sources/autorun.dll
Files
-
7601.24214.180801-1700.win7sp1_ldr_escrow_CLIENT_ULTIMATE_x86FRE_en-us.iso.iso
Password: 123
-
out.iso.iso
Password: 123
-
MediaMeta.xml.xml
-
autorun.inf
-
boot/bcd
-
boot/boot.sdi
-
boot/bootfix.bin
-
boot/bootsect.exe.exe windows:6 windows x86 arch:x86
Password: 123
11ee6a8ad6acd010c04212b386d12fef
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
SetFilePointer
LocalFree
FormatMessageW
GetModuleFileNameW
ReadFile
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
OutputDebugStringA
InterlockedCompareExchange
Sleep
InterlockedExchange
WriteFile
GetLastError
QueryDosDeviceW
FindResourceExW
LoadResource
SetLastError
LoadLibraryExW
MapViewOfFile
CloseHandle
CreateFileMappingW
CreateFileW
GetVersionExW
GetLocaleInfoW
FreeLibrary
UnmapViewOfFile
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
SearchPathW
UnhandledExceptionFilter
msvcrt
exit
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
malloc
_XcptFilter
iswctype
?terminate@@YAXXZ
_controlfp
calloc
isdigit
mbtowc
isleadbyte
isxdigit
localeconv
_snprintf
_itoa
wctomb
ferror
wcstombs
realloc
__badioinfo
__pioinfo
_read
_fileno
_lseeki64
_write
_isatty
ungetc
wcsstr
bsearch
wcsncmp
_exit
_cexit
__getmainargs
_iob
__mb_cur_max
_wcslwr
_errno
iswxdigit
memset
printf
_vsnwprintf
_stricmp
isalpha
_wcsnicmp
_wcsicmp
memcpy
free
ntdll
RtlUnwind
NtOpenDirectoryObject
NtQueryDirectoryObject
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
NtCreateEvent
NtDeviceIoControlFile
NtWaitForSingleObject
NtResetEvent
RtlFreeHeap
RtlAllocateHeap
RtlNtStatusToDosError
RtlInitUnicodeString
NtOpenFile
NtClose
NtFsControlFile
NtQueryVolumeInformationFile
NtQuerySystemInformation
NtOpenKey
NtQueryValueKey
advapi32
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
Sections
.text Size: 53KB - Virtual size: 52KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 22KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
boot/etfsboot.com
-
boot/memtest.exe.exe windows:0 windows x86 arch:x86
Password: 123
Code Sign
61:03:dc:f6:00:00:00:00:00:0cCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before25/07/2008, 19:12Not After25/07/2011, 19:22SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:159C-A3F7-2570,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
61:15:23:0f:00:00:00:00:00:0aCertificate
IssuerCN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before07/12/2009, 21:57Not After07/03/2011, 21:57SubjectCN=Microsoft Windows,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:07:02:dc:00:00:00:00:00:0bCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before15/09/2005, 21:55Not After15/03/2016, 22:05SubjectCN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign
6f:38:c9:cd:52:00:98:60:d5:e8:ed:a9:f3:bb:e7:14:c4:0a:53:33Signer
Actual PE Digest6f:38:c9:cd:52:00:98:60:d5:e8:ed:a9:f3:bb:e7:14:c4:0a:53:33Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
memtest.pdb
Sections
.text Size: 317KB - Virtual size: 317KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGER32C Size: 34KB - Virtual size: 33KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 49KB - Virtual size: 49KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 538KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGER32R Size: 1024B - Virtual size: 896B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bootmgr
-
setup.exe.exe windows:6 windows x86 arch:x86
Password: 123
b41d86ccb5042eab0f3c447bc600c1a5
Code Sign
61:08:77:5f:00:00:00:00:00:4aCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19/07/2010, 22:53Not After19/10/2011, 22:53SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
61:04:b3:f5:00:00:00:00:00:0dCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before25/07/2008, 19:13Not After25/07/2011, 19:23SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:9E78-864B-039D,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:15:08:27:00:00:00:00:00:0cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before25/01/2006, 23:22Not After25/01/2017, 23:32SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign
de:ac:4d:83:a5:63:93:4f:99:f2:60:df:a9:53:99:07:e6:47:c7:12Signer
Actual PE Digestde:ac:4d:83:a5:63:93:4f:99:f2:60:df:a9:53:99:07:e6:47:c7:12Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
PDB Paths
setup.pdb
Imports
kernel32
HeapAlloc
SetCurrentDirectoryW
VerSetConditionMask
VerifyVersionInfoW
GetCurrentDirectoryW
FormatMessageW
LocalAlloc
LocalFree
lstrlenW
LoadLibraryA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
LoadLibraryExW
GetProcAddress
FreeLibrary
SetLastError
CreateMutexW
GetLastError
CloseHandle
GetModuleFileNameW
GetFullPathNameW
SetEnvironmentVariableW
GetProcessHeap
HeapFree
user32
LoadStringW
EnumWindows
GetWindowThreadProcessId
GetWindowLongW
SetForegroundWindow
ShowWindow
MessageBoxW
msvcrt
_controlfp
?terminate@@YAXXZ
memset
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
??3@YAXPAX@Z
??2@YAPAXI@Z
ntdll
RtlUnwind
Sections
.text Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 85KB - Virtual size: 85KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
sources/actionqueue.dll.dll windows:6 windows x86 arch:x86
Password: 123
ec7438c0b1eba801d6bbebdc7a0e574b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
ActionQueue.pdb
Imports
msvcrt
memset
memcpy
strstr
qsort
_vsnwprintf
iswspace
_errno
_strupr
wcstoul
_purecall
wcsrchr
_wcsnicmp
wcschr
_vsnprintf
memmove
_onexit
_lock
__dllonexit
_unlock
_amsg_exit
_initterm
free
malloc
_XcptFilter
ntdll
NtYieldExecution
RtlUnwind
RtlNtStatusToDosError
RtlRaiseStatus
RtlInitializeCriticalSection
RtlAllocateHeap
RtlFreeHeap
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlReAllocateHeap
RtlDeleteCriticalSection
kernel32
CreateDirectoryW
GetFullPathNameW
SetLastError
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ExpandEnvironmentStringsW
InterlockedCompareExchange
OutputDebugStringA
QueryPerformanceCounter
GetTickCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetProcAddress
GetModuleHandleW
GetVersionExW
InterlockedIncrement
InterlockedDecrement
GetLastError
WriteFile
lstrlenA
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
DisableThreadLibraryCalls
GetFileAttributesW
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
GetSystemInfo
GetEnvironmentVariableA
ReadFile
GetFileSize
CreateFileW
lstrcmpiW
GetWindowsDirectoryW
FreeLibrary
LoadLibraryW
HeapAlloc
HeapFree
GetProcessHeap
Sleep
InterlockedExchange
GetCurrentThreadId
advapi32
GetTraceEnableFlags
GetTraceLoggerHandle
RegisterTraceGuidsW
TraceEvent
UnregisterTraceGuids
RegOpenKeyExW
RegCloseKey
RegEnumValueW
GetTraceEnableLevel
ole32
CoGetMalloc
CoTaskMemAlloc
CoTaskMemFree
Exports
Exports
GenerateActionQueue
ProcessActionQueue
Sections
.text Size: 159KB - Virtual size: 159KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
sources/admtv3check.dll.dll windows:6 windows x86 arch:x86
Password: 123
87f86ea4110d7e4cb929acfc035c0fea
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
admtv3check.pdb
Imports
kernel32
GetProcAddress
GetModuleHandleA
ExitProcess
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
GetCurrentThreadId
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
OutputDebugStringA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WriteFile
LeaveCriticalSection
GetVersionExA
LoadLibraryExA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
Sleep
VirtualAlloc
HeapReAlloc
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
VirtualProtect
VirtualQuery
ReadFile
SetFilePointer
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CloseHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetCommandLineA
GetVersionExW
EnterCriticalSection
GetSystemInfo
advapi32
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
Exports
Exports
OSUpgradeADMTv3ComplianceCheck
Sections
.text Size: 52KB - Virtual size: 51KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
sources/alert.gif.gif
-
sources/apds.dll.dll regsvr32 windows:6 windows x86 arch:x86
Password: 123
9d6142874c3af317f0fe2eaf0e3ea03e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
apds.pdb
Imports
msvcrt
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
_strlwr
_wcslwr
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??0exception@@QAE@XZ
mbtowc
isleadbyte
_snprintf
_itoa
__mb_cur_max
_iob
_callnewh
_XcptFilter
_initterm
_amsg_exit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_unlock
__badioinfo
__pioinfo
_fileno
_lseeki64
_write
_isatty
__dllonexit
_lock
_onexit
_gcvt
ferror
__CxxFrameHandler
wcscspn
_vsnwprintf
_ultow
wcsstr
wcstoul
_CIlog
_ltow
iswdigit
_itow
wcstod
_HUGE
_fpclass
iswspace
wcsncmp
_wtoi
_msize
calloc
_wcsnicmp
bsearch
time
qsort
realloc
_purecall
wcschr
wcsrchr
memcpy
atol
strncmp
memmove
_wcsicmp
_vsnprintf
free
malloc
_waccess
_errno
wcsspn
iswalpha
strtoul
_wchdir
wcspbrk
_ismbblead
isspace
iswctype
_wcsdup
memset
kernel32
MapViewOfFile
GetLocaleInfoW
UnmapViewOfFile
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
SearchPathW
FindResourceA
CreateFileA
DeleteFileA
GetLocaleInfoA
ExpandEnvironmentStringsW
GetModuleHandleA
GetFileAttributesA
GetDiskFreeSpaceA
GetTempFileNameA
GetTempPathA
GetACP
FormatMessageA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCurrentDirectoryW
GetSystemDefaultLCID
GetUserDefaultLCID
GetModuleFileNameA
ReleaseMutex
CreateMutexW
CreateFileMappingW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
RtlUnwind
OutputDebugStringA
GetProcAddress
GetModuleHandleW
GetVersionExW
GlobalSize
GlobalLock
GlobalUnlock
WriteFile
CloseHandle
CreateFileW
GetTempFileNameW
GetTempPathW
GlobalAlloc
DeleteFileW
GetLastError
WideCharToMultiByte
CreateEventA
WaitForSingleObject
ResetEvent
SetEvent
MultiByteToWideChar
GlobalFree
lstrlenW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
MoveFileExW
FindClose
FindNextFileW
FindFirstFileW
ReadFile
SetFilePointer
SetEndOfFile
GetSystemTimeAsFileTime
lstrlenA
Sleep
WritePrivateProfileStringW
IsValidCodePage
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
FreeLibrary
LoadLibraryW
LocalFree
OutputDebugStringW
GetTickCount
RaiseException
DisableThreadLibraryCalls
InterlockedExchange
lstrcmpiW
LoadLibraryExW
GetFullPathNameW
GetCurrentProcess
GetCurrentThread
CreateDirectoryW
SetFileAttributesW
GetFileAttributesW
SetLastError
DelayLoadFailureHook
InterlockedCompareExchange
LoadLibraryExA
HeapAlloc
HeapFree
GetProcessHeap
LCMapStringW
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetVersion
GetVersionExA
HeapDestroy
HeapReAlloc
HeapSize
user32
UnregisterClassA
CharNextW
CharLowerBuffW
GetSystemMetrics
LoadStringW
advapi32
GetTraceEnableLevel
GetTraceLoggerHandle
RegCreateKeyW
RegisterTraceGuidsW
RegCloseKey
TraceEvent
RegOpenKeyW
RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
UnregisterTraceGuids
RegQueryInfoKeyW
AllocateAndInitializeSid
FreeSid
SetNamedSecurityInfoW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
GetSecurityDescriptorControl
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
MakeSelfRelativeSD
GetSecurityDescriptorLength
DuplicateToken
OpenProcessToken
OpenThreadToken
RevertToSelf
SetThreadToken
AdjustTokenPrivileges
LookupPrivilegeValueW
ImpersonateSelf
GetTraceEnableFlags
GetNamedSecurityInfoW
MapGenericMask
AccessCheck
ole32
CoTaskMemAlloc
CreateBindCtx
StringFromGUID2
CoTaskMemRealloc
CoCreateInstance
StringFromCLSID
CLSIDFromString
OleLockRunning
CLSIDFromProgID
CoGetClassObject
CreateItemMoniker
CreatePointerMoniker
CoDisconnectObject
GetHGlobalFromStream
CoTaskMemFree
CreateStreamOnHGlobal
oleaut32
SafeArrayUnlock
CreateErrorInfo
VarUI4FromStr
VariantChangeType
RegisterTypeLi
UnRegisterTypeLi
SafeArrayCopy
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetVartype
SafeArrayLock
VariantCopy
VarBstrCat
LoadTypeLi
LoadRegTypeLi
VariantClear
VariantInit
SysAllocStringLen
SysStringLen
GetErrorInfo
SetErrorInfo
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VarBstrCmp
SysFreeString
shlwapi
PathCanonicalizeW
ord12
PathIsPrefixW
PathIsRelativeW
UrlUnescapeW
UrlEscapeW
userenv
UnloadUserProfile
ntdll
NtOpenThreadToken
NtOpenProcessToken
NtClose
NtQueryInformationToken
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
HxGetObjectCMI
Sections
.text Size: 679KB - Virtual size: 678KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 703KB - Virtual size: 709KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 277KB - Virtual size: 276KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 38KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
sources/apircl.dll.dll regsvr32 windows:6 windows x86 arch:x86
Password: 123
e9bce653a38e88e3e5feb109e96591d1
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
apircl.pdb
Imports
msvcrt
isdigit
isspace
memcpy
_onexit
_lock
__dllonexit
_unlock
realloc
??1type_info@@UAE@XZ
_amsg_exit
_initterm
memmove
_XcptFilter
_callnewh
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
bsearch
qsort
_CIlog
_CIsqrt
??0exception@@QAE@ABQBD@Z
wcsstr
_CIlog10
_vsnwprintf
_errno
__CxxFrameHandler
malloc
free
memset
_purecall
_CxxThrowException
kernel32
GetWindowsDirectoryA
GetFileAttributesA
HeapValidate
UnmapViewOfFile
WriteFile
DeleteFileA
SetEvent
ResetEvent
GetTempPathA
CreateEventW
ExpandEnvironmentStringsW
CreateFileA
GetFileSize
CreateFileMappingW
CloseHandle
MapViewOfFile
GetTempFileNameA
ReadFile
SetFilePointer
WaitForSingleObject
GlobalAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
OutputDebugStringA
Sleep
WideCharToMultiByte
InterlockedExchange
GetVersionExA
GetProcessHeap
HeapFree
HeapAlloc
LoadLibraryExA
InterlockedCompareExchange
DelayLoadFailureHook
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
lstrlenW
RaiseException
GetLastError
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetLocaleInfoA
GetUserDefaultLCID
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
DisableThreadLibraryCalls
lstrcmpiW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GlobalLock
GlobalFree
GlobalUnlock
GlobalReAlloc
LCMapStringW
lstrlenA
GetACP
GetVersionExW
CompareStringA
user32
UnregisterClassA
GetSystemMetrics
LoadStringW
CharNextW
advapi32
RegCloseKey
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ITUseDefaultObjectLookupOrder
Sections
.text Size: 175KB - Virtual size: 175KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
sources/appcompat.xsl.xml
-
sources/appcompat_bidi.xsl.xml
-
sources/appcompat_detailed.xsl.xml
-
sources/appcompat_detailed_bidi.xsl.xml
-
sources/appcompat_detailed_bidi_txt.xsl.xml
-
sources/appcompat_detailed_txt.xsl.xml
-
sources/apss.dll.dll regsvr32 windows:6 windows x86 arch:x86
5cf44bb0f12f9e6ab958c97178c63b22
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
apss.pdb
Imports
msvcrt
_onexit
_lock
__dllonexit
_unlock
_amsg_exit
_initterm
_XcptFilter
memcpy
memmove
??_U@YAPAXI@Z
malloc
realloc
??2@YAPAXI@Z
??_V@YAXPAX@Z
_purecall
free
_errno
memset
??3@YAXPAX@Z
kernel32
CreateFileW
GetFileAttributesExW
ExpandEnvironmentStringsW
GetWindowsDirectoryA
GetFileAttributesA
GetTempPathA
CreateEventW
WaitForSingleObject
ResetEvent
SetEvent
HeapValidate
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
OutputDebugStringA
Sleep
InterlockedExchange
GetVersionExA
SetLastError
CreateDirectoryA
GetCurrentDirectoryA
FindNextFileA
FindFirstFileA
FindClose
DeleteFileW
MoveFileW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetDriveTypeA
GetVolumeInformationA
CreateFileA
GetTempFileNameA
GetACP
WideCharToMultiByte
DisableThreadLibraryCalls
lstrlenA
lstrlenW
GetModuleFileNameA
DelayLoadFailureHook
GetProcAddress
GetLastError
FreeLibrary
InterlockedCompareExchange
LoadLibraryExA
HeapAlloc
HeapFree
GetProcessHeap
GetModuleHandleW
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
LoadLibraryW
GetLocaleInfoA
GetUserDefaultLCID
LoadLibraryA
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
lstrcmpiW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
WriteFile
ReadFile
SetFilePointer
SetEndOfFile
LockFile
UnlockFile
GetFileTime
GetFileSize
SetFileTime
CloseHandle
user32
LoadStringA
UnregisterClassA
GetSystemMetrics
CharNextW
advapi32
RegQueryValueExW
RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyA
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
ITUseDefaultObjectLookupOrder
WMCreateStreamForURL
Sections
.text Size: 173KB - Virtual size: 172KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
sources/arunimg.dll.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
Sections
.rsrc Size: 958KB - Virtual size: 958KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
sources/arunres.dll.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
sources/autorun.dll.dll windows:6 windows x86 arch:x86
f69d2046354498def66397bb11909eba
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
autorun.pdb
Imports
msvcrt
_write
_lseeki64
_fileno
__pioinfo
__badioinfo
ferror
_itoa
_snprintf
isleadbyte
mbtowc
_onexit
_lock
__dllonexit
_unlock
realloc
??1type_info@@UAE@XZ
_amsg_exit
_initterm
_XcptFilter
_isatty
malloc
free
_CxxThrowException
iswspace
_wcsicmp
wcscoll
_wcsicoll
??3@YAXPAX@Z
wcsstr
wcschr
wcsrchr
_iob
__mb_cur_max
_vsnwprintf
_wcsupr
_wcslwr
_errno
__CxxFrameHandler
??_U@YAPAXI@Z
??_V@YAXPAX@Z
memmove
memcpy
??2@YAPAXI@Z
memset
_wcsrev
wcscspn
_wcsnicmp
towupper
bsearch
_wtoi
wcsspn
wcspbrk
spwizeng
?GetUiMutex@WizardUI@@QAEPAXXZ
?GetTextColor@CHighContrast@@QAGKK@Z
?GetInstance@CHighContrast@@SGPAV1@XZ
?SetAllowMirror@CAnimationControl@@QAGXH@Z
?Init@CAnimationControl@@QAGHPAUHWND__@@IPAUHINSTANCE__@@IKHH@Z
??1WizardUI@@QAE@XZ
?Initialize@WizardUI@@QAEHPAVCResourceModule@@0@Z
?GetResourceModule@CResourceModuleFactory@@QAEPAVCResourceModule@@XZ
??0WizardUI@@QAE@XZ
??1WizardDesciption@@UAE@XZ
?EndUI@WizardUI@@QAEHXZ
?WaitForUIEnd@WizardUI@@QAEHXZ
?StartUI@WizardUI@@QAEHPBVProtoPageList@@@Z
?MessageBoxFromMessage@@YGHPAUHINSTANCE__@@PAUHWND__@@III@Z
??0ProtoPageDimensions@@QAE@USimpleRect@@USimpleSize@@HH11MM@Z
??_7WizardDesciption@@6B@
??0LanguageNeutralSelectionDialogBase@@QAE@XZ
?NotifyWizCancel@WizardHandler@@UAEHAAH@Z
?SetActive@WizardHandler@@UAEXAAH@Z
?CanPageBeActivated@LanguageNeutralSelectionDialogBase@@UAEHW4Direction@@PAH@Z
?ProcessWindowMessage@LanguageNeutralSelectionDialogBase@@UAEHPAUHWND__@@IIJAAJK@Z
??0LanguageSelectionDialogBase@@QAE@XZ
?OnResourceChanged@LanguageSelectionDialogBase@@UAEXAAH@Z
?CanPageBeActivated@LanguageSelectionDialogBase@@UAEHW4Direction@@PAH@Z
?ProcessLanguageSelection@LanguageSelectionDialogBase@@UAEHAAH@Z
?GetHwndLogFont@@YGHPAUHWND__@@PAUtagLOGFONTW@@@Z
?CStringGetModuleFileName@@YG?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@PAUHINSTANCE__@@@Z
?WaitForSingleObjectMessageSafe@WizardUI@@QAEKPAXK@Z
?GetWizUI@WizardUI@@SGPAV1@XZ
??4WizardHandler@@QAEAAV0@ABV0@@Z
??0WizardHandler@@QAE@ABV0@@Z
?CanPageBeActivated@WizardHandler@@EAEHW4Direction@@PAH@Z
?FirstVisit@WizardHandler@@EAEXXZ
?ProcessWindowMessage@LanguageSelectionDialogBase@@UAEHPAUHWND__@@IIJAAJK@Z
??1WizardRoot@@UAE@XZ
??0ProtoPageList@@QAE@PAVWizardDesciption@@KKKHPAVICreateProgressWnd@@HPAUtagSIZE@@PAVICreateNavbarWnd@@UProtoPageDimensions@@KKH@Z
?GetResourceInstance@CResourceModuleFactory@@QAEPAUHINSTANCE__@@XZ
??0WizardHandler@@QAE@XZ
?InitPage@WizardHandler@@UAEXXZ
?NotifyWizNext@WizardHandler@@UAEHAAH@Z
?NotifyWizBack@WizardHandler@@UAEHAAH@Z
?NotifyWizFinish@WizardHandler@@UAEHAAH@Z
?OnResourceChanged@WizardHandler@@UAEXAAH@Z
?ShowReadMoreWnd@@YGHPAUHINSTANCE__@@PAUHWND__@@IPBGI@Z
?Init@CResourceModuleFactory@@QAEXPAUHINSTANCE__@@PBG@Z
?Uninit@CResourceModuleFactory@@QAEXXZ
?ChangeUiLanguage@CResourceModule@@SGHPBG@Z
?ResetLanguage@CResourceModuleFactory@@QAEHXZ
??1Wizard_PageDesciption@@UAE@XZ
??0Wizard_PageDesciption@@QAE@KPBG0KP6GPAVWizardRoot@@PAVWizardPage@@@ZK@Z
?SetTextStyle@WizardRoot@@QAGHHMHHH@Z
?GetResourceInstanceNonLoc@WizardPage@@QAGPAUHINSTANCE__@@XZ
?CreateIndirect@CCustomButtonEx@@SGPAV1@PAUHINSTANCE__@@0PAUHWND__@@QAU_Button_Data@@@Z
?GetResourceInstanceLoc@WizardPage@@QAGPAUHINSTANCE__@@XZ
?Destroy@CCustomButtonEx@@SGXPAV1@@Z
??1CAnimationControl@@UAE@XZ
??0CAnimationControl@@QAE@XZ
?CenterRelativeToWindow@@YGHPAUHWND__@@0I@Z
??1LanguageSelectionDialogBase@@QAE@XZ
??1LanguageNeutralSelectionDialogBase@@QAE@XZ
?CanPageBeActivatedWrapper@WizardHandler@@QAEHW4Direction@@PAH@Z
??0WizardRoot@@QAE@XZ
??0WizardDialogPre@@QAE@XZ
??0WizardDialogPost@@QAE@XZ
?KillActive@WizardHandler@@UAEXAAH@Z
uxlib
??1CInternationalUtils@@QAE@XZ
??0CInternationalUtils@@QAE@XZ
wdscore
ConstructPartialMsgVW
WdsSetupLogMessageW
CurrentIP
WdsSetupLogInit
unattend
UnattendFindFileFromCmdLine
UnattendFindAnswerFile
user32
SetForegroundWindow
SetWindowPos
SetWindowLongW
GetWindowLongW
GetWindowThreadProcessId
SendMessageW
LoadIconW
GetParent
PostMessageW
PostThreadMessageW
RegisterHotKey
GetMessageW
UnregisterHotKey
MessageBoxW
ShowWindow
UnregisterClassA
CharNextW
CreateWindowExW
GetDC
ReleaseDC
CallWindowProcW
SetFocus
MapWindowPoints
GetFocus
LoadStringW
GetDlgItem
GetClientRect
gdi32
EnumFontFamiliesExW
CreateDCW
TranslateCharsetInfo
DeleteDC
SelectObject
GetTextMetricsW
GetTextExtentPoint32W
DeleteObject
SetTextColor
CreateFontIndirectW
oleaut32
SysReAllocStringLen
VarUI4FromStr
VariantChangeType
SysAllocStringLen
VariantClear
VariantInit
kernel32
GetWindowsDirectoryW
GetStartupInfoW
GetExitCodeProcess
CreateEventW
OpenThread
GetFullPathNameW
GetLocaleInfoW
CreateThread
SetEvent
ExpandEnvironmentStringsW
VerSetConditionMask
VerifyVersionInfoW
GetFileAttributesW
SetLastError
LocalAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
OutputDebugStringA
InterlockedCompareExchange
Sleep
InterlockedExchange
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
HeapAlloc
GetModuleFileNameW
LoadLibraryExW
lstrcmpiW
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
lstrlenW
DisableThreadLibraryCalls
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryW
GetProcAddress
FreeLibrary
HeapFree
GetProcessHeap
CreateFileW
WaitForSingleObject
ReleaseMutex
CreateProcessW
GetCurrentProcess
SetPriorityClass
CloseHandle
GetLastError
GetVersionExW
FormatMessageW
MultiByteToWideChar
GetEnvironmentVariableW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
RaiseException
LocalFree
IsValidCodePage
IsValidLocale
ntdll
RtlFreeHeap
RtlAllocateHeap
ole32
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
advapi32
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegDeleteValueW
RegEnumValueW
RegQueryValueExW
shell32
ShellExecuteExW
Exports
Exports
??0?$CSimpleStringT@G$0A@@ATL@@QAE@ABV01@@Z
??0?$CSimpleStringT@G$0A@@ATL@@QAE@ABV?$CSimpleStringT@G$00@1@@Z
??0?$CSimpleStringT@G$0A@@ATL@@QAE@PAUIAtlStringMgr@1@@Z
??0?$CSimpleStringT@G$0A@@ATL@@QAE@PBGHPAUIAtlStringMgr@1@@Z
??0?$CSimpleStringT@G$0A@@ATL@@QAE@PBGPAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAE@ABUtagVARIANT@@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAE@ABUtagVARIANT@@PAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAE@ABV01@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAE@DH@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAE@GH@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAE@PAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAE@PBD@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAE@PBDH@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAE@PBDHPAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAE@PBDPAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAE@PBE@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAE@PBEPAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAE@PBG@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAE@PBGH@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAE@PBGHPAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAE@PBGPAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAE@XZ
??0AutorunAppBase@@QAE@ABV0@@Z
??0AutorunAppBase@@QAE@XZ
??0AutorunUIAppBase@@QAE@ABV0@@Z
??0AutorunUIAppBase@@QAE@XZ
??0LanguageNeutralUIAppBase@@QAE@ABV0@@Z
??0LanguageNeutralUIAppBase@@QAE@XZ
??0LanguageUIAppBase@@QAE@ABV0@@Z
??0LanguageUIAppBase@@QAE@XZ
??1?$CSimpleStringT@G$0A@@ATL@@QAE@XZ
??1?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAE@XZ
??4?$CSimpleStringT@G$0A@@ATL@@QAEAAV01@ABV01@@Z
??4?$CSimpleStringT@G$0A@@ATL@@QAEAAV01@ABV?$CSimpleStringT@G$00@1@@Z
??4?$CSimpleStringT@G$0A@@ATL@@QAEAAV01@PBG@Z
??4?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEAAV01@ABUtagVARIANT@@@Z
??4?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEAAV01@ABV01@@Z
??4?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEAAV01@D@Z
??4?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEAAV01@G@Z
??4?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEAAV01@PBD@Z
??4?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEAAV01@PBE@Z
??4?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEAAV01@PBG@Z
??4AutorunAppBase@@QAEAAV0@ABV0@@Z
??4AutorunUIAppBase@@QAEAAV0@ABV0@@Z
??4LanguageNeutralUIAppBase@@QAEAAV0@ABV0@@Z
??4LanguageUIAppBase@@QAEAAV0@ABV0@@Z
??A?$CSimpleStringT@G$0A@@ATL@@QBEGH@Z
??B?$CSimpleStringT@G$0A@@ATL@@QAEAAV?$CSimpleStringT@G$00@1@XZ
??B?$CSimpleStringT@G$0A@@ATL@@QBEPBGXZ
??B?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEAAV?$CSimpleStringT@G$00@1@XZ
??Y?$CSimpleStringT@G$0A@@ATL@@QAEAAV01@ABV01@@Z
??Y?$CSimpleStringT@G$0A@@ATL@@QAEAAV01@D@Z
??Y?$CSimpleStringT@G$0A@@ATL@@QAEAAV01@E@Z
??Y?$CSimpleStringT@G$0A@@ATL@@QAEAAV01@G@Z
??Y?$CSimpleStringT@G$0A@@ATL@@QAEAAV01@PBG@Z
??Y?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEAAV01@ABUtagVARIANT@@@Z
??Y?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEAAV01@ABV?$CSimpleStringT@G$0A@@1@@Z
??Y?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEAAV01@D@Z
??Y?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEAAV01@E@Z
??Y?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEAAV01@G@Z
??Y?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEAAV01@PBD@Z
??Y?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEAAV01@PBG@Z
??_7AutorunAppBase@@6B@
??_7AutorunUIAppBase@@6B@
??_7LanguageNeutralUIAppBase@@6B@
??_7LanguageUIAppBase@@6B@
?AllocSysString@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QBEPAGXZ
?Append@?$CSimpleStringT@G$0A@@ATL@@QAEXABV12@@Z
?Append@?$CSimpleStringT@G$0A@@ATL@@QAEXPBG@Z
?Append@?$CSimpleStringT@G$0A@@ATL@@QAEXPBGH@Z
?AppendChar@?$CSimpleStringT@G$0A@@ATL@@QAEXG@Z
?AppendFormat@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAAXIZZ
?AppendFormat@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAAXPBGZZ
?AppendFormatV@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEXPBGPAD@Z
?Attach@?$CSimpleStringT@G$0A@@ATL@@AAEXPAUCStringData@2@@Z
?AutorunPage@@3VWizard_PageDesciption@@A
?CharToOemA@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEXXZ
?CheckImplicitLoad@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@AAE_NPBX@Z
?CloneData@?$CSimpleStringT@G$0A@@ATL@@CAPAUCStringData@2@PAU32@@Z
?Collate@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QBEHPBG@Z
?CollateNoCase@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QBEHPBG@Z
?Compare@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QBEHPBG@Z
?CompareNoCase@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QBEHPBG@Z
?Concatenate@?$CSimpleStringT@G$0A@@ATL@@KAXAAV12@PBGH1H@Z
?Construct@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@SAXPAV12@@Z
?CopyChars@?$CSimpleStringT@G$0A@@ATL@@SAXPAGIPBGH@Z
?CopyChars@?$CSimpleStringT@G$0A@@ATL@@SAXPAGPBGH@Z
?CopyCharsOverlapped@?$CSimpleStringT@G$0A@@ATL@@SAXPAGIPBGH@Z
?CopyCharsOverlapped@?$CSimpleStringT@G$0A@@ATL@@SAXPAGPBGH@Z
?Delete@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEHHH@Z
?Empty@?$CSimpleStringT@G$0A@@ATL@@QAEXXZ
?Find@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QBEHGH@Z
?Find@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QBEHPBGH@Z
?FindOneOf@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QBEHPBG@Z
?Fork@?$CSimpleStringT@G$0A@@ATL@@AAEXH@Z
?Format@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAAXIZZ
?Format@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAAXPBGZZ
?FormatMessageV@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEXPBGPAPAD@Z
?FormatMessageW@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAAXIZZ
?FormatMessageW@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAAXPBGZZ
?FormatV@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEXPBGPAD@Z
?FreeExtra@?$CSimpleStringT@G$0A@@ATL@@QAEXXZ
?GetAllocLength@?$CSimpleStringT@G$0A@@ATL@@QBEHXZ
?GetAt@?$CSimpleStringT@G$0A@@ATL@@QBEGH@Z
?GetBuffer@?$CSimpleStringT@G$0A@@ATL@@QAEPAGH@Z
?GetBuffer@?$CSimpleStringT@G$0A@@ATL@@QAEPAGXZ
?GetBufferSetLength@?$CSimpleStringT@G$0A@@ATL@@QAEPAGH@Z
?GetData@?$CSimpleStringT@G$0A@@ATL@@ABEPAUCStringData@2@XZ
?GetEnvironmentVariableW@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEHPBG@Z
?GetLength@?$CSimpleStringT@G$0A@@ATL@@QBEHXZ
?GetManager@?$CSimpleStringT@G$0A@@ATL@@QBEPAUIAtlStringMgr@2@XZ
?GetManager@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QBEPAUIAtlStringMgr@2@XZ
?GetString@?$CSimpleStringT@G$0A@@ATL@@QBEPBGXZ
?InitializeAutorunCore@@YGHH@Z
?Insert@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEHHG@Z
?Insert@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEHHPBG@Z
?IsEmpty@?$CSimpleStringT@G$0A@@ATL@@QBE_NXZ
?Left@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QBE?AV12@H@Z
?LoadStringW@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEHI@Z
?LoadStringW@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEHPAUHINSTANCE__@@I@Z
?LoadStringW@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEHPAUHINSTANCE__@@IG@Z
?LockBuffer@?$CSimpleStringT@G$0A@@ATL@@QAEPAGXZ
?MakeLower@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEAAV12@XZ
?MakeReverse@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEAAV12@XZ
?MakeUpper@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEAAV12@XZ
?Mid@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QBE?AV12@H@Z
?Mid@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QBE?AV12@HH@Z
?NotifyWizCancel@AutorunAppBase@@UAEHAAH@Z
?OemToCharA@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEXXZ
?OnCtlColorStatic@AutorunAppBase@@QAGJIIJAAH@Z
?OnInitDialog@AutorunAppBase@@UAGJIIJAAH@Z
?OnInitDialog@AutorunUIAppBase@@UAGJIIJAAH@Z
?Preallocate@?$CSimpleStringT@G$0A@@ATL@@QAEXH@Z
?PrepareWrite2@?$CSimpleStringT@G$0A@@ATL@@AAEXH@Z
?PrepareWrite@?$CSimpleStringT@G$0A@@ATL@@AAEPAGH@Z
?ProcessWindowMessage@AutorunAppBase@@UAEHPAUHWND__@@IIJAAJK@Z
?ProcessWindowMessage@AutorunUIAppBase@@UAEHPAUHWND__@@IIJAAJK@Z
?ProcessWindowMessage@LanguageNeutralUIAppBase@@UAEHPAUHWND__@@IIJAAJK@Z
?ProcessWindowMessage@LanguageUIAppBase@@UAEHPAUHWND__@@IIJAAJK@Z
?Reallocate@?$CSimpleStringT@G$0A@@ATL@@AAEXH@Z
?ReleaseBuffer@?$CSimpleStringT@G$0A@@ATL@@QAEXH@Z
?ReleaseBufferSetLength@?$CSimpleStringT@G$0A@@ATL@@QAEXH@Z
?Remove@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEHG@Z
?Replace@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEHGG@Z
?Replace@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEHPBG0@Z
?ReverseFind@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QBEHG@Z
?Right@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QBE?AV12@H@Z
?SetActive@AutorunAppBase@@UAEXAAH@Z
?SetAt@?$CSimpleStringT@G$0A@@ATL@@QAEXHG@Z
?SetLength@?$CSimpleStringT@G$0A@@ATL@@AAEXH@Z
?SetManager@?$CSimpleStringT@G$0A@@ATL@@QAEXPAUIAtlStringMgr@2@@Z
?SetString@?$CSimpleStringT@G$0A@@ATL@@QAEXPBG@Z
?SetString@?$CSimpleStringT@G$0A@@ATL@@QAEXPBGH@Z
?SetSysString@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QBEPAGPAPAG@Z
?SpanExcluding@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QBE?AV12@PBG@Z
?SpanIncluding@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QBE?AV12@PBG@Z
?StringLength@?$CSimpleStringT@G$0A@@ATL@@SAHPBD@Z
?StringLength@?$CSimpleStringT@G$0A@@ATL@@SAHPBG@Z
?TerminateAutorunCore@@YGXXZ
?ThrowMemoryException@?$CSimpleStringT@G$0A@@ATL@@KAXXZ
?Tokenize@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QBE?AV12@PBGAAH@Z
?Trim@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEAAV12@G@Z
?Trim@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEAAV12@PBG@Z
?Trim@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEAAV12@XZ
?TrimLeft@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEAAV12@G@Z
?TrimLeft@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEAAV12@PBG@Z
?TrimLeft@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEAAV12@XZ
?TrimRight@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEAAV12@G@Z
?TrimRight@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEAAV12@PBG@Z
?TrimRight@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QAEAAV12@XZ
?Truncate@?$CSimpleStringT@G$0A@@ATL@@QAEXH@Z
?UnlockBuffer@?$CSimpleStringT@G$0A@@ATL@@QAEXXZ
?g_AutorunCore@@3VCAutorunCore@@A
?v_SetAppWindowUserData@AutorunAppBase@@IAEXXZ
StartAutorun
Sections
.text Size: 108KB - Virtual size: 107KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 1016B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
sources/background_cli.bmp
-
sources/boot.wim