685088059df439c545a69192df6f0a24_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

685088059df439c545a69192df6f0a24_JaffaCakes118
Size

20.7MB
MD5

685088059df439c545a69192df6f0a24
SHA1

0faa19415aca86d8e73259e62f6769282228184f
SHA256

0f7ebec3a003cb94ed8c7c2b2c8e0b491da168ca044ed70e0f85288a4ae5272d
SHA512

837eeb94ceae3eddd2b055fa80497b34fdaff983009b12b5a88b2c73dd0ee4068d07ffedae9493a576c684359a00036705275a32b73333ecebf9e0eb2a33f920
SSDEEP

393216:20xA37N1U003P85MbaEjfldL8VJUBIin+zGiRvePSmdL52Xxc21h:20I/UV4UaUwVJq+zh9ePSS4Xu2/

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 3 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/$PLUGINSDIR/version.dll	acprotect
static1/unpack001/nat.dll	acprotect
static1/unpack001/nat2.dll	acprotect

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/$PLUGINSDIR/version.dll	upx
static1/unpack001/nat.dll	upx
static1/unpack001/nat2.dll	upx

Unsigned PE 24 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InetLoad.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/version.dll
unpack002/out.upx
unpack001/$R2/NSIS.Library.RegTool.v3.$_24_.exe
unpack001/CCheck.dll
unpack001/FcLauncher.exe
unpack001/FgHook.dll
unpack001/GdiPlus.dll
unpack001/MCheck.dll
unpack001/UNACEV2.DLL
unpack001/ZHashGen.dll
unpack001/ZipArchive.dll
unpack001/calMbc.dll
unpack001/ckpcodec.dll
unpack001/conkeeper.dll
unpack001/dbghelp.dll
unpack003/out.upx
unpack004/out.upx
unpack001/sfdcd.dll
unpack001/sffileguri.dll
unpack001/ssmfileinfo.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

685088059df439c545a69192df6f0a24_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:7b:94:4d:6c:8a:18:77:6c:2b:bb:51:b0:ef:9f:c1
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

20/09/2016, 00:00

Not After

20/10/2018, 23:59

Subject

CN=Iconcube. Inc.,OU=IT Team,O=Iconcube. Inc.,L=Geumcheon-gu,ST=SEOUL,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:01:43:db:c2:89:d2:8f:15:68:b1:80:74:5f:43:23:6b:00:bc:62
Signer

Actual PE Digest

1a:01:43:db:c2:89:d2:8f:15:68:b1:80:74:5f:43:23:6b:00:bc:62

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$APPDATA/Fileguri/DiskFileguri.ico
$APPDATA/Fileguri/Fileguri.ico
$PLUGINSDIR/InetLoad.dll
.dll windows:4 windows x86 arch:x86

24a4a671f5cc294ce3543d18a1e873cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

strchr
_adjust_fdiv
malloc
_initterm
free
memset
strstr
strtol
strncmp
strtoul
time
strrchr

kernel32

GlobalFree
lstrcpynA
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrcmpiA
CreateFileA
lstrcmpA
lstrlenA
MulDiv
WriteFile
lstrcatA
GetLastError
DeleteFileA
CloseHandle
SleepEx

user32

GetDlgItem
SendMessageA
SetWindowTextA
wsprintfA
GetWindowTextA
RegisterWindowMessageA
CallWindowProcA
PostMessageA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
MessageBoxA
SendDlgItemMessageA
SetDlgItemTextA
SetTimer
LoadIconA
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindow
CreateDialogParamA
FindWindowExA
RedrawWindow
SetWindowLongA

wininet

InternetErrorDlg
InternetSetFilePointer
HttpQueryInfoA
InternetQueryOptionA
HttpSendRequestA
HttpAddRequestHeadersA
InternetSetOptionA
HttpOpenRequestA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetCloseHandle

comctl32

ord17

Exports

Exports

load

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/version.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetWindowsVersion
IsWindows2000
IsWindows2003
IsWindows31
IsWindows95
IsWindows98
IsWindows98orLater
IsWindowsME
IsWindowsNT351
IsWindowsNT40
IsWindowsPlatform9x
IsWindowsPlatformNT
IsWindowsXP

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 454B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$R0
.dll regsvr32 windows:4 windows x86 arch:x86

ed65ea42bcccddb8d50855aae69266f2

Code Sign

4e:9b:45:38:ee:db:10:ab:8b:18:8a:46:dd:1d:49:6e
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

24/06/2010, 00:00

Not After

22/08/2012, 23:59

Subject

CN=Freechal Inc.,O=Freechal Inc.,L=Gangnam-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ad:d7:eb:92:62:69:35:42:13:5b:c2:25:49:a0:a7:46:34:e8:ec:68
Signer

Actual PE Digest

ad:d7:eb:92:62:69:35:42:13:5b:c2:25:49:a0:a7:46:34:e8:ec:68

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\RndCenter\P2P\FgAddOn\Release\FgAddOn.pdb

Imports

kernel32

GetFileAttributesW
GetFileTime
FindResourceExW
GetProfileIntW
lstrcpyA
ExitProcess
RtlUnwind
GetCommandLineA
TerminateProcess
HeapFree
ExitThread
CreateThread
HeapAlloc
HeapReAlloc
SetStdHandle
GetFileType
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
SetUnhandledExceptionFilter
SetHandleCount
GetShortPathNameW
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
IsBadWritePtr
GetTimeZoneInformation
LCMapStringA
LCMapStringW
IsBadReadPtr
IsBadCodePtr
GetOEMCP
GetCPInfo
GetStringTypeA
GetStringTypeW
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
RaiseException
GlobalFlags
GetCurrentDirectoryW
WritePrivateProfileStringW
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
FindFirstFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
FindClose
GetUserDefaultLCID
IsDBCSLeadByte
FreeResource
GlobalFindAtomW
LoadLibraryA
lstrcatW
GetVersionExA
GetModuleHandleA
SetLastError
CopyFileW
MulDiv
GlobalSize
FormatMessageW
lstrcpynW
LocalFree
GlobalFree
GlobalUnlock
InterlockedDecrement
lstrcmpiW
InterlockedIncrement
CreateEventW
SuspendThread
SetEvent
WaitForSingleObject
ResumeThread
SetThreadPriority
GlobalAddAtomW
GetCurrentThread
GetCurrentThreadId
GlobalLock
lstrcmpW
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcpyW
GetLocaleInfoW
LoadLibraryW
GetFileSize
GetTickCount
GetTempPathW
GetTempFileNameW
lstrlenW
WriteFile
CreateFileW
ReadFile
lstrlenA
CloseHandle
DeleteFileW
CreateDirectoryW
GetLastError
OutputDebugStringW
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
MultiByteToWideChar
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
GetStdHandle
InterlockedExchange

user32

GetNextDlgTabItem
EndDialog
LockWindowUpdate
EnumChildWindows
SetWindowTextW
IsDialogMessageW
SetRect
SetRectEmpty
SetCapture
ReleaseCapture
RegisterClipboardFormatW
MoveWindow
IsRectEmpty
CreateMenu
DestroyMenu
RegisterWindowMessageW
WinHelpW
GetCapture
CreateWindowExW
GetClassInfoExW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SendDlgItemMessageW
SendDlgItemMessageA
IsWindow
SetFocus
IsChild
GetWindowTextW
GetForegroundWindow
SetActiveWindow
GetDlgItem
GetTopWindow
GetMessageTime
GetMessagePos
LoadIconW
MapWindowPoints
CreateDialogIndirectParamW
GetClientRect
AdjustWindowRectEx
GetClassInfoW
RegisterClassW
UnregisterClassW
GetDlgCtrlID
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindow
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetMenuStringW
AppendMenuW
InsertMenuW
RemoveMenu
CallWindowProcW
GetMenu
SetWindowPos
DestroyWindow
SetWindowLongW
InvalidateRect
UpdateWindow
GetWindowRect
GetSubMenu
GetMenuItemID
GetMenuItemCount
OffsetRect
InflateRect
ShowWindow
DrawEdge
SetParent
UnhookWindowsHookEx
wsprintfW
SetMenuItemBitmaps
DestroyIcon
GetDCEx
GetFocus
ModifyMenuW
GetDialogBaseUnits
GetTabbedTextExtentA
CharUpperW
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapW
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
MessageBoxW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
SetCursor
PostMessageW
PostQuitMessage
EqualRect
CopyRect
DefWindowProcW
LoadCursorW
GetSysColorBrush
RegisterClassExW
SendMessageTimeoutW
EnableWindow
GetDesktopWindow
FillRect
SendMessageW
SetForegroundWindow
FindWindowW
PtInRect

gdi32

CreatePatternBrush
CreatePen
CreateSolidBrush
CombineRgn
Escape
CreateFontIndirectW
GetTextAlign
GetTextMetricsW
CreateRectRgnIndirect
SetRectRgn
PatBlt
EnumFontFamiliesExW
Rectangle
UnrealizeObject
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetTextExtentPoint32W
Ellipse
GetObjectW
CreateRectRgn
SelectClipRgn
DeleteObject
MoveToEx
GetClipBox
SetMapMode
SetTextColor
SetROP2
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateDCW
CopyMetaFileW
DeleteDC
DeleteMetaFile
CloseMetaFile
CreateMetaFileW
LPtoDP
GetDeviceCaps
CreateBitmap
GetStockObject
SelectObject

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegEnumKeyW
RegDeleteValueW
RegSetValueW
RegCreateKeyW
RegQueryValueW
RegOpenKeyW
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW

shell32

ExtractIconW
ShellExecuteW

comctl32

ord17

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW

ole32

CreateStreamOnHGlobal
CoDisconnectObject
CreateOleAdviseHolder
OleSaveToStream
CreateDataAdviseHolder
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleDuplicateData
ReleaseStgMedium
ReadFmtUserTypeStg
ReadClassStm
CoTaskMemAlloc
CreateDataCache
StringFromGUID2
StringFromCLSID
CoTaskMemFree
CoRevokeClassObject
CoRegisterClassObject
CoInitialize
CoUninitialize
CoCreateInstance
StgCreateDocfileOnILockBytes
OleLoadFromStream
CreateILockBytesOnHGlobal

oleaut32

OleCreatePictureIndirect
OleCreateFontIndirect
VariantCopy
OleLoadPicture
SysStringLen
VariantInit
VariantChangeType
SysAllocStringLen
OleCreatePropertyFrame
LoadTypeLi
RegisterTypeLi
SysStringByteLen
VariantClear
SysFreeString
SysAllocString
LoadRegTypeLi

urlmon

URLDownloadToFileW

wininet

DeleteUrlCacheEntryW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 228KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R2/NSIS.Library.RegTool.v3.$_24_.exe
.exe windows:4 windows x86 arch:x86

a56a9c58ddb2b2da8fde66551747ce70

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
CloseHandle
CreateProcessA
GetSystemDirectoryA
FreeLibrary
LoadLibraryExA
MultiByteToWideChar
lstrcmpiA
lstrlenA
SetEndOfFile
GetProcAddress
UnmapViewOfFile
lstrcpyA
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
lstrcatA
GetWindowsDirectoryA
GetShortPathNameA
GetCommandLineA
ExitProcess
GetModuleHandleA
GetModuleFileNameA
SetFilePointer
SetErrorMode

oleaut32

LoadTypeLi
RegisterTypeLi

advapi32

RegQueryValueExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyExA
RegCloseKey

user32

wsprintfA
CharNextA

ole32

OleInitialize
OleUninitialize

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Ark32.dll
.dll windows:5 windows x86 arch:x86

bb0bc3e6d92c94be66f374a731e7f7b9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:08:e4:25:dd:db:b3:4e:1e:26:d6:e7:85:6e:9f:b8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/09/2013, 00:00

Not After

26/12/2016, 23:59

Subject

CN=Bandisoft,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Bandisoft,L=Yeongdeungpogu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\devel\Ark5\bin\Ark32.pdb

Imports

kernel32

CloseHandle
GetCurrentThread
SetFileTime
FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
FileTimeToDosDateTime
InterlockedIncrement
InterlockedDecrement
FreeLibrary
lstrcpyA
DeleteFileW
GetFileAttributesExW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetModuleFileNameW
LoadLibraryW
GetProcAddress
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventW
SetEvent
WaitForSingleObject
ResetEvent
SetFileAttributesW
Sleep
WriteFile
CreateFileA
ReadFile
SetFilePointer
GetFileTime
MoveFileW
LocalFileTimeToFileTime
lstrcpynA
GetTickCount
SetThreadPriority
InterlockedExchange
FileTimeToLocalFileTime
lstrcmpW
VirtualAlloc
VirtualFree
GetSystemDirectoryW
GetCurrentProcessId
GetVersion
GetCurrentProcess
CreatePipe
DuplicateHandle
GetExitCodeProcess
TerminateThread
TerminateProcess
GlobalAlloc
CreateProcessW
GlobalFree
WaitForMultipleObjects
CreateSemaphoreW
ReleaseSemaphore
GetFileSizeEx
QueryPerformanceCounter
GetSystemInfo
GetModuleHandleW
GetCPInfo
IsDBCSLeadByte
CompareStringA
CompareStringW
InterlockedCompareExchange
GetSystemTimeAsFileTime
GetThreadLocale
GetACP
LoadLibraryA
GetLocaleInfoA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
GetCommandLineA
ExitThread
CreateThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
LCMapStringW
LCMapStringA
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetEnvironmentVariableA
GetModuleHandleA
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileW
GetFileSize
WideCharToMultiByte
MultiByteToWideChar
CreateDirectoryW
lstrcpyW
lstrlenA
GetLastError
GetFileAttributesW
GetFileAttributesA
lstrcatW
lstrlenW
GetCurrentThreadId
GetVersionExW

user32

CharToOemBuffA
CharUpperW
SendMessageW
FindWindowW
wsprintfW

advapi32

RevertToSelf
GetFileSecurityW
OpenThreadToken
AccessCheck
AreAllAccessesGranted
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ImpersonateSelf

oleaut32

VariantClear
SysAllocStringByteLen
SysStringByteLen
SysFreeString
SysAllocString

Exports

Exports

CreateArk
CreateArkCompressor

Sections

.text
Size: 955KB - Virtual size: 954KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ark32_v2.dll
.dll windows:5 windows x86 arch:x86

c04a32761b82ce14aa23ba289d6edae9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:08:e4:25:dd:db:b3:4e:1e:26:d6:e7:85:6e:9f:b8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/09/2013, 00:00

Not After

26/12/2016, 23:59

Subject

CN=Bandisoft,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Bandisoft,L=Yeongdeungpogu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\devel\Ark6\bin\Ark32.pdb

Imports

kernel32

SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
FileTimeToDosDateTime
InterlockedIncrement
InterlockedDecrement
FreeLibrary
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
lstrcpyA
DeleteFileW
GetFileAttributesExW
GetModuleFileNameW
LoadLibraryW
GetProcAddress
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventW
SetEvent
WaitForSingleObject
ResetEvent
Sleep
WriteFile
CreateFileA
ReadFile
SetFilePointer
GetFileTime
MoveFileW
LocalFileTimeToFileTime
GetSystemInfo
lstrcpynA
GetTickCount
SetThreadPriority
InterlockedExchange
FileTimeToLocalFileTime
lstrcmpW
VirtualAlloc
VirtualFree
GetSystemDirectoryW
GetCurrentProcessId
GetModuleHandleW
GlobalMemoryStatus
CreateProcessW
GetExitCodeProcess
QueryPerformanceCounter
GetCurrentProcess
GetThreadTimes
GetVersion
CreatePipe
DuplicateHandle
TerminateThread
TerminateProcess
GetTimeZoneInformation
GlobalFree
WaitForMultipleObjects
CreateSemaphoreW
ReleaseSemaphore
GetCurrentThreadId
CompareStringA
CompareStringW
CreateThread
InterlockedCompareExchange
GetSystemTimeAsFileTime
GetThreadLocale
GetACP
LoadLibraryA
GetLocaleInfoA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
GetCommandLineA
ExitThread
SetStdHandle
GetFileType
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
SetHandleCount
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
LCMapStringA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetEnvironmentVariableA
GetModuleHandleA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FileTimeToSystemTime
SetFileTime
GetCurrentThread
CloseHandle
GetFileSizeEx
CreateFileW
GetFileSize
SetFileAttributesW
WideCharToMultiByte
MultiByteToWideChar
CreateDirectoryW
lstrcpyW
lstrlenA
GetLastError
GetFileAttributesW
GetFileAttributesA
lstrcatW
lstrlenW
GlobalAlloc
GetVersionExW

user32

CharUpperW
SendMessageW
FindWindowW
MessageBoxW
wsprintfW

advapi32

AreAllAccessesGranted
OpenThreadToken
RevertToSelf
ImpersonateSelf
GetFileSecurityW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AccessCheck

oleaut32

VariantClear
SysAllocStringByteLen
SysStringByteLen
SysFreeString
SysAllocString

Exports

Exports

CreateArk
CreateArkCompressor

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 335KB - Virtual size: 335KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ark32lgpl.dll
.dll windows:5 windows x86 arch:x86

213561b663826c12cff8d69c48cf7345

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:08:e4:25:dd:db:b3:4e:1e:26:d6:e7:85:6e:9f:b8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/09/2013, 00:00

Not After

26/12/2016, 23:59

Subject

CN=Bandisoft,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Bandisoft,L=Yeongdeungpogu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\devel\Ark5\bin\Ark32lgpl.pdb

Imports

kernel32

VirtualFree
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLastError
CloseHandle
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
CompareFileTime
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
RaiseException
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
RtlUnwind
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA

user32

CharUpperW
CharNextA

oleaut32

VariantClear
SysAllocString
SysAllocStringByteLen

Exports

Exports

AllocWinZipJPEGDecompressor
AreMoreWinZipJPEGBytesAvailable
AreMoreWinZipJPEGSlicesAvailable
Create7zArc
EncodeWinZipJPEGBlocksToBuffer
FreeWinZipJPEGDecompressor
IsFinalWinZipJPEGBundle
ReadNextWinZipJPEGBundle
ReadNextWinZipJPEGSlice
ReadWinZipJPEGHeader
WinZipJPEGBundleMetadataBytes
WinZipJPEGBundleMetadataLength

Sections

.text
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ArkZip32.dll
.dll .pdf windows:5 windows x86 arch:x86 polyglot

b86798315b7e15450e64c193548c0c9b

Code Sign

36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

01/01/2021, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:3b:ba:fc:e9:94:ec:7f:e8:d2:ca:56:8f:2a:b6:4b
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

23/11/2011, 00:00

Not After

21/02/2014, 23:59

Subject

CN=Bandisoft,OU=Dev Team,O=Bandisoft,L=Yeongdeungpo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\devel\Ark5\bin\ArkZip32.pdb

Imports

kernel32

CreateDirectoryW
MultiByteToWideChar
WideCharToMultiByte
GetFileSize
CreateFileW
GetFileSizeEx
CloseHandle
GetCurrentThread
SetFileTime
FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
FileTimeToDosDateTime
InterlockedIncrement
InterlockedDecrement
VirtualAlloc
VirtualFree
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
CreateEventW
SetEvent
ResetEvent
lstrcpyW
InitializeCriticalSection
SetFileAttributesW
DeleteFileW
Sleep
WriteFile
CreateFileA
ReadFile
SetFilePointer
GetFileTime
MoveFileW
lstrcpyA
GetFileAttributesExW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
SetThreadPriority
InterlockedExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
lstrlenA
GetLastError
GetFileAttributesW
GetFileAttributesA
lstrcatW
lstrlenW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
ExitThread
GetCurrentThreadId
CreateThread
GetSystemTimeAsFileTime
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
GetModuleHandleW
GetProcAddress
ExitProcess
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
RtlUnwind
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetLocaleInfoA
LCMapStringA
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
GetModuleHandleA

user32

SendMessageW
FindWindowW
wsprintfW

advapi32

AccessCheck
OpenThreadToken
RevertToSelf
ImpersonateSelf
GetFileSecurityW
AreAllAccessesGranted

Exports

Exports

CreateArk
CreateArkCompressor

Sections

.text
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CCheck.dll
.dll windows:4 windows x86 arch:x86

3ccd7aeac3502efb4aa98f641179ddca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

WSAStartup
gethostname
gethostbyname
inet_addr
WSACleanup

wininet

InternetOpenA
InternetSetOptionA
InternetConnectA
HttpOpenRequestA
HttpQueryInfoA
InternetSetCookieA
InternetQueryOptionA
HttpSendRequestA
InternetErrorDlg
InternetQueryDataAvailable
InternetReadFile
InternetCloseHandle

mfc42

ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord537
ord6467
ord800
ord860
ord2614
ord823
ord540
ord858
ord1567
ord268
ord2818
ord535
ord939
ord4698
ord941
ord6283
ord6282
ord4278
ord5710
ord4129
ord5683
ord1116
ord2915
ord4202
ord859
ord940
ord926
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176

msvcrt

_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
fopen
fclose
fread
_mbsstr
isdigit
_mbctype
_atoi64
__CxxFrameHandler
atoi
_stati64
malloc
free
_mbscmp

kernel32

HeapAlloc
HeapFree
lstrlenA
LocalFree
LocalAlloc
HeapDestroy
HeapCreate
WideCharToMultiByte
GetLastError
InitializeCriticalSection
DeleteCriticalSection

user32

GetDesktopWindow

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Exports

Exports

CopyrightInfo

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Check.exe
.exe windows:5 windows x86 arch:x86

eb87572b82b0ef7e2a2e96b03a50d6e9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:6f:12:d1:04:74:ed:4d:1c:13:a2:6f:4e:40:1b:ce
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

21/01/2016, 00:00

Not After

07/05/2016, 23:59

Subject

CN=iMBC Co.\, Ltd.,O=iMBC Co.\, Ltd.,L=Mapo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4b:5f:59:08:9e:d9:de:c7:f5:79:56:5a:c5:76:5d:96:6c:84:7f:04:83:68:13:81:4e:e8:9a:b0:f3:7e:ba:66
Signer

Actual PE Digest

4b:5f:59:08:9e:d9:de:c7:f5:79:56:5a:c5:76:5d:96:6c:84:7f:04:83:68:13:81:4e:e8:9a:b0:f3:7e:ba:66

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\project_svn\WebHard\trunk\ConKeeper\고도화_new\ConKeeper\Release\Check.pdb

Imports

kernel32

LoadLibraryA
CloseHandle
GetProcAddress
GlobalMemoryStatus
WriteFile
FreeLibrary
FindResourceA
CreateFileA
GetTickCount
GetModuleFileNameA
LockResource
MultiByteToWideChar
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceW
FindResourceExW
lstrlenA
FlushConsoleInputBuffer
GetStdHandle
GetFileType
GetVersion
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
SetLastError
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
Sleep
DecodePointer
EncodePointer
InterlockedDecrement
InterlockedIncrement
GetVersionExA

oleaut32

SysAllocStringLen

shlwapi

PathFileExistsA

ws2_32

htons
WSAGetLastError
recv
select
closesocket
gethostbyname
send
WSAStartup
connect
ioctlsocket
shutdown
WSASetLastError
socket
setsockopt

msvcr100

_CxxThrowException
_purecall
memcpy
__CxxFrameHandler3
strerror
setlocale
__uncaught_exception
__crtLCMapStringA
__pctype_func
isupper
___lc_codepage_func
___lc_handle_func
_calloc_crt
islower
abort
memset
strncmp
_errno
_unlock
_mbscspn
_lock
_onexit
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_time32
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_mbscmp
_splitpath
_mbsspn
atoi
_atoi64
_mbslwr_s
strncpy
strnlen
_time64
fclose
fwrite
_vsnprintf
fopen
_localtime64_s
free
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
sprintf
??2@YAPAXI@Z
_vscprintf
memcpy_s
??_V@YAXPAX@Z
vsprintf_s
_mbsstr
malloc
memmove
??0exception@std@@QAE@ABV01@@Z
realloc
strchr
qsort
wcsstr
vfprintf
_iob
strcmp
tolower
_pctype
__mb_cur_max
_isctype
memchr
_ftol
getenv
fread
fflush
_setmode
ftell
fseek
fgets
fprintf
sscanf
strtoul
fputs
signal
strstr
_gmtime32
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
memmove_s
??3@YAXPAX@Z
_fileno
_stat32
__dllonexit
_getch

user32

GetProcessWindowStation
MessageBoxA
GetUserObjectInformationW
GetDesktopWindow

advapi32

ReportEventA
DeregisterEventSource
RegisterEventSourceA

Sections

.text
Size: 426KB - Virtual size: 425KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8.7MB - Virtual size: 8.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FcLauncher.exe
.exe windows:4 windows x86 arch:x86

d99aa86b52c7a029e55e24c2c4fad79c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
HeapAlloc
RaiseException
GetTimeZoneInformation
HeapReAlloc
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
TerminateProcess
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
ExitProcess
GetCommandLineA
GetStartupInfoA
GetProfileStringA
RtlUnwind
GetTickCount
SetErrorMode
GetFileTime
GetFileSize
GetFileAttributesA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
GetOEMCP
GetCPInfo
SizeofResource
GetProcessVersion
GetLastError
WritePrivateProfileStringA
GlobalFlags
lstrcpynA
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
MulDiv
FileTimeToLocalFileTime
FileTimeToSystemTime
GetThreadLocale
SetLastError
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
FormatMessageA
LocalFree
lstrlenA
WideCharToMultiByte
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcpyA
GetModuleHandleA
GetProcAddress
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
CloseHandle
GetModuleFileNameA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
VirtualFree
GetCurrentThreadId

user32

SetRect
GetNextDlgGroupItem
MessageBeep
CharUpperA
InvalidateRect
InflateRect
RegisterClipboardFormatA
PostThreadMessageA
SendDlgItemMessageA
MapWindowPoints
GetSysColor
SetFocus
AdjustWindowRectEx
ScreenToClient
CopyRect
GetTopWindow
IsChild
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
CopyAcceleratorTableA
CallWindowProcA
RemovePropA
PtInRect
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowPos
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
EndDialog
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
LoadIconA
SetWindowLongA
GetWindowLongA
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
GetParent
GetLastActivePopup
IsWindowEnabled
MessageBoxA
SetCursor
PostQuitMessage
PostMessageA
EnableWindow
KillTimer
IsIconic
GetSystemMetrics
GetClientRect
DestroyMenu
LoadStringA
GetSysColorBrush
GetPropA
DrawIcon
SendMessageA
DefDlgProcA
IsWindowUnicode
SetTimer
GetClassNameA
GetDesktopWindow
LoadCursorA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
UpdateWindow
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
MapDialogRect
DestroyWindow
SetWindowContextHelpId
GetMessageTime
CharNextA

gdi32

SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
DeleteObject
SelectObject
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
DPtoLP
LPtoDP
GetMapMode
PatBlt
RestoreDC
SaveDC
DeleteDC
GetStockObject
GetDeviceCaps
GetBkColor
GetTextColor
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateDIBitmap
GetTextExtentPointA
BitBlt
CreateCompatibleDC
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA

comctl32

ord17

oledlg

ord8

ole32

StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
StgOpenStorageOnILockBytes
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
CLSIDFromProgID
CLSIDFromString
OleFlushClipboard
OleIsCurrentClipboard
CoGetClassObject

olepro32

ord253

oleaut32

SysFreeString
VariantClear
VariantCopy
SysAllocString
SysAllocStringByteLen
VariantChangeType
VariantTimeToSystemTime
SysStringLen
SysAllocStringLen

wsock32

WSAStartup
WSACleanup

Sections

.text
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FgHook.dll
.dll windows:4 windows x86 arch:x86

bdd43dbd3175776fe60cb1c66d5c0768

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\WORK\fileguri\application\trunk\src\FileguriNet\FgHook\Release\FgHook.pdb

Imports

user32

SetWindowsHookExA
CallNextHookEx
PostMessageA
UnhookWindowsHookEx

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

FgSetEscapeHook
FgUnsetEscapeHook

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.PXH
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fileguri.exe
.exe windows:4 windows x86 arch:x86

713bd30df4c5ce3537e58134687ec162

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:7b:94:4d:6c:8a:18:77:6c:2b:bb:51:b0:ef:9f:c1
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

20/09/2016, 00:00

Not After

20/10/2018, 23:59

Subject

CN=Iconcube. Inc.,OU=IT Team,O=Iconcube. Inc.,L=Geumcheon-gu,ST=SEOUL,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

83:0f:eb:d4:b3:7b:10:91:51:f0:a1:00:44:2d:fb:d5:ad:8f:47:c8
Signer

Actual PE Digest

83:0f:eb:d4:b3:7b:10:91:51:f0:a1:00:44:2d:fb:d5:ad:8f:47:c8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\job\dev2\fileguri\application\trunk\src\fileguriupdate\fileguriupdate\release\Fileguri.pdb

Imports

wininet

InternetCloseHandle
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetReadFile
InternetReadFileExA
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA

ziparchive

??1CZipFileHeader@@UAE@XZ
?ExtractFile@CZipArchive@@QAE_NGPBD_N0K@Z
?GetFileName@CZipFileHeader@@QBE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetFileInfo@CZipArchive@@QBE_NAAVCZipFileHeader@@G@Z
??0CZipFileHeader@@QAE@XZ
?Open@CZipArchive@@QAEXPBDHH@Z
??0CZipArchive@@QAE@XZ
??1CZipArchive@@UAE@XZ
?Close@CZipArchive@@QAEXH_N@Z

kernel32

ResumeThread
SuspendThread
GetCurrentProcessId
FileTimeToLocalFileTime
MoveFileA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
GetVolumeInformationA
GetFullPathNameA
GlobalFlags
GetCPInfo
GetOEMCP
WritePrivateProfileStringA
GetCurrentDirectoryA
GetTickCount
SetErrorMode
RtlUnwind
TerminateProcess
SetThreadPriority
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
ExitProcess
HeapAlloc
HeapFree
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetSystemTimeAsFileTime
GetCommandLineA
GetProcessHeap
GetStartupInfoA
ExitThread
CreateThread
HeapSize
SetStdHandle
GetFileType
GetACP
IsValidCodePage
GetStdHandle
VirtualFree
HeapDestroy
HeapCreate
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetTimeZoneInformation
GetDriveTypeA
GetConsoleCP
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
CloseHandle
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
FileTimeToSystemTime
GetThreadLocale
GetModuleFileNameW
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryExA
lstrcmpA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
LocalFree
MulDiv
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
LoadLibraryA
SetLastError
lstrcmpW
GetProcAddress
GetVersionExA
GetFileAttributesA
CreateDirectoryA
RemoveDirectoryA
FormatMessageA
CreateFileA
GetFileTime
GetModuleHandleA
CreateEventA
GetExitCodeThread
TerminateThread
SetEvent
lstrlenA
CompareStringW
CompareStringA
GetVersion
InterlockedExchange
GetModuleFileNameA
FindFirstFileA
FindNextFileA
FindClose
GetWindowsDirectoryA
GetSystemDirectoryA
CopyFileA
GetLastError
GetShortPathNameA
DeleteFileA
SetFileAttributesA
InterlockedIncrement
InitializeCriticalSection
WaitForSingleObject
Sleep
DeleteCriticalSection
InterlockedDecrement
MultiByteToWideChar
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
UnhandledExceptionFilter

user32

ReleaseCapture
ValidateRect
GetActiveWindow
TranslateMessage
GetMessageA
SetCursor
GetWindowThreadProcessId
EndDialog
CreateDialogIndirectParamA
CharNextA
GetSysColorBrush
DestroyMenu
UnregisterClassA
RegisterClipboardFormatA
PostThreadMessageA
BeginPaint
GetWindowDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetDesktopWindow
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
IsWindowVisible
UpdateWindow
GetMenu
PostMessageA
GetSubMenu
GetMenuItemCount
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetWindowLongA
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetKeyState
GetCursorPos
SetWindowPos
WindowFromPoint
ScreenToClient
IsWindowEnabled
GetParent
GetSysColor
CharUpperA
GetSystemMetrics
LoadIconA
KillTimer
SetTimer
GetWindowRect
IsIconic
SetCapture
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableA
MessageBeep
DrawIcon
FindWindowA
SetActiveWindow
GetNextDlgTabItem
GetNextDlgGroupItem
SetWindowContextHelpId
MapDialogRect
WaitMessage
PostQuitMessage
GetLastActivePopup
EndPaint
SetForegroundWindow
IsWindow
ShowWindow
DefDlgProcA
LoadCursorA
LoadBitmapA
SendMessageA
EnableWindow
InvalidateRect
GetClientRect
GetMenuItemID
ReleaseDC

gdi32

SetBkColor
GetDeviceCaps
SaveDC
RestoreDC
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
SetTextColor
ExtSelectClipRgn
DeleteDC
GetStockObject
CreateRectRgnIndirect
GetRgnBox
GetBkColor
GetTextColor
GetMapMode
GetClipBox
CreateBitmap
StretchBlt
CreateCompatibleBitmap
GetObjectType
CreateSolidBrush
CreateFontA
DeleteObject
GetTextExtentPoint32A
GetObjectA
BitBlt
SelectObject
CreateCompatibleDC
SetMapMode
SetBkMode

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegOpenKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA

shell32

ShellExecuteA

comctl32

_TrackMouseEvent
ord17

shlwapi

PathFindExtensionA
UrlUnescapeA
PathStripToRootA
SHDeleteKeyA
PathFindFileNameA
PathIsUNCA

oledlg

ord8

ole32

OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
CreateILockBytesOnHGlobal
CoTaskMemFree
CoInitialize
CoCreateInstance
CoUninitialize
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoTaskMemAlloc

oleaut32

SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
VariantCopy
SysAllocStringLen
VariantClear
SysFreeString
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
VariantInit
SysAllocString
VariantChangeType
SysStringLen
SysAllocStringByteLen

ws2_32

WSAStartup
WSACleanup
closesocket
accept
socket
select
htonl
htons
inet_addr
bind
WSAGetLastError
WSASetLastError
connect
sendto
recvfrom
gethostbyname
recv
send
WSAAsyncSelect

Sections

.text
Size: 272KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

FcUpdate
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
GdiPlus.dll
.dll windows:5 windows x86 arch:x86

68a82f89c3fde2fdb45bbeddb19a9697

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

microsoftwindowsgdiplus-1.0.2600.5581-gdiplus.pdb

Imports

advapi32

RegOpenKeyW
RegOpenKeyA
RegCloseKey
RegEnumValueW
RegQueryInfoKeyA
RegOpenKeyExA
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExA
RegQueryValueExW
RegEnumKeyExA
RegEnumKeyExW
RegCreateKeyExA
RegSetValueExW
RegSetValueExA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
RegEnumValueA

gdi32

GetDIBColorTable
FillRgn
SetMiterLimit
CreateSolidBrush
StrokePath
GetGraphicsMode
SetPolyFillMode
FillPath
StrokeAndFillPath
PolyPolyline
GetNearestPaletteIndex
ExtTextOutA
GetTextCharsetInfo
TranslateCharsetInfo
PolylineTo
Polyline
LineTo
GetCurrentPositionEx
ArcTo
SetArcDirection
SelectClipPath
GetPath
CloseFigure
AbortPath
FlattenPath
WidenPath
BeginPath
Ellipse
AngleArc
PolyBezierTo
PolyBezier
RoundRect
PolyDraw
Pie
Chord
Arc
EndPath
OffsetClipRgn
GetRgnBox
CombineRgn
SetPaletteEntries
ResizePalette
ExcludeClipRect
MoveToEx
PlayEnhMetaFile
GetWinMetaFileBits
PlgBlt
BitBlt
OffsetViewportOrgEx
StretchBlt
ScaleViewportExtEx
ScaleWindowExtEx
CombineTransform
SetMapperFlags
CreatePen
CreateDIBitmap
CreatePatternBrush
ExtSelectClipRgn
GetBkMode
GetTextAlign
ModifyWorldTransform
ExtCreateRegion
CreateCompatibleBitmap
GetNearestColor
SetStretchBltMode
StretchDIBits
SetTextAlign
SetTextJustification
PolyPolygon
PlayMetaFileRecord
ExtCreatePen
GetWorldTransform
GetROP2
SetROP2
Rectangle
Polygon
IntersectClipRect
SetBrushOrgEx
GetClipRgn
SelectClipRgn
GetBkColor
GetTextColor
CreatePenIndirect
GetObjectW
DPtoLP
CreateDIBPatternBrushPt
ExtTextOutW
SetBitmapBits
SetDIBColorTable
CreateEnhMetaFileW
GdiComment
GetMetaFileW
GetMetaFileA
SaveDC
SetWindowOrgEx
SetViewportOrgEx
SetGraphicsMode
SetWorldTransform
GetEnhMetaFileW
GetEnhMetaFileA
GetEnhMetaFileBits
CopyEnhMetaFileA
CopyMetaFileA
DeleteMetaFile
GetEnhMetaFileHeader
SetMetaFileBitsEx
SetEnhMetaFileBits
CreateEnhMetaFileA
SetMapMode
SetViewportExtEx
SetWindowExtEx
PlayMetaFile
CloseEnhMetaFile
DeleteEnhMetaFile
SetMetaRgn
GetMetaFileBitsEx
EnumMetaFile
EnumEnhMetaFile
PlayEnhMetaFileRecord
RestoreDC
GetStockObject
CreateBitmap
SetTextColor
SetBkColor
SetBkMode
CreatePalette
GetSystemPaletteEntries
GetSystemPaletteUse
GetDeviceCaps
ExtEscape
GetObjectType
GetPixel
DeleteObject
SelectPalette
GetTextFaceA
GetTextMetricsA
GetTextFaceW
GetTextMetricsW
EnumFontFamiliesExA
EnumFontFamiliesExW
SelectObject
CreateFontIndirectW
CreateFontIndirectA
GetRegionData
DeleteDC
CreateDCA
CreateICA
CreateRectRgn
GetRandomRgn
LPtoDP
GetWindowExtEx
GetViewportExtEx
GetWindowOrgEx
GetViewportOrgEx
GetMapMode
SetICMMode
Escape
GetDCOrgEx
GetObjectA
GetCurrentObject
GetDIBits
CreateCompatibleDC
CreateDIBSection
RealizePalette
GetPaletteEntries
GdiFlush
PatBlt
CreateBrushIndirect
SetDIBits

kernel32

CreateSemaphoreA
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
InterlockedExchange
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
RaiseException
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
CloseHandle
WriteFile
CreateFileA
WaitForSingleObject
SetEvent
lstrcmpiA
CreateThread
CreateEventA
WideCharToMultiByte
MultiByteToWideChar
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCPInfo
VirtualQuery
RtlUnwind
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
GetCommandLineA
GetSystemInfo
HeapReAlloc
HeapFree
VirtualAlloc
IsValidLocale
ConvertDefaultLocale
GetLocaleInfoW
GetModuleFileNameW
GetModuleFileNameA
FindResourceA
LoadResource
LockResource
GetProfileIntA
GetProfileStringA
lstrcmpiW
IsDBCSLeadByteEx
LocalReAlloc
MulDiv
SetLastError
LocalAlloc
LocalFree
GetFileTime
SearchPathW
SearchPathA
GetOEMCP
InterlockedIncrement
LoadLibraryW
GetSystemDirectoryA
CreateFileMappingW
ReleaseSemaphore
GetProfileSectionA
CreateFileW
SetEndOfFile
SetFilePointer
ReadFile
UnlockFile
GetFileInformationByHandle
LockFile
FlushFileBuffers
GetLastError
VirtualFree
GlobalAlloc
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GlobalLock
GlobalSize
GlobalUnlock
GlobalFree
HeapCreate
GetModuleHandleA
GetSystemDirectoryW
GetWindowsDirectoryA
FreeLibrary
HeapDestroy
LoadLibraryA
GetVersionExA
GetACP
GetModuleHandleW
GetProcAddress
GetSystemDefaultLCID

ole32

CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal

user32

MsgWaitForMultipleObjects
LoadBitmapW
LoadBitmapA
wsprintfW
ReleaseDC
GetDC
wsprintfA
GetSysColor
UnregisterClassA
DestroyWindow
GetSystemMetrics
DefWindowProcA
CreateWindowExA
RegisterWindowMessageA
RegisterClassA
DispatchMessageA
TranslateMessage
PeekMessageA
GetClientRect
GetDesktopWindow
GetWindowRect
WindowFromDC
ClientToScreen
wvsprintfA
CreateIconIndirect
GetIconInfo
GetDCEx
GetWindowLongA
GetClassLongA
SystemParametersInfoA

Exports

Exports

GdipAddPathArc
GdipAddPathArcI
GdipAddPathBezier
GdipAddPathBezierI
GdipAddPathBeziers
GdipAddPathBeziersI
GdipAddPathClosedCurve
GdipAddPathClosedCurve2
GdipAddPathClosedCurve2I
GdipAddPathClosedCurveI
GdipAddPathCurve
GdipAddPathCurve2
GdipAddPathCurve2I
GdipAddPathCurve3
GdipAddPathCurve3I
GdipAddPathCurveI
GdipAddPathEllipse
GdipAddPathEllipseI
GdipAddPathLine
GdipAddPathLine2
GdipAddPathLine2I
GdipAddPathLineI
GdipAddPathPath
GdipAddPathPie
GdipAddPathPieI
GdipAddPathPolygon
GdipAddPathPolygonI
GdipAddPathRectangle
GdipAddPathRectangleI
GdipAddPathRectangles
GdipAddPathRectanglesI
GdipAddPathString
GdipAddPathStringI
GdipAlloc
GdipBeginContainer
GdipBeginContainer2
GdipBeginContainerI
GdipBitmapGetPixel
GdipBitmapLockBits
GdipBitmapSetPixel
GdipBitmapSetResolution
GdipBitmapUnlockBits
GdipClearPathMarkers
GdipCloneBitmapArea
GdipCloneBitmapAreaI
GdipCloneBrush
GdipCloneCustomLineCap
GdipCloneFont
GdipCloneFontFamily
GdipCloneImage
GdipCloneImageAttributes
GdipCloneMatrix
GdipClonePath
GdipClonePen
GdipCloneRegion
GdipCloneStringFormat
GdipClosePathFigure
GdipClosePathFigures
GdipCombineRegionPath
GdipCombineRegionRect
GdipCombineRegionRectI
GdipCombineRegionRegion
GdipComment
GdipCreateAdjustableArrowCap
GdipCreateBitmapFromDirectDrawSurface
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromGdiDib
GdipCreateBitmapFromGraphics
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromHICON
GdipCreateBitmapFromResource
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateCachedBitmap
GdipCreateCustomLineCap
GdipCreateFont
GdipCreateFontFamilyFromName
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipCreateFontFromLogfontW
GdipCreateFromHDC
GdipCreateFromHDC2
GdipCreateFromHWND
GdipCreateFromHWNDICM
GdipCreateHBITMAPFromBitmap
GdipCreateHICONFromBitmap
GdipCreateHalftonePalette
GdipCreateHatchBrush
GdipCreateImageAttributes
GdipCreateLineBrush
GdipCreateLineBrushFromRect
GdipCreateLineBrushFromRectI
GdipCreateLineBrushFromRectWithAngle
GdipCreateLineBrushFromRectWithAngleI
GdipCreateLineBrushI
GdipCreateMatrix
GdipCreateMatrix2
GdipCreateMatrix3
GdipCreateMatrix3I
GdipCreateMetafileFromEmf
GdipCreateMetafileFromFile
GdipCreateMetafileFromStream
GdipCreateMetafileFromWmf
GdipCreateMetafileFromWmfFile
GdipCreatePath
GdipCreatePath2
GdipCreatePath2I
GdipCreatePathGradient
GdipCreatePathGradientFromPath
GdipCreatePathGradientI
GdipCreatePathIter
GdipCreatePen1
GdipCreatePen2
GdipCreateRegion
GdipCreateRegionHrgn
GdipCreateRegionPath
GdipCreateRegionRect
GdipCreateRegionRectI
GdipCreateRegionRgnData
GdipCreateSolidFill
GdipCreateStreamOnFile
GdipCreateStringFormat
GdipCreateTexture
GdipCreateTexture2
GdipCreateTexture2I
GdipCreateTextureIA
GdipCreateTextureIAI
GdipDeleteBrush
GdipDeleteCachedBitmap
GdipDeleteCustomLineCap
GdipDeleteFont
GdipDeleteFontFamily
GdipDeleteGraphics
GdipDeleteMatrix
GdipDeletePath
GdipDeletePathIter
GdipDeletePen
GdipDeletePrivateFontCollection
GdipDeleteRegion
GdipDeleteStringFormat
GdipDisposeImage
GdipDisposeImageAttributes
GdipDrawArc
GdipDrawArcI
GdipDrawBezier
GdipDrawBezierI
GdipDrawBeziers
GdipDrawBeziersI
GdipDrawCachedBitmap
GdipDrawClosedCurve
GdipDrawClosedCurve2
GdipDrawClosedCurve2I
GdipDrawClosedCurveI
GdipDrawCurve
GdipDrawCurve2
GdipDrawCurve2I
GdipDrawCurve3
GdipDrawCurve3I
GdipDrawCurveI
GdipDrawDriverString
GdipDrawEllipse
GdipDrawEllipseI
GdipDrawImage
GdipDrawImageI
GdipDrawImagePointRect
GdipDrawImagePointRectI
GdipDrawImagePoints
GdipDrawImagePointsI
GdipDrawImagePointsRect
GdipDrawImagePointsRectI
GdipDrawImageRect
GdipDrawImageRectI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipDrawLine
GdipDrawLineI
GdipDrawLines
GdipDrawLinesI
GdipDrawPath
GdipDrawPie
GdipDrawPieI
GdipDrawPolygon
GdipDrawPolygonI
GdipDrawRectangle
GdipDrawRectangleI
GdipDrawRectangles
GdipDrawRectanglesI
GdipDrawString
GdipEmfToWmfBits
GdipEndContainer
GdipEnumerateMetafileDestPoint
GdipEnumerateMetafileDestPointI
GdipEnumerateMetafileDestPoints
GdipEnumerateMetafileDestPointsI
GdipEnumerateMetafileDestRect
GdipEnumerateMetafileDestRectI
GdipEnumerateMetafileSrcRectDestPoint
GdipEnumerateMetafileSrcRectDestPointI
GdipEnumerateMetafileSrcRectDestPoints
GdipEnumerateMetafileSrcRectDestPointsI
GdipEnumerateMetafileSrcRectDestRect
GdipEnumerateMetafileSrcRectDestRectI
GdipFillClosedCurve
GdipFillClosedCurve2
GdipFillClosedCurve2I
GdipFillClosedCurveI
GdipFillEllipse
GdipFillEllipseI
GdipFillPath
GdipFillPie
GdipFillPieI
GdipFillPolygon
GdipFillPolygon2
GdipFillPolygon2I
GdipFillPolygonI
GdipFillRectangle
GdipFillRectangleI
GdipFillRectangles
GdipFillRectanglesI
GdipFillRegion
GdipFlattenPath
GdipFlush
GdipFree
GdipGetAdjustableArrowCapFillState
GdipGetAdjustableArrowCapHeight
GdipGetAdjustableArrowCapMiddleInset
GdipGetAdjustableArrowCapWidth
GdipGetAllPropertyItems
GdipGetBrushType
GdipGetCellAscent
GdipGetCellDescent
GdipGetClip
GdipGetClipBounds
GdipGetClipBoundsI
GdipGetCompositingMode
GdipGetCompositingQuality
GdipGetCustomLineCapBaseCap
GdipGetCustomLineCapBaseInset
GdipGetCustomLineCapStrokeCaps
GdipGetCustomLineCapStrokeJoin
GdipGetCustomLineCapType
GdipGetCustomLineCapWidthScale
GdipGetDC
GdipGetDpiX
GdipGetDpiY
GdipGetEmHeight
GdipGetEncoderParameterList
GdipGetEncoderParameterListSize
GdipGetFamily
GdipGetFamilyName
GdipGetFontCollectionFamilyCount
GdipGetFontCollectionFamilyList
GdipGetFontHeight
GdipGetFontHeightGivenDPI
GdipGetFontSize
GdipGetFontStyle
GdipGetFontUnit
GdipGetGenericFontFamilyMonospace
GdipGetGenericFontFamilySansSerif
GdipGetGenericFontFamilySerif
GdipGetHatchBackgroundColor
GdipGetHatchForegroundColor
GdipGetHatchStyle
GdipGetHemfFromMetafile
GdipGetImageAttributesAdjustedPalette
GdipGetImageBounds
GdipGetImageDecoders
GdipGetImageDecodersSize
GdipGetImageDimension
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipGetImageFlags
GdipGetImageGraphicsContext
GdipGetImageHeight
GdipGetImageHorizontalResolution
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageRawFormat
GdipGetImageThumbnail
GdipGetImageType
GdipGetImageVerticalResolution
GdipGetImageWidth
GdipGetInterpolationMode
GdipGetLineBlend
GdipGetLineBlendCount
GdipGetLineColors
GdipGetLineGammaCorrection
GdipGetLinePresetBlend
GdipGetLinePresetBlendCount
GdipGetLineRect
GdipGetLineRectI
GdipGetLineSpacing
GdipGetLineTransform
GdipGetLineWrapMode
GdipGetLogFontA
GdipGetLogFontW
GdipGetMatrixElements
GdipGetMetafileDownLevelRasterizationLimit
GdipGetMetafileHeaderFromEmf
GdipGetMetafileHeaderFromFile
GdipGetMetafileHeaderFromMetafile
GdipGetMetafileHeaderFromStream
GdipGetMetafileHeaderFromWmf
GdipGetNearestColor
GdipGetPageScale
GdipGetPageUnit
GdipGetPathData
GdipGetPathFillMode
GdipGetPathGradientBlend
GdipGetPathGradientBlendCount
GdipGetPathGradientCenterColor
GdipGetPathGradientCenterPoint
GdipGetPathGradientCenterPointI
GdipGetPathGradientFocusScales
GdipGetPathGradientGammaCorrection
GdipGetPathGradientPath
GdipGetPathGradientPointCount
GdipGetPathGradientPresetBlend
GdipGetPathGradientPresetBlendCount
GdipGetPathGradientRect
GdipGetPathGradientRectI
GdipGetPathGradientSurroundColorCount
GdipGetPathGradientSurroundColorsWithCount
GdipGetPathGradientTransform
GdipGetPathGradientWrapMode
GdipGetPathLastPoint
GdipGetPathPoints
GdipGetPathPointsI
GdipGetPathTypes
GdipGetPathWorldBounds
GdipGetPathWorldBoundsI
GdipGetPenBrushFill
GdipGetPenColor
GdipGetPenCompoundArray
GdipGetPenCompoundCount
GdipGetPenCustomEndCap
GdipGetPenCustomStartCap
GdipGetPenDashArray
GdipGetPenDashCap197819
GdipGetPenDashCount
GdipGetPenDashOffset
GdipGetPenDashStyle
GdipGetPenEndCap
GdipGetPenFillType
GdipGetPenLineJoin
GdipGetPenMiterLimit
GdipGetPenMode
GdipGetPenStartCap
GdipGetPenTransform
GdipGetPenUnit
GdipGetPenWidth
GdipGetPixelOffsetMode
GdipGetPointCount
GdipGetPropertyCount
GdipGetPropertyIdList
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipGetPropertySize
GdipGetRegionBounds
GdipGetRegionBoundsI
GdipGetRegionData
GdipGetRegionDataSize
GdipGetRegionHRgn
GdipGetRegionScans
GdipGetRegionScansCount
GdipGetRegionScansI
GdipGetRenderingOrigin
GdipGetSmoothingMode
GdipGetSolidFillColor
GdipGetStringFormatAlign
GdipGetStringFormatDigitSubstitution
GdipGetStringFormatFlags
GdipGetStringFormatHotkeyPrefix
GdipGetStringFormatLineAlign
GdipGetStringFormatMeasurableCharacterRangeCount
GdipGetStringFormatTabStopCount
GdipGetStringFormatTabStops
GdipGetStringFormatTrimming
GdipGetTextContrast
GdipGetTextRenderingHint
GdipGetTextureImage
GdipGetTextureTransform
GdipGetTextureWrapMode
GdipGetVisibleClipBounds
GdipGetVisibleClipBoundsI
GdipGetWorldTransform
GdipGraphicsClear
GdipImageForceValidation
GdipImageGetFrameCount
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageRotateFlip
GdipImageSelectActiveFrame
GdipInvertMatrix
GdipIsClipEmpty
GdipIsEmptyRegion
GdipIsEqualRegion
GdipIsInfiniteRegion
GdipIsMatrixEqual
GdipIsMatrixIdentity
GdipIsMatrixInvertible
GdipIsOutlineVisiblePathPoint
GdipIsOutlineVisiblePathPointI
GdipIsStyleAvailable
GdipIsVisibleClipEmpty
GdipIsVisiblePathPoint
GdipIsVisiblePathPointI
GdipIsVisiblePoint
GdipIsVisiblePointI
GdipIsVisibleRect
GdipIsVisibleRectI
GdipIsVisibleRegionPoint
GdipIsVisibleRegionPointI
GdipIsVisibleRegionRect
GdipIsVisibleRegionRectI
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipMeasureCharacterRanges
GdipMeasureDriverString
GdipMeasureString
GdipMultiplyLineTransform
GdipMultiplyMatrix
GdipMultiplyPathGradientTransform
GdipMultiplyPenTransform
GdipMultiplyTextureTransform
GdipMultiplyWorldTransform
GdipNewInstalledFontCollection
GdipNewPrivateFontCollection
GdipPathIterCopyData
GdipPathIterEnumerate
GdipPathIterGetCount
GdipPathIterGetSubpathCount
GdipPathIterHasCurve
GdipPathIterIsValid
GdipPathIterNextMarker
GdipPathIterNextMarkerPath
GdipPathIterNextPathType
GdipPathIterNextSubpath
GdipPathIterNextSubpathPath
GdipPathIterRewind
GdipPlayMetafileRecord
GdipPrivateAddFontFile
GdipPrivateAddMemoryFont
GdipRecordMetafile
GdipRecordMetafileFileName
GdipRecordMetafileFileNameI
GdipRecordMetafileI
GdipRecordMetafileStream
GdipRecordMetafileStreamI
GdipReleaseDC
GdipRemovePropertyItem
GdipResetClip
GdipResetImageAttributes
GdipResetLineTransform
GdipResetPageTransform
GdipResetPath
GdipResetPathGradientTransform
GdipResetPenTransform
GdipResetTextureTransform
GdipResetWorldTransform
GdipRestoreGraphics
GdipReversePath
GdipRotateLineTransform
GdipRotateMatrix
GdipRotatePathGradientTransform
GdipRotatePenTransform
GdipRotateTextureTransform
GdipRotateWorldTransform
GdipSaveAdd
GdipSaveAddImage
GdipSaveGraphics
GdipSaveImageToFile
GdipSaveImageToStream
GdipScaleLineTransform
GdipScaleMatrix
GdipScalePathGradientTransform
GdipScalePenTransform
GdipScaleTextureTransform
GdipScaleWorldTransform
GdipSetAdjustableArrowCapFillState
GdipSetAdjustableArrowCapHeight
GdipSetAdjustableArrowCapMiddleInset
GdipSetAdjustableArrowCapWidth
GdipSetClipGraphics
GdipSetClipHrgn
GdipSetClipPath
GdipSetClipRect
GdipSetClipRectI
GdipSetClipRegion
GdipSetCompositingMode
GdipSetCompositingQuality
GdipSetCustomLineCapBaseCap
GdipSetCustomLineCapBaseInset
GdipSetCustomLineCapStrokeCaps
GdipSetCustomLineCapStrokeJoin

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MCheck.dll
.dll windows:4 windows x86 arch:x86

1ac7223910003e225ff5fe9ce6c9122a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

inet_addr
gethostbyname
WSAStartup
gethostname
WSACleanup

wininet

InternetCloseHandle
InternetReadFile
InternetQueryDataAvailable
InternetErrorDlg
HttpSendRequestA
InternetOpenA
InternetSetOptionA
InternetConnectA
HttpOpenRequestA
HttpQueryInfoA
InternetSetCookieA
InternetQueryOptionA

kernel32

GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
FreeLibrary
LocalAlloc
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalFree
GlobalHandle
TlsFree
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
GlobalFlags
WritePrivateProfileStringA
GetCurrentDirectoryA
GetProcessVersion
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCPInfo
GetOEMCP
RtlUnwind
GetACP
GetCommandLineA
ExitProcess
TerminateProcess
RaiseException
HeapSize
HeapReAlloc
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetEnvironmentVariableA
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
LocalFree
FormatMessageA
GetLastError
lstrcpynA
lstrlenA
lstrcatA
lstrcpyA
FindClose
FindFirstFileA
GetDriveTypeA
GlobalLock
GetModuleFileNameA
GetVersionExA
WideCharToMultiByte
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GlobalAlloc
CloseHandle
SetLastError
GetCurrentProcess
CreateFileA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetProcAddress
LoadLibraryA
GetFullPathNameA
GetModuleHandleA
GlobalUnlock
GetFileAttributesA

user32

IsIconic
SystemParametersInfoA
RegisterWindowMessageA
GetWindow
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
UnregisterClassA
LoadStringA
GetClassNameA
PtInRect
LoadCursorA
GetSysColorBrush
DestroyMenu
GetWindowPlacement
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
GetDlgCtrlID
GetWindowTextA
SetWindowTextA
UnhookWindowsHookEx
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
ClientToScreen
GetSystemMetrics
wsprintfA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetLastActivePopup
GetWindowLongA
MessageBoxA
EnableWindow
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
GetDesktopWindow
GetClientRect
GetDlgItem
GetWindowRect
GetParent
GetKeyState
IsWindowEnabled

gdi32

Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps
DeleteObject
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
CreateBitmap
GetObjectA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA

comctl32

ord17

Exports

Exports

L_DownFiltering

Sections

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MediaInfo.dll
.dll windows:5 windows x86 arch:x86

64f05548760ebfde5e1f166b124b8db1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:d6:e7:4d:7f:de:17:c5:b2:fb:8f:47:87:47:cc:46
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

29/09/2013, 00:00

Not After

27/11/2016, 23:59

Subject

CN=MediaArea.net,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=MediaArea.net,L=Curienne,ST=France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d3:05:95:d5:3a:a0:02:c6:e8:ec:e7:c4:90:07:ed:c4:46:94:d6:8b
Signer

Actual PE Digest

d3:05:95:d5:3a:a0:02:c6:e8:ec:e7:c4:90:07:ed:c4:46:94:d6:8b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
CloseHandle
ReadFile
WriteFile
SetFilePointerEx
SetFilePointer
GetFileSizeEx
GetFileTime
GetTimeZoneInformation
GetFileAttributesW
LoadLibraryW
GetProcAddress
SetEvent
WaitForSingleObject
Sleep
CreateEventW
GetStringTypeW
EncodePointer
DecodePointer
GetCommandLineA
GetCurrentThreadId
GetLastError
HeapFree
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
RtlUnwind
HeapAlloc
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
HeapSize
GetACP
GetProcessHeap
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetConsoleMode
GetModuleFileNameW
HeapReAlloc
LoadLibraryExW
GetConsoleCP
SetEnvironmentVariableA
FlushFileBuffers
SetStdHandle
OutputDebugStringW
WriteConsoleW
ResumeThread
GetFullPathNameW
FindFirstFileW
FindNextFileW
FindClose
CreateThread
ExitThread

Exports

Exports

MediaInfoA_Close
MediaInfoA_Count_Get
MediaInfoA_Delete
MediaInfoA_Get
MediaInfoA_GetI
MediaInfoA_Inform
MediaInfoA_New
MediaInfoA_New_Quick
MediaInfoA_Open
MediaInfoA_Open_Buffer
MediaInfoA_Open_Buffer_Continue
MediaInfoA_Open_Buffer_Continue_GoTo_Get
MediaInfoA_Open_Buffer_Finalize
MediaInfoA_Open_Buffer_Init
MediaInfoA_Open_NextPacket
MediaInfoA_Option
MediaInfoA_Output_Buffer_Get
MediaInfoA_Output_Buffer_GetI
MediaInfoA_Save
MediaInfoA_Set
MediaInfoA_SetI
MediaInfoA_State_Get
MediaInfoListA_Close
MediaInfoListA_Count_Get
MediaInfoListA_Count_Get_Files
MediaInfoListA_Delete
MediaInfoListA_Get
MediaInfoListA_GetI
MediaInfoListA_Inform
MediaInfoListA_New
MediaInfoListA_New_Quick
MediaInfoListA_Open
MediaInfoListA_Open_Buffer
MediaInfoListA_Option
MediaInfoListA_Save
MediaInfoListA_Set
MediaInfoListA_SetI
MediaInfoListA_State_Get
MediaInfoList_Close
MediaInfoList_Count_Get
MediaInfoList_Count_Get_Files
MediaInfoList_Delete
MediaInfoList_Get
MediaInfoList_GetI
MediaInfoList_Inform
MediaInfoList_New
MediaInfoList_New_Quick
MediaInfoList_Open
MediaInfoList_Open_Buffer
MediaInfoList_Option
MediaInfoList_Save
MediaInfoList_Set
MediaInfoList_SetI
MediaInfoList_State_Get
MediaInfo_Close
MediaInfo_Count_Get
MediaInfo_Delete
MediaInfo_Get
MediaInfo_GetI
MediaInfo_Info_Version
MediaInfo_Inform
MediaInfo_New
MediaInfo_New_Quick
MediaInfo_Open
MediaInfo_Open_Buffer
MediaInfo_Open_Buffer_Continue
MediaInfo_Open_Buffer_Continue_GoTo_Get
MediaInfo_Open_Buffer_Finalize
MediaInfo_Open_Buffer_Init
MediaInfo_Open_NextPacket
MediaInfo_Option
MediaInfo_Output_Buffer_Get
MediaInfo_Output_Buffer_GetI
MediaInfo_Save
MediaInfo_Set
MediaInfo_SetI
MediaInfo_State_Get

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 920KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MediaInfo_v2.dll
.dll windows:4 windows x86 arch:x86

9516debaeb501cc020b83265018f09ca

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

37:22:0b:5b:1e:8c:5c:de:dd:07:2a:b1:df:5c:f3:4c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

19/10/2012, 00:00

Not After

19/10/2013, 23:59

Subject

CN=MediaArea.net,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=MediaArea.net,L=Curienne,ST=France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cb:ed:03:88:f2:c8:ee:ce:5f:0b:b1:71:28:5e:1f:29:fe:fb:42:f2
Signer

Actual PE Digest

cb:ed:03:88:f2:c8:ee:ce:5f:0b:b1:71:28:5e:1f:29:fe:fb:42:f2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
MultiByteToWideChar
WideCharToMultiByte
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
ResumeThread
GetVersion
CreateFileA
CreateFileW
GetLastError
ReadFile
WriteFile
SetFilePointer
GetFileSize
GetFileTime
GetTimeZoneInformation
GetFileAttributesA
GetFileAttributesW
GetFullPathNameA
GetFullPathNameW
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindClose
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetSystemTimeAsFileTime
ExitThread
CreateThread
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetCPInfo
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
VirtualAlloc
HeapReAlloc
LoadLibraryA
GetLocaleInfoW
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

Exports

Exports

MediaInfoA_Close
MediaInfoA_Count_Get
MediaInfoA_Delete
MediaInfoA_Get
MediaInfoA_GetI
MediaInfoA_Inform
MediaInfoA_New
MediaInfoA_New_Quick
MediaInfoA_Open
MediaInfoA_Open_Buffer
MediaInfoA_Open_Buffer_Continue
MediaInfoA_Open_Buffer_Continue_GoTo_Get
MediaInfoA_Open_Buffer_Finalize
MediaInfoA_Open_Buffer_Init
MediaInfoA_Open_NextPacket
MediaInfoA_Option
MediaInfoA_Output_Buffer_Get
MediaInfoA_Output_Buffer_GetI
MediaInfoA_Save
MediaInfoA_Set
MediaInfoA_SetI
MediaInfoA_State_Get
MediaInfoListA_Close
MediaInfoListA_Count_Get
MediaInfoListA_Count_Get_Files
MediaInfoListA_Delete
MediaInfoListA_Get
MediaInfoListA_GetI
MediaInfoListA_Inform
MediaInfoListA_New
MediaInfoListA_New_Quick
MediaInfoListA_Open
MediaInfoListA_Open_Buffer
MediaInfoListA_Option
MediaInfoListA_Save
MediaInfoListA_Set
MediaInfoListA_SetI
MediaInfoListA_State_Get
MediaInfoList_Close
MediaInfoList_Count_Get
MediaInfoList_Count_Get_Files
MediaInfoList_Delete
MediaInfoList_Get
MediaInfoList_GetI
MediaInfoList_Inform
MediaInfoList_New
MediaInfoList_New_Quick
MediaInfoList_Open
MediaInfoList_Open_Buffer
MediaInfoList_Option
MediaInfoList_Save
MediaInfoList_Set
MediaInfoList_SetI
MediaInfoList_State_Get
MediaInfo_Close
MediaInfo_Count_Get
MediaInfo_Delete
MediaInfo_Get
MediaInfo_GetI
MediaInfo_Info_Version
MediaInfo_Inform
MediaInfo_New
MediaInfo_New_Quick
MediaInfo_Open
MediaInfo_Open_Buffer
MediaInfo_Open_Buffer_Continue
MediaInfo_Open_Buffer_Continue_GoTo_Get
MediaInfo_Open_Buffer_Finalize
MediaInfo_Open_Buffer_Init
MediaInfo_Open_NextPacket
MediaInfo_Option
MediaInfo_Output_Buffer_Get
MediaInfo_Output_Buffer_GetI
MediaInfo_Save
MediaInfo_Set
MediaInfo_SetI
MediaInfo_State_Get

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 544KB - Virtual size: 542KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Mfilter.dll
.dll windows:5 windows x86 arch:x86

06c3be29433398a47f8d7248582d0ef8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:6f:12:d1:04:74:ed:4d:1c:13:a2:6f:4e:40:1b:ce
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

21/01/2016, 00:00

Not After

07/05/2016, 23:59

Subject

CN=iMBC Co.\, Ltd.,O=iMBC Co.\, Ltd.,L=Mapo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

94:db:8c:f1:01:25:f9:c1:2a:0c:3f:38:da:f3:59:77:93:d3:29:82:ee:6a:4d:7d:65:a1:80:91:0c:87:bc:9e
Signer

Actual PE Digest

94:db:8c:f1:01:25:f9:c1:2a:0c:3f:38:da:f3:59:77:93:d3:29:82:ee:6a:4d:7d:65:a1:80:91:0c:87:bc:9e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\project_svn\WebHard\trunk\ConKeeper\고도화_new\ConKeeper\Release\Mfilter.pdb

Imports

quartz

AMGetErrorTextA

kernel32

LoadLibraryA
CloseHandle
GetTempPathA
Sleep
GetTickCount
WriteFile
lstrlenW
DeleteFileA
MapViewOfFile
GetCurrentProcess
GetCurrentProcessId
SetCurrentDirectoryA
GetCurrentDirectoryA
GetProcAddress
GetLastError
RemoveDirectoryA
OpenMutexA
CreateMutexA
GetVersionExA
OpenFileMappingA
InterlockedCompareExchange
InterlockedExchange
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetFileSize
CreateFileA
GetModuleFileNameA
LockResource
MultiByteToWideChar
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceW
FindResourceExW
lstrlenA
CreateDirectoryA
GetFileAttributesA
InterlockedDecrement
FlushConsoleInputBuffer
GlobalMemoryStatus
GetStdHandle
GetFileType
GetVersion
LeaveCriticalSection
HeapDestroy
HeapAlloc
WaitForSingleObject
IsProcessorFeaturePresent
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
InitializeCriticalSectionAndSpinCount
SetLastError
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InterlockedIncrement

user32

GetProcessWindowStation
DispatchMessageA
PeekMessageA
MessageBoxA
SendMessageA
GetDesktopWindow
GetUserObjectInformationW

shell32

ShellExecuteExA
SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysAllocStringLen

shlwapi

PathFileExistsA

wininet

DeleteUrlCacheEntry

urlmon

URLDownloadToFileA

ckpcodec

avformat_close_input
avcodec_close
av_log_set_level
avcodec_open2
av_register_all
swr_free
av_samples_get_buffer_size
avcodec_find_decoder
av_init_packet
av_read_frame
avcodec_get_frame_defaults
avformat_find_stream_info
swr_convert
av_free_packet
avformat_open_input
av_get_default_channel_layout
avcodec_alloc_frame
swr_init
av_free
swr_alloc_set_opts
avcodec_decode_audio4

ws2_32

WSACleanup
WSAStartup
inet_ntoa
gethostname
send
closesocket
gethostbyname
shutdown
socket
recv
setsockopt
htons
WSAGetLastError
select
connect
ioctlsocket
WSASetLastError

msvcr100

vfprintf
wcsstr
qsort
realloc
strcmp
_pctype
__mb_cur_max
_isctype
_ftol
getenv
_setmode
ftell
fgets
fprintf
sscanf
strtoul
fputs
signal
_gmtime32
_fileno
_stat32
_getch
floor
_CIsqrt
_CIpow
_CIsin
_CIcos
_CIexp
??3@YAXPAX@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
memmove
_access
_chdir
??2@YAPAXI@Z
memmove_s
memchr
strnlen
memcpy_s
sprintf
free
malloc
strstr
fwrite
fclose
_mbsstr
vsprintf_s
??_V@YAXPAX@Z
_vscprintf
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
_localtime64_s
fopen
_vsnprintf
_time64
??0exception@std@@QAE@XZ
sprintf_s
localeconv
_wassert
strcpy_s
strcspn
_atoi64
_purecall
_splitpath
_wcsicmp
printf
fputc
mbstowcs
_unlock_file
ungetc
wcsncpy
strchr
fgetpos
_fseeki64
fflush
atoi
fgetc
fsetpos
strncpy
_access_s
setvbuf
_lock_file
strrchr
_localtime64
strncpy_s
_mbscmp
tolower
_mbsrchr
towlower
??8type_info@@QBE_NABV0@@Z
iswspace
iswdigit
feof
fread
fseek
_findfirst64i32
strcat_s
_mbslwr_s
_CxxThrowException
memcpy
__CxxFrameHandler3
strerror
setlocale
__uncaught_exception
__crtLCMapStringA
__pctype_func
isupper
___lc_codepage_func
___lc_handle_func
_calloc_crt
islower
_errno
memset
__iob_func
_free_locale
_malloc_crt
abort
strncmp
calloc
_unlock
__dllonexit
_lock
_onexit
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_time32
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
_iob

advapi32

ReportEventA
DeregisterEventSource
RegisterEventSourceA

Exports

Exports

CheckCompressed
DownEnd
DownEnd_U
DownStart
DownStart_U
PayLog
PayLog_U
SetCustomZipPasswordDialog
SetExtractProgressBarVisibility
SetModulePath
SetOSPId
Upload
Upload_U
initConKeeper
initDll
releaseDll

Sections

.text
Size: 686KB - Virtual size: 686KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Microsoft.VC80.ATL.manifest
.xml
Microsoft.VC80.CRT.manifest
Microsoft.VC80.MFC.manifest
UNACEV2.DLL
.dll windows:1 windows x86 arch:x86

8390514c40641509cd0941c1fb7588ab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

ShellExecuteA
ShellExecuteExA

kernel32

AllocConsole
CloseHandle
CreateDirectoryA
CreateFileA
CreateProcessA
DeleteFileA
DeviceIoControl
DisableThreadLibraryCalls
DosDateTimeToFileTime
ExitProcess
ExitThread
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FindClose
FindFirstFileA
FindNextFileA
FlushFileBuffers
FreeConsole
GetCommandLineA
GetConsoleCursorInfo
GetConsoleScreenBufferInfo
GetCurrentDirectoryA
GetCurrentProcess
GetDiskFreeSpaceA
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentVariableA
GetExitCodeProcess
GetFileAttributesA
GetFileInformationByHandle
GetFileTime
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetShortPathNameA
GetStartupInfoA
GetStdHandle
GetSystemTime
GetTempPathA
GetTimeZoneInformation
GetVersion
GetVolumeInformationA
GlobalMemoryStatus
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
LCMapStringA
LoadLibraryA
LocalFileTimeToFileTime
MoveFileA
PeekConsoleInputA
ReadConsoleInputA
ReadConsoleOutputAttribute
ReadConsoleOutputA
ReadFile
RemoveDirectoryA
ScrollConsoleScreenBufferA
SearchPathA
SetConsoleCtrlHandler
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleScreenBufferSize
SetConsoleWindowInfo
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetFileAttributesA
SetFilePointer
SetFileTime
SetHandleCount
SetStdHandle
Sleep
SystemTimeToFileTime
TerminateProcess
VirtualAlloc
VirtualFree
WaitForSingleObject
WriteConsoleOutputA
WriteConsoleOutputCharacterA
WriteFile

advapi32

RegCloseKey
RegCreateKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

gdi32

CreateFontA
DeleteObject

user32

CharToOemBuffA
CreateDialogParamA
DestroyWindow
DialogBoxParamA
DispatchMessageA
EnableWindow
EndDialog
GetDlgItem
GetDlgItemTextA
GetKeyState
GetWindowTextA
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
MessageBeep
MessageBoxA
OemToCharBuffA
PeekMessageA
SendDlgItemMessageA
SetCursor
SetDlgItemTextA
SetFocus
SetTimer
SetWindowTextA
ShowCursor
ShowWindow
TranslateMessage

Exports

Exports

ACEExtract
ACEInitDll
ACEList
ACEReadArchiveData
ACETest
___DllMainCRTStartup@12

Sections

AUTO
Size: 59KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DGROUP
Size: 4KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 210KB - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Uninst.exe.nsis
ZHashGen.dll
.dll windows:4 windows x86 arch:x86

8b111a4278cfac79c7f9378d33e27bd6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FileTimeToLocalFileTime
GlobalFree
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
GlobalFlags
WritePrivateProfileStringA
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
GetACP
HeapSize
FileTimeToSystemTime
GetTimeZoneInformation
GetCommandLineA
ExitProcess
RaiseException
SetStdHandle
GetFileType
SetHandleCount
GetStdHandle
GetStartupInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetEnvironmentVariableA
VirtualFree
VirtualAlloc
IsBadWritePtr
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetFullPathNameA
SetEndOfFile
FlushFileBuffers
ReadFile
GetCurrentProcess
FindResourceA
LoadResource
LockResource
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalUnlock
GetModuleHandleA
MulDiv
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
LocalFree
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
SetLastError
WriteFile
EnterCriticalSection
LeaveCriticalSection
CreateFileA
SetFilePointer
GetCurrentDirectoryA
GetLastError
GetVersionExA
GetModuleFileNameA
GlobalLock
GetDriveTypeA
lstrcpyA
lstrcatA
lstrcpynA
TerminateProcess
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
FindFirstFileA
FindClose
LoadLibraryA
GetProcAddress
FreeLibrary
HeapReAlloc

user32

CreateDialogIndirectParamA
EndDialog
UnregisterClassA
GetClassNameA
PtInRect
GetSysColorBrush
DestroyMenu
AdjustWindowRectEx
GetTopWindow
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
RegisterWindowMessageA
IsIconic
GetWindowPlacement
SetFocus
ShowWindow
LoadIconA
SetWindowLongA
GetDlgCtrlID
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
ClientToScreen
ScreenToClient
CopyRect
LoadStringA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
GetActiveWindow
CallNextHookEx
ValidateRect
IsWindowVisible
GetCursorPos
SetWindowsHookExA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
SetCursor
PostQuitMessage
UnhookWindowsHookEx
PeekMessageA
TranslateMessage
DispatchMessageA
EnableWindow
PostMessageA
IsWindow
GetWindowLongA
UpdateWindow
MapWindowPoints
SetWindowPos
SetActiveWindow
GetSystemMetrics
GetDC
ReleaseDC
SystemParametersInfoA
LoadCursorA
SendMessageA
GetClientRect
GetDlgItem
GetWindowRect
GetParent
GetKeyState
OffsetRect
GetSysColor
ModifyMenuA

gdi32

SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SetMapMode
SetBkMode
PtVisible
RectVisible
TextOutA
Escape
GetStockObject
SelectObject
RestoreDC
SaveDC
SetTextColor
DeleteObject
GetDeviceCaps
CreateBitmap
GetObjectA
DeleteDC
SetBkColor
ExtTextOutA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA

comctl32

ord17

Exports

Exports

L_MurekaIsZipfile

Sections

.text
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ZipArchive.dll
.dll windows:4 windows x86 arch:x86

e646ff77048c9eadab1c905d43fc7478

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalGetAtomNameA
GetVersionExA
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalFlags
GetLocaleInfoA
GetCPInfo
GetOEMCP
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
RtlUnwind
RaiseException
HeapReAlloc
VirtualAlloc
SetEnvironmentVariableA
SetCurrentDirectoryA
GetCommandLineA
GetProcessHeap
HeapSize
ExitProcess
InterlockedIncrement
HeapDestroy
HeapCreate
GetStdHandle
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
SetStdHandle
GetFileType
SetHandleCount
GetStartupInfoA
Sleep
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCurrentProcessId
SetErrorMode
GetCurrentThreadId
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
FreeLibrary
InterlockedDecrement
GetModuleFileNameW
GetModuleHandleA
GetFileTime
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetProcAddress
GetModuleFileNameA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
LoadLibraryA
GetThreadLocale
lstrcmpA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
SetLastError
GetTempPathA
GetTempFileNameA
GetCurrentDirectoryA
SetVolumeLabelA
GetDiskFreeSpaceA
GetDriveTypeA
CreateDirectoryA
MoveFileA
DeleteFileA
GetFileAttributesA
SetFileAttributesA
CreateFileA
GetFileSize
FormatMessageA
LocalFree
UnmapViewOfFile
CloseHandle
CreateFileMappingA
MapViewOfFile
lstrlenA
CompareStringW
CompareStringA
GetVersion
FindResourceA
LoadResource
LockResource
SizeofResource
GetLastError
WideCharToMultiByte
MultiByteToWideChar
VirtualFree
InterlockedExchange

user32

GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
SetWindowTextA
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
PostMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
CharUpperA
OemToCharBuffA
CharToOemBuffA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetWindowTextA
LoadCursorA
GetDC
ReleaseDC
GetSysColor
PostQuitMessage
DestroyMenu
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
GetSystemMetrics
UnhookWindowsHookEx
ValidateRect
PeekMessageA
GetKeyState
SendMessageA
DispatchMessageA
GetSysColorBrush
GetWindowThreadProcessId
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
UnregisterClassA
SetWindowsHookExA
CallNextHookEx
AdjustWindowRectEx

gdi32

SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps
SetMapMode
RestoreDC
SaveDC
DeleteObject
SetBkColor
SetTextColor
GetClipBox
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

shlwapi

PathStripToRootA
PathIsUNCA
PathFindFileNameA
PathFindExtensionA

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

??0?$CMap@W4CallbackType@CZipArchive@@W412@PAUCZipActionCallback@@PAU3@@@QAE@H@Z
??0?$CZipMap@W4CallbackType@CZipArchive@@PAUCZipActionCallback@@@@QAE@XZ
??0CWildcard@CZipArchive@@QAE@ABV01@@Z
??0CWildcard@CZipArchive@@QAE@PBD_N@Z
??0CWildcard@CZipArchive@@QAE@XZ
??0CZipAbstractFile@@QAE@ABV0@@Z
??0CZipAbstractFile@@QAE@XZ
??0CZipActionCallback@@QAE@ABU0@@Z
??0CZipActionCallback@@QAE@XZ
??0CZipAddNewFileInfo@@QAE@ABU0@@Z
??0CZipAddNewFileInfo@@QAE@PAVCZipAbstractFile@@PBD@Z
??0CZipAddNewFileInfo@@QAE@PBD0@Z
??0CZipAddNewFileInfo@@QAE@PBD_N@Z
??0CZipArchive@@QAE@XZ
??0CZipAutoBuffer@@QAE@ABV0@@Z
??0CZipAutoBuffer@@QAE@K_N@Z
??0CZipAutoBuffer@@QAE@XZ
??0CZipCallback@@QAE@ABU0@@Z
??0CZipCallback@@QAE@XZ
??0CZipCentralDir@@QAE@XZ
??0CZipClbckStrg@CZipArchive@@QAE@XZ
??0CZipDeleteInfo@CZipArchive@@QAE@PAVCZipFileHeader@@_N@Z
??0CZipDeleteInfo@CZipArchive@@QAE@XZ
??0CZipException@@QAE@AAV0@@Z
??0CZipException@@QAE@HPBD@Z
??0CZipFile@@QAE@PBDI@Z
??0CZipFile@@QAE@XZ
??0CZipFileHeader@@QAE@ABV0@@Z
??0CZipFileHeader@@QAE@XZ
??0CZipFindFast@CZipCentralDir@@QAE@PAVCZipFileHeader@@G@Z
??0CZipFindFast@CZipCentralDir@@QAE@XZ
??0CZipInternalInfo@CZipArchive@@QAE@ABU01@@Z
??0CZipInternalInfo@CZipArchive@@QAE@XZ
??0CZipMemFile@@QAE@AAV0@@Z
??0CZipMemFile@@QAE@J@Z
??0CZipMemFile@@QAE@PAEIJ@Z
??0CZipPathComponent@@QAE@ABV0@@Z
??0CZipPathComponent@@QAE@PBD@Z
??0CZipPathComponent@@QAE@XZ
??0CZipSmClrPass@CZipArchive@@QAE@ABU01@@Z
??0CZipSmClrPass@CZipArchive@@QAE@XZ
??0CZipSpanCallback@@QAE@ABU0@@Z
??0CZipSpanCallback@@QAE@XZ
??0CZipStorage@@QAE@XZ
??1?$CMap@W4CallbackType@CZipArchive@@W412@PAUCZipActionCallback@@PAU3@@@UAE@XZ
??1?$CZipMap@W4CallbackType@CZipArchive@@PAUCZipActionCallback@@@@UAE@XZ
??1CWildcard@CZipArchive@@UAE@XZ
??1CZipAbstractFile@@UAE@XZ
??1CZipActionCallback@@QAE@XZ
??1CZipAddNewFileInfo@@QAE@XZ
??1CZipArchive@@UAE@XZ
??1CZipAutoBuffer@@UAE@XZ
??1CZipCallback@@QAE@XZ
??1CZipCentralDir@@UAE@XZ
??1CZipClbckStrg@CZipArchive@@UAE@XZ
??1CZipException@@UAE@XZ
??1CZipFile@@UAE@XZ
??1CZipFileHeader@@UAE@XZ
??1CZipInternalInfo@CZipArchive@@UAE@XZ
??1CZipMemFile@@UAE@XZ
??1CZipPathComponent@@UAE@XZ
??1CZipSmClrPass@CZipArchive@@QAE@XZ
??1CZipSpanCallback@@QAE@XZ
??1CZipStorage@@UAE@XZ
??4CWildcard@CZipArchive@@QAEAAV01@ABV01@@Z
??4CZipAbstractFile@@QAEAAV0@ABV0@@Z
??4CZipActionCallback@@QAEAAU0@ABU0@@Z
??4CZipAddNewFileInfo@@QAEAAU0@ABU0@@Z
??4CZipAutoBuffer@@QAEAAV0@ABV0@@Z
??4CZipCallback@@QAEAAU0@ABU0@@Z
??4CZipDeleteInfo@CZipArchive@@QAEAAU01@ABU01@@Z
??4CZipFileHeader@@QAEAAV0@ABV0@@Z
??4CZipFindFast@CZipCentralDir@@QAEAAU01@ABU01@@Z
??4CZipInternalInfo@CZipArchive@@QAEAAU01@ABU01@@Z
??4CZipMemFile@@QAEAAV0@ABV0@@Z
??4CZipPathComponent@@QAEAAV0@ABV0@@Z
??4CZipSmClrPass@CZipArchive@@QAEAAU01@ABU01@@Z
??4CZipSpanCallback@@QAEAAU0@ABU0@@Z
??4Info@CZipCentralDir@@QAEAAU01@ABU01@@Z
??A?$CMap@W4CallbackType@CZipArchive@@W412@PAUCZipActionCallback@@PAU3@@@QAEAAPAUCZipActionCallback@@W4CallbackType@CZipArchive@@@Z
??ACZipCentralDir@@QAEPAVCZipFileHeader@@H@Z
??ACZipCentralDir@@QBEPBVCZipFileHeader@@H@Z
??BCWildcard@CZipArchive@@QAEPBDXZ
??BCZipAutoBuffer@@QAEPADXZ
??BCZipAutoBuffer@@QBEPBDXZ
??BCZipFile@@QAEPAXXZ
??RCZipActionCallback@@UAE_NH@Z
??_7?$CMap@W4CallbackType@CZipArchive@@W412@PAUCZipActionCallback@@PAU3@@@6B@
??_7?$CZipMap@W4CallbackType@CZipArchive@@PAUCZipActionCallback@@@@6B@
??_7CWildcard@CZipArchive@@6B@
??_7CZipAbstractFile@@6B@
??_7CZipActionCallback@@6B@
??_7CZipArchive@@6B@
??_7CZipAutoBuffer@@6B@
??_7CZipCallback@@6B@
??_7CZipCentralDir@@6B@
??_7CZipClbckStrg@CZipArchive@@6B@
??_7CZipException@@6B@
??_7CZipFile@@6BCFile@@@
??_7CZipFile@@6BCZipAbstractFile@@@
??_7CZipFileHeader@@6B@
??_7CZipInternalInfo@CZipArchive@@6B@
??_7CZipMemFile@@6B@
??_7CZipPathComponent@@6B@
??_7CZipSpanCallback@@6B@
??_7CZipStorage@@6B@
??_F?$CMap@W4CallbackType@CZipArchive@@W412@PAUCZipActionCallback@@PAU3@@@QAEXXZ
??_FCZipException@@QAEXXZ
??_FCZipMemFile@@QAEXXZ
?AddNewFile@CZipArchive@@QAE_NAAUCZipAddNewFileInfo@@@Z
?AddNewFile@CZipArchive@@QAE_NAAVCZipMemFile@@PBDHHK@Z
?AddNewFile@CZipArchive@@QAE_NPBD0HHK@Z
?AddNewFile@CZipArchive@@QAE_NPBDH_NHK@Z
?AddNewFile@CZipCentralDir@@QAEPAVCZipFileHeader@@ABV2@H@Z
?Allocate@CZipAutoBuffer@@QAEPADK_N@Z
?AnsiOem@ZipPlatform@@YAXAAVCZipAutoBuffer@@_N@Z
?AppendSeparator@CZipPathComponent@@SAXAAV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?AssureFree@CZipStorage@@QAEKK@Z
?Attach@CZipMemFile@@QAEXPAEIJ@Z
?BuildFindFastArray@CZipCentralDir@@IAEX_N@Z
?CallCallback@CZipStorage@@IAEXHV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?CallbackEnd@CZipActionCallback@@UAEXXZ
?ChangeDirectory@ZipPlatform@@YA_NPBD@Z
?ChangeDisk@CZipStorage@@QAEXH@Z
?ChangePkzipRead@CZipStorage@@IAE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?ChangeTdRead@CZipStorage@@IAE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?CheckCrcAndSizes@CZipFileHeader@@IBE_NPAD@Z
?CheckForError@CZipArchive@@IAEXH@Z
?CheckIfOK_1@Info@CZipCentralDir@@IAE_NXZ
?CheckIfOK_2@Info@CZipCentralDir@@IAE_NXZ
?Clear@CZipCentralDir@@QAEX_N@Z
?ClearPasswordSmartly@CZipSmClrPass@CZipArchive@@QAEXPAV2@@Z
?Close@CZipArchive@@QAEXH_N@Z
?Close@CZipFile@@UAEXXZ
?Close@CZipMemFile@@UAEXXZ
?Close@CZipStorage@@QAE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@_N@Z
?CloseFile@CZipArchive@@QAEHAAVCZipFile@@@Z
?CloseFile@CZipArchive@@QAEHPBD_N@Z
?CloseFile@CZipCentralDir@@QAEX_N@Z
?CloseFileWithNoUpdate@CZipArchive@@QAEXXZ
?CloseNewFile@CZipArchive@@QAE_N_N@Z
?CloseNewFile@CZipCentralDir@@QAEXXZ
?CompareBytes@CZipArchive@@SA_NPBDPBXH@Z
?CompareElement@CZipCentralDir@@IBEHPBDG@Z
?CompareHeaders@CZipCentralDir@@KAHPBX0@Z
?CompressionEfficient@CZipFileHeader@@QAE_NXZ
?ConvertAll@CZipCentralDir@@QAEXXZ
?ConvertFileName@CZipCentralDir@@QBEX_N0PAVCZipFileHeader@@@Z
?Copy@CZipMemFile@@QAEXAAV1@@Z
?CreateDirectoryA@ZipPlatform@@YA_NPBD@Z
?CryptCRC32@CZipArchive@@IAEKKD@Z
?CryptCheck@CZipArchive@@IAE_NXZ
?CryptCryptHeader@CZipArchive@@IAEXJAAVCZipAutoBuffer@@@Z
?CryptDecode@CZipArchive@@IAEXAAD@Z
?CryptDecodeBuffer@CZipArchive@@IAEXK@Z
?CryptDecryptByte@CZipArchive@@IAEDXZ
?CryptEncode@CZipArchive@@IAEXAAD@Z
?CryptEncodeBuffer@CZipArchive@@IAEXXZ
?CryptInitKeys@CZipArchive@@IAEXXZ
?CryptUpdateKeys@CZipArchive@@IAEXD@Z
?CurrentFile@CZipArchive@@IAEPAVCZipFileHeader@@XZ
?Defaults@CZipAddNewFileInfo@@QAEXXZ
?DeleteFileA@CZipArchive@@QAEXG@Z
?DeleteFiles@CZipArchive@@QAEXAAV?$CZipArray@G@@@Z
?DeleteFiles@CZipArchive@@QAEXABVCStringArray@@@Z
?Detach@CZipMemFile@@QAEPAEXZ
?DirectoryExists@ZipPlatform@@YA_NPBD@Z
?DiskChange@Info@CZipCentralDir@@IAEXH@Z
?EmptyPtrList@CZipArchive@@IAEXXZ
?EmptyWriteBuffer@CZipStorage@@IAEXXZ
?EnableFindFast@CZipArchive@@QAEX_N@Z
?EnableFindFast@CZipCentralDir@@QAEX_N0@Z
?EnableOemConversion@CZipArchive@@QAEX_N@Z
?ExtractFile@CZipArchive@@QAE_NGAAVCZipMemFile@@_NK@Z
?ExtractFile@CZipArchive@@QAE_NGPBD_N0K@Z
?FileExists@ZipPlatform@@YAHPBD@Z
?FinalizeSpan@CZipStorage@@QAEXXZ
?FindFile@CZipArchive@@QAEHPBDH_N@Z
?FindFile@CZipCentralDir@@QAEHPBD_N11@Z
?FindFileNameIndex@CZipCentralDir@@QBEHPBD@Z
?FindMatches@CZipArchive@@QBEXPBDAAV?$CZipArray@G@@_N@Z
?Flush@CZipArchive@@QAEXXZ
?Flush@CZipFile@@UAEXXZ
?Flush@CZipMemFile@@UAEXXZ
?Flush@CZipStorage@@QAEXXZ
?FlushFile@CZipStorage@@QAEXXZ
?ForceDirectory@ZipPlatform@@YA_NPBD@Z
?Free@CZipMemFile@@IAEXXZ
?FreeAssoc@?$CMap@W4CallbackType@CZipArchive@@W412@PAUCZipActionCallback@@PAU3@@@IAEXPAVCAssoc@1@@Z
?Get@CZipClbckStrg@CZipArchive@@QAEPAUCZipActionCallback@@W4CallbackType@2@@Z
?GetAdvanced@CZipArchive@@QAEXPAH00@Z
?GetArchivePath@CZipArchive@@QBE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetAssocAt@?$CMap@W4CallbackType@CZipArchive@@W412@PAUCZipActionCallback@@PAU3@@@IBEPAVCAssoc@1@W4CallbackType@CZipArchive@@AAI1@Z
?GetAutoFlush@CZipArchive@@QBE_NXZ
?GetBuffer@CZipAutoBuffer@@QBEPBDXZ
?GetBytesBefore@CZipCentralDir@@QBEKXZ
?GetCRCTable@CZipArchive@@SAPBKXZ
?GetCZipStrCompFunc@@YAP8?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@BEHPBD@Z_N1@Z
?GetCallback@CZipArchive@@QAEPAUCZipActionCallback@@W4CallbackType@1@@Z
?GetCentralDirInfo@CZipArchive@@QBEXAAUInfo@CZipCentralDir@@@Z
?GetCentralDirSize@CZipArchive@@QBEK_N@Z
?GetComment@CZipFileHeader@@QBE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetCommentSize@CZipFileHeader@@QBEGXZ
?GetCompressionRatio@CZipFileHeader@@QAEMXZ
?GetCount@?$CMap@W4CallbackType@CZipArchive@@W412@PAUCZipActionCallback@@PAU3@@@QBEHXZ
?GetCount@CZipArchive@@QBEH_N@Z
?GetCrcAndSizes@CZipFileHeader@@IBEXPAD@Z
?GetCurrentDirectoryA@ZipPlatform@@YA_NAAV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?GetCurrentDisk@CZipArchive@@QBEHXZ
?GetCurrentDisk@CZipStorage@@QBEHXZ
?GetDefaultAttributes@ZipPlatform@@YAKXZ
?GetDefaultDirAttributes@ZipPlatform@@YAKXZ
?GetDeviceFreeSpace@ZipPlatform@@YAKPBD@Z
?GetEffComprSize@CZipFileHeader@@QAEKXZ
?GetErrorDescription@CZipException@@QAE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetErrorMessage@CZipException@@UAEHPADIPAI@Z
?GetExtraFieldSize@CZipFileHeader@@QBEGXZ
?GetFileAttr@ZipPlatform@@YA_NPBDAAK@Z
?GetFileDrive@CZipPathComponent@@QBE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetFileExt@CZipPathComponent@@QBE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetFileInfo@CZipArchive@@QBE_NAAVCZipFileHeader@@G@Z
?GetFileModTime@ZipPlatform@@YA_NPBDAA_J@Z
?GetFileName@CZipFileHeader@@QBE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetFileName@CZipPathComponent@@QBE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetFileNameSize@CZipFileHeader@@QBEGXZ
?GetFilePath@CZipFile@@UBE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetFilePath@CZipMemFile@@UBE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetFilePath@CZipPathComponent@@QBE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetFileSize@ZipPlatform@@YA_NPBDAAK@Z
?GetFileTitle@CZipPathComponent@@QBE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetFindFastIndex@CZipArchive@@QBEHH@Z
?GetFindFastIndex@CZipCentralDir@@QBEHH@Z
?GetFreeInBuffer@CZipStorage@@IBEKXZ
?GetFreeVolumeSpace@CZipStorage@@IBEKXZ
?GetFromArchive@CZipArchive@@IAE_NAAV1@GPBDH_NPAUCZipActionCallback@@@Z
?GetFromArchive@CZipArchive@@QAE_NAAV1@AAV?$CZipArray@G@@_N@Z
?GetFromArchive@CZipArchive@@QAE_NAAV1@AAVCStringArray@@_N@Z
?GetFromArchive@CZipArchive@@QAE_NAAV1@GPBDH_N@Z
?GetFullPath@CZipPathComponent@@QBE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetGlobalComment@CZipArchive@@QBE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetHashTableSize@?$CMap@W4CallbackType@CZipArchive@@W412@PAUCZipActionCallback@@PAU3@@@QBEIXZ
?GetIndexes@CZipArchive@@QAEXABVCStringArray@@AAV?$CZipArray@G@@@Z
?GetInfo@CZipCentralDir@@QBEXAAUInfo@1@@Z
?GetInternalErrorDescription@CZipException@@IAE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@H_N@Z
?GetLength@CZipFile@@UBE_KXZ
?GetLength@CZipMemFile@@UBE_KXZ
?GetLocalExtraField@CZipArchive@@QBEHPADH@Z
?GetLocalSize@CZipFileHeader@@IBEK_N@Z
?GetLocalSize@CZipFileHeader@@QBEKXZ
?GetNextAssoc@?$CMap@W4CallbackType@CZipArchive@@W412@PAUCZipActionCallback@@PAU3@@@QBEXAAPAU__POSITION@@AAW4CallbackType@CZipArchive@@AAPAUCZipActionCallback@@@Z
?GetNoDrive@CZipPathComponent@@QBE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetOccupiedSpace@CZipArchive@@QBEKXZ
?GetOccupiedSpace@CZipStorage@@QBEKXZ
?GetOriginalAttributes@CZipFileHeader@@QBEKXZ
?GetPassword@CZipArchive@@QBE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetPosition@CZipFile@@UBE_KXZ
?GetPosition@CZipMemFile@@UBE_KXZ
?GetPosition@CZipStorage@@QBEKXZ
?GetProperHeaderFileName@CZipCentralDir@@QBE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBVCZipFileHeader@@@Z
?GetRootPath@CZipArchive@@QBE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetRuntimeClass@CZipException@@UBEPAUCRuntimeClass@@XZ
?GetRuntimeClass@CZipFile@@UBEPAUCRuntimeClass@@XZ
?GetSize@?$CMap@W4CallbackType@CZipArchive@@W412@PAUCZipActionCallback@@PAU3@@@QBEHXZ
?GetSize@CZipAutoBuffer@@QBEKXZ
?GetSize@CZipCentralDir@@QBEK_N@Z
?GetSize@CZipFileHeader@@QBEKXZ
?GetSpanMode@CZipArchive@@QBEHXZ
?GetStartPosition@?$CMap@W4CallbackType@CZipArchive@@W412@PAUCZipActionCallback@@PAU3@@@QBEPAU__POSITION@@XZ
?GetStep@CZipActionCallback@@QAEHXZ
?GetStorage@CZipArchive@@QAEPAVCZipStorage@@XZ
?GetSystemAttr@CZipFileHeader@@QBEKXZ
?GetSystemCaseSensitivity@ZipPlatform@@YA_NXZ
?GetSystemCompatibility@CZipArchive@@QBEHXZ
?GetSystemCompatibility@CZipFileHeader@@QBEHXZ
?GetSystemErrorDescription@CZipException@@IAE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetSystemID@ZipPlatform@@YAHXZ
?GetTdVolumeName@CZipStorage@@IBE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@_NPBD@Z
?GetTempPathA@CZipArchive@@QBE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetTime@CZipFileHeader@@QBE_JXZ
?GetTmpFileName@ZipPlatform@@YA?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDK@Z
?Grow@CZipMemFile@@IAEXI@Z
?HasEndingSeparator@CZipPathComponent@@SA_NABV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?Init@CZipActionCallback@@UAEXPBD0@Z
?Init@CZipCentralDir@@QAEXXZ
?Init@CZipInternalInfo@CZipArchive@@QAEXXZ
?Init@CZipMemFile@@IAEXXZ
?InitHashTable@?$CMap@W4CallbackType@CZipArchive@@W412@PAUCZipActionCallback@@PAU3@@@QAEXIH@Z
?InsertFindFastElement@CZipCentralDir@@IAEXPAVCZipFileHeader@@G@Z
?IsAllocated@CZipAutoBuffer@@QBE_NXZ
?IsClosed@CZipArchive@@QBE_N_N@Z
?IsClosed@CZipFile@@UBE_NXZ
?IsClosed@CZipMemFile@@UBE_NXZ
?IsClosed@CZipStorage@@QBE_N_N@Z
?IsDataDescr@CZipFileHeader@@QBE_NXZ
?IsDirectory@CZipFileHeader@@QBE_NXZ
?IsDirectory@ZipPlatform@@YA_NK@Z
?IsDriveRemovable@ZipPlatform@@YA_NPBD@Z
?IsEmpty@?$CMap@W4CallbackType@CZipArchive@@W412@PAUCZipActionCallback@@PAU3@@@QBEHXZ
?IsEncrypted@CZipFileHeader@@QBE_NXZ
?IsFindFastEnabled@CZipCentralDir@@QAE_NXZ
?IsMatch@CWildcard@CZipArchive@@QAE_NPBDPAH@Z
?IsPattern@CWildcard@CZipArchive@@SA_NPBD@Z
?IsPatternValid@CWildcard@CZipArchive@@SA_NPBDPAH@Z
?IsReadOnly@CZipArchive@@QAE_NXZ
?IsReadOnly@CZipStorage@@QAE_NXZ
?IsSeparator@CZipPathComponent@@SA_ND@Z
?IsSpanMode@CZipStorage@@QBEHXZ
?IsValidIndex@CZipCentralDir@@QBE_NH@Z
?LeftToDo@CZipActionCallback@@QAEKXZ
?Locate@CZipCentralDir@@IAEKXZ
?Lookup@?$CMap@W4CallbackType@CZipArchive@@W412@PAUCZipActionCallback@@PAU3@@@QBEHW4CallbackType@CZipArchive@@AAPAUCZipActionCallback@@@Z
?MakeSpaceForReplace@CZipArchive@@IAEXHKPBD@Z
?Match@CWildcard@CZipArchive@@SAHPBD0@Z
?MatchAfterStar@CWildcard@CZipArchive@@KAHPBD0@Z
?MovePackedFiles@CZipArchive@@IAEXKKKPAUCZipActionCallback@@_N@Z
?NewAssoc@?$CMap@W4CallbackType@CZipArchive@@W412@PAUCZipActionCallback@@PAU3@@@IAEPAVCAssoc@1@W4CallbackType@CZipArchive@@@Z
?NextDisk@CZipStorage@@QAEXHPBD@Z
?Open@CZipAbstractFile@@UAE_NPBDI_N@Z
?Open@CZipArchive@@QAEXAAVCZipAbstractFile@@H@Z
?Open@CZipArchive@@QAEXPBDHH@Z
?Open@CZipFile@@UAE_NPBDI_N@Z
?Open@CZipStorage@@QAEXAAVCZipAbstractFile@@H@Z
?Open@CZipStorage@@QAEXPBDHH@Z
?OpenFile@CZipArchive@@QAE_NG@Z
?OpenFile@CZipCentralDir@@QAEXG@Z
?OpenFile@CZipStorage@@IAE_NPBDI_N@Z
?OpenInternal@CZipArchive@@IAEXH@Z
?OpenNewFile@CZipArchive@@QAE_NAAVCZipFileHeader@@HPBDK@Z
?PGetFirstAssoc@?$CMap@W4CallbackType@CZipArchive@@W412@PAUCZipActionCallback@@PAU3@@@QAEPAUCPair@1@XZ
?PGetFirstAssoc@?$CMap@W4CallbackType@CZipArchive@@W412@PAUCZipActionCallback@@PAU3@@@QBEPBUCPair@1@XZ
?PGetNextAssoc@?$CMap@W4CallbackType@CZipArchive@@W412@PAUCZipActionCallback@@PAU3@@@QAEPAUCPair@1@PBU21@@Z
?PGetNextAssoc@?$CMap@W4CallbackType@CZipArchive@@W412@PAUCZipActionCallback@@PAU3@@@QBEPBUCPair@1@PBU21@@Z
?PLookup@?$CMap@W4CallbackType@CZipArchive@@W412@PAUCZipActionCallback@@PAU3@@@QAEPAUCPair@1@W4CallbackType@CZipArchive@@@Z
?PLookup@?$CMap@W4CallbackType@CZipArchive@@W412@PAUCZipActionCallback@@PAU3@@@QBEPBUCPair@1@W4CallbackType@CZipArchive@@@Z
?PredictExtractedFileName@CZipArchive@@QBE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD0_N0@Z
?PredictFileNameInZip@CZipArchive@@QBE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD_NH1@Z
?PredictMaximumFileSizeInArchive@CZipArchive@@QBEKAAVCZipFileHeader@@@Z
?PredictMaximumFileSizeInArchive@CZipArchive@@QBEKPBD_N@Z
?PrepareData@CZipFileHeader@@IAE_NH_N0@Z
?Read@CZipCentralDir@@QAEXXZ
?Read@CZipFile@@UAEIPAXI@Z
?Read@CZipFileHeader@@IAE_NPAVCZipStorage@@@Z
?Read@CZipMemFile@@UAEIPAXI@Z
?Read@CZipStorage@@QAEKPAXK_N@Z
?ReadBytes@CZipArchive@@SAXPAXPBDH@Z
?ReadFile@CZipArchive@@QAEKPAXK@Z
?ReadHeaders@CZipCentralDir@@IAEXXZ
?ReadLocal@CZipFileHeader@@IAE_NPAVCZipStorage@@@Z
?Release@CZipAutoBuffer@@QAEXXZ
?ReleaseBuf@CZipInternalInfo@CZipArchive@@QAEXXZ
?RemoveAll@?$CMap@W4CallbackType@CZipArchive@@W412@PAUCZipActionCallback@@PAU3@@@QAEXXZ
?RemoveAll@CZipCentralDir@@QAEXXZ
?RemoveDataDescr@CZipCentralDir@@IAE_N_N@Z
?RemoveFile@CZipCentralDir@@QAEXPAVCZipFileHeader@@H_N@Z
?RemoveFile@ZipPlatform@@YA_NPBD_N@Z
?RemoveFromDisk@CZipCentralDir@@QAEXXZ
?RemoveHeaders@CZipCentralDir@@IAEXXZ
?RemoveKey@?$CMap@W4CallbackType@CZipArchive@@W412@PAUCZipActionCallback@@PAU3@@@QAEHW4CallbackType@CZipArchive@@@Z
?RemoveLast@CZipArchive@@IAE_N_N@Z
?RemoveLastFile@CZipCentralDir@@QAEXPAVCZipFileHeader@@H@Z
?RemovePathBeginning@CZipArchive@@SA_NPBDAAV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@P823@BEH0@Z@Z
?RemoveSeparators@CZipPathComponent@@SAXAAV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?RemoveSeparatorsLeft@CZipPathComponent@@SAXAAV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?RenameFile@CZipArchive@@QAE_NGPBD@Z
?RenameFile@CZipCentralDir@@QAEXGPBD@Z
?RenameFile@ZipPlatform@@YA_NPBD0_N@Z
?RenameLastFileInTDSpan@CZipStorage@@IAE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?Seek@CZipFile@@UAE_K_JH@Z
?Seek@CZipMemFile@@UAE_K_JH@Z
?SeekToBegin@CZipAbstractFile@@UAE_KXZ
?SeekToEnd@CZipAbstractFile@@UAE_KXZ
?Serialize@?$CMap@W4CallbackType@CZipArchive@@W412@PAUCZipActionCallback@@PAU3@@@UAEXAAVCArchive@@@Z
?Set@CZipClbckStrg@CZipArchive@@QAEXPAUCZipActionCallback@@W4CallbackType@2@@Z
?SetAdvanced@CZipArchive@@QAEXHHH@Z
?SetAt@?$CMap@W4CallbackType@CZipArchive@@W412@PAUCZipActionCallback@@PAU3@@@QAEXW4CallbackType@CZipArchive@@PAUCZipActionCallback@@@Z
?SetAutoFlush@CZipArchive@@QAEX_N@Z
?SetBytesBeforeZip@Info@CZipCentralDir@@IAEX_N@Z
?SetCallback@CZipArchive@@QAEXPAUCZipActionCallback@@H@Z
?SetCaseSensitivity@CZipArchive@@QAEX_N@Z
?SetComment@CZipFileHeader@@QAE_NPBD@Z
?SetConvertAfterOpen@CZipArchive@@QAEX_N@Z
?SetDetectZlibMemoryLeaks@CZipArchive@@QAEX_N@Z
?SetExtension@CZipPathComponent@@QAEXPBD@Z
?SetExtraField@CZipArchive@@QAEXPBDG@Z
?SetFileAttr@ZipPlatform@@YA_NPBDK@Z
?SetFileComment@CZipArchive@@QAE_NGPBD@Z
?SetFileHeaderAttr@CZipArchive@@QBEXAAVCZipFileHeader@@K@Z
?SetFileModTime@ZipPlatform@@YA_NPBD_J@Z
?SetFileName@CZipFileHeader@@QAE_NPBD@Z
?SetFileTitle@CZipPathComponent@@QAEXPBD@Z
?SetFullPath@CZipPathComponent@@QAEXPBD@Z
?SetGlobalComment@CZipArchive@@QAE_NPBD@Z
?SetIgnoreCRC@CZipArchive@@QAEX_N@Z
?SetLength@CZipFile@@UAEX_K@Z
?SetLength@CZipMemFile@@UAEX_K@Z
?SetPassword@CZipArchive@@QAE_NPBD@Z
?SetPattern@CWildcard@CZipArchive@@QAEXPBD_N@Z
?SetRootPath@CZipArchive@@QAEXPBD@Z
?SetSpanCallback@CZipArchive@@QAEXPAUCZipSpanCallback@@@Z
?SetSystemAttr@CZipFileHeader@@IAEXK@Z
?SetSystemCompatibility@CZipArchive@@QAE_NH@Z
?SetSystemCompatibility@CZipFileHeader@@IAEXH@Z
?SetTempPath@CZipArchive@@QAEXPBD_N@Z
?SetTime@CZipFileHeader@@QAEXAB_J@Z
?SetTotal@CZipActionCallback@@UAEXK@Z
?SetTreatAsSingleDisk@CZipArchive@@QAEX_N@Z
?SetTreatAsSingleDisk@CZipStorage@@QAEX_N@Z
?SetVersion@CZipFileHeader@@IAEXG@Z
?SetVolLabel@ZipPlatform@@YA_NPBD0@Z
?SingleToWide@CZipArchive@@SAHABVCZipAutoBuffer@@AAV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?SortHeaders@CZipCentralDir@@IAEXXZ
?TestFile@CZipArchive@@QAE_NGK@Z
?Throw@CZipException@@SAXHPBD@Z
?ThrowError@CZipArchive@@IAEXH_N@Z
?ThrowError@CZipCentralDir@@IBEXH@Z
?ThrowError@CZipStorage@@IAEXH@Z
?TrimRootPath@CZipArchive@@QBE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAVCZipPathComponent@@@Z
?UpdateLocal@CZipCentralDir@@QAEPAVCZipFileHeader@@G@Z
?UpdateReplaceIndex@CZipArchive@@IAE_NAAHPBD@Z
?UpdateSpanMode@CZipStorage@@QAEXG@Z
?VolumeLeft@CZipStorage@@IBEKXZ
?WideToSingle@CZipArchive@@SAHPBDAAVCZipAutoBuffer@@@Z
?WillBeDuplicated@CZipArchive@@QAEHPBD_N1H@Z
?Write@CZipCentralDir@@QAEXPAUCZipActionCallback@@@Z
?Write@CZipFile@@UAEXPBXI@Z
?Write@CZipFileHeader@@IAEKPAVCZipStorage@@@Z
?Write@CZipMemFile@@UAEXPBXI@Z
?Write@CZipStorage@@QAEXPBXK_N@Z
?WriteBytes@CZipArchive@@SAXPADPBXH@Z
?WriteCentralDirectory@CZipArchive@@IAEX_N@Z
?WriteCentralEnd@CZipCentralDir@@IAEKXZ
?WriteHeaders@CZipCentralDir@@IAEXPAUCZipActionCallback@@_N@Z
?WriteInternalBuffer@CZipStorage@@IAEXPBDK@Z
?WriteLocal@CZipFileHeader@@IAEXAAVCZipStorage@@@Z
?WriteNewFile@CZipArchive@@QAE_NPBXK@Z
?ZlibErrToZip@CZipException@@SAHH@Z
?_zliballoc@CZipArchive@@KAPAXPAXII@Z
?_zlibfree@CZipArchive@@KAXPAX0@Z
?classCZipException@CZipException@@2UCRuntimeClass@@B
?classCZipFile@CZipFile@@2UCRuntimeClass@@B
?m_cSeparator@CZipPathComponent@@2DB
?m_gszCopyright@CZipArchive@@1QBDB
?m_gszExtHeaderSignat@CZipStorage@@2PADA
?m_gszLocalSignature@CZipFileHeader@@2PADA
?m_gszSignature@CZipCentralDir@@2PADA
?m_gszSignature@CZipFileHeader@@2PADA
?m_iStep@CZipActionCallback@@2HA
?m_pCompareBytes@CZipArchive@@1P6A_NPBDPBXH@ZA
?m_pReadBytes@CZipArchive@@1P6AXPAXPBDH@ZA
?m_pWriteBytes@CZipArchive@@1P6AXPADPBXH@ZA

Sections

.text
Size: 236KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
calMbc.dll
.dll windows:4 windows x86 arch:x86

83be0c2305f3dc645f80ef424342afe1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\Hans\Documents\Visual Studio Projects\calMbc\Release\calMbc.pdb

Imports

kernel32

GlobalFindAtomA
GlobalGetAtomNameA
GetCPInfo
GetOEMCP
ExitProcess
GetSystemTimeAsFileTime
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
TerminateProcess
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
lstrcmpW
VirtualFree
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
RaiseException
GlobalFlags
InterlockedIncrement
WritePrivateProfileStringA
SetErrorMode
lstrcatA
InterlockedDecrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CloseHandle
GlobalAddAtomA
SetLastError
GlobalFree
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
GetCurrentThread
GetCurrentThreadId
GlobalLock
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
lstrcmpA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
LoadLibraryA
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
GetLastError
MultiByteToWideChar
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetTimeZoneInformation
InterlockedExchange

user32

RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
SetWindowPos
ShowWindow
SetWindowLongA
GetDlgItem
LoadCursorA
GetSysColorBrush
ReleaseDC
GetDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetWindowTextA
SetWindowTextA
GetClassNameA
UnregisterClassA
UnhookWindowsHookEx
wsprintfA
GetSystemMetrics
SetMenuItemBitmaps
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
DestroyMenu
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
MessageBoxA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
SendMessageA
SetCursor
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
PostMessageA
PostQuitMessage
GetDesktopWindow
GetSysColor

gdi32

GetStockObject
ExtTextOutA
TextOutA
RectVisible
PtVisible
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
GetDeviceCaps
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
DeleteObject
CreateBitmap
Escape

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegOpenKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegEnumKeyA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

comctl32

ord17

shlwapi

PathFindExtensionA
PathFindFileNameA

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
VariantClear
VariantChangeType
VariantInit

wininet

InternetQueryOptionA
InternetReadFile
InternetQueryDataAvailable
InternetErrorDlg
HttpSendRequestA
InternetCloseHandle
InternetOpenA
InternetSetOptionA
InternetConnectA
HttpOpenRequestA
HttpQueryInfoA
InternetSetCookieA

ws2_32

gethostbyname
inet_ntoa
WSACleanup
WSAStartup
gethostname

Exports

Exports

SendMBCLog_Filtering
SendMBCLog_Osp

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ckpcodec.dll
.dll windows:4 windows x86 arch:x86

77989818cc4a13d2cd77bfe05183ef25

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext

kernel32

CloseHandle
CreateEventA
CreateFileMappingA
CreateSemaphoreA
DeleteCriticalSection
DisableThreadLibraryCalls
EnterCriticalSection
GetConsoleScreenBufferInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetStdHandle
GetSystemTimeAsFileTime
GetTickCount
GetTimeZoneInformation
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryW
MapViewOfFile
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseSemaphore
ResetEvent
SetConsoleTextAttribute
SetEvent
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

__dllonexit
__mb_cur_max
__setusermatherr
_amsg_exit
_beginthreadex
_errno
_exit
_fstati64
_get_osfhandle
_initterm
_iob
_lock
_lseeki64
_onexit
_setjmp3
_snwprintf
_sopen
time
mktime
localtime
gmtime
_unlock
calloc
clock
cosh
exit
fclose
ferror
fflush
fgetc
fopen
fprintf
fputc
fputs
fread
free
frexp
fwprintf
fwrite
getc
getenv
islower
isspace
isupper
isxdigit
localeconv
log10
malloc
memchr
memcmp
memcpy
memmove
memset
printf
puts
qsort
raise
rand
realloc
setlocale
sinh
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncmp
strrchr
strspn
strstr
strtol
strtoul
_vsnprintf
_wsopen
abort
acos
asin
atan
atan2
atof
atoi
bsearch
tan
tanh
tolower
ungetc
wcscpy
wcslen
longjmp
_write
_unlink
_tempnam
_setmode
_read
_open
_fileno
_fdopen
_close
_access

user32

MessageBoxW

ws2_32

WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostname
getnameinfo
getpeername
getsockname
getsockopt
htonl
htons
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Exports

Exports

av_crc
av_crc_get_table
av_d2q
av_default_item_name
av_dict_free
av_dict_get
av_dict_parse_string
av_dict_set
av_div_q
av_fast_malloc
av_find_input_format
av_frame_get_qp_table
av_frame_new_side_data
av_frame_ref
av_frame_set_decode_error_flags
av_frame_unref
av_free
av_free_packet
av_freep
av_gcd
av_get_bytes_per_sample
av_get_channel_layout_channel_index
av_get_channel_layout_nb_channels
av_get_cpu_flags
av_get_default_channel_layout
av_guess_format
av_init_packet
av_interleaved_write_frame
av_lfg_init
av_log
av_log_get_level
av_log_set_callback
av_log_set_level
av_malloc
av_mallocz
av_mul_q
av_nearer_q
av_new_packet
av_opt_set
av_opt_set_double
av_opt_set_int
av_opt_set_q
av_packet_get_side_data
av_packet_new_side_data
av_parser_close
av_parser_init
av_parser_parse2
av_read_frame
av_realloc
av_reduce
av_register_all
av_rescale_q
av_sample_fmt_is_planar
av_samples_fill_arrays
av_samples_get_buffer_size
av_strdup
av_timecode_adjust_ntsc_framenum2
av_timecode_init_from_string
av_timecode_make_mpeg_tc_string
av_vlog
av_write_frame
av_write_trailer
avcodec_alloc_context3
avcodec_alloc_frame
avcodec_close
avcodec_decode_audio4
avcodec_decode_video2
avcodec_default_get_buffer2
avcodec_encode_audio2
avcodec_encode_video2
avcodec_fill_audio_frame
avcodec_find_decoder
avcodec_find_decoder_by_name
avcodec_find_encoder
avcodec_flush_buffers
avcodec_get_frame_defaults
avcodec_h264_search_recovery_point
avcodec_open2
avcodec_register_all
avcodec_set_dimensions
avformat_alloc_context
avformat_close_input
avformat_find_stream_info
avformat_network_init
avformat_new_stream
avformat_open_input
avformat_seek_file
avformat_write_header
avio_alloc_context
avio_close
avio_open
avpicture_deinterlace
avpriv_aac_parse_header
avpriv_ac3_channel_layout_tab
avpriv_ac3_parse_header
avpriv_align_put_bits
avpriv_dca_sample_rates
avpriv_find_start_code
avpriv_float_dsp_init
avpriv_mpeg4audio_get_config
avpriv_mpeg4audio_sample_rates
avpriv_mpegaudio_decode_header
avpriv_report_missing_feature
avpriv_request_sample
avpriv_toupper4
avresample_alloc_context
avresample_available
avresample_build_matrix
avresample_close
avresample_convert
avresample_free
avresample_get_delay
avresample_open
avresample_set_matrix
ff_MPV_common_end
ff_MPV_common_init
ff_MPV_decode_defaults
ff_MPV_decode_mb
ff_MPV_encode_end
ff_MPV_encode_init
ff_MPV_encode_picture
ff_MPV_frame_end
ff_MPV_frame_start
ff_MPV_report_decode_progress
ff_aac_codebook_vector_idx
ff_aac_codebook_vector_vals
ff_aac_coders
ff_aac_kbd_long_1024
ff_aac_kbd_short_128
ff_aac_num_swb_1024
ff_aac_num_swb_128
ff_aac_pow2sf_tab
ff_aac_pred_sfb_max
ff_aac_sbr_ctx_close
ff_aac_sbr_ctx_init
ff_aac_sbr_init
ff_aac_scalefactor_bits
ff_aac_scalefactor_code
ff_aac_spectral_bits
ff_aac_spectral_codes
ff_aac_spectral_sizes
ff_aac_tableinit
ff_ac3_adjust_frame_size
ff_ac3_apply_rematrixing
ff_ac3_bap_tab
ff_ac3_bit_alloc_calc_mask
ff_ac3_bit_alloc_calc_psd
ff_ac3_channel_layouts
ff_ac3_common_init
ff_ac3_compute_bit_allocation
ff_ac3_compute_coupling_strategy
ff_ac3_db_per_bit_tab
ff_ac3_dec_channel_map
ff_ac3_encode_close
ff_ac3_encode_init
ff_ac3_fast_decay_tab
ff_ac3_fast_gain_tab
ff_ac3_float_encode_frame
ff_ac3_floor_tab
ff_ac3_group_exponents
ff_ac3_output_frame
ff_ac3_process_exponents
ff_ac3_quantize_mantissas
ff_ac3_rematrix_band_tab
ff_ac3_slow_decay_tab
ff_ac3_slow_gain_tab
ff_ac3_ungroup_3_in_5_bits_tab
ff_ac3_validate_metadata
ff_ac3_window
ff_ac3dsp_init
ff_af_queue_add
ff_af_queue_close
ff_af_queue_init
ff_af_queue_remove
ff_alloc_packet2
ff_alternate_vertical_scan
ff_combine_frame
ff_dc_chroma_vlc
ff_dc_lum_vlc
ff_dca_convert_bitstream
ff_dcadsp_init
ff_decode_sbr_extension
ff_dsputil_init
ff_eac3_apply_spectral_extension
ff_eac3_decode_transform_coeffs_aht_ch
ff_eac3_default_cpl_band_struct
ff_eac3_default_spx_band_struct
ff_eac3_frm_expstr
ff_eac3_hebap_tab
ff_eac3_parse_header
ff_eac3_set_cpl_states
ff_er_add_slice
ff_er_frame_end
ff_fft_end
ff_fft_init
ff_fmt_convert_init
ff_get_buffer
ff_init_block_index
ff_init_ff_sine_windows
ff_init_rl
ff_init_scantable
ff_init_vlc_sparse
ff_inverse
ff_kbd_window_init
ff_mb_btype_vlc
ff_mb_pat_vlc
ff_mb_ptype_vlc
ff_mbincr_vlc
ff_mdct_end
ff_mdct_end_fixed
ff_mdct_init
ff_mdct_init_fixed
ff_mdct_win_fixed
ff_mdct_win_float
ff_mlp_calculate_parity
ff_mlp_checksum8
ff_mlp_huffman_tables
ff_mlp_init_crc
ff_mlp_read_major_sync
ff_mlp_restart_checksum
ff_mlpdsp_init
ff_mpa_alloc_tables
ff_mpa_l2_select_table
ff_mpa_quant_bits
ff_mpa_quant_steps
ff_mpa_sblimit_table
ff_mpa_synth_filter_fixed
ff_mpa_synth_filter_float
ff_mpa_synth_init_fixed
ff_mpa_synth_init_float
ff_mpa_synth_window_fixed
ff_mpa_synth_window_float
ff_mpadsp_init
ff_mpeg12_common_init
ff_mpeg12_frame_rate_tab
ff_mpeg12_init_vlcs
ff_mpeg12_mbAddrIncrTable
ff_mpeg12_mbMotionVectorTable
ff_mpeg12_mbPatTable
ff_mpeg12_static_rl_table_store
ff_mpeg12_vlc_dc_chroma_bits
ff_mpeg12_vlc_dc_chroma_code
ff_mpeg12_vlc_dc_lum_bits
ff_mpeg12_vlc_dc_lum_code
ff_mpeg1_aspect
ff_mpeg1_clean_buffers
ff_mpeg1_default_intra_matrix
ff_mpeg1_default_non_intra_matrix
ff_mpeg1_find_frame_end
ff_mpeg2_aspect
ff_mpeg2_frame_rate_tab
ff_mpeg4audio_channels
ff_mpeg_draw_horiz_band
ff_mpeg_er_frame_start
ff_mpeg_flush
ff_mpeg_update_thread_context
ff_mpv_export_qp_table
ff_mv_vlc
ff_print_debug_info
ff_psy_end
ff_psy_init
ff_psy_preprocess
ff_psy_preprocess_end
ff_psy_preprocess_init
ff_reverse
ff_rl_mpeg1
ff_rl_mpeg2
ff_sbr_apply
ff_sine_1024
ff_sine_128
ff_sqrt_tab
ff_swb_offset_1024
ff_swb_offset_128
ff_synth_filter_init
ff_thread_finish_setup
ff_tns_max_bands_1024
ff_tns_max_bands_128
ff_update_duplicate_context
ff_write_quant_matrix
ff_xvmc_field_end
ff_xvmc_init_block
ff_xvmc_pack_pblocks
ff_zigzag_direct
ffurl_register_protocol
swr_alloc
swr_alloc_set_opts
swr_convert
swr_free
swr_init

Sections

.text
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 6.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
conkeeper.dll
.dll windows:5 windows x86 arch:x86

9628f0e58909bbf12b0fa3d5eb9c1ecf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\project_svn\WebHard\trunk\ConKeeper\고도화_new\ConKeeper\Release\conkeeper.pdb

Imports

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

urlmon

URLDownloadToFileA

kernel32

FindFirstFileExA
CompareStringW
CreateFileW
ReadFile
GetProcessHeap
SetEndOfFile
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
Sleep
GetLastError
GetPrivateProfileStringA
OpenMutexA
GetModuleHandleA
CloseHandle
DeleteFileA
FlushFileBuffers
SetStdHandle
WriteConsoleW
CreateFileA
LoadLibraryW
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointer
GetStartupInfoW
GetFileType
SetHandleCount
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetFileAttributesA
FileTimeToSystemTime
FileTimeToLocalFileTime
SetEnvironmentVariableA
GetCurrentThreadId
GetCommandLineA
GetCPInfo
RaiseException
RtlUnwind
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetProcAddress
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode

user32

SendMessageTimeoutA
wsprintfA
FindWindowA

shell32

ShellExecuteA

wininet

InternetConnectA
InternetCrackUrlA
InternetReadFile
InternetSetOptionA
HttpOpenRequestA
HttpAddRequestHeadersA
InternetCloseHandle
HttpSendRequestA
InternetOpenA

Exports

Exports

initConKeeper

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dbghelp.dll
.dll windows:4 windows x86 arch:x86

39525b45c40c6c59481ed9e5dc908b2d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dbghelp.pdb

Imports

kernel32

SetFilePointer
CreateFileW
DeleteFileW
CreateDirectoryW
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
UnmapViewOfFile
GetFullPathNameW
GetFileAttributesW
FindClose
CreateDirectoryA
VirtualProtect
VirtualAlloc
DuplicateHandle
MapViewOfFile
CreateFileMappingA
GetModuleHandleA
OpenProcess
GetCurrentProcessId
VirtualFree
OutputDebugStringA
WriteFile
OutputDebugStringW
ReadProcessMemory
SetErrorMode
GetFileAttributesA
GetSystemDirectoryW
GetProcessHeap
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetEnvironmentVariableW
IsDBCSLeadByte
HeapFree
HeapAlloc
HeapReAlloc
GetVersionExA
InitializeCriticalSection
FlushViewOfFile
MapViewOfFileEx
CreateFileMappingW
GetFileType
DeviceIoControl
InitializeCriticalSectionAndSpinCount
CopyFileA
SetFileAttributesA
CopyFileW
SetFileAttributesW
LCMapStringA
LCMapStringW
LocalFree
InterlockedIncrement
InterlockedDecrement
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
DeleteFileA
GetModuleFileNameA
FormatMessageW
FormatMessageA
GetThreadSelectorEntry
CreateThread
TerminateThread
LoadLibraryW
VirtualQueryEx
GetPriorityClass
GetThreadPriority
HeapCreate
DeleteCriticalSection
FreeLibrary
HeapDestroy
TlsFree
TlsAlloc
GetTickCount
TlsGetValue
TlsSetValue
GetLastError
CreateFileA
GetFileSize
ReadFile
CloseHandle
EnterCriticalSection
LeaveCriticalSection
FindNextFileW
LocalAlloc
SetLastError
FindFirstFileW
GetProcAddress
LoadLibraryA
GetSystemInfo
GetVersionExW
SuspendThread
ResumeThread
GetThreadContext
GetThreadTimes

msvcrt

__dllonexit
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
realloc
iswprint
_vsnwprintf
memmove
iswspace
calloc
_itoa
towlower
tolower
_wcslwr
time
_wctime
strncmp
_ltoa
_wcsnicmp
_stricmp
_purecall
isspace
ctime
malloc
_strlwr
free
strstr
_except_handler3
memcpy
_wcsicmp
_errno
_ismbblead
mbtowc
__mb_cur_max
isleadbyte
_snprintf
wctomb
_lseek
__badioinfo
__pioinfo
_onexit
_isatty
_iob
_fileno
atol
wcsncpy
sprintf
__CxxFrameHandler
fclose
_winminor
_winmajor
_osver
_wsplitpath
__unDName
isdigit
strncpy
_CxxThrowException
bsearch
_snwprintf
fread
fseek
_wfopen
fopen
wcstol
strchr
wcsrchr
_wmakepath
_fullpath
_wfullpath
_mbsicmp
_access
_splitpath
_wcsdup
_fsopen
_wfsopen
_get_osfhandle
_read
_lseeki64
_chsize
_close
_open_osfhandle
_wsopen
_sopen
wprintf
ftell
_wgetenv
_memicmp
_mbscmp
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_write
qsort
wcschr
wcsstr
wcsncmp
iswxdigit
memset
??3@YAXPAX@Z
??2@YAPAXI@Z

advapi32

RegOpenKeyExA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA

rpcrt4

UuidCreate

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumDirTree
EnumDirTreeW
EnumerateLoadedModules
EnumerateLoadedModules64
EnumerateLoadedModulesW64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindExecutableImage
FindExecutableImageEx
FindExecutableImageExW
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
SearchTreeForFileW
StackWalk
StackWalk64
SymAddSymbol
SymAddSymbolW
SymCleanup
SymDeleteSymbol
SymDeleteSymbolW
SymEnumLines
SymEnumLinesW
SymEnumProcesses
SymEnumSourceFiles
SymEnumSourceFilesW
SymEnumSourceLines
SymEnumSourceLinesW
SymEnumSym
SymEnumSymbols
SymEnumSymbolsForAddr
SymEnumSymbolsForAddrW
SymEnumSymbolsW
SymEnumTypes
SymEnumTypesW
SymEnumerateModules
SymEnumerateModules64
SymEnumerateModulesW64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindFileInPath
SymFindFileInPathW
SymFromAddr
SymFromAddrW
SymFromIndex
SymFromIndexW
SymFromName
SymFromNameW
SymFromToken
SymFromTokenW
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetHomeDirectoryW
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromAddrW64
SymGetLineFromName
SymGetLineFromName64
SymGetLineFromNameW64
SymGetLineNext
SymGetLineNext64
SymGetLineNextW64
SymGetLinePrev
SymGetLinePrev64
SymGetLinePrevW64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOmapBlockBase
SymGetOptions
SymGetScope
SymGetScopeW
SymGetSearchPath
SymGetSearchPathW
SymGetSourceFile
SymGetSourceFileFromToken
SymGetSourceFileFromTokenW
SymGetSourceFileToken
SymGetSourceFileTokenW
SymGetSourceVarFromToken
SymGetSourceVarFromTokenW
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetSymbolFile
SymGetSymbolFileW
SymGetTypeFromName
SymGetTypeFromNameW
SymGetTypeInfo
SymGetTypeInfoEx
SymInitialize
SymInitializeW
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymLoadModuleExW
SymMatchFileName
SymMatchFileNameW
SymMatchString
SymMatchStringA
SymMatchStringW
SymNext
SymNextW
SymPrev
SymPrevW
SymRegisterCallback
SymRegisterCallback64
SymRegisterCallbackW64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSearchW
SymSetContext
SymSetHomeDirectory
SymSetOptions
SymSetParentWindow
SymSetSearchPath
SymSetSearchPathW
SymSrvDeltaName
SymSrvDeltaNameW
SymSrvGetFileIndexString
SymSrvGetFileIndexStringW
SymSrvGetFileIndexes
SymSrvGetFileIndexesW
SymSrvGetSupplement
SymSrvGetSupplementW
SymSrvIsStore
SymSrvIsStoreW
SymSrvStoreFile
SymSrvStoreFileW
SymSrvStoreSupplement
SymSrvStoreSupplementW
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnDecorateSymbolNameW
UnmapDebugInformation
WinDbgExtensionDllInit
block
dbghelp
dh
fptr
homedir
lmi
lminfo
omap
srcfiles
stack_force_ebp
stackdbg
sym
symsrv
vc7fpo

Sections

.text
Size: 890KB - Virtual size: 890KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
detect.exe
.exe windows:5 windows x86 arch:x86

bce2c5434e6542d41b4299029024fd74

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:6f:12:d1:04:74:ed:4d:1c:13:a2:6f:4e:40:1b:ce
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

21/01/2016, 00:00

Not After

07/05/2016, 23:59

Subject

CN=iMBC Co.\, Ltd.,O=iMBC Co.\, Ltd.,L=Mapo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f4:90:22:30:de:4a:c0:8c:18:98:55:92:be:63:82:d9:f0:5a:91:3d:12:94:94:37:b8:17:7c:14:69:16:b4:9e
Signer

Actual PE Digest

f4:90:22:30:de:4a:c0:8c:18:98:55:92:be:63:82:d9:f0:5a:91:3d:12:94:94:37:b8:17:7c:14:69:16:b4:9e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\project_svn\WebHard\trunk\ConKeeper\고도화_new\ConKeeper\Release\Detect.pdb

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
CloseHandle
GetTempPathA
OpenFileMappingA
Sleep
GetCurrentProcess
QueryDosDeviceA
Process32First
VirtualFree
OpenProcess
lstrlenW
GetLogicalDriveStringsA
VirtualAlloc
Process32Next
CreateFileMappingA
CreateToolhelp32Snapshot
DuplicateHandle
GetCurrentProcessId
GetTickCount
UnmapViewOfFile
OpenMutexA
CreateMutexA
DeleteFileA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetVersionExA
MapViewOfFile
GetFileSize
CreateFileA
GetModuleFileNameA
LockResource
MultiByteToWideChar
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceW
FindResourceExW
lstrlenA
CreateDirectoryA
GetFileAttributesA
FlushConsoleInputBuffer
GlobalMemoryStatus
GetStdHandle
GetFileType
GetVersion
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSetInformation
InitializeCriticalSectionAndSpinCount
RaiseException
GetProcessHeap
GetLastError
QueryPerformanceCounter
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DecodePointer
EncodePointer
InterlockedExchange
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
SetLastError
IsDebuggerPresent
GetCurrentThreadId
GetSystemTimeAsFileTime

user32

DefWindowProcA
CreateWindowExA
TranslateMessage
RegisterClassA
GetWindowThreadProcessId
GetDesktopWindow
GetProcessWindowStation
PostQuitMessage
FindWindowA
GetUserObjectInformationW
PeekMessageA
DispatchMessageA
MessageBoxA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

oleaut32

VariantTimeToSystemTime
SysAllocStringLen
SystemTimeToVariantTime
VarUdateFromDate

shlwapi

PathFileExistsA

iphlpapi

GetAdaptersInfo

psapi

GetMappedFileNameW

ws2_32

select
WSAGetLastError
htons
connect
WSASetLastError
socket
ioctlsocket
setsockopt
recv
gethostbyname
WSACleanup
WSAStartup
inet_ntoa
gethostname
send
closesocket
shutdown

msvcr100

realloc
strchr
??3@YAXPAX@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
memmove
_access
_chdir
??2@YAPAXI@Z
memmove_s
memchr
strnlen
memcpy_s
sprintf
_fsopen
free
malloc
strstr
fwrite
fclose
_mbsstr
vsprintf_s
??_V@YAXPAX@Z
_vscprintf
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
_localtime64_s
qsort
_vsnprintf
_time64
_mbslwr_s
sprintf_s
localeconv
_wassert
strncpy
printf
strcpy_s
strcspn
_localtime64
_splitpath
_mbscmp
fputc
_unlock_file
ungetc
fgetpos
_fseeki64
fflush
fgetc
fsetpos
setvbuf
_lock_file
_CIpow
_atoi64
atoi
tolower
_mbsrchr
asctime
atof
towlower
??8type_info@@QBE_NABV0@@Z
_purecall
iswspace
iswdigit
_ismbcspace
fread
_mbsinc
fseek
strncmp
_errno
_CxxThrowException
memcpy
__CxxFrameHandler3
strerror
setlocale
__uncaught_exception
__crtLCMapStringA
__pctype_func
isupper
___lc_codepage_func
___lc_handle_func
_calloc_crt
islower
memset
__iob_func
_free_locale
abort
_unlock
__dllonexit
_lock
_onexit
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
exit
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_time32
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
wcsstr
vfprintf
_iob
strcmp
_pctype
__mb_cur_max
_isctype
_ftol
getenv
_setmode
ftell
fgets
fprintf
sscanf
strtoul
fputs
signal
_fileno
_stat32
_getch
_gmtime32
fopen
strftime

advapi32

RegisterEventSourceA
DeregisterEventSource
ReportEventA

Sections

.text
Size: 653KB - Virtual size: 652KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
detect_service.exe
.exe windows:5 windows x86 arch:x86

06df045f03c96a82f2cd1cb580261f3c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:6f:12:d1:04:74:ed:4d:1c:13:a2:6f:4e:40:1b:ce
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

21/01/2016, 00:00

Not After

07/05/2016, 23:59

Subject

CN=iMBC Co.\, Ltd.,O=iMBC Co.\, Ltd.,L=Mapo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4e:cb:28:7b:10:57:d0:df:92:d9:6d:fc:6b:40:66:67:b5:89:fc:3d:43:6a:dc:82:ab:c3:f1:af:92:b2:df:7f
Signer

Actual PE Digest

4e:cb:28:7b:10:57:d0:df:92:d9:6d:fc:6b:40:66:67:b5:89:fc:3d:43:6a:dc:82:ab:c3:f1:af:92:b2:df:7f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\project_svn\WebHard\trunk\ConKeeper\고도화_new\ConKeeper\Release\detect_service.pdb

Imports

kernel32

MapViewOfFile
UnmapViewOfFile
Process32First
OpenProcess
Sleep
GetExitCodeProcess
TerminateProcess
GetLastError
OpenMutexA
Process32Next
CreateFileMappingA
GetModuleFileNameA
CreateMutexA
CreateToolhelp32Snapshot
CloseHandle
OpenFileMappingA
CreateFileW
WriteConsoleW
SetStdHandle
IsProcessorFeaturePresent
HeapSize
GetStringTypeW
HeapAlloc
ExitThread
ResumeThread
CreateThread
GetCommandLineA
HeapSetInformation
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
RtlUnwind
HeapReAlloc
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers

shell32

ShellExecuteExA

wininet

HttpAddRequestHeadersA
InternetOpenA
InternetSetOptionA
InternetConnectA
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
filegurimain.exe
.exe windows:4 windows x86 arch:x86

9e00a3f2d43bc4645abdb931b52c66dd

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:7b:94:4d:6c:8a:18:77:6c:2b:bb:51:b0:ef:9f:c1
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

20/09/2016, 00:00

Not After

20/10/2018, 23:59

Subject

CN=Iconcube. Inc.,OU=IT Team,O=Iconcube. Inc.,L=Geumcheon-gu,ST=SEOUL,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:25:92:c5:bf:48:70:67:76:07:cb:27:d0:19:f8:b1:cf:6a:9b:33
Signer

Actual PE Digest

09:25:92:c5:bf:48:70:67:76:07:cb:27:d0:19:f8:b1:cf:6a:9b:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\WORK\fileguri\application\trunk\src\bin\FileguriMain.pdb

Imports

ws2_32

ntohs
WSARecvFrom
WSASendTo
WSAStartup
WSASocketA
WSAIoctl
WSACleanup
ntohl
getsockname
accept
WSAGetOverlappedResult
bind
listen
getpeername
socket
inet_addr
htons
WSAConnect
WSAAsyncSelect
setsockopt
WSADuplicateSocketA
connect
send
WSACreateEvent
recv
htonl
gethostname
gethostbyname
inet_ntoa
WSAEnumNetworkEvents
WSAResetEvent
WSAEventSelect
WSASend
ioctlsocket
WSARecv
WSAGetLastError
WSASetEvent
WSAWaitForMultipleEvents
shutdown
closesocket
WSACloseEvent

wininet

InternetCrackUrlA
InternetCanonicalizeUrlA
InternetSetOptionExA
InternetGetLastResponseInfoA
InternetSetFilePointer
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCloseHandle
InternetOpenA
InternetOpenUrlA
HttpAddRequestHeadersA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
InternetSetOptionA
InternetOpenW
InternetConnectW
HttpSendRequestW
HttpSendRequestExW
HttpQueryInfoW
InternetSetOptionW
InternetAttemptConnect
InternetSetStatusCallback
InternetQueryOptionA
InternetQueryDataAvailable
InternetSetCookieA
DeleteUrlCacheEntry
InternetReadFileExA
InternetReadFile
HttpQueryInfoA
FtpOpenFileA

shell32

DragFinish
DragQueryFileA
SHGetSpecialFolderLocation
SHGetFolderPathA
Shell_NotifyIconA
SHGetFileInfoA
SHFileOperationA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderPathA
ShellExecuteA
DragAcceptFiles

ziparchive

??1CZipArchive@@UAE@XZ
?Close@CZipArchive@@QAEXH_N@Z
?IsDirectory@CZipFileHeader@@QBE_NXZ
??0CZipArchive@@QAE@XZ
?Open@CZipArchive@@QAEXPBDHH@Z
?ExtractFile@CZipArchive@@QAE_NGPBD_N0K@Z

gdiplus

GdipLoadImageFromFileICM
GdipDisposeImage
GdipCloneImage
GdipGetImageWidth
GdipLoadImageFromFile
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectI
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipGetImageGraphicsContext
GdipDrawImageRectRectI
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHICON
GdipCreateHICONFromBitmap
GdipDrawCachedBitmap
GdipCreateCachedBitmap
GdipAlloc
GdipFree
GdiplusShutdown
GdipDeleteCachedBitmap
GdipMeasureString
GdipCreateFont
GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipDeleteFont
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipFillRectangleI
GdipDrawString
GdiplusStartup
GdipGetImageHeight

nat

ord18
ord15
ord17
ord50
ord23
ord49
ord22

kernel32

lstrlenA
GetLastError
FindResourceA
SizeofResource
LockResource
LoadResource
DeleteFileA
CloseHandle
LoadLibraryA
GetModuleHandleA
GetProcAddress
SetLastError
GetTickCount
CreateThread
TerminateThread
CreateDirectoryA
SetFileAttributesA
GetExitCodeThread
CopyFileA
GetSystemDirectoryA
WaitForSingleObject
CreateProcessA
Sleep
GetCurrentThreadId
FreeLibrary
OutputDebugStringA
GetCurrentDirectoryA
ReadFile
CreateFileA
GetNumberFormatA
GetCurrentProcess
GetVersionExA
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
SetEvent
LocalFree
FormatMessageA
GetDiskFreeSpaceExA
WriteFile
GlobalUnlock
GlobalFree
GlobalAlloc
SetThreadPriority
GlobalLock
DeleteCriticalSection
InitializeCriticalSection
MoveFileA
GetFileSize
GetModuleFileNameA
FlushFileBuffers
GetTempPathA
WinExec
VirtualFree
VirtualAlloc
FileTimeToSystemTime
FileTimeToLocalFileTime
FindCloseChangeNotification
FindNextChangeNotification
WaitForMultipleObjects
FindFirstChangeNotificationA
CreateEventA
SetCurrentDirectoryA
FindClose
FindNextFileA
FindFirstFileA
GetLogicalDrives
GetFileAttributesA
ResetEvent
GetDriveTypeA
RaiseException
GetSystemInfo
VirtualQuery
InterlockedIncrement
GetCurrentProcessId
CreateMutexA
ReleaseMutex
RemoveDirectoryA
MulDiv
GetLocalTime
lstrcpynA
SetFilePointer
IsDBCSLeadByteEx
GetFileTime
SystemTimeToFileTime
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
DeviceIoControl
lstrcatA
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
FormatMessageW
CreateFileW
SleepEx
GetComputerNameA
Process32Next
TerminateProcess
GetExitCodeProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
SetUnhandledExceptionFilter
IsBadReadPtr
SetEnvironmentVariableA
Module32Next
Module32First
ReadProcessMemory
GetThreadContext
GetCurrentThread
SetEndOfFile
UnlockFile
LockFile
LockFileEx
GetSystemTime
GetSystemTimeAsFileTime
GetFileAttributesW
DeleteFileW
AreFileApisANSI
GetTempPathW
TlsSetValue
TlsGetValue
TlsAlloc
LoadLibraryW
GetFullPathNameA
GetFullPathNameW
ExitThread
InterlockedExchangeAdd
DeleteTimerQueueTimer
CreateTimerQueueTimer
DeleteTimerQueue
CreateTimerQueue
VirtualAllocEx
VirtualFreeEx
QueryDosDeviceA
WriteProcessMemory
SetFilePointerEx
CancelIo
ReadDirectoryChangesW
FreeResource
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetModuleFileNameW
lstrcmpA
VirtualProtect
GetThreadLocale
SuspendThread
DuplicateHandle
GetVolumeInformationA
GetProfileIntA
LocalAlloc
LoadLibraryExA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GlobalReAlloc
GlobalHandle
LocalReAlloc
TlsFree
WritePrivateProfileStringA
GlobalFlags
GetCPInfo
GetOEMCP
FindResourceExA
SetErrorMode
RtlUnwind
UnhandledExceptionFilter
IsDebuggerPresent
GetTimeFormatA
GetDateFormatA
ExitProcess
GetCommandLineA
GetStartupInfoA
SetStdHandle
GetFileType
HeapSize
HeapDestroy
HeapCreate
GetStdHandle
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
SetHandleCount
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
WideCharToMultiByte
lstrlenW
CompareStringA
CompareStringW
GetEnvironmentVariableA
MultiByteToWideChar
InterlockedExchange
GetVersion
ResumeThread

user32

RegisterWindowMessageA
EndDialog
CheckMenuItem
GetMenuItemCount
GetMenu
GetActiveWindow
SetWindowPos
FlashWindowEx
LoadAcceleratorsA
InsertMenuA
InvalidateRgn
GetCapture
GetMenuItemID
TrackPopupMenu
SetMenuDefaultItem
PostThreadMessageA
EqualRect
AnimateWindow
DestroyWindow
GetWindowThreadProcessId
keybd_event
SetFocus
EnumChildWindows
GetMonitorInfoA
MonitorFromRect
MessageBoxA
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
CreateDialogIndirectParamA
SetActiveWindow
GetMenuState
GetWindow
IsIconic
CallWindowProcA
GetDlgCtrlID
AdjustWindowRectEx
RegisterClassA
GetClassInfoA
GetClassInfoExA
CreateWindowExA
ShowScrollBar
MapWindowPoints
GetMessagePos
GetMessageTime
GetTopWindow
GetLastActivePopup
GetWindowTextLengthA
RemovePropA
MsgWaitForMultipleObjects
SetPropA
GetClassLongA
IsChild
WinHelpA
SendDlgItemMessageA
ModifyMenuA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetWindowPlacement
IsDlgButtonChecked
IsDialogMessageA
MoveWindow
BeginPaint
EndPaint
GetMenuItemInfoA
DestroyMenu
IsZoomed
SetRectEmpty
GetAsyncKeyState
MapDialogRect
ValidateRect
GetMessageA
GetDCEx
ShowOwnedPopups
SetWindowContextHelpId
RegisterClipboardFormatA
GetNextDlgGroupItem
MessageBeep
CopyAcceleratorTableA
IsRectEmpty
TranslateAcceleratorA
SetMenu
BringWindowToTop
InsertMenuItemA
ReuseDDElParam
UnpackDDElParam
UnionRect
CharNextA
SetParent
GetCursorPos
LoadCursorA
SetCursor
PtInRect
LoadBitmapA
GetClientRect
SendMessageA
GetWindowRect
EnableWindow
CharUpperA
DispatchMessageA
PeekMessageA
DeleteMenu
ReleaseDC
GetDC
OffsetRect
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
EnumWindows
GetClassNameA
SystemParametersInfoA
RedrawWindow
DrawFocusRect
CopyRect
SetWindowTextA
LockWindowUpdate
GetSysColor
GetKeyState
IntersectRect
InflateRect
DrawAnimatedRects
FindWindowExA
UnregisterClassA
DefWindowProcA
RegisterClassExA
GetWindowTextA
TranslateMessage
GetSysColorBrush
GetWindowDC
SetWindowRgn
GetWindowLongA
SetWindowLongA
GetParent
LoadIconA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
ShowWindow
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
ExitWindowsEx
SetWindowsHookExA
SendMessageTimeoutA
GetFocus
PostQuitMessage
UnhookWindowsHookEx
ReleaseCapture
CallNextHookEx
GetForegroundWindow
GetSystemMetrics
IsWindow
FindWindowA
FillRect
SetForegroundWindow
GetDesktopWindow
SetCapture
KillTimer
SetTimer
IsWindowVisible
UpdateWindow
ScreenToClient
ClientToScreen
LoadMenuA
GetSubMenu
EnableMenuItem
SetRect
InvalidateRect
WindowFromPoint
EndMenu
SetMenuInfo
AppendMenuA
CreatePopupMenu
GetPropA
PostMessageA

gdi32

RestoreDC
SaveDC
SetTextColor
GetClipBox
PatBlt
CreateRectRgnIndirect
SetBkMode
GetTextColor
GetViewportOrgEx
SetViewportOrgEx
FillRgn
FrameRgn
CreateRoundRectRgn
CreateRectRgn
ExcludeClipRect
IntersectClipRect
SetTextAlign
CombineRgn
GetDIBits
CreateFontIndirectA
CreateDCA
MoveToEx
LineTo
GetStockObject
GetDeviceCaps
CreateSolidBrush
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SelectClipRgn
GetPixel
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
GetObjectType
EnumFontFamiliesExA
GetRgnBox
SetRectRgn
GetTextMetricsA
GetWindowExtEx
GetViewportExtEx
GetBkColor
RoundRect
Rectangle
CreatePen
GetTextExtentPoint32A
DPtoLP
BitBlt
CreateFontA
SelectObject
StretchBlt
GetObjectA
DeleteDC
DeleteObject
SetBkColor
SetMapMode
GetMapMode
CreateCompatibleBitmap
CreateBitmap
CreateCompatibleDC

comdlg32

GetFileTitleA
ChooseFontA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

AdjustTokenPrivileges
OpenProcessToken
CryptGenKey
CryptImportKey
CryptAcquireContextA
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptReleaseContext
CryptDestroyKey
CryptDestroyHash
CryptEncrypt
CryptDecrypt
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumValueA
StartServiceA
ChangeServiceConfigA
CloseServiceHandle
OpenServiceA
CreateServiceA
OpenSCManagerA
DeleteService
ControlService
RegDeleteKeyA
RegOpenKeyA
RegEnumKeyA
RegQueryValueA
LookupPrivilegeValueA

comctl32

_TrackMouseEvent

shlwapi

PathFindExtensionA
UrlUnescapeA
PathIsUNCA
PathStripToRootA
PathCanonicalizeA
PathRemoveBackslashA
PathFileExistsA
PathAppendA
SHDeleteKeyA
PathFindFileNameA

oledlg

ord8

ole32

CoCreateInstance
CoUninitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
StgOpenStorageOnILockBytes
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CoTaskMemAlloc
CoInitialize
CLSIDFromProgID
CoGetClassObject
OleRun
CoTaskMemFree
CoCreateGuid
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleSetContainedObject
OleDuplicateData
ReleaseStgMedium
OleCreateStaticFromData
OleInitialize

oleaut32

SafeArrayDestroy
VariantCopy
SafeArrayCreate
SafeArrayGetElemsize
VariantChangeType
SysStringLen
CreateErrorInfo
SetErrorInfo
GetErrorInfo
SysStringByteLen
SysAllocStringByteLen
VarDateFromStr
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
VariantClear
SysAllocString
VariantInit
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SysFreeString
OleCreateFontIndirect

urlmon

FindMimeFromData
URLDownloadToFileA

dbghelp

SymGetOptions
SymGetModuleInfo64
SymFromAddr
SymGetSymFromAddr64
SymGetLineFromAddr64
SymFunctionTableAccess64
StackWalk64
SymSetOptions
SymInitialize
SymCleanup
SymGetModuleBase64

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wsock32

sendto
WSASetLastError
select
recvfrom

xkcsdk_fg

xk_IsXMovie

Exports

Exports

DES_DecFinal
DES_DecInit
DES_DecUpdate
DES_EncFinal
DES_EncInit
DES_EncUpdate
DES_KeySchedule
DES_SetAlgInfo
FcTrace
b64_ntop
b64_pton

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 592KB - Virtual size: 591KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Fileguri
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9.5MB - Virtual size: 9.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
msvcr100.dll
.dll windows:5 windows x86 arch:x86

5271d5ce8b44dd47bc92563e27585466

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

05:c5:93:9c:0d:cd:fc:08:2e:51:ee:8e:e1:e0:0f:4b:d3:83:4c:d6
Signer

Actual PE Digest

05:c5:93:9c:0d:cd:fc:08:2e:51:ee:8e:e1:e0:0f:4b:d3:83:4c:d6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msvcr100.i386.pdb

Imports

kernel32

EncodePointer
DecodePointer
RaiseException
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetCurrentThreadId
TlsGetValue
GetCommandLineW
GetCommandLineA
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitThread
CloseHandle
GetLastError
ResumeThread
CreateThread
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
FindNextFileA
FindFirstFileExA
FindClose
FindNextFileW
FindFirstFileExW
GetLogicalDrives
GetDiskFreeSpaceA
FileTimeToSystemTime
FileTimeToLocalFileTime
SetErrorMode
Sleep
Beep
GetFileAttributesA
SetFileAttributesA
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFullPathNameA
GetDriveTypeW
GetCurrentProcessId
CreateDirectoryA
MoveFileA
RemoveDirectoryA
GetDriveTypeA
DeleteFileA
GetFileAttributesW
SetEnvironmentVariableW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
MoveFileW
RemoveDirectoryW
DeleteFileW
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
LoadLibraryA
FreeLibrary
CreateProcessW
ReadFile
DuplicateHandle
GetCurrentProcess
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetLocalTime
WideCharToMultiByte
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetLocalTime
InterlockedPopEntrySList
InterlockedFlushSList
QueryDepthSList
InterlockedPushEntrySList
CreateTimerQueue
CreateTimerQueueTimer
DeleteTimerQueueTimer
SetEvent
CreateEventW
SwitchToThread
SignalObjectAndWait
TryEnterCriticalSection
GetTickCount
VirtualFree
GetVersionExW
SetThreadPriority
VirtualAlloc
GetSystemInfo
GetProcessAffinityMask
VirtualProtect
SetThreadAffinityMask
InitializeSListHead
ReleaseSemaphore
CreateSemaphoreW
WaitForMultipleObjects
GetThreadPriority
LoadLibraryW
SleepEx
OutputDebugStringW
FreeLibraryAndExitThread
GetModuleHandleA
GetThreadTimes
DebugBreak
MultiByteToWideChar
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
GetTimeFormatW
GetDateFormatW
RtlUnwind
HeapAlloc
HeapFree
HeapCreate
HeapDestroy
HeapQueryInformation
HeapReAlloc
HeapSize
HeapValidate
HeapCompact
HeapWalk
VirtualQuery
SetHandleCount
GetFileType
GetStartupInfoW
GetFileInformationByHandle
PeekNamedPipe
CreateFileA
CreateFileW
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CreatePipe
SetStdHandle
ReadConsoleInputA
SetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ReadConsoleInputW
WriteConsoleW
ReadConsoleW
SetEndOfFile
GetProcessHeap
InterlockedExchange
LockFile
UnlockFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
SetConsoleCtrlHandler
GetLocaleInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
LCMapStringW
CompareStringW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsProcessorFeaturePresent

Exports

Exports

$I10_OUTPUT
??0?$_SpinWait@$00@details@Concurrency@@QAE@P6AXXZ@Z
??0?$_SpinWait@$0A@@details@Concurrency@@QAE@P6AXXZ@Z
??0SchedulerPolicy@Concurrency@@QAA@IZZ
??0SchedulerPolicy@Concurrency@@QAE@ABV01@@Z
??0SchedulerPolicy@Concurrency@@QAE@XZ
??0_NonReentrantBlockingLock@details@Concurrency@@QAE@XZ
??0_NonReentrantPPLLock@details@Concurrency@@QAE@XZ
??0_ReaderWriterLock@details@Concurrency@@QAE@XZ
??0_ReentrantBlockingLock@details@Concurrency@@QAE@XZ
??0_ReentrantLock@details@Concurrency@@QAE@XZ
??0_ReentrantPPLLock@details@Concurrency@@QAE@XZ
??0_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z
??0_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z
??0_SpinLock@details@Concurrency@@QAE@ACJ@Z
??0_TaskCollection@details@Concurrency@@QAE@XZ
??0_Timer@details@Concurrency@@IAE@I_N@Z
??0__non_rtti_object@std@@QAE@ABV01@@Z
??0__non_rtti_object@std@@QAE@PBD@Z
??0bad_cast@std@@AAE@PBQBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??0bad_target@Concurrency@@QAE@PBD@Z
??0bad_target@Concurrency@@QAE@XZ
??0bad_typeid@std@@QAE@ABV01@@Z
??0bad_typeid@std@@QAE@PBD@Z
??0context_self_unblock@Concurrency@@QAE@PBD@Z
??0context_self_unblock@Concurrency@@QAE@XZ
??0context_unblock_unbalanced@Concurrency@@QAE@PBD@Z
??0context_unblock_unbalanced@Concurrency@@QAE@XZ
??0critical_section@Concurrency@@QAE@XZ
??0default_scheduler_exists@Concurrency@@QAE@PBD@Z
??0default_scheduler_exists@Concurrency@@QAE@XZ
??0event@Concurrency@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABQBDH@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??0improper_lock@Concurrency@@QAE@PBD@Z
??0improper_lock@Concurrency@@QAE@XZ
??0improper_scheduler_attach@Concurrency@@QAE@PBD@Z
??0improper_scheduler_attach@Concurrency@@QAE@XZ
??0improper_scheduler_detach@Concurrency@@QAE@PBD@Z
??0improper_scheduler_detach@Concurrency@@QAE@XZ
??0improper_scheduler_reference@Concurrency@@QAE@PBD@Z
??0improper_scheduler_reference@Concurrency@@QAE@XZ
??0invalid_link_target@Concurrency@@QAE@PBD@Z
??0invalid_link_target@Concurrency@@QAE@XZ
??0invalid_multiple_scheduling@Concurrency@@QAE@PBD@Z
??0invalid_multiple_scheduling@Concurrency@@QAE@XZ
??0invalid_operation@Concurrency@@QAE@PBD@Z
??0invalid_operation@Concurrency@@QAE@XZ
??0invalid_oversubscribe_operation@Concurrency@@QAE@PBD@Z
??0invalid_oversubscribe_operation@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_key@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_key@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_thread_specification@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_thread_specification@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_value@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_value@Concurrency@@QAE@XZ
??0message_not_found@Concurrency@@QAE@PBD@Z
??0message_not_found@Concurrency@@QAE@XZ
??0missing_wait@Concurrency@@QAE@PBD@Z
??0missing_wait@Concurrency@@QAE@XZ
??0nested_scheduler_missing_detach@Concurrency@@QAE@PBD@Z
??0nested_scheduler_missing_detach@Concurrency@@QAE@XZ
??0operation_timed_out@Concurrency@@QAE@PBD@Z
??0operation_timed_out@Concurrency@@QAE@XZ
??0reader_writer_lock@Concurrency@@QAE@XZ
??0scheduler_not_attached@Concurrency@@QAE@PBD@Z
??0scheduler_not_attached@Concurrency@@QAE@XZ
??0scheduler_resource_allocation_error@Concurrency@@QAE@J@Z
??0scheduler_resource_allocation_error@Concurrency@@QAE@PBDJ@Z
??0scoped_lock@critical_section@Concurrency@@QAE@AAV12@@Z
??0scoped_lock@reader_writer_lock@Concurrency@@QAE@AAV12@@Z
??0scoped_lock_read@reader_writer_lock@Concurrency@@QAE@AAV12@@Z
??0task_canceled@details@Concurrency@@QAE@PBD@Z
??0task_canceled@details@Concurrency@@QAE@XZ
??0unsupported_os@Concurrency@@QAE@PBD@Z
??0unsupported_os@Concurrency@@QAE@XZ
??1SchedulerPolicy@Concurrency@@QAE@XZ
??1_NonReentrantBlockingLock@details@Concurrency@@QAE@XZ
??1_ReentrantBlockingLock@details@Concurrency@@QAE@XZ
??1_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@XZ
??1_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@XZ
??1_SpinLock@details@Concurrency@@QAE@XZ
??1_TaskCollection@details@Concurrency@@QAE@XZ
??1_Timer@details@Concurrency@@IAE@XZ
??1__non_rtti_object@std@@UAE@XZ
??1bad_cast@std@@UAE@XZ
??1bad_typeid@std@@UAE@XZ
??1critical_section@Concurrency@@QAE@XZ
??1event@Concurrency@@QAE@XZ
??1exception@std@@UAE@XZ
??1reader_writer_lock@Concurrency@@QAE@XZ
??1scoped_lock@critical_section@Concurrency@@QAE@XZ
??1scoped_lock@reader_writer_lock@Concurrency@@QAE@XZ
??1scoped_lock_read@reader_writer_lock@Concurrency@@QAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??2@YAPAXIHPBDH@Z
??3@YAXPAX@Z
??4?$_SpinWait@$00@details@Concurrency@@QAEAAV012@ABV012@@Z
??4?$_SpinWait@$0A@@details@Concurrency@@QAEAAV012@ABV012@@Z
??4SchedulerPolicy@Concurrency@@QAEAAV01@ABV01@@Z
??4__non_rtti_object@std@@QAEAAV01@ABV01@@Z
??4bad_cast@std@@QAEAAV01@ABV01@@Z
??4bad_typeid@std@@QAEAAV01@ABV01@@Z
??4exception@std@@QAEAAV01@ABV01@@Z
??8type_info@@QBE_NABV0@@Z
??9type_info@@QBE_NABV0@@Z
??_7__non_rtti_object@std@@6B@
??_7bad_cast@std@@6B@
??_7bad_typeid@std@@6B@
??_7exception@@6B@
??_7exception@std@@6B@
??_F?$_SpinWait@$00@details@Concurrency@@QAEXXZ
??_F?$_SpinWait@$0A@@details@Concurrency@@QAEXXZ
??_Fbad_cast@std@@QAEXXZ
??_Fbad_typeid@std@@QAEXXZ
??_U@YAPAXI@Z
??_U@YAPAXIHPBDH@Z
??_V@YAXPAX@Z
?Alloc@Concurrency@@YAPAXI@Z
?Block@Context@Concurrency@@SAXXZ
?Create@CurrentScheduler@Concurrency@@SAXABVSchedulerPolicy@2@@Z
?Create@Scheduler@Concurrency@@SAPAV12@ABVSchedulerPolicy@2@@Z
?CreateResourceManager@Concurrency@@YAPAUIResourceManager@1@XZ
?CreateScheduleGroup@CurrentScheduler@Concurrency@@SAPAVScheduleGroup@2@XZ
?CurrentContext@Context@Concurrency@@SAPAV12@XZ
?Detach@CurrentScheduler@Concurrency@@SAXXZ
?DisableTracing@Concurrency@@YAJXZ
?EnableTracing@Concurrency@@YAJXZ
?Free@Concurrency@@YAXPAX@Z
?Get@CurrentScheduler@Concurrency@@SAPAVScheduler@2@XZ
?GetExecutionContextId@Concurrency@@YAIXZ
?GetNumberOfVirtualProcessors@CurrentScheduler@Concurrency@@SAIXZ
?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ
?GetPolicy@CurrentScheduler@Concurrency@@SA?AVSchedulerPolicy@2@XZ
?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z
?GetProcessorCount@Concurrency@@YAIXZ
?GetProcessorNodeCount@Concurrency@@YAIXZ
?GetSchedulerId@Concurrency@@YAIXZ
?GetSharedTimerQueue@details@Concurrency@@YAPAXXZ
?Id@Context@Concurrency@@SAIXZ
?Id@CurrentScheduler@Concurrency@@SAIXZ
?IsCurrentTaskCollectionCanceling@Context@Concurrency@@SA_NXZ
?Log2@details@Concurrency@@YAKI@Z
?Oversubscribe@Context@Concurrency@@SAX_N@Z
?RegisterShutdownEvent@CurrentScheduler@Concurrency@@SAXPAX@Z
?ResetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXXZ
?ScheduleGroupId@Context@Concurrency@@SAIXZ
?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPAX@Z0@Z
?SetConcurrencyLimits@SchedulerPolicy@Concurrency@@QAEXII@Z
?SetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXABVSchedulerPolicy@2@@Z
?SetPolicyValue@SchedulerPolicy@Concurrency@@QAEIW4PolicyElementKey@2@I@Z
?VirtualProcessorId@Context@Concurrency@@SAIXZ
?Yield@Context@Concurrency@@SAXXZ
?_Abort@_StructuredTaskCollection@details@Concurrency@@AAEXXZ
?_Acquire@_NonReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Acquire@_NonReentrantPPLLock@details@Concurrency@@QAEXPAX@Z
?_Acquire@_ReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Acquire@_ReentrantLock@details@Concurrency@@QAEXXZ
?_Acquire@_ReentrantPPLLock@details@Concurrency@@QAEXPAX@Z
?_AcquireRead@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_AcquireWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_Cancel@_StructuredTaskCollection@details@Concurrency@@QAEXXZ
?_Cancel@_TaskCollection@details@Concurrency@@QAEXXZ
?_CheckTaskCollection@_UnrealizedChore@details@Concurrency@@IAEXXZ
?_ConcRT_Assert@details@Concurrency@@YAXPBD0H@Z
?_ConcRT_CoreAssert@details@Concurrency@@YAXPBD0H@Z
?_ConcRT_DumpMessage@details@Concurrency@@YAXPB_WZZ
?_ConcRT_Trace@details@Concurrency@@YAXHPB_WZZ
?_Copy_str@exception@std@@AAEXPBD@Z
?_DoYield@?$_SpinWait@$00@details@Concurrency@@IAEXXZ
?_DoYield@?$_SpinWait@$0A@@details@Concurrency@@IAEXXZ
?_IsCanceling@_StructuredTaskCollection@details@Concurrency@@QAE_NXZ
?_IsCanceling@_TaskCollection@details@Concurrency@@QAE_NXZ
?_Name_base@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_Name_base_internal@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_NumberOfSpins@?$_SpinWait@$00@details@Concurrency@@IAEKXZ
?_NumberOfSpins@?$_SpinWait@$0A@@details@Concurrency@@IAEKXZ
?_Release@_NonReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Release@_NonReentrantPPLLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantPPLLock@details@Concurrency@@QAEXXZ
?_ReleaseRead@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_ReleaseWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_Reset@?$_SpinWait@$00@details@Concurrency@@IAEXXZ
?_Reset@?$_SpinWait@$0A@@details@Concurrency@@IAEXXZ
?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z
?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z
?_Schedule@_StructuredTaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@@Z
?_Schedule@_TaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@@Z
?_SetSpinCount@?$_SpinWait@$00@details@Concurrency@@QAEXI@Z
?_SetSpinCount@?$_SpinWait@$0A@@details@Concurrency@@QAEXI@Z
?_ShouldSpinAgain@?$_SpinWait@$00@details@Concurrency@@IAE_NXZ
?_ShouldSpinAgain@?$_SpinWait@$0A@@details@Concurrency@@IAE_NXZ
?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ
?_SpinOnce@?$_SpinWait@$0A@@details@Concurrency@@QAE_NXZ
?_SpinYield@Context@Concurrency@@SAXXZ
?_Start@_Timer@details@Concurrency@@IAEXXZ
?_Stop@_Timer@details@Concurrency@@IAEXXZ
?_Tidy@exception@std@@AAEXXZ
?_Trace_ppl_function@Concurrency@@YAXABU_GUID@@EW4ConcRT_EventType@1@@Z
?_TryAcquire@_NonReentrantBlockingLock@details@Concurrency@@QAE_NXZ
?_TryAcquire@_ReentrantBlockingLock@details@Concurrency@@QAE_NXZ
?_TryAcquire@_ReentrantLock@details@Concurrency@@QAE_NXZ
?_TryAcquireWrite@_ReaderWriterLock@details@Concurrency@@QAE_NXZ
?_Type_info_dtor@type_info@@CAXPAV1@@Z
?_Type_info_dtor_internal@type_info@@CAXPAV1@@Z
?_UnderlyingYield@details@Concurrency@@YAXXZ
?_ValidateExecute@@YAHP6GHXZ@Z
?_ValidateRead@@YAHPBXI@Z
?_ValidateWrite@@YAHPAXI@Z
?_Value@_SpinCount@details@Concurrency@@SAIXZ
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrCompare@@YA_NPBX0@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?_inconsistency@@YAXXZ
?_invalid_parameter@@YAXPBG00II@Z
?_is_exception_typeof@@YAHABVtype_info@@PAU_EXCEPTION_POINTERS@@@Z
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
?_open@@YAHPBDHH@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZH@Z
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?_sopen@@YAHPBDHHH@Z
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?_wopen@@YAHPB_WHH@Z
?_wsopen@@YAHPB_WHHH@Z
?before@type_info@@QBEHABV1@@Z
?get_error_code@scheduler_resource_allocation_error@Concurrency@@QBEJXZ
?lock@critical_section@Concurrency@@QAEXXZ
?lock@reader_writer_lock@Concurrency@@QAEXXZ
?lock_read@reader_writer_lock@Concurrency@@QAEXXZ
?name@type_info@@QBEPBDPAU__type_info_node@@@Z
?native_handle@critical_section@Concurrency@@QAEAAV12@XZ
?raw_name@type_info@@QBEPBDXZ
?reset@event@Concurrency@@QAEXXZ
?set@event@Concurrency@@QAEXXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZH@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZH@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?swprintf@@YAHPAGIPBGZZ
?swprintf@@YAHPA_WIPB_WZZ
?terminate@@YAXXZ
?try_lock@critical_section@Concurrency@@QAE_NXZ
?try_lock@reader_writer_lock@Concurrency@@QAE_NXZ
?try_lock_read@reader_writer_lock@Concurrency@@QAE_NXZ
?unexpected@@YAXXZ
?unlock@critical_section@Concurrency@@QAEXXZ
?unlock@reader_writer_lock@Concurrency@@QAEXXZ
?vswprintf@@YAHPA_WIPB_WPAD@Z
?wait@Concurrency@@YAXI@Z
?wait@event@Concurrency@@QAEII@Z
?wait_for_multiple@event@Concurrency@@SAIPAPAV12@I_NI@Z
?what@exception@std@@UBEPBDXZ
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CRT_RTC_INIT
_CRT_RTC_INITW
_CreateFrameInfo
_CxxThrowException
_EH_prolog
_FindAndUnlinkFrame
_Getdays
_Getmonths
_Gettnames
_HUGE
_IsExceptionObjectToBeDestroyed
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_Strftime
_XcptFilter
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CppXcptFilter
__CxxCallUnwindDelDtor
__CxxCallUnwindDtor
__CxxCallUnwindStdDelDtor
__CxxCallUnwindVecDtor
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__STRINGTOLD_L
__TypeMatch
___fls_getvalue@4
___fls_setvalue@8
___lc_codepage_func
___lc_collate_cp_func
___lc_handle_func
___mb_cur_max_func
___mb_cur_max_l_func
___setlc_active_func
___unguarded_readlc_active_add_func
__argc
__argv
__badioinfo
__clean_type_info_names_internal
__control87_2
__create_locale
__crtCompareStringA
__crtCompareStringW
__crtLCMapStringA
__crtLCMapStringW
__daylight
__dllonexit
__doserrno
__dstbias
__fpecode
__free_locale
__get_current_locale
__get_flsindex
__get_tlsindex
__getmainargs
__initenv
__iob_func
__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__lconv
__lconv_init
__libm_sse2_acos
__libm_sse2_acosf
__libm_sse2_asin
__libm_sse2_asinf
__libm_sse2_atan
__libm_sse2_atan2
__libm_sse2_atanf
__libm_sse2_cos
__libm_sse2_cosf
__libm_sse2_exp
__libm_sse2_expf
__libm_sse2_log
__libm_sse2_log10
__libm_sse2_log10f
__libm_sse2_logf
__libm_sse2_pow
__libm_sse2_powf
__libm_sse2_sin
__libm_sse2_sinf
__libm_sse2_tan
__libm_sse2_tanf
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__wpgmptr
__pctype_func
__pioinfo
__pwctype_func
__pxcptinfoptrs
__report_gsfailure
__set_app_type
__set_flsgetvalue
__setlc_active
__setusermatherr
__strncnt
__swprintf_l
__sys_errlist
__sys_nerr
__threadhandle
__threadid
__timezone
__toascii
__tzname
__unDName
__unDNameEx
__unDNameHelper
__uncaught_exception
__unguarded_readlc_active
__vswprintf_l
__wargv
__wcserror
__wcserror_s
__wcsncnt
__wgetmainargs
__winitenv
_abnormal_termination
_abs64
_access
_access_s
_acmdln
_aligned_free
_aligned_malloc
_aligned_msize
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_offset_recalloc
_aligned_realloc
_aligned_recalloc
_amsg_exit
_assert
_atodbl
_atodbl_l
_atof_l
_atoflt
_atoflt_l
_atoi64
_atoi64_l
_atoi_l
_atol_l
_atoldbl
_atoldbl_l
_beep
_beginthread
_beginthreadex
_byteswap_uint64
_byteswap_ulong
_byteswap_ushort
_c_exit
_cabs
_callnewh
_calloc_crt
_cexit
_cgets
_cgets_s
_cgetws
_cgetws_s
_chdir
_chdrive
_chgsign
_chkesp
_chmod
_chsize
_chsize_s
_clearfp
_close
_commit
_commode
_configthreadlocale
_control87
_controlfp
_controlfp_s
_copysign
_cprintf
_cprintf_l
_cprintf_p

Sections

.text
Size: 709KB - Virtual size: 708KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nat.dll
.dll windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

79:0e:14:99:c3:ed:6d:b2:64:dc:3d:92:2b:03:6f:e4
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

06/10/2014, 00:00

Not After

05/11/2015, 23:59

Subject

CN=KGRID CO.\,Ltd,O=KGRID CO.\,Ltd,L=Gangnam-gu,ST=SEOUL,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

96:22:1f:a0:72:4c:2b:61:2c:53:5a:41:98:4a:2d:02:78:01:e0:9d
Signer

Actual PE Digest

96:22:1f:a0:72:4c:2b:61:2c:53:5a:41:98:4a:2d:02:78:01:e0:9d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

_AddHttpServer
_AddServer
_AddServerW
_AppendServer
_AutoSetupServiceApp
_Delete_KGRID
_DownloadCompleteFile
_ExistFile
_GetCurrentFileSize
_GetCurrentFileSize_KGRID
_GetCurrentPeerInfo
_GetKGridHashW
_GetLivePeerCount
_GetMaxSpeed
_GetTraffic
_GetTraffic_KGRID
_Init
_Init_KGRID
_New_KGRID
_NotUseServiceApp
_ReceiveSize
_ReceiveSize_KGRID
_ResumeDownload
_SetCutSpeed
_SetDownloadSpeed
_SetDownloadSpeed2
_SetDownloadSpeed_KGRID
_SetFileServerPeerCount
_SetInitServerPeerConnectCount
_SetServerConnectCount
_Speed
_Speed_KGRID
_StartDownload
_StartDownload2
_StartDownload2W
_StartDownload3
_StartDownloadForLivePeer
_StartDownloadW
_StartDownloadW_KHash
_StartDownload_Chunk
_StartDownload_KGRID
_StartDownload_NHash
_Status
_Status_KGRID
_StopDownload
_StopDownload_KGRID
_SuspendDownload
_UnInit
_UnInit_KGRID
_UseDebugView

Sections

UPX0
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 615KB - Virtual size: 616KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 806B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
nat2.dll
.dll windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

79:0e:14:99:c3:ed:6d:b2:64:dc:3d:92:2b:03:6f:e4
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

06/10/2014, 00:00

Not After

05/11/2015, 23:59

Subject

CN=KGRID CO.\,Ltd,O=KGRID CO.\,Ltd,L=Gangnam-gu,ST=SEOUL,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

96:22:1f:a0:72:4c:2b:61:2c:53:5a:41:98:4a:2d:02:78:01:e0:9d
Signer

Actual PE Digest

96:22:1f:a0:72:4c:2b:61:2c:53:5a:41:98:4a:2d:02:78:01:e0:9d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

_AddHttpServer
_AddServer
_AddServerW
_AppendServer
_AutoSetupServiceApp
_Delete_KGRID
_DownloadCompleteFile
_ExistFile
_GetCurrentFileSize
_GetCurrentFileSize_KGRID
_GetCurrentPeerInfo
_GetKGridHashW
_GetLivePeerCount
_GetMaxSpeed
_GetTraffic
_GetTraffic_KGRID
_Init
_Init_KGRID
_New_KGRID
_NotUseServiceApp
_ReceiveSize
_ReceiveSize_KGRID
_ResumeDownload
_SetCutSpeed
_SetDownloadSpeed
_SetDownloadSpeed2
_SetDownloadSpeed_KGRID
_SetFileServerPeerCount
_SetInitServerPeerConnectCount
_SetServerConnectCount
_Speed
_Speed_KGRID
_StartDownload
_StartDownload2
_StartDownload2W
_StartDownload3
_StartDownloadForLivePeer
_StartDownloadW
_StartDownloadW_KHash
_StartDownload_Chunk
_StartDownload_KGRID
_StartDownload_NHash
_Status
_Status_KGRID
_StopDownload
_StopDownload_KGRID
_SuspendDownload
_UnInit
_UnInit_KGRID
_UseDebugView

Sections

UPX0
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 615KB - Virtual size: 616KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 806B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sfdcd.dll
.exe windows:4 windows x86 arch:x86

f741c204c6b516d49798cd018f5da657

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext

kernel32

CloseHandle
CreateEventA
CreateFileMappingA
CreateSemaphoreA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
GetCommandLineA
GetConsoleScreenBufferInfo
GetCurrentProcess
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetStdHandle
GetSystemTimeAsFileTime
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByteEx
LeaveCriticalSection
MapViewOfFile
MoveFileExA
MoveFileExW
MultiByteToWideChar
ReleaseSemaphore
ResetEvent
SetConsoleTextAttribute
SetEvent
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

_access
_close
_fdopen
_fstat
_hypot
_isatty
_lseek
_open
_read
_setmode
_strdup
_stricoll
_write
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_beginthreadex
_cexit
_errno
_filbuf
_flsbuf
_fstat64
_fstati64
_fullpath
_get_osfhandle
_iob
_isctype
_lseeki64
_mkdir
_onexit
_pctype
_rmdir
_setmode
_sopen
_stati64
_unlink
_wmkdir
_wrmdir
_wsopen
_wunlink
abort
acos
asin
atan
atan2
atexit
atof
atoi
bsearch
calloc
ceil
clock
cos
cosh
exp
fclose
fflush
floor
fopen
fprintf
fputc
fputs
fread
free
frexp
fseek
ftell
fwrite
getenv
getwc
gmtime
isspace
iswctype
ldexp
localeconv
localtime
log
log10
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
mktime
pow
putwc
qsort
realloc
setlocale
setvbuf
signal
sin
sinh
sprintf
sqrt
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strrchr
strspn
strstr
strtod
strtol
strtoul
strxfrm
tan
tanh
time
tolower
toupper
towlower
towupper
ungetc
ungetwc
vfprintf
vsprintf
wcscoll
wcsftime
wcslen
wcstombs
wcsxfrm

ws2_32

WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyaddr
gethostbyname
gethostname
getpeername
getsockname
getsockopt
htonl
htons
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Sections

.text
Size: 9.4MB - Virtual size: 9.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 783KB - Virtual size: 782KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 6.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
sffileguri.dll
.dll windows:4 windows x86 arch:x86

24762edf050822830443ea8985aba4ce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

gethostname
gethostbyname
inet_addr
WSACleanup
WSAStartup

wininet

InternetReadFile
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpQueryInfoA
InternetSetCookieA
InternetQueryOptionA
HttpSendRequestA
InternetErrorDlg
InternetQueryDataAvailable
InternetCloseHandle
InternetSetOptionA

mfc42

ord823
ord941
ord1168
ord922
ord536
ord924
ord926
ord5710
ord2820
ord3811
ord6143
ord641
ord2514
ord5981
ord6215
ord2086
ord801
ord541
ord4278
ord6283
ord6282
ord940
ord6883
ord539
ord861
ord668
ord1980
ord551
ord3310
ord3178
ord4058
ord3181
ord2781
ord2770
ord356
ord665
ord1979
ord6385
ord5186
ord2814
ord3810
ord354
ord3880
ord3425
ord3054
ord3227
ord3408
ord3758
ord5651
ord3127
ord3616
ord3663
ord5442
ord3318
ord350
ord3337
ord5265
ord4998
ord6052
ord1775
ord5280
ord4425
ord3597
ord2575
ord4396
ord3574
ord6055
ord858
ord1776
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord3402
ord4627
ord3698
ord765
ord567
ord324
ord609
ord2302
ord4234
ord4376
ord6197
ord2379
ord4710
ord5953
ord3092
ord4853
ord3097
ord5683
ord923
ord6153
ord3790
ord2763
ord5572
ord1567
ord268
ord4204
ord2614
ord939
ord540
ord2915
ord4129
ord535
ord800
ord6467
ord537
ord860
ord2818
ord815
ord825
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord3953
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1575
ord1176
ord1116
ord4078

msvcrt

qsort
_CIpow
_mbsstr
_access
_mbsicmp
memmove
fprintf
free
fwrite
fflush
ftell
_ftol
isdigit
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_mbctype
_atoi64
_purecall
atoi
fseek
malloc
fopen
_stati64
fclose
fread
_mbscmp
__CxxFrameHandler
sprintf
_onexit
__dllonexit
_filelength
_fileno

kernel32

GetLocalTime
CreateFileA
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
CreateDirectoryA
ExpandEnvironmentStringsA
RemoveDirectoryA
LeaveCriticalSection
EnterCriticalSection
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
TerminateProcess
WaitForSingleObject
CreateProcessA
DeleteFileA
GetDiskFreeSpaceA
GetDriveTypeA
GetModuleFileNameA
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
LocalFree
LocalAlloc
CloseHandle
GetLastError
FormatMessageA
FindNextFileA
GetTempPathA
GetTickCount
GetVersionExA
FindFirstFileA
FindClose
FreeLibrary
LoadLibraryA
GetProcAddress
DeleteCriticalSection
InitializeCriticalSection

user32

EnableWindow
UpdateWindow
GetDesktopWindow
SendMessageA
GetDlgItem
SetTimer
GetWindowRect
GetSystemMetrics
PeekMessageA
TranslateMessage
DispatchMessageA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHFileOperationA

oleaut32

SysAllocStringLen
SysFreeString

msvcp60

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Xlen@std@@YAXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

Exports

Exports

DownCancel
Download
End
GetFileFormat
Init
RightCheck
SmartBlock
UnzipCancel
UnzipStatus
Upload
Upload_noDNA
VideoPaidReport
VideoPaidReportEx

Sections

.text
Size: 248KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ssmfileinfo.dll
.dll windows:4 windows x86 arch:x86

36adf6a1423dacf01a70fbb863d71eb1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wmvcore

WMCreateSyncReader

winmm

mmioOpenA
mmioSeek
mmioClose
mmioAscend
mmioRead
mmioDescend

mfc42

ord561
ord825
ord815
ord800
ord823
ord2818
ord535
ord860
ord939
ord540
ord3738
ord1168
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord269
ord1197
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord3953
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord1243
ord342
ord1182
ord1577
ord1575
ord1176
ord1116

msvcrt

memcpy
memset
strncat
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
strlen
_errno
frexp
exit
ldexp
qsort
ceil
floor
memchr
_CIpow
strncmp
_CxxThrowException
_strdup
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
fflush
printf
sprintf
realloc
ftell
memmove
_ftol
_iob
fprintf
calloc
malloc
fseek
fopen
fread
free
fclose
__CxxFrameHandler
??0exception@@QAE@ABV0@@Z

kernel32

CloseHandle
SetFilePointer
GetFileSize
InterlockedIncrement
InterlockedDecrement
GetVolumeInformationA
GetProcAddress
LoadLibraryA
LocalFree
LocalAlloc
ReadFile
CreateFileA
GetLastError

user32

PeekMessageA
TranslateMessage
DispatchMessageA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ole32

CoInitialize
CoUninitialize

Exports

Exports

MusicDNAFunc_AAC
MusicDNAFunc_MP3
MusicDNAFunc_OGG
MusicDNAFunc_WAV
MusicDNAFunc_WMA

Sections

.text
Size: 232KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
unace32.exe
.exe windows:5 windows x86 arch:x86

56bac85561f78132ca190bf57013fc88

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:08:e4:25:dd:db:b3:4e:1e:26:d6:e7:85:6e:9f:b8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/09/2013, 00:00

Not After

26/12/2016, 23:59

Subject

CN=Bandisoft,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Bandisoft,L=Yeongdeungpogu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\devel\Ark5\bin\unace32.pdb

Imports

kernel32

FindResourceA
FreeLibrary
LoadResource
FindResourceExA
WideCharToMultiByte
SizeofResource
GetProcAddress
LoadLibraryA
LockResource
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCommandLineA
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
RtlUnwind
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
CloseHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xkcsdk_fg.dll
.dll windows:4 windows x86 arch:x86

293b78b217407b9a21cb08646168b0cd

Code Sign

62:8d:42:d9:9b:0e:99:6f:0a:dc:5a:ad:72:b2:0e:5e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

09/08/2013, 00:00

Not After

08/08/2016, 23:59

Subject

CN=JiranJikyosoft co.\, ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Management Dept.,O=JiranJikyosoft co.\, ltd.,L=Gangnam Gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:07:af:cd:c0:4d:30:9d:07:9d:61:11:25:0e:0d:8a:cd:d2:aa:14
Signer

Actual PE Digest

0e:07:af:cd:c0:4d:30:9d:07:9d:61:11:25:0e:0d:8a:cd:d2:aa:14

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA
HttpSendRequestA
InternetSetOptionA
HttpOpenRequestA
InternetConnectA
InternetReadFile

kernel32

GetFileTime
GetVersionExA
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalFlags
GetLocaleInfoA
GetCPInfo
GetOEMCP
GetSystemTimeAsFileTime
RtlUnwind
HeapAlloc
HeapFree
HeapReAlloc
VirtualAlloc
RaiseException
GetCommandLineA
GetProcessHeap
SetStdHandle
GetFileType
GetFileAttributesA
HeapSize
ExitProcess
GetACP
IsValidCodePage
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
LCMapStringA
LCMapStringW
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcmpA
InterlockedIncrement
SetErrorMode
GetCurrentThreadId
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
FreeLibrary
InterlockedDecrement
GetModuleFileNameW
GlobalGetAtomNameA
GetCurrentProcessId
GetProcAddress
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
LoadLibraryA
GetThreadLocale
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
CreateFileA
GetFileSize
ReadFile
WriteFile
CloseHandle
Sleep
GetModuleHandleA
GetModuleFileNameA
lstrlenA
CompareStringW
CompareStringA
GetVersion
GetLastError
MultiByteToWideChar
InterlockedExchange
DeleteFileA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource

user32

GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
SetWindowTextA
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
PostMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetWindowTextA
LoadCursorA
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassA
SetWindowsHookExA
CallNextHookEx
DispatchMessageA
GetKeyState
PeekMessageA
PostQuitMessage
DestroyMenu
ValidateRect
UnhookWindowsHookEx
GetWindowThreadProcessId
SendMessageA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
GetSystemMetrics
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
CharUpperA

gdi32

SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
Escape
TextOutA
GetStockObject
ExtTextOutA
RectVisible
PtVisible
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps
SetMapMode
RestoreDC
SaveDC
DeleteObject

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

shlwapi

PathStripToRootA
PathIsUNCA
PathFindFileNameA
PathFindExtensionA

oleaut32

VariantChangeType
VariantClear
VariantInit

Exports

Exports

xk_DelNoticeXmovie
xk_IsWebXMovie
xk_IsXMovie
xk_NoticeXmovie

Sections

.text
Size: 140KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

76:7b:94:4d:6c:8a:18:77:6c:2b:bb:51:b0:ef:9f:c1Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

1a:01:43:db:c2:89:d2:8f:15:68:b1:80:74:5f:43:23:6b:00:bc:62Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 60KB

.rsrc Size: 64KB - Virtual size: 63KB

24a4a671f5cc294ce3543d18a1e873cd

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

wininet

comctl32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

76:7b:94:4d:6c:8a:18:77:6c:2b:bb:51:b0:ef:9f:c1
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

1a:01:43:db:c2:89:d2:8f:15:68:b1:80:74:5f:43:23:6b:00:bc:62
Signer

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 60KB

.rsrc
Size: 64KB - Virtual size: 63KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 572B

UPX0
Size: - Virtual size: 36KB

UPX1
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 4KB

CODE
Size: 5KB - Virtual size: 4KB

DATA
Size: 512B - Virtual size: 144B

BSS
Size: - Virtual size: 1KB

.idata
Size: 512B - Virtual size: 454B

.edata
Size: 512B - Virtual size: 376B

.reloc
Size: 1024B - Virtual size: 536B

.rsrc
Size: 512B - Virtual size: 512B

4e:9b:45:38:ee:db:10:ab:8b:18:8a:46:dd:1d:49:6e
Certificate

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

ad:d7:eb:92:62:69:35:42:13:5b:c2:25:49:a0:a7:46:34:e8:ec:68
Signer