7e7f8592eed339d21ea95142c7019a22[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

7e7f8592eed339d21ea95142c7019a22.bin
Size

5.0MB
MD5

7e7f8592eed339d21ea95142c7019a22
SHA1

d8163bbb20d1e240695ffa4f04d4bcc4bff4f0d6
SHA256

0696b937fdacf7e80d7a222b41e7bd28a61f3043b3aaf7c7343886e93af1b39a
SHA512

90e91b497e9a151274f357e09be85caf4a3a96e14cd7b7e2498e5a3b9a31def2943a8e613e073c1f40bcdb5cd32bd2a8e8c460d8f1d90b991657afd91a9a79e4
SSDEEP

98304:wCfqRqHVkr33vSuXa0dzm3Y/mHR/NxwjZqn6NXS5r0tRF5kmH6jgoi:XfqRTvNXhJ/mHRMm61gAtR/kma8oi

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/eBoostr PRO v4.0.0.554/TB_eBoostrCP_32位系统破解补丁/EBstrSvc.exe	vmprotect
static1/unpack001/eBoostr PRO v4.0.0.554/TB_eBoostrCP_32位系统破解补丁/eBoostrCP.exe	vmprotect

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/eBoostr PRO v4.0.0.554/TB_eBoostrCP_32位系统破解补丁/EBstrSvc.exe
unpack001/eBoostr PRO v4.0.0.554/TB_eBoostrCP_32位系统破解补丁/eBoostrCP.exe
unpack001/eBoostr PRO v4.0.0.554/TB_eBoostrCP_64系统破解补丁/eBoostrCP.exe
unpack002/$PLUGINSDIR/LangDLL.dll
unpack002/$PLUGINSDIR/StartMenu.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/nsDialogs.dll
unpack002/sqlite.dll
unpack002/sqlite.dll.new

Files

7e7f8592eed339d21ea95142c7019a22.bin
.rar
eBoostr PRO v4.0.0.554/TB_eBoostrCP_32位系统破解补丁/EBstrSvc.exe
.exe windows:5 windows x86 arch:x86

d747f4a80618ace515b1cb6776c81419

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
GetLongPathNameW
GetShortPathNameA
GetPrivateProfileStringA
GetLongPathNameA
OpenProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetModuleHandleW
GetTempPathW
GetCurrentThreadId
GetCurrentProcessId
lstrcmpiW
SetConsoleCtrlHandler
DebugBreak
OutputDebugStringW
SetLastError
ReleaseMutex
MultiByteToWideChar
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetDriveTypeA
GetLocaleInfoW
WriteConsoleW
FindNextFileA
FindFirstFileA
SystemTimeToFileTime
GetModuleFileNameW
GetTickCount
FlushFileBuffers
LocalFree
FormatMessageW
SetFilePointer
WriteFile
ReadFile
SetFilePointerEx
VirtualFree
VirtualAlloc
TerminateThread
CreateThread
WaitForMultipleObjects
InterlockedExchange
Sleep
SetThreadPriority
GetCurrentThread
SetErrorMode
GetSystemTime
ResetEvent
FreeLibrary
GetProcAddress
LoadLibraryW
SetEvent
CreateEventW
lstrlenA
GetCurrentProcess
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrlenW
DeviceIoControl
GetFileInformationByHandle
MapViewOfFile
GetLastError
CreateFileMappingW
CreateMutexW
UnmapViewOfFile
CloseHandle
CreateFileW
WideCharToMultiByte
GetPrivateProfileIntW
GetShortPathNameW
GetConsoleOutputCP
WriteConsoleA
GetProcessHeap
SetEndOfFile
SetStdHandle
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetModuleHandleA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetModuleFileNameA
WaitForSingleObject
GetConsoleMode
GetConsoleCP
GetCurrentDirectoryA
PeekNamedPipe
GetFullPathNameW
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapReAlloc
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetTimeZoneInformation
HeapSize
QueryPerformanceCounter
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapFree
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
GetTimeFormatA
GetDateFormatA
HeapAlloc
DeleteFileA
ExitProcess
GetStartupInfoW
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CharNextW
MessageBoxW
CharUpperW
CharUpperBuffA
wvsprintfW
CharLowerW
LoadStringW
GetLastInputInfo
CharUpperBuffW

advapi32

UnlockServiceDatabase
LockServiceDatabase
OpenServiceW
EnumServicesStatusW
OpenSCManagerW
DeleteService
CreateServiceW
QueryServiceConfigW
QueryServiceStatus
StartServiceW
ControlService
CloseServiceHandle
DeregisterEventSource
ReportEventW
RegisterEventSourceW
StartServiceCtrlDispatcherW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegFlushKey
RegDeleteKeyW
RegisterServiceCtrlHandlerW
SetServiceStatus
FreeSid
SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

SHCreateDirectoryExA
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

sqlite

??1CppSQLite3Query@@UAE@XZ
??4CppSQLite3Query@@QAEAAV0@ABV0@@Z
?format@CppSQLite3Buffer@@UAAPBDPBDZZ
??1CppSQLite3Buffer@@UAE@XZ
??0CppSQLite3Buffer@@QAE@XZ
??1CppSQLite3Statement@@UAE@XZ
?eof@CppSQLite3Query@@UAE_NXZ
??1CTransaction@@UAE@XZ
??0CTransaction@@QAE@AAVCppSQLite3DB@@@Z
?errorCodeAsString@CppSQLite3Exception@@SAPBDH@Z
??0CppSQLite3DB@@QAE@XZ
??1CppSQLite3DB@@UAE@XZ
?finalize@CppSQLite3Query@@UAEXXZ
?getIntField@CppSQLite3Query@@UAEHPBDH@Z
?getStringField@CppSQLite3Query@@UAEPBDPBD0@Z
?execQuery@CppSQLite3Statement@@UAE?AVCppSQLite3Query@@XZ
?nextRow@CppSQLite3Query@@UAEXXZ
?getInt64Field@CppSQLite3Query@@UAE_JPBDH@Z
?bind@CppSQLite3Statement@@UAEXHH@Z
?reset@CppSQLite3Statement@@UAEXXZ

shlwapi

SHGetValueW

pdh

PdhCollectQueryData
PdhAddCounterW
PdhOpenQueryW
PdhLookupPerfNameByIndexW
PdhGetFormattedCounterValue

psapi

GetModuleFileNameExA

Exports

Exports

�t��Dp�+�(��v�=e��i//3nI��]�H�NhdG\a�+t�A<@H ��5"�G��O>��a�G�CO{l�t� ��I��\�L�J�}��,AH�Zr&*m�6V��RE1q��3�m*��v�O�~:�4A�(�$\��i4q�k��*ų�s��K`#��k�j�9m��}W(�L`,=h�ߕ�"��Plx�PR�.Jऔ��yC��{��2R&�:)�,N��:q�&��Y��jT�G�Z2{��_�л��N ��G?��b+î1��q�9�C �'�݈C�R��6�\}��$e �5;L]F_�ؔL��|r�=\p��R74��"�Ŏ�B]��\츦��߂�ӯ��~�}�@g�Y= �^Ne��{��.��Z�rPJk��7��.س��x!�^�Bi}:E��# ��XۧX��W��l��H�6K aGT�V��b��ZK[nXu� ��@Ցt�Gk��}.W1�wCuM26@f��z_��{W�Ƭ"K�\[��\쥭�f�z��>m�9�� CM#��&�<*K��cq��U��2�0R�� ?�*#&��e�YM�M�=��@3��3��:)�B�:�y��0��̚Z=��lsl�̇�`glH�RgL�q�ly��n�EHX��f�26۶ME��:G�yn��v\l��{��m. ;9"t�!�Оm��8�Z��e�;��s��1��^H�0w�wu�a�2� ��6�I��杭[]��l�{F�^"��W��ť�h��bJ�/l:7�#��A��n^�x�xT�+q"��7u�A�l�xS��}��qyt��;ۗ�"��ܖ��f�F'�G�3h�1�?��z;uM�Ώt�T��߿[�ǷE��!㎑�>=fQ��k��ii��CI؁o��D��]�m>�x r��w1ChNϊ@3�+��5��}�A OBƧ@��N(0�R��QZװO� �֛��{:�=�Y�=��"T�� 6�'c8�"�Vį{]��B��p��d��G�ڶ��w� >�ɒ��G#T�ҾJg�$O E��(k-ݨQ�*�G�6M�b[t�r�%5Mwp '��B��uz7�� h1�W�GB��<P?��yqj��M8�R�@�]�w2SCTr݇g��'�8<�U��&剮Q�p��]��$u��qܸW\*c�:��J �{5i�J�X_}�hN�e�k�-�P1 :��ށ�O�tvN"O��>��=N�i�v�|��d��p�E��h�L��I[��,v��O&�!��X��K�{��]E�r��S��ڸ��y��,�?O�t�p1@�-�5e�Q��<��K2�� 1g�G ӕ5� !3�>�n�c��R��6�4�� yt��UT�!��2Ճ(n��V��ߝvl��P�'��S��`��#Rp/�˻_Q�ݻ�C�G�4`��m�}�_Bג��k.�UƲ��P+��"gQ��L�X��g�L�ŝC2�ك�B�~�1�m�>è��hM�RU�_8u�¤=�\��o�l;��ޚ-qBA,�'�IKP��eaa�b��%��D��u��\}9�� x��9�づ_��Z��#��| Ǣ�ۊ��3�n�?��m�,��`��!��:��m�ڗ.�lHa�_׊��*)2��׵p�⣖JHaS_�]�� Yb�S�Y&ĖN�&` t�W��*�s\��+�j��D��j�e`�BJ�)1�7b&"��]�aY�|�S��h7�k�sAoK�6��#��.��y�N ��5FO�p��>"�r�za[>#��e��T�㭷Y�y��m�c�r�a�N��:L��c��B�)<�ˢ��]m��wA�y��`KE�t 5��du ZP�(��g�*1�9G��ma��q4��5/'�)�o�� )��¤��s��^G��rIa��d}��N�mRp��]�NA�� q��{�C?�+�wB"w۳��+�+��7�K:��'��<�~ ��20�?\��kW۠�$W\V�2�.��[-c��jPI�a>��J�CiS��Un��p��>i�W&��%��0��z�Ɉ$agG�@#�5�y�f��j�?EШ��--� $s��V�W-��nj��mI��7��iF��s�?�K�ߕ��0�JaZ.ᐉn@�BXi=��4:U.��"�5L��J!޸z��c70�)�VZ��r�>p��&L�lW6q��؏��v.k�17��Ė!��.@Bj��O$`m��S��ձ�q�Y �끫R\'R��.�}�0� �Yߩ�t��"g�|Fŋ�7N�AG�� u��_� ?\A��}�]�Qň"��2�帰Zi��Clr��$�by +C�hJ��x��<�Nޙ�x�A�f�M��oDs��Y�5K��gsK�\�!��d�w��8��h��I��E��^�2�Ś9��jꏠ�kȌ>J��D��M�Ls�`=�G�\�ݬ�J�60��l�T��+0˰��:�Qg/�?�O�&��̷�/XlA�k�G��w?��E�!��;��x��m��`U�?��I��g�� t��xvk��r)�&�ƐU��[]�X|h��@��E6͔�'g�V�%�a��>�=��b��,��l��`P9��;5��U�\vN��%>��xH�mX��͝32#��K�f��GMF��4�ߩ�?�5�c�=͚�F�+��.�I�M��"�n'E( ��"�\�E/[$#me��D%�M��wT�w�<E#kv2��e.��S��Փ��t1'E�Zw��G[�\ȦI~Z%>��D

Sections

.text
Size: - Virtual size: 504KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 329KB - Virtual size: 328KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
eBoostr PRO v4.0.0.554/TB_eBoostrCP_32位系统破解补丁/_Readme!.txt
eBoostr PRO v4.0.0.554/TB_eBoostrCP_32位系统破解补丁/eBoostrCP.exe
.exe windows:5 windows x86 arch:x86

a8105eeda9e6a3ba0aaca0edd3809799

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
CM_Get_Parent
CM_Request_Device_EjectW

kernel32

FindNextFileW
FindFirstFileW
GetShortPathNameW
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
GetPrivateProfileStringW
WinExec
GetSystemPowerStatus
MapViewOfFile
CreateFileMappingW
CreateMutexW
ReleaseMutex
GetExitCodeThread
lstrcmpW
lstrcpyW
GetVersionExW
ExpandEnvironmentStringsW
GetLongPathNameW
GetShortPathNameA
WideCharToMultiByte
QueryDosDeviceW
GetDriveTypeW
GetSystemTime
GetFileSize
FindClose
GetSystemDirectoryW
lstrcpynW
UnmapViewOfFile
ExpandEnvironmentStringsA
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetDriveTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
InterlockedExchange
GetConsoleCP
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetStartupInfoA
SetHandleCount
GetCurrentDirectoryA
GetFileType
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameW
HeapSize
GetModuleFileNameA
GetStdHandle
HeapReAlloc
HeapCreate
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetACP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoW
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
ExitProcess
RemoveDirectoryW
FileTimeToLocalFileTime
FileTimeToSystemTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
DeleteFileW
RtlUnwind
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
QueryPerformanceCounter
LoadLibraryW
GetProcAddress
GetTempPathW
GetCurrentProcessId
DeviceIoControl
GlobalSize
GlobalAlloc
GlobalLock
GlobalFree
GlobalUnlock
FormatMessageW
LocalFree
TerminateThread
SetLastError
GetCurrentThreadId
RaiseException
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
OpenEventW
SetEvent
Sleep
GetTickCount
WaitForMultipleObjects
ResetEvent
CreateEventW
GetLastError
WaitForSingleObject
GetOverlappedResult
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
FlushInstructionCache
InterlockedIncrement
GetVolumeInformationW
CreateThread
SetThreadPriority
SetFilePointer
ReadFile
VirtualFree
VirtualAlloc
CloseHandle
SetFilePointerEx
SetEndOfFile
WriteFile
FlushFileBuffers
CreateFileW
SetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
lstrlenA
OutputDebugStringW
DebugBreak
lstrlenW
GetCurrentProcess
GetConsoleMode
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

LoadCursorW
SetCursor
GetPropW
SetPropW
GetSysColor
ExitWindowsEx
RemovePropW
PtInRect
GetScrollInfo
DrawFrameControl
DrawFocusRect
DrawEdge
UpdateWindow
GetScrollPos
GetScrollRange
SetScrollInfo
BeginPaint
EndPaint
GetDC
ReleaseDC
DestroyIcon
LoadImageW
GetKeyState
GetActiveWindow
UnregisterClassA
EndDialog
DialogBoxParamW
SendMessageW
SetDlgItemTextW
GetParent
CharLowerW
CharUpperBuffW
SetParent
GetDlgItem
SetWindowPos
MapWindowPoints
GetClientRect
GetMonitorInfoW
MonitorFromWindow
GetWindowLongW
GetWindowRect
GetWindow
CharNextW
wvsprintfW
LoadStringW
SetWindowLongW
SetForegroundWindow
ShowWindow
IsWindowVisible
SetTimer
KillTimer
SetRectEmpty
GetClassInfoExW
RegisterClassExW
EnableMenuItem
CreateWindowExW
InvalidateRect
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetMenuItemInfoW
SetMenuItemInfoW
GetMenu
DrawMenuBar
IsDialogMessageW
BringWindowToTop
MoveWindow
SetFocus
SetScrollPos
MessageBoxW
SendInput
GetSystemMetrics
DefWindowProcW
IsIconic
RemoveMenu
CheckMenuItem
AppendMenuW
ClientToScreen
GetDlgCtrlID
GetSysColorBrush
IsMenu
EnumWindows
PostQuitMessage
GetLastInputInfo
LoadIconW
GetDesktopWindow
CharUpperW
GetWindowTextLengthW
MessageBeep
ScreenToClient
SetMenuDefaultItem
MonitorFromPoint
GetMenuItemID
TrackPopupMenu
PostMessageW
DestroyWindow
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetSubMenu
LoadMenuW
DestroyMenu
GetCursorPos
RegisterWindowMessageW
CreateDialogParamW
wsprintfW
SetRect
DrawTextW
OffsetRect
CopyRect
CallWindowProcW
IsWindow
SetDlgItemInt
IsDlgButtonChecked
GetDlgItemTextW
GetDlgItemInt
CheckDlgButton
EnableWindow
SetWindowTextW
InflateRect

gdi32

SelectObject
GetStockObject
SaveDC
GetDeviceCaps
GetCurrentPositionEx
SetTextColor
GetTextExtentPoint32W
SetBkMode
ExcludeClipRect
GetViewportOrgEx
SetMapMode
CreateSolidBrush
GetTextFaceW
RestoreDC
DeleteDC
SetBkColor
ExtTextOutW
BitBlt
CreatePen
CreateCompatibleBitmap
CreateCompatibleDC
GetClipBox
CreateFontIndirectW
DeleteObject
GetTextColor
SetWindowOrgEx
GetTextMetricsW
DPtoLP
LPtoDP
GetObjectW

advapi32

RegOpenKeyExA
RegQueryValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
OpenSCManagerW
CreateServiceW
CloseServiceHandle
RegCreateKeyExW
RegSetValueExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExA

shell32

SHFileOperationW
SHGetSpecialFolderPathW
Shell_NotifyIconW
SHGetFileInfoW
SHGetDataFromIDListW
SHGetSpecialFolderPathA
DragQueryFileW
DragFinish
SHBindToParent
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
ord165

ole32

ReleaseStgMedium
DoDragDrop
CoTaskMemRealloc
CoUninitialize
OleInitialize
CoCreateInstance
CoTaskMemAlloc
CoInitialize
CoTaskMemFree

oleaut32

VarUI4FromStr

sqlite

?open@CppSQLite3DB@@UAEXPBD_N@Z
?execDML@CppSQLite3DB@@UAEHPBD@Z
?isInitialized@CppSQLite3DB@@UAE_NXZ
?execQuery@CppSQLite3DB@@UAE?AVCppSQLite3Query@@PBD@Z
?eof@CppSQLite3Query@@UAE_NXZ
?getStringField@CppSQLite3Query@@UAEPBDPBD0@Z
?nextRow@CppSQLite3Query@@UAEXXZ
??1CppSQLite3Query@@UAE@XZ
??1CTransaction@@UAE@XZ
?close@CppSQLite3DB@@UAEXXZ
??1CppSQLite3Buffer@@UAE@XZ
?format@CppSQLite3Buffer@@UAAPBDPBDZZ
?lastRowId@CppSQLite3DB@@UAE_JXZ
??0CppSQLite3Buffer@@QAE@XZ
??0CppSQLite3DB@@QAE@XZ
??1CppSQLite3DB@@UAE@XZ
??0CTransaction@@QAE@AAVCppSQLite3DB@@@Z

shlwapi

StrRetToBufW
PathCompactPathExW
StrFromTimeIntervalW

comctl32

ImageList_Draw
ImageList_GetImageInfo
CreatePropertySheetPageW
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_SetImageCount
ImageList_SetOverlayImage
InitCommonControlsEx
ImageList_Create
PropertySheetW
DestroyPropertySheetPage

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

urlmon

URLDownloadToCacheFileW

Exports

Exports

GX𛚮�� &L�ƍ�X ��M��H�Q��:\��^"�N��T�]��ɢ0��`q߃�*zC��+��U��.��@:b�(��!�D��yM��=\d�?:n J�F�� :XRQ�duA|p/N\�'�ѐ�v�ս��$� ��M`�o�[�,��EE'�7Ȭqʸ�!��'#��'-�X�`D'�ǝ��[ �LW��9m��\�甧�I�N?�KGT]y�M!9c�>3�1DЮ�Ge��֬GጺY|��3��F�Z��G��a� \iЊ��к7��+�J� :xna<��whC�Sk�ڟ��{{D1��*�Ԕ�[Ed)%�2_��U�J��j{��Ŵk/�J��TQ(�EJ-��ʦ̳�ә+� ��R^�(�,��~�1Yh��8̃N��jO͂ ��z&�e�r�廫 �w��U��^EBٓ��Cw��Gu"(��Qje��)gTGU ��T�W6{p��? ��<Q�h<��3�~�C��e�n�`�{��H�0�?�K�܅��N4��_��[�8JM-�\p�D!�+㱄L�9��y��G��!��?��%��FyF�UB�T�!��N�{DAH�~/d�:��u��l�=��M�J<��\�`��q1ef��t��iGZ��S�s~��Ȭ �R^�,A�|�_hL�sE��~,�( ��$� �u��B�ʡA�$XQ��"ݝK��oӒ�*�j}KlX^ɜ Eh,��w/��Y�Skc@��cQ�O�0��acr��[a"%��B�j��T�1|ӷi��md�>f5��⵵xU��no�Y�N�0�۞i/�)pܒ��T" /��yT�\�\�� C| H�7�TE{��wבr�-c{�Z��)hx}}��*-��H$��O��B�umN��>�� P��aB��$�?.��,ꘑ�>+��v��&*�C�7��CQ�H�M�u2)~��TI'��ݢ1Y��|��^�-X܉��}icQ͗G�4X�s{�LRu�� g��F��y��K�Ȁ2�H��u�Z4��'m�5�I6^r�SS\��l #�|>��Q��ĥ g��z�y{@��t2��4Qy��Er�\��9SH�+��s��)�z��]�XsǊ�Q��_��FəP��}�'�2��旨��[�(��c��Ü܄�� U�}��L��#%�X��$��fly\g:bRE�v�N�6_Kc�es�g�Eֺ^0��,H�m�n�Q��0�#;��!k7�T�U�S��g��devmLT�I�܎༦3��`��c��=��hB�)�I8�u�%9��J�:�<X%��U��F��6@ԴiC[�w�ЈE�-��<�׷��+��g��'k[{g�N�Q�_�D+��3f�\rX@�%k�Ո��z��~�� J�/��r��-�ϙ��~�ᨌP"�)��P��}`�I:��m��Mh�]�uf]�co��a��x�M��Cdgϑ<�r-􌩧��?�{��k۠ $u��P8�m �m�n��p� %Yo%��;H"�A��)@Z�d�a)�Z��N��~�r�RK��/K):hD�4.��,�e�W��(��-��o�wIs�,9��A��=8�3/�c��V�a�� Zͥ��>�y7p�&��}��v�ְ��_6�դveL1HM"B��9~�p#��#P�fڛ@;H)3�[�Ǻn��J��9ٝ��ܴ��a�m��mR4��dvZ�Z��6�Il��X�2��=:ՈRM�>0ۇ��N|!c�(�[2��ݵ��ie��Ѵ�D��5��v�l,��HepJ`�0EE,��Į�.~�,�s�� .��z0�mH�Ϯ�g��ez..�Eg�.�U��|�a�)/��ԩ�� w�N��ײׯD=�»nrqA�Q�,0E��1 ��E� 8�싗��Z��"�OP`aǬ��^=-��^P��Q��G��O�Ux锂 �L]��0�gdS�@E��!^��h�d@9�b K�7gb��u`�U��}�P{�R>�ݠ�>��d�`��:V0Tpq1>�1�٩�ץy�L�Ƭ�A_��h ��wܯw ��)�rW"n��q��dS�48��t��-�c?R� ��]]�m ��H�o��f�-��T��7�s��9�1�m��:�:nM��Y/��S��`(�"�eh��"@Kn��f�fn�� ӣ ��[��Q�u��U� ��(8�_s�kӃ��f��6> �;�A�]�`P��Gg��g�+�fuV&K½y��A� �N�Q �G��>ʒ��PSr��M��+�/��yt@ѪA$�BE,�L��9r�}h�`U��E��Г��z��y<)��&\2��6q#��g*n~Sז�#�+{]|�ȋ�V�`�u��s:rm�&Q��7 ��x. ��=W�Z�Ƹ��Z7��l�2��4�c��h��eϣ��K�o']�W��o�t�D�G�İ�� XY��Ș%��.`9TLA;܎/�h<��/�4D�9��Ĝ�$9�T N�n)��q9�/��hq�!<<s��s"��:�Q�k��q��kX_�M�&Y7��:��"�ϙx&��W�#W=�0��Hh�~��:��:R^F��Ѓk\��j�x�`�V��H��Z�bPA��L��x�'�'��4 #m�v?�m��_��_u>�%|ۻ��R��oe�<��<��7H6&��,jD=�Di��NN*�I��71��&��zT 6X��G^��RbW}{��7�x�� {Z��H�S��6�S��@[]��We��b�Ϟ-��;D�h�j]�M*�J,��f?Z��>�3�TK2��H�k�?Q�� c\�=

Sections

.text
Size: - Virtual size: 802KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 570KB - Virtual size: 602KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 464KB - Virtual size: 463KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
eBoostr PRO v4.0.0.554/TB_eBoostrCP_32位系统破解补丁/nsane.nfo
eBoostr PRO v4.0.0.554/TB_eBoostrCP_64系统破解补丁/EBstrSvc.exe
.exe windows:5 windows x64 arch:x64

424ab9b61877ef265e4f24fe135a5f9e

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9a:42:ce:56:77:47:e6:ff:d7:66:ba:21:93:ef:27:23
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

06/02/2008, 00:00

Not After

05/02/2011, 23:59

Subject

CN=MDO,O=MDO,POSTALCODE=109319,STREET=Volgogradskiy prospekt 26-1,L=Moscow,ST=n/a,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

49:4e:e6:86:7b:bf:4d:13:71:5f:40:73:04:2e:8f:78:9d:61:23:7d
Signer

Actual PE Digest

49:4e:e6:86:7b:bf:4d:13:71:5f:40:73:04:2e:8f:78:9d:61:23:7d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\FirmTools\projects\eBoostr\_Release\x64\EBstrSvc.pdb

Imports

kernel32

GetPrivateProfileStringA
GetLongPathNameA
OpenProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetModuleHandleW
GetTempPathW
GetCurrentThreadId
GetCurrentProcessId
lstrcmpiW
SetConsoleCtrlHandler
DebugBreak
OutputDebugStringW
SetLastError
ReleaseMutex
MultiByteToWideChar
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetDriveTypeA
GetLocaleInfoW
WriteConsoleW
GetShortPathNameA
GetLongPathNameW
FindClose
FindNextFileA
FindFirstFileA
SystemTimeToFileTime
GetModuleFileNameW
GetTickCount
FlushFileBuffers
LocalFree
FormatMessageW
SetFilePointer
WriteFile
ReadFile
SetFilePointerEx
VirtualFree
VirtualAlloc
TerminateThread
CreateThread
WaitForMultipleObjects
Sleep
SetThreadPriority
GetCurrentThread
SetErrorMode
GetSystemTime
ResetEvent
FreeLibrary
GetProcAddress
LoadLibraryW
SetEvent
CreateEventW
lstrlenA
GetCurrentProcess
DeleteCriticalSection
lstrlenW
DeviceIoControl
GetFileInformationByHandle
MapViewOfFile
GetLastError
CreateFileMappingW
CreateMutexW
UnmapViewOfFile
CloseHandle
CreateFileW
WideCharToMultiByte
GetPrivateProfileIntW
GetShortPathNameW
GetConsoleOutputCP
WriteConsoleA
GetProcessHeap
SetEndOfFile
SetStdHandle
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetModuleFileNameA
HeapReAlloc
GetConsoleMode
GetConsoleCP
WaitForSingleObject
GetCurrentDirectoryA
PeekNamedPipe
GetFullPathNameW
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapCreate
HeapSetInformation
IsValidCodePage
GetOEMCP
GetACP
GetTimeZoneInformation
QueryPerformanceCounter
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetSystemTimeAsFileTime
HeapFree
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
GetDateFormatA
GetTimeFormatA
HeapAlloc
DeleteFileA
ExitProcess
GetStartupInfoW
RtlPcToFileHeader
RtlUnwindEx
LCMapStringA
LCMapStringW
GetCPInfo
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSize

user32

CharNextW
MessageBoxW
CharUpperW
CharUpperBuffA
wvsprintfW
CharLowerW
LoadStringW
GetLastInputInfo
CharUpperBuffW

advapi32

LockServiceDatabase
UnlockServiceDatabase
OpenServiceW
EnumServicesStatusW
OpenSCManagerW
DeleteService
CreateServiceW
QueryServiceConfigW
QueryServiceStatus
StartServiceW
ControlService
CloseServiceHandle
DeregisterEventSource
ReportEventW
RegisterEventSourceW
StartServiceCtrlDispatcherW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegFlushKey
RegDeleteKeyW
RegisterServiceCtrlHandlerW
SetServiceStatus
FreeSid
SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

SHCreateDirectoryExA
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

sqlite

??1CppSQLite3Query@@UEAA@XZ
??4CppSQLite3Query@@QEAAAEAV0@AEBV0@@Z
?format@CppSQLite3Buffer@@UEAAPEBDPEBDZZ
??1CppSQLite3Buffer@@UEAA@XZ
??0CppSQLite3Buffer@@QEAA@XZ
?reset@CppSQLite3Statement@@UEAAXXZ
?eof@CppSQLite3Query@@UEAA_NXZ
??1CTransaction@@UEAA@XZ
??0CTransaction@@QEAA@AEAVCppSQLite3DB@@@Z
??0CppSQLite3DB@@QEAA@XZ
??1CppSQLite3DB@@UEAA@XZ
?finalize@CppSQLite3Query@@UEAAXXZ
?getIntField@CppSQLite3Query@@UEAAHPEBDH@Z
?getStringField@CppSQLite3Query@@UEAAPEBDPEBD0@Z
?execQuery@CppSQLite3Statement@@UEAA?AVCppSQLite3Query@@XZ
?nextRow@CppSQLite3Query@@UEAAXXZ
??1CppSQLite3Statement@@UEAA@XZ
?getInt64Field@CppSQLite3Query@@UEAA_JPEBDH@Z
?bind@CppSQLite3Statement@@UEAAXHH@Z
?errorCodeAsString@CppSQLite3Exception@@SAPEBDH@Z

shlwapi

SHGetValueW

pdh

PdhCollectQueryData
PdhAddCounterW
PdhOpenQueryW
PdhLookupPerfNameByIndexW
PdhGetFormattedCounterValue

psapi

GetModuleFileNameExA

Sections

.text
Size: 578KB - Virtual size: 578KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
eBoostr PRO v4.0.0.554/TB_eBoostrCP_64系统破解补丁/_Readme!.txt
eBoostr PRO v4.0.0.554/TB_eBoostrCP_64系统破解补丁/eBoostrCP.exe
.exe windows:5 windows x64 arch:x64

6674c79214466d3dfa3f3734638b3bc0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
CM_Get_Parent
CM_Request_Device_EjectW

kernel32

GetModuleHandleW
GetModuleFileNameW
FreeLibrary
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
GetPrivateProfileStringW
WinExec
GetSystemPowerStatus
MapViewOfFile
CreateFileMappingW
CreateMutexW
ReleaseMutex
GetExitCodeThread
lstrcmpW
lstrcpyW
GetVersionExW
ExpandEnvironmentStringsW
GetLongPathNameW
GetShortPathNameA
WideCharToMultiByte
QueryDosDeviceW
GetDriveTypeW
GetSystemTime
GetFileSize
GetShortPathNameW
FindFirstFileW
FindNextFileW
FindClose
ExpandEnvironmentStringsA
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetDriveTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetSystemDirectoryW
GetStartupInfoA
SetHandleCount
HeapReAlloc
GetCurrentDirectoryA
GetFileType
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameW
HeapSize
GetModuleFileNameA
GetStdHandle
HeapCreate
HeapSetInformation
IsValidCodePage
GetOEMCP
GetACP
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
DecodePointer
EncodePointer
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoW
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
ExitProcess
RemoveDirectoryW
FileTimeToLocalFileTime
FileTimeToSystemTime
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
DeleteFileW
RtlPcToFileHeader
RtlUnwindEx
RtlLookupFunctionEntry
InterlockedPopEntrySList
GetProcessHeap
HeapAlloc
HeapFree
InterlockedPushEntrySList
QueryPerformanceCounter
lstrcpynW
UnmapViewOfFile
LoadLibraryW
GetProcAddress
GetTempPathW
GetCurrentProcessId
DeviceIoControl
GlobalSize
GlobalAlloc
GlobalLock
GlobalFree
GlobalUnlock
FormatMessageW
SetLastError
GetCurrentThreadId
RaiseException
LocalFree
TerminateThread
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
OpenEventW
SetEvent
Sleep
GetTickCount
WaitForMultipleObjects
ResetEvent
CreateEventW
GetLastError
WaitForSingleObject
FlushInstructionCache
GetOverlappedResult
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
GetVolumeInformationW
CreateThread
SetThreadPriority
SetFilePointer
ReadFile
VirtualFree
VirtualAlloc
CloseHandle
SetFilePointerEx
SetEndOfFile
WriteFile
FlushFileBuffers
CreateFileW
SetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
lstrlenA
OutputDebugStringW
DebugBreak
lstrlenW
GetCurrentProcess
LoadLibraryA
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

RemovePropW
PtInRect
GetScrollInfo
DrawFrameControl
DrawFocusRect
DrawEdge
UpdateWindow
GetScrollPos
GetScrollRange
SetScrollPos
SetScrollInfo
BeginPaint
EndPaint
ReleaseDC
DestroyIcon
SetRectEmpty
GetKeyState
GetActiveWindow
UnregisterClassA
EndDialog
DialogBoxParamW
SendMessageW
SetDlgItemTextW
GetParent
LoadCursorW
SetCursor
GetPropW
GetDlgItem
SetWindowPos
MapWindowPoints
GetClientRect
GetMonitorInfoW
MonitorFromWindow
GetWindowLongW
GetWindowRect
GetWindow
CharNextW
wvsprintfW
LoadStringW
SetWindowLongPtrW
SetForegroundWindow
ShowWindow
IsWindowVisible
SetTimer
KillTimer
GetClassInfoExW
RegisterClassExW
LoadImageW
SetPropW
GetSysColor
ExitWindowsEx
CharLowerW
CharUpperBuffW
SetParent
EnableMenuItem
CreateWindowExW
InvalidateRect
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetMenuItemInfoW
SetFocus
MessageBoxW
SendInput
GetSystemMetrics
DefWindowProcW
InflateRect
SetMenuItemInfoW
GetMenu
DrawMenuBar
SetWindowLongW
IsDialogMessageW
BringWindowToTop
MoveWindow
IsIconic
RemoveMenu
CheckMenuItem
AppendMenuW
ClientToScreen
GetDlgCtrlID
GetSysColorBrush
IsMenu
EnumWindows
PostQuitMessage
GetLastInputInfo
LoadIconW
GetDesktopWindow
CharUpperW
GetWindowTextLengthW
MessageBeep
ScreenToClient
SetMenuDefaultItem
MonitorFromPoint
GetMenuItemID
TrackPopupMenu
PostMessageW
DestroyWindow
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetSubMenu
LoadMenuW
DestroyMenu
GetCursorPos
RegisterWindowMessageW
CreateDialogParamW
wsprintfW
SetRect
DrawTextW
OffsetRect
CopyRect
CallWindowProcW
GetWindowLongPtrW
IsWindow
SetDlgItemInt
IsDlgButtonChecked
GetDlgItemTextW
GetDlgItemInt
CheckDlgButton
EnableWindow
SetWindowTextW
GetDC

gdi32

GetTextColor
SetBkMode
ExcludeClipRect
GetViewportOrgEx
SetMapMode
CreateSolidBrush
SetTextColor
GetTextMetricsW
DPtoLP
LPtoDP
SetWindowOrgEx
GetClipBox
CreateCompatibleDC
GetCurrentPositionEx
GetDeviceCaps
SaveDC
GetStockObject
CreateFontIndirectW
DeleteObject
GetObjectW
ExtTextOutW
SetBkColor
DeleteDC
RestoreDC
GetTextExtentPoint32W
GetTextFaceW
CreateCompatibleBitmap
CreatePen
BitBlt
SelectObject

advapi32

RegQueryValueExA
RegQueryValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
OpenSCManagerW
CreateServiceW
CloseServiceHandle
RegCreateKeyExW
RegSetValueExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExA

shell32

SHBindToParent
SHGetSpecialFolderPathW
Shell_NotifyIconW
SHGetFileInfoW
SHFileOperationW
SHGetSpecialFolderPathA
DragQueryFileW
DragFinish
ord165
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetDataFromIDListW

ole32

ReleaseStgMedium
DoDragDrop
CoTaskMemRealloc
CoUninitialize
OleInitialize
CoCreateInstance
CoTaskMemAlloc
CoInitialize
CoTaskMemFree

oleaut32

VarUI4FromStr

sqlite

?open@CppSQLite3DB@@UEAAXPEBD_N@Z
?isInitialized@CppSQLite3DB@@UEAA_NXZ
??0CTransaction@@QEAA@AEAVCppSQLite3DB@@@Z
?execQuery@CppSQLite3DB@@UEAA?AVCppSQLite3Query@@PEBD@Z
?eof@CppSQLite3Query@@UEAA_NXZ
?getStringField@CppSQLite3Query@@UEAAPEBDPEBD0@Z
?nextRow@CppSQLite3Query@@UEAAXXZ
??1CppSQLite3Query@@UEAA@XZ
??1CTransaction@@UEAA@XZ
?close@CppSQLite3DB@@UEAAXXZ
??1CppSQLite3Buffer@@UEAA@XZ
?format@CppSQLite3Buffer@@UEAAPEBDPEBDZZ
?lastRowId@CppSQLite3DB@@UEAA_JXZ
??0CppSQLite3Buffer@@QEAA@XZ
??0CppSQLite3DB@@QEAA@XZ
??1CppSQLite3DB@@UEAA@XZ
?execDML@CppSQLite3DB@@UEAAHPEBD@Z

shlwapi

StrFromTimeIntervalW
StrRetToBufW
PathCompactPathExW

comctl32

ImageList_Draw
ImageList_GetImageInfo
CreatePropertySheetPageW
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_SetImageCount
ImageList_SetOverlayImage
InitCommonControlsEx
ImageList_Create
PropertySheetW
DestroyPropertySheetPage

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

urlmon

URLDownloadToCacheFileW

Exports

Exports

z�lD ��lv��%�+�i��+[ D�-R�<�Cc�#�t.�Yz��1�\��hiJV� Ȯ��#�H4�ְS÷tp�!�]��]N��J�&Zac9�)�'� ��o^�T,"R�e��Wm`<��s�*?��DvL�FcH�x ��0�"�%��`B+��]X�� 4�}��P��>��%�7�%u��I`��oq�D��r��I��X쬒j��/�p�ݕ8;�y`,J��CJL�洮�,��Qm4��G-��ͻG��;�;��땧:�hL�ݵO%By��Z�/ -��7��U~�o�Wܱ��:RA��5)V&]�L��z��!�,�[v��m=��c��{�/�Ѻ��{OG�K�5�r�|AZ�,��p�cޡV�\{�n�O�?c\ u:�>��цH��>� �9�X��$��C�v�4��UC��X-�ۆ��Z��{�{Kl{�b��{�~�I֐W��&��o�� $�X -��Y�%ԥ��*�@cz[,f-Y�lM>o��u!��0�[�׶�r�:��#��Ϸ�ؚ��t�խ��(�� P�k�Vz��#6ك��<F:T�{��ټ/��Z�x��6=2�׏�[�_1��r��ձꊒ�FQ�I�7tMS{�¦b��p��>��p*w%TCdR��<�� $.?L�~��L��g�F�I��1ZiV+��:Rń��*�b� ��Qe*�x�s"I�x�Ҕ�9#��MQ{A�"/�"D�/�)k��e��c�T�q�C["�:�� C�b��#TMb��d�8��=7�<f�N��ˌn��P[^�e[�{�'�e�4J��.�p\k�r<�(�~XEfJ��$y��Vdk�+�K��C�ʂ��RN��D-��#��y�i�>1��)3�/EC-��+�NĦ�W�&,�KZ�*�lA�|��dL",��cM��zbZ)��,'}x��R�4��}�-jYQ��[U��Ȅ �0��@z➾�E��c��A��%��x_r��y��:�~D;�]�*��څ��k ��q�qtK>Z�m�Z]��R��a��8�&w��Y:� F!4@F�}RV7nl��`�X5�B�9 ��ɘ�<�YD ��ڂZ'��"{��uH5n��Y�_�dy�{jm��E��zol�4��h��R*9ˊ�ݚ:�`�'#��{.>3ۄC?E�1v\��b��O��#��oPg��d��GU��$G�-��Q�L��4��`m؋on��N9?l3�ژ-�}�Ph�(ݝ�c��K�ܛ<�N��UX�|��Rc�6��5U �{�L��W��"�댳k��B�>o?�@�ę��0�r\N,�/k8��(��E��|Ǔݙ�<FБ�0[��-ST��y3GQ�~��[��{�&/�q־D?P�gH��np�u��Xl��m�~+�G��e;��3��qo�J�Ͳ�,��_(�N{F��Ά�+\��6K!��<��w��P �9��o�a=�u��1�*þ��v ��n�� 8]�ì�/�^�p��>��-J�Y/��j{�� 9� �_��=�&"��ܪ�r��UX��cB��3x ��q��&��IC䍱�'c�?h�<�Ru�>0�^��{%��F}~l��^c�6&#�7��l_�� i��[n�o�B$B��$ǂ��H��Ӏ�u�J��J/L��e�`��C��xI��Y�l,� �D̫��%�jI�3"@��^�"��U��p��]�^��o ��]�X�A�E�C]��"�E��f{2��W��yT �- R�CS`��ULP0=0�`�� <_,�%�vJ!�);H��A7)yi�Q�3�/5;��7�ށ@�@nR��硬!j%&S�3��Qu��U:B��.'e�F��g>Ȉ�]��^p��1�z�0'd7<�Y�x��<6�3v<��$7,&��\��$KA��)@��$�k��3{�-{��(��L��<��7��`�R��A2��x&�V��_L.h��S.�ԽM��@��/T�_��Jq<$+V��ʡ��|��/�9MbH(�ask�M5 4�$@�u.��:��'z�r�g`$��o,��%A��5.z��Z8X�4Vp�Ġ��]��h³c*OB��a��kΓ�w;p��;�`��($��Kނ �b�pI.{^�?�J�/�!!��f��y[P;�g{V%S�nK�P��?/�W�N��B$� 3�O�IS�간��R��#.E��媴��k>I�O �Yva%U2�]��}!��>o@J�͎8Gc0��sS��$�B��C,�â�~K��&_��h��0��Ĥ�P=��ek�/�kZ�� ܫU��+f��G {�/�.D8 �)�(�,�V?��G��AY;�S ��A�='��2ζ�x�%�`�cL��õمO��։��b3��ͽ�$��w��,&7�� W]��D2�ej\/;�/)��Z&k�� 3��6�+��7��/~�N _�x}i�O�h��,��c��ڲ��VAp��xvGc%�gS�&��C�N�]��Υ�J�Ol�V񟒝xT|��+#��KL��]%�~�� T��fm��Ɨqv4`vK��M�zH�x�h��`?��wU H&c2I1;pq�T�7#�4o�+�!�ӝ���",�,�h��;]�g8�`�p �1��6�9��Dh�C��,6G��0��}��|��5�@��Rƴ")+XpUt0�Т�$�T>۞��Ɣ�f�,Hi@�!6��ET��PQ�-�]��p_�(��'��xܚ9�<�^5��y��M��F

Sections

.text
Size: - Virtual size: 941KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 570KB - Virtual size: 602KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.tls
Size: 512B - Virtual size: 48B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 539KB - Virtual size: 538KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
eBoostr PRO v4.0.0.554/TB_eBoostrCP_64系统破解补丁/nsane.nfo
eBoostr PRO v4.0.0.554/eBoostr.exe
.exe windows:5 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:49:67:9d:ae:90:2c:ed:7c:73:ac:69:dd:6e:7f:94
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

01/09/2009, 00:00

Not After

01/09/2010, 23:59

Subject

CN=MDO,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=MDO,L=Moscow,ST=n/a,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

50:e2:15:b4:9e:6b:d8:d6:54:10:6f:cd:27:20:ad:a1:f7:6b:9a:d5
Signer

Actual PE Digest

50:e2:15:b4:9e:6b:d8:d6:54:10:6f:cd:27:20:ad:a1:f7:6b:9a:d5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:5 windows x86 arch:x86

e981c0ab92cb1f191bb5e23392e14796

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrlenW
GlobalAlloc
lstrcmpW
GetModuleHandleW
MulDiv
lstrcpyW
lstrcpynW

user32

SetWindowTextW
SetDlgItemTextW
EndDialog
SendDlgItemMessageW
DialogBoxParamW
LoadIconW
SendMessageW
ShowWindow
GetDC

gdi32

CreateFontIndirectW
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 729B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 350B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:5 windows x86 arch:x86

b1d9539c7cfd95718179dedb471b482f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindFirstFileW
lstrcatW
lstrcpyW
MulDiv
GetModuleHandleW
lstrcmpW
GlobalFree
lstrcpynW
GlobalAlloc
FindNextFileW
lstrcmpiW
FindClose

user32

PostMessageW
CallWindowProcW
GetWindowLongW
IsDialogMessageW
CheckDlgButton
ShowWindow
LoadIconW
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextW
IsDlgButtonChecked
GetWindowTextW
GetDlgItem
wsprintfW
CreateDialogParamW
GetMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
SetWindowLongW
SendMessageW

gdi32

GetTextMetricsW
SelectObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

CoTaskMemFree

Exports

Exports

Init
Select
Show

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

6c41c5e4d44f55745b925cc4e42b7fab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
lstrlenW
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 899B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/summary.ini
$SYSDIR/Drivers/eBoost.sys
.sys windows:6 windows x64 arch:x64

09b8a932c1691d4f00a61c70991c46b5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:49:67:9d:ae:90:2c:ed:7c:73:ac:69:dd:6e:7f:94
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

01/09/2009, 00:00

Not After

01/09/2010, 23:59

Subject

CN=MDO,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=MDO,L=Moscow,ST=n/a,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a0:73:d0:ce:e7:48:0e:0f:e8:f5:c8:8e:8d:72:95:d4:7a:05:b8:99
Signer

Actual PE Digest

a0:73:d0:ce:e7:48:0e:0f:e8:f5:c8:8e:8d:72:95:d4:7a:05:b8:99

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\work\eboostr\driver\objchk_wnet_amd64\amd64\EBoost.pdb

Imports

ntoskrnl.exe

ExFreePoolWithTag
ExAllocatePoolWithTag
MmUnmapIoSpace
MmGetPhysicalMemoryRanges
ExIsProcessorFeaturePresent
MmMapIoSpace
MmGetPhysicalAddress
RtlCompareMemoryUlong
ExDeleteNPagedLookasideList
ExpInterlockedPopEntrySList
ExInitializePagedLookasideList
ExDeletePagedLookasideList
ExInitializeNPagedLookasideList
ExpInterlockedPushEntrySList
ExQueryDepthSList
IoAllocateWorkItem
IoFreeIrp
IoInitializeIrp
IoAllocateIrp
IoAllocateMdl
MmProbeAndLockPages
IoFreeMdl
MmMapLockedPagesSpecifyCache
IoGetRequestorProcessId
IofCompleteRequest
IoFreeWorkItem
IoQueueWorkItem
ObfDereferenceObject
RtlInitUnicodeString
RtlVolumeDeviceToDosName
RtlUpcaseUnicodeString
IoRegisterPlugPlayNotification
ZwReadFile
RtlRandom
ZwClose
RtlAppendUnicodeStringToString
RtlEqualUnicodeString
RtlCopyUnicodeString
IoUnregisterPlugPlayNotification
IoDeleteSymbolicLink
IoUnregisterShutdownNotification
MmIsAddressValid
RtlAppendUnicodeToString
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
ZwSetValueKey
ZwOpenKey
ZwQueryValueKey
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
ObQueryNameString
InitSafeBootMode
KeEnterCriticalRegion
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
KeLeaveCriticalRegion
ExInitializeResourceLite
IoRegisterFsRegistrationChange
ZwCreateKey
IoDetachDevice
RtlAssert
PoCallDriver
IofCallDriver
IoGetDeviceObjectPointer
KeInitializeEvent
IoBuildDeviceIoControlRequest
KeWaitForSingleObject
IoGetTopLevelIrp
IoSetTopLevelIrp
_vsnprintf
DbgPrint
DbgBreakPoint
RtlInitAnsiString
KeSetEvent
IoReuseIrp
ObReferenceObjectByHandle
FsRtlDissectName
KeClearEvent
ObfReferenceObject
ExAcquireResourceSharedLite
FsRtlLookupPerStreamContextInternal
FsRtlInsertPerStreamContext
FsRtlRemovePerStreamContext
MmUnlockPages
PsGetCurrentProcessId
RtlIntegerToUnicodeString
IoGetBootDiskInformation
KeDelayExecutionThread
ZwSetInformationFile
ZwQueryInformationFile
ZwQueryVolumeInformationFile
ZwWriteFile
IoIsOperationSynchronous
IoBuildPartialMdl
MmBuildMdlForNonPagedPool
ExUnregisterCallback
MmFreePagesFromMdl
ExCreateCallback
ExRegisterCallback
MmAllocatePagesForMdl
_purecall
PsLookupProcessByProcessId
ObOpenObjectByPointer
IoIs32bitProcess
IoStopTimer
IoInitializeTimer
IoStartTimer
IoRegisterShutdownNotification
PsSetCreateProcessNotifyRoutine
IoAcquireVpbSpinLock
IoReleaseVpbSpinLock
RtlCompareMemory
KeBugCheckEx
KeQueryTimeIncrement
IoGetCurrentProcess
PsGetVersion
MmGetSystemRoutineAddress
__C_specific_handler

Sections

.text
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 640B - Virtual size: 550B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CacheViewer.exe
.exe windows:5 windows x64 arch:x64

16265c0c5706091d98d7edef466f8864

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9a:42:ce:56:77:47:e6:ff:d7:66:ba:21:93:ef:27:23
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

06/02/2008, 00:00

Not After

05/02/2011, 23:59

Subject

CN=MDO,O=MDO,POSTALCODE=109319,STREET=Volgogradskiy prospekt 26-1,L=Moscow,ST=n/a,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d6:b1:88:77:d4:ab:42:fc:ed:76:77:cb:f0:45:f9:6e:1a:c4:89:55
Signer

Actual PE Digest

d6:b1:88:77:d4:ab:42:fc:ed:76:77:cb:f0:45:f9:6e:1a:c4:89:55

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryExW
lstrcmpiW
CreateFileW
VirtualAlloc
VirtualFree
ReadFile
FileTimeToSystemTime
FileTimeToLocalFileTime
SetFilePointerEx
GetFileInformationByHandle
SetFilePointer
WriteFile
GlobalUnlock
GlobalLock
GlobalAlloc
SetLastError
DeviceIoControl
FindClose
FindNextFileW
GetPrivateProfileStringW
FindFirstFileW
LoadLibraryW
DebugBreak
OutputDebugStringW
CloseHandle
ExpandEnvironmentStringsA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetDriveTypeA
CreateFileA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetTimeZoneInformation
GetStringTypeW
FindResourceW
LCMapStringW
LCMapStringA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
MultiByteToWideChar
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentDirectoryA
GetFileType
PeekNamedPipe
GetFullPathNameW
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
GetTimeFormatA
GetDateFormatA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
HeapReAlloc
HeapCreate
HeapSetInformation
GetModuleFileNameA
GetStdHandle
ExitProcess
GetProcAddress
Sleep
FlsAlloc
FlsFree
LoadResource
GetStringTypeA
SizeofResource
InitializeCriticalSection
GetLastError
GetModuleHandleW
LeaveCriticalSection
EnterCriticalSection
lstrcpynW
lstrlenA
lstrcpynA
FlushInstructionCache
DeleteCriticalSection
RaiseException
GetVersionExW
GetCurrentThreadId
lstrlenW
GetModuleFileNameW
FlsSetValue
FlsGetValue
DecodePointer
EncodePointer
GetStartupInfoW
GetDriveTypeW
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
SetHandleCount
FreeLibrary
RtlPcToFileHeader
RtlUnwindEx
RtlLookupFunctionEntry
InterlockedPopEntrySList
InterlockedPushEntrySList
HeapFree
HeapAlloc
GetProcessHeap
GetCurrentProcess

user32

SetWindowPos
GetParent
GetClientRect
GetMonitorInfoW
MonitorFromWindow
GetWindowLongW
GetWindowRect
UnregisterClassA
EndDialog
MapWindowPoints
SetMenu
PostMessageW
TranslateAcceleratorW
GetDesktopWindow
SetDlgItemTextW
GetDlgItemTextW
TrackPopupMenu
OpenClipboard
MessageBoxW
DialogBoxParamW
GetSubMenu
CloseClipboard
SetClipboardData
GetActiveWindow
CharNextW
AppendMenuW
MonitorFromPoint
TrackPopupMenuEx
GetMenuItemCount
DestroyMenu
LoadStringA
PostQuitMessage
SetFocus
SetMenuDefaultItem
GetMenuItemInfoW
SetMenuItemInfoW
wvsprintfW
GetClassInfoExW
LoadCursorW
LoadImageW
RegisterClassExW
GetDlgItem
ShowWindow
DestroyWindow
GetMessageW
TranslateMessage
DispatchMessageW
CallWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
RemoveMenu
CreatePopupMenu
InvalidateRect
PeekMessageW
PtInRect
IsWindow
MessageBeep
CreateWindowExW
LoadStringW
LoadMenuW
LoadAcceleratorsW
SendMessageW
DefWindowProcW
GetWindow

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegDeleteKeyW
RegOpenKeyExA
RegQueryValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

ShellExecuteW
SHGetSpecialFolderPathW

ole32

CoTaskMemFree
CoCreateInstance
CoInitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
EBstrSvc.exe
.exe windows:5 windows x64 arch:x64

424ab9b61877ef265e4f24fe135a5f9e

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9a:42:ce:56:77:47:e6:ff:d7:66:ba:21:93:ef:27:23
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

06/02/2008, 00:00

Not After

05/02/2011, 23:59

Subject

CN=MDO,O=MDO,POSTALCODE=109319,STREET=Volgogradskiy prospekt 26-1,L=Moscow,ST=n/a,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

48:5d:ae:f0:e7:9c:75:0e:e5:e0:4b:c7:1c:5c:a8:63:94:db:9b:77
Signer

Actual PE Digest

48:5d:ae:f0:e7:9c:75:0e:e5:e0:4b:c7:1c:5c:a8:63:94:db:9b:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\FirmTools\projects\eBoostr\_Release\x64\EBstrSvc.pdb

Imports

kernel32

GetPrivateProfileStringA
GetLongPathNameA
OpenProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetModuleHandleW
GetTempPathW
GetCurrentThreadId
GetCurrentProcessId
lstrcmpiW
SetConsoleCtrlHandler
DebugBreak
OutputDebugStringW
SetLastError
ReleaseMutex
MultiByteToWideChar
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetDriveTypeA
GetLocaleInfoW
WriteConsoleW
GetShortPathNameA
GetLongPathNameW
FindClose
FindNextFileA
FindFirstFileA
SystemTimeToFileTime
GetModuleFileNameW
GetTickCount
FlushFileBuffers
LocalFree
FormatMessageW
SetFilePointer
WriteFile
ReadFile
SetFilePointerEx
VirtualFree
VirtualAlloc
TerminateThread
CreateThread
WaitForMultipleObjects
Sleep
SetThreadPriority
GetCurrentThread
SetErrorMode
GetSystemTime
ResetEvent
FreeLibrary
GetProcAddress
LoadLibraryW
SetEvent
CreateEventW
lstrlenA
GetCurrentProcess
DeleteCriticalSection
lstrlenW
DeviceIoControl
GetFileInformationByHandle
MapViewOfFile
GetLastError
CreateFileMappingW
CreateMutexW
UnmapViewOfFile
CloseHandle
CreateFileW
WideCharToMultiByte
GetPrivateProfileIntW
GetShortPathNameW
GetConsoleOutputCP
WriteConsoleA
GetProcessHeap
SetEndOfFile
SetStdHandle
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetModuleFileNameA
HeapReAlloc
GetConsoleMode
GetConsoleCP
WaitForSingleObject
GetCurrentDirectoryA
PeekNamedPipe
GetFullPathNameW
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapCreate
HeapSetInformation
IsValidCodePage
GetOEMCP
GetACP
GetTimeZoneInformation
QueryPerformanceCounter
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetSystemTimeAsFileTime
HeapFree
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
GetDateFormatA
GetTimeFormatA
HeapAlloc
DeleteFileA
ExitProcess
GetStartupInfoW
RtlPcToFileHeader
RtlUnwindEx
LCMapStringA
LCMapStringW
GetCPInfo
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSize

user32

CharNextW
MessageBoxW
CharUpperW
CharUpperBuffA
wvsprintfW
CharLowerW
LoadStringW
GetLastInputInfo
CharUpperBuffW

advapi32

LockServiceDatabase
UnlockServiceDatabase
OpenServiceW
EnumServicesStatusW
OpenSCManagerW
DeleteService
CreateServiceW
QueryServiceConfigW
QueryServiceStatus
StartServiceW
ControlService
CloseServiceHandle
DeregisterEventSource
ReportEventW
RegisterEventSourceW
StartServiceCtrlDispatcherW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegFlushKey
RegDeleteKeyW
RegisterServiceCtrlHandlerW
SetServiceStatus
FreeSid
SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

SHCreateDirectoryExA
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

sqlite

??1CppSQLite3Query@@UEAA@XZ
??4CppSQLite3Query@@QEAAAEAV0@AEBV0@@Z
?format@CppSQLite3Buffer@@UEAAPEBDPEBDZZ
??1CppSQLite3Buffer@@UEAA@XZ
??0CppSQLite3Buffer@@QEAA@XZ
?reset@CppSQLite3Statement@@UEAAXXZ
?eof@CppSQLite3Query@@UEAA_NXZ
??1CTransaction@@UEAA@XZ
??0CTransaction@@QEAA@AEAVCppSQLite3DB@@@Z
??0CppSQLite3DB@@QEAA@XZ
??1CppSQLite3DB@@UEAA@XZ
?finalize@CppSQLite3Query@@UEAAXXZ
?getIntField@CppSQLite3Query@@UEAAHPEBDH@Z
?getStringField@CppSQLite3Query@@UEAAPEBDPEBD0@Z
?execQuery@CppSQLite3Statement@@UEAA?AVCppSQLite3Query@@XZ
?nextRow@CppSQLite3Query@@UEAAXXZ
??1CppSQLite3Statement@@UEAA@XZ
?getInt64Field@CppSQLite3Query@@UEAA_JPEBDH@Z
?bind@CppSQLite3Statement@@UEAAXHH@Z
?errorCodeAsString@CppSQLite3Exception@@SAPEBDH@Z

shlwapi

SHGetValueW

pdh

PdhCollectQueryData
PdhAddCounterW
PdhOpenQueryW
PdhLookupPerfNameByIndexW
PdhGetFormattedCounterValue

psapi

GetModuleFileNameExA

Sections

.text
Size: 578KB - Virtual size: 578KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
EBstrSvc.exe.new
.exe windows:5 windows x64 arch:x64

424ab9b61877ef265e4f24fe135a5f9e

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9a:42:ce:56:77:47:e6:ff:d7:66:ba:21:93:ef:27:23
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

06/02/2008, 00:00

Not After

05/02/2011, 23:59

Subject

CN=MDO,O=MDO,POSTALCODE=109319,STREET=Volgogradskiy prospekt 26-1,L=Moscow,ST=n/a,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

48:5d:ae:f0:e7:9c:75:0e:e5:e0:4b:c7:1c:5c:a8:63:94:db:9b:77
Signer

Actual PE Digest

48:5d:ae:f0:e7:9c:75:0e:e5:e0:4b:c7:1c:5c:a8:63:94:db:9b:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\FirmTools\projects\eBoostr\_Release\x64\EBstrSvc.pdb

Imports

kernel32

GetPrivateProfileStringA
GetLongPathNameA
OpenProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetModuleHandleW
GetTempPathW
GetCurrentThreadId
GetCurrentProcessId
lstrcmpiW
SetConsoleCtrlHandler
DebugBreak
OutputDebugStringW
SetLastError
ReleaseMutex
MultiByteToWideChar
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetDriveTypeA
GetLocaleInfoW
WriteConsoleW
GetShortPathNameA
GetLongPathNameW
FindClose
FindNextFileA
FindFirstFileA
SystemTimeToFileTime
GetModuleFileNameW
GetTickCount
FlushFileBuffers
LocalFree
FormatMessageW
SetFilePointer
WriteFile
ReadFile
SetFilePointerEx
VirtualFree
VirtualAlloc
TerminateThread
CreateThread
WaitForMultipleObjects
Sleep
SetThreadPriority
GetCurrentThread
SetErrorMode
GetSystemTime
ResetEvent
FreeLibrary
GetProcAddress
LoadLibraryW
SetEvent
CreateEventW
lstrlenA
GetCurrentProcess
DeleteCriticalSection
lstrlenW
DeviceIoControl
GetFileInformationByHandle
MapViewOfFile
GetLastError
CreateFileMappingW
CreateMutexW
UnmapViewOfFile
CloseHandle
CreateFileW
WideCharToMultiByte
GetPrivateProfileIntW
GetShortPathNameW
GetConsoleOutputCP
WriteConsoleA
GetProcessHeap
SetEndOfFile
SetStdHandle
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetModuleFileNameA
HeapReAlloc
GetConsoleMode
GetConsoleCP
WaitForSingleObject
GetCurrentDirectoryA
PeekNamedPipe
GetFullPathNameW
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapCreate
HeapSetInformation
IsValidCodePage
GetOEMCP
GetACP
GetTimeZoneInformation
QueryPerformanceCounter
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetSystemTimeAsFileTime
HeapFree
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
GetDateFormatA
GetTimeFormatA
HeapAlloc
DeleteFileA
ExitProcess
GetStartupInfoW
RtlPcToFileHeader
RtlUnwindEx
LCMapStringA
LCMapStringW
GetCPInfo
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSize

user32

CharNextW
MessageBoxW
CharUpperW
CharUpperBuffA
wvsprintfW
CharLowerW
LoadStringW
GetLastInputInfo
CharUpperBuffW

advapi32

LockServiceDatabase
UnlockServiceDatabase
OpenServiceW
EnumServicesStatusW
OpenSCManagerW
DeleteService
CreateServiceW
QueryServiceConfigW
QueryServiceStatus
StartServiceW
ControlService
CloseServiceHandle
DeregisterEventSource
ReportEventW
RegisterEventSourceW
StartServiceCtrlDispatcherW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegFlushKey
RegDeleteKeyW
RegisterServiceCtrlHandlerW
SetServiceStatus
FreeSid
SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

SHCreateDirectoryExA
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

sqlite

??1CppSQLite3Query@@UEAA@XZ
??4CppSQLite3Query@@QEAAAEAV0@AEBV0@@Z
?format@CppSQLite3Buffer@@UEAAPEBDPEBDZZ
??1CppSQLite3Buffer@@UEAA@XZ
??0CppSQLite3Buffer@@QEAA@XZ
?reset@CppSQLite3Statement@@UEAAXXZ
?eof@CppSQLite3Query@@UEAA_NXZ
??1CTransaction@@UEAA@XZ
??0CTransaction@@QEAA@AEAVCppSQLite3DB@@@Z
??0CppSQLite3DB@@QEAA@XZ
??1CppSQLite3DB@@UEAA@XZ
?finalize@CppSQLite3Query@@UEAAXXZ
?getIntField@CppSQLite3Query@@UEAAHPEBDH@Z
?getStringField@CppSQLite3Query@@UEAAPEBDPEBD0@Z
?execQuery@CppSQLite3Statement@@UEAA?AVCppSQLite3Query@@XZ
?nextRow@CppSQLite3Query@@UEAAXXZ
??1CppSQLite3Statement@@UEAA@XZ
?getInt64Field@CppSQLite3Query@@UEAA_JPEBDH@Z
?bind@CppSQLite3Statement@@UEAAXHH@Z
?errorCodeAsString@CppSQLite3Exception@@SAPEBDH@Z

shlwapi

SHGetValueW

pdh

PdhCollectQueryData
PdhAddCounterW
PdhOpenQueryW
PdhLookupPerfNameByIndexW
PdhGetFormattedCounterValue

psapi

GetModuleFileNameExA

Sections

.text
Size: 578KB - Virtual size: 578KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
StatViewer.exe
.exe windows:5 windows x64 arch:x64

a11408f6f26aec0238546c74b82f1007

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9a:42:ce:56:77:47:e6:ff:d7:66:ba:21:93:ef:27:23
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

06/02/2008, 00:00

Not After

05/02/2011, 23:59

Subject

CN=MDO,O=MDO,POSTALCODE=109319,STREET=Volgogradskiy prospekt 26-1,L=Moscow,ST=n/a,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4b:a7:a5:c9:63:58:74:12:ff:b8:41:13:cc:85:bd:d2:03:d9:62:a9
Signer

Actual PE Digest

4b:a7:a5:c9:63:58:74:12:ff:b8:41:13:cc:85:bd:d2:03:d9:62:a9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

RaiseException
FlushInstructionCache
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
FindNextFileA
FindFirstFileA
CreateMutexW
WaitForSingleObject
ReleaseMutex
GetLongPathNameW
GetFileInformationByHandle
GetPrivateProfileStringA
GetShortPathNameA
GetTickCount
GetLongPathNameA
OpenProcess
WideCharToMultiByte
MultiByteToWideChar
GetPrivateProfileIntW
GetShortPathNameW
GetVersionExW
DeleteCriticalSection
lstrcpynA
lstrcpynW
GetModuleHandleW
InitializeCriticalSection
FreeLibrary
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
VirtualAlloc
VirtualFree
ReadFile
CreateThread
GetCommandLineW
GlobalUnlock
GlobalLock
GlobalAlloc
CloseHandle
ExpandEnvironmentStringsA
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetDriveTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetTimeZoneInformation
SetEndOfFile
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
SetLastError
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapCreate
HeapSetInformation
GetModuleFileNameA
WriteFile
GetStartupInfoA
GetStdHandle
SetHandleCount
HeapReAlloc
GetCurrentDirectoryA
GetFileType
PeekNamedPipe
GetFullPathNameW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
GetProcAddress
HeapSize
Sleep
FlsAlloc
FlsFree
FlsSetValue
lstrlenW
lstrlenA
OutputDebugStringW
DebugBreak
LoadLibraryW
GetModuleFileNameW
FindFirstFileW
GetPrivateProfileStringW
FindNextFileW
FindClose
DeviceIoControl
GetLastError
FlsGetValue
DecodePointer
EncodePointer
GetStartupInfoW
DeleteFileA
CreateFileW
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
InterlockedPopEntrySList
GetProcessHeap
HeapAlloc
HeapFree
InterlockedPushEntrySList
GetCurrentThreadId

user32

GetWindowRect
GetWindow
GetClassInfoExW
LoadCursorW
RegisterClassExW
CharUpperBuffW
GetWindowLongW
MonitorFromWindow
GetDesktopWindow
CharNextW
GetMonitorInfoW
LoadStringW
GetActiveWindow
TranslateAcceleratorW
DialogBoxParamW
SetWindowLongPtrW
CreateWindowExW
GetClientRect
MapWindowPoints
SetWindowPos
CharUpperBuffA
DefWindowProcW
SendMessageW
LoadAcceleratorsW
LoadMenuW
MessageBeep
GetParent
UnregisterClassA
EndDialog
wvsprintfW
LoadImageW
OpenClipboard
SetWindowTextW
GetSubMenu
TrackPopupMenu
CloseClipboard
SetClipboardData
LoadStringA
PostQuitMessage
SetFocus
SetMenuDefaultItem
SetMenuItemInfoW
IsWindow
MessageBoxW
GetDlgItem
ShowWindow
DestroyWindow
GetMessageW
TranslateMessage
DispatchMessageW
CallWindowProcW
GetWindowLongPtrW
MonitorFromPoint
GetMenuItemInfoW
RemoveMenu
GetMenuItemCount
AppendMenuW
TrackPopupMenuEx
DestroyMenu
CreatePopupMenu
InvalidateRect
PeekMessageW
PtInRect
PostMessageW

advapi32

RegOpenKeyExA
RegQueryValueExA
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
SHCreateDirectoryExA
ShellExecuteW

ole32

CoTaskMemFree
CoCreateInstance
CoUninitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize

oleaut32

VarUI4FromStr

sqlite

??1CppSQLite3Buffer@@UEAA@XZ
??1CppSQLite3DB@@UEAA@XZ
??1CppSQLite3Query@@UEAA@XZ
?getIntField@CppSQLite3Query@@UEAAHPEBDH@Z
?eof@CppSQLite3Query@@UEAA_NXZ
??0CppSQLite3Buffer@@QEAA@XZ
??0CppSQLite3DB@@QEAA@XZ
??4CppSQLite3Query@@QEAAAEAV0@AEBV0@@Z
?format@CppSQLite3Buffer@@UEAAPEBDPEBDZZ
??1CTransaction@@UEAA@XZ
?getInt64Field@CppSQLite3Query@@UEAA_JPEBDH@Z
?errorCodeAsString@CppSQLite3Exception@@SAPEBDH@Z
?reset@CppSQLite3Statement@@UEAAXXZ
?finalize@CppSQLite3Query@@UEAAXXZ
?bind@CppSQLite3Statement@@UEAAXHH@Z
?execQuery@CppSQLite3Statement@@UEAA?AVCppSQLite3Query@@XZ
?getStringField@CppSQLite3Query@@UEAAPEBDPEBD0@Z
??1CppSQLite3Statement@@UEAA@XZ
??0CTransaction@@QEAA@AEAVCppSQLite3DB@@@Z
?nextRow@CppSQLite3Query@@UEAAXXZ

comctl32

InitCommonControlsEx

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

GetModuleFileNameExA

Sections

.text
Size: 309KB - Virtual size: 309KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
eBoostrCP.exe
.exe windows:5 windows x64 arch:x64

07438a1f22b92b75b20ae702ec9dcf92

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9a:42:ce:56:77:47:e6:ff:d7:66:ba:21:93:ef:27:23
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

06/02/2008, 00:00

Not After

05/02/2011, 23:59

Subject

CN=MDO,O=MDO,POSTALCODE=109319,STREET=Volgogradskiy prospekt 26-1,L=Moscow,ST=n/a,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:ec:f1:0e:03:ce:49:d5:32:02:83:7e:76:a7:9d:40:d8:16:b7:98
Signer

Actual PE Digest

0f:ec:f1:0e:03:ce:49:d5:32:02:83:7e:76:a7:9d:40:d8:16:b7:98

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\FirmTools\projects\eBoostr\_Release\x64\eBoostrCP.pdb

Imports

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
CM_Get_Parent
CM_Request_Device_EjectW

kernel32

GetModuleHandleW
GetModuleFileNameW
FreeLibrary
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
GetPrivateProfileStringW
WinExec
GetSystemPowerStatus
MapViewOfFile
CreateFileMappingW
CreateMutexW
ReleaseMutex
GetExitCodeThread
lstrcmpW
lstrcpyW
GetVersionExW
ExpandEnvironmentStringsW
GetLongPathNameW
GetShortPathNameA
WideCharToMultiByte
QueryDosDeviceW
GetDriveTypeW
GetSystemTime
GetFileSize
GetShortPathNameW
FindFirstFileW
FindNextFileW
FindClose
ExpandEnvironmentStringsA
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetDriveTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetSystemDirectoryW
GetStartupInfoA
SetHandleCount
HeapReAlloc
GetCurrentDirectoryA
GetFileType
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameW
HeapSize
GetModuleFileNameA
GetStdHandle
HeapCreate
HeapSetInformation
IsValidCodePage
GetOEMCP
GetACP
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
DecodePointer
EncodePointer
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoW
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
ExitProcess
RemoveDirectoryW
FileTimeToLocalFileTime
FileTimeToSystemTime
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
DeleteFileW
RtlPcToFileHeader
RtlUnwindEx
RtlLookupFunctionEntry
InterlockedPopEntrySList
GetProcessHeap
HeapAlloc
HeapFree
InterlockedPushEntrySList
QueryPerformanceCounter
lstrcpynW
UnmapViewOfFile
LoadLibraryW
GetProcAddress
GetTempPathW
GetCurrentProcessId
DeviceIoControl
GlobalSize
GlobalAlloc
GlobalLock
GlobalFree
GlobalUnlock
FormatMessageW
SetLastError
GetCurrentThreadId
RaiseException
LocalFree
TerminateThread
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
OpenEventW
SetEvent
Sleep
GetTickCount
WaitForMultipleObjects
ResetEvent
CreateEventW
GetLastError
WaitForSingleObject
FlushInstructionCache
GetOverlappedResult
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
GetVolumeInformationW
CreateThread
SetThreadPriority
SetFilePointer
ReadFile
VirtualFree
VirtualAlloc
CloseHandle
SetFilePointerEx
SetEndOfFile
WriteFile
FlushFileBuffers
CreateFileW
SetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
lstrlenA
OutputDebugStringW
DebugBreak
lstrlenW
GetCurrentProcess
LoadLibraryA

user32

RemovePropW
PtInRect
GetScrollInfo
DrawFrameControl
DrawFocusRect
DrawEdge
UpdateWindow
GetScrollPos
GetScrollRange
SetScrollPos
SetScrollInfo
BeginPaint
EndPaint
ReleaseDC
DestroyIcon
SetRectEmpty
GetKeyState
GetActiveWindow
UnregisterClassA
EndDialog
DialogBoxParamW
SendMessageW
SetDlgItemTextW
GetParent
LoadCursorW
SetCursor
GetPropW
GetDlgItem
SetWindowPos
MapWindowPoints
GetClientRect
GetMonitorInfoW
MonitorFromWindow
GetWindowLongW
GetWindowRect
GetWindow
CharNextW
wvsprintfW
LoadStringW
SetWindowLongPtrW
SetForegroundWindow
ShowWindow
IsWindowVisible
SetTimer
KillTimer
GetClassInfoExW
RegisterClassExW
LoadImageW
SetPropW
GetSysColor
ExitWindowsEx
CharLowerW
CharUpperBuffW
SetParent
EnableMenuItem
CreateWindowExW
InvalidateRect
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetMenuItemInfoW
SetFocus
MessageBoxW
SendInput
GetSystemMetrics
DefWindowProcW
InflateRect
SetMenuItemInfoW
GetMenu
DrawMenuBar
SetWindowLongW
IsDialogMessageW
BringWindowToTop
MoveWindow
IsIconic
RemoveMenu
CheckMenuItem
AppendMenuW
ClientToScreen
GetDlgCtrlID
GetSysColorBrush
IsMenu
EnumWindows
PostQuitMessage
GetLastInputInfo
LoadIconW
GetDesktopWindow
CharUpperW
GetWindowTextLengthW
MessageBeep
ScreenToClient
SetMenuDefaultItem
MonitorFromPoint
GetMenuItemID
TrackPopupMenu
PostMessageW
DestroyWindow
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetSubMenu
LoadMenuW
DestroyMenu
GetCursorPos
RegisterWindowMessageW
CreateDialogParamW
wsprintfW
SetRect
DrawTextW
OffsetRect
CopyRect
CallWindowProcW
GetWindowLongPtrW
IsWindow
SetDlgItemInt
IsDlgButtonChecked
GetDlgItemTextW
GetDlgItemInt
CheckDlgButton
EnableWindow
SetWindowTextW
GetDC

gdi32

GetTextColor
SetBkMode
ExcludeClipRect
GetViewportOrgEx
SetMapMode
CreateSolidBrush
SetTextColor
GetTextMetricsW
DPtoLP
LPtoDP
SetWindowOrgEx
GetClipBox
CreateCompatibleDC
GetCurrentPositionEx
GetDeviceCaps
SaveDC
GetStockObject
CreateFontIndirectW
DeleteObject
GetObjectW
ExtTextOutW
SetBkColor
DeleteDC
RestoreDC
GetTextExtentPoint32W
GetTextFaceW
CreateCompatibleBitmap
CreatePen
BitBlt
SelectObject

advapi32

RegQueryValueExA
RegQueryValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
OpenSCManagerW
CreateServiceW
CloseServiceHandle
RegCreateKeyExW
RegSetValueExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExA

shell32

SHBindToParent
SHGetSpecialFolderPathW
Shell_NotifyIconW
SHGetFileInfoW
SHFileOperationW
SHGetSpecialFolderPathA
DragQueryFileW
DragFinish
ord165
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetDataFromIDListW

ole32

ReleaseStgMedium
DoDragDrop
CoTaskMemRealloc
CoUninitialize
OleInitialize
CoCreateInstance
CoTaskMemAlloc
CoInitialize
CoTaskMemFree

oleaut32

VarUI4FromStr

sqlite

?open@CppSQLite3DB@@UEAAXPEBD_N@Z
?isInitialized@CppSQLite3DB@@UEAA_NXZ
??0CTransaction@@QEAA@AEAVCppSQLite3DB@@@Z
?execQuery@CppSQLite3DB@@UEAA?AVCppSQLite3Query@@PEBD@Z
?eof@CppSQLite3Query@@UEAA_NXZ
?getStringField@CppSQLite3Query@@UEAAPEBDPEBD0@Z
?nextRow@CppSQLite3Query@@UEAAXXZ
??1CppSQLite3Query@@UEAA@XZ
??1CTransaction@@UEAA@XZ
?close@CppSQLite3DB@@UEAAXXZ
??1CppSQLite3Buffer@@UEAA@XZ
?format@CppSQLite3Buffer@@UEAAPEBDPEBDZZ
?lastRowId@CppSQLite3DB@@UEAA_JXZ
??0CppSQLite3Buffer@@QEAA@XZ
??0CppSQLite3DB@@QEAA@XZ
??1CppSQLite3DB@@UEAA@XZ
?execDML@CppSQLite3DB@@UEAAHPEBD@Z

shlwapi

StrFromTimeIntervalW
StrRetToBufW
PathCompactPathExW

comctl32

ImageList_Draw
ImageList_GetImageInfo
CreatePropertySheetPageW
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_SetImageCount
ImageList_SetOverlayImage
InitCommonControlsEx
ImageList_Create
PropertySheetW
DestroyPropertySheetPage

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

urlmon

URLDownloadToCacheFileW

Sections

.text
Size: 942KB - Virtual size: 941KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 603KB - Virtual size: 602KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
eBoostrCP.exe.new
.exe windows:5 windows x64 arch:x64

07438a1f22b92b75b20ae702ec9dcf92

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9a:42:ce:56:77:47:e6:ff:d7:66:ba:21:93:ef:27:23
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

06/02/2008, 00:00

Not After

05/02/2011, 23:59

Subject

CN=MDO,O=MDO,POSTALCODE=109319,STREET=Volgogradskiy prospekt 26-1,L=Moscow,ST=n/a,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:ec:f1:0e:03:ce:49:d5:32:02:83:7e:76:a7:9d:40:d8:16:b7:98
Signer

Actual PE Digest

0f:ec:f1:0e:03:ce:49:d5:32:02:83:7e:76:a7:9d:40:d8:16:b7:98

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\FirmTools\projects\eBoostr\_Release\x64\eBoostrCP.pdb

Imports

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
CM_Get_Parent
CM_Request_Device_EjectW

kernel32

GetModuleHandleW
GetModuleFileNameW
FreeLibrary
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
GetPrivateProfileStringW
WinExec
GetSystemPowerStatus
MapViewOfFile
CreateFileMappingW
CreateMutexW
ReleaseMutex
GetExitCodeThread
lstrcmpW
lstrcpyW
GetVersionExW
ExpandEnvironmentStringsW
GetLongPathNameW
GetShortPathNameA
WideCharToMultiByte
QueryDosDeviceW
GetDriveTypeW
GetSystemTime
GetFileSize
GetShortPathNameW
FindFirstFileW
FindNextFileW
FindClose
ExpandEnvironmentStringsA
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetDriveTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetSystemDirectoryW
GetStartupInfoA
SetHandleCount
HeapReAlloc
GetCurrentDirectoryA
GetFileType
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameW
HeapSize
GetModuleFileNameA
GetStdHandle
HeapCreate
HeapSetInformation
IsValidCodePage
GetOEMCP
GetACP
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
DecodePointer
EncodePointer
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoW
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
ExitProcess
RemoveDirectoryW
FileTimeToLocalFileTime
FileTimeToSystemTime
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
DeleteFileW
RtlPcToFileHeader
RtlUnwindEx
RtlLookupFunctionEntry
InterlockedPopEntrySList
GetProcessHeap
HeapAlloc
HeapFree
InterlockedPushEntrySList
QueryPerformanceCounter
lstrcpynW
UnmapViewOfFile
LoadLibraryW
GetProcAddress
GetTempPathW
GetCurrentProcessId
DeviceIoControl
GlobalSize
GlobalAlloc
GlobalLock
GlobalFree
GlobalUnlock
FormatMessageW
SetLastError
GetCurrentThreadId
RaiseException
LocalFree
TerminateThread
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
OpenEventW
SetEvent
Sleep
GetTickCount
WaitForMultipleObjects
ResetEvent
CreateEventW
GetLastError
WaitForSingleObject
FlushInstructionCache
GetOverlappedResult
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
GetVolumeInformationW
CreateThread
SetThreadPriority
SetFilePointer
ReadFile
VirtualFree
VirtualAlloc
CloseHandle
SetFilePointerEx
SetEndOfFile
WriteFile
FlushFileBuffers
CreateFileW
SetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
lstrlenA
OutputDebugStringW
DebugBreak
lstrlenW
GetCurrentProcess
LoadLibraryA

user32

RemovePropW
PtInRect
GetScrollInfo
DrawFrameControl
DrawFocusRect
DrawEdge
UpdateWindow
GetScrollPos
GetScrollRange
SetScrollPos
SetScrollInfo
BeginPaint
EndPaint
ReleaseDC
DestroyIcon
SetRectEmpty
GetKeyState
GetActiveWindow
UnregisterClassA
EndDialog
DialogBoxParamW
SendMessageW
SetDlgItemTextW
GetParent
LoadCursorW
SetCursor
GetPropW
GetDlgItem
SetWindowPos
MapWindowPoints
GetClientRect
GetMonitorInfoW
MonitorFromWindow
GetWindowLongW
GetWindowRect
GetWindow
CharNextW
wvsprintfW
LoadStringW
SetWindowLongPtrW
SetForegroundWindow
ShowWindow
IsWindowVisible
SetTimer
KillTimer
GetClassInfoExW
RegisterClassExW
LoadImageW
SetPropW
GetSysColor
ExitWindowsEx
CharLowerW
CharUpperBuffW
SetParent
EnableMenuItem
CreateWindowExW
InvalidateRect
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetMenuItemInfoW
SetFocus
MessageBoxW
SendInput
GetSystemMetrics
DefWindowProcW
InflateRect
SetMenuItemInfoW
GetMenu
DrawMenuBar
SetWindowLongW
IsDialogMessageW
BringWindowToTop
MoveWindow
IsIconic
RemoveMenu
CheckMenuItem
AppendMenuW
ClientToScreen
GetDlgCtrlID
GetSysColorBrush
IsMenu
EnumWindows
PostQuitMessage
GetLastInputInfo
LoadIconW
GetDesktopWindow
CharUpperW
GetWindowTextLengthW
MessageBeep
ScreenToClient
SetMenuDefaultItem
MonitorFromPoint
GetMenuItemID
TrackPopupMenu
PostMessageW
DestroyWindow
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetSubMenu
LoadMenuW
DestroyMenu
GetCursorPos
RegisterWindowMessageW
CreateDialogParamW
wsprintfW
SetRect
DrawTextW
OffsetRect
CopyRect
CallWindowProcW
GetWindowLongPtrW
IsWindow
SetDlgItemInt
IsDlgButtonChecked
GetDlgItemTextW
GetDlgItemInt
CheckDlgButton
EnableWindow
SetWindowTextW
GetDC

gdi32

GetTextColor
SetBkMode
ExcludeClipRect
GetViewportOrgEx
SetMapMode
CreateSolidBrush
SetTextColor
GetTextMetricsW
DPtoLP
LPtoDP
SetWindowOrgEx
GetClipBox
CreateCompatibleDC
GetCurrentPositionEx
GetDeviceCaps
SaveDC
GetStockObject
CreateFontIndirectW
DeleteObject
GetObjectW
ExtTextOutW
SetBkColor
DeleteDC
RestoreDC
GetTextExtentPoint32W
GetTextFaceW
CreateCompatibleBitmap
CreatePen
BitBlt
SelectObject

advapi32

RegQueryValueExA
RegQueryValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
OpenSCManagerW
CreateServiceW
CloseServiceHandle
RegCreateKeyExW
RegSetValueExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExA

shell32

SHBindToParent
SHGetSpecialFolderPathW
Shell_NotifyIconW
SHGetFileInfoW
SHFileOperationW
SHGetSpecialFolderPathA
DragQueryFileW
DragFinish
ord165
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetDataFromIDListW

ole32

ReleaseStgMedium
DoDragDrop
CoTaskMemRealloc
CoUninitialize
OleInitialize
CoCreateInstance
CoTaskMemAlloc
CoInitialize
CoTaskMemFree

oleaut32

VarUI4FromStr

sqlite

?open@CppSQLite3DB@@UEAAXPEBD_N@Z
?isInitialized@CppSQLite3DB@@UEAA_NXZ
??0CTransaction@@QEAA@AEAVCppSQLite3DB@@@Z
?execQuery@CppSQLite3DB@@UEAA?AVCppSQLite3Query@@PEBD@Z
?eof@CppSQLite3Query@@UEAA_NXZ
?getStringField@CppSQLite3Query@@UEAAPEBDPEBD0@Z
?nextRow@CppSQLite3Query@@UEAAXXZ
??1CppSQLite3Query@@UEAA@XZ
??1CTransaction@@UEAA@XZ
?close@CppSQLite3DB@@UEAAXXZ
??1CppSQLite3Buffer@@UEAA@XZ
?format@CppSQLite3Buffer@@UEAAPEBDPEBDZZ
?lastRowId@CppSQLite3DB@@UEAA_JXZ
??0CppSQLite3Buffer@@QEAA@XZ
??0CppSQLite3DB@@QEAA@XZ
??1CppSQLite3DB@@UEAA@XZ
?execDML@CppSQLite3DB@@UEAAHPEBD@Z

shlwapi

StrFromTimeIntervalW
StrRetToBufW
PathCompactPathExW

comctl32

ImageList_Draw
ImageList_GetImageInfo
CreatePropertySheetPageW
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_SetImageCount
ImageList_SetOverlayImage
InitCommonControlsEx
ImageList_Create
PropertySheetW
DestroyPropertySheetPage

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

urlmon

URLDownloadToCacheFileW

Sections

.text
Size: 942KB - Virtual size: 941KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 603KB - Virtual size: 602KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
eBoostrMeasure.exe
.exe windows:5 windows x64 arch:x64

91f0805251f15c7c7ddcfdd022d65858

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9a:42:ce:56:77:47:e6:ff:d7:66:ba:21:93:ef:27:23
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

06/02/2008, 00:00

Not After

05/02/2011, 23:59

Subject

CN=MDO,O=MDO,POSTALCODE=109319,STREET=Volgogradskiy prospekt 26-1,L=Moscow,ST=n/a,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d6:bc:f7:c4:e1:96:51:d1:ef:8a:44:9b:19:f5:30:e2:04:90:34:fe
Signer

Actual PE Digest

d6:bc:f7:c4:e1:96:51:d1:ef:8a:44:9b:19:f5:30:e2:04:90:34:fe

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ResetEvent
WinExec
OpenEventW
GetCurrentProcess
SetLastError
GetCurrentThreadId
RaiseException
FlushInstructionCache
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
FindClose
FindNextFileW
GetPrivateProfileStringW
FindFirstFileW
LoadLibraryW
GetVersionExW
lstrcpynW
CloseHandle
ExpandEnvironmentStringsA
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetDriveTypeA
WriteConsoleW
DeviceIoControl
WriteConsoleA
FlushFileBuffers
ReadFile
SetEndOfFile
SetStdHandle
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
FormatMessageW
GetConsoleCP
SetFilePointer
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
WideCharToMultiByte
GetTimeFormatA
GetDateFormatA
GetLastError
GetConsoleOutputCP
CreateFileW
lstrlenW
lstrlenA
OutputDebugStringW
DebugBreak
CreateThread
LeaveCriticalSection
EnterCriticalSection
Sleep
GetModuleHandleW
GetProcAddress
CreateEventW
GetModuleFileNameW
SetEvent
VirtualAlloc
VirtualFree
WaitForSingleObject
GetTickCount
CreateProcessW
GetProcessIoCounters
TerminateProcess
GlobalMemoryStatus
DeleteCriticalSection
GetCurrentDirectoryA
GetFileType
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameW
HeapReAlloc
HeapCreate
HeapSetInformation
InitializeCriticalSection
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
GetConsoleMode
LocalFree
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
InterlockedPushEntrySList
HeapFree
HeapAlloc
GetProcessHeap
InterlockedPopEntrySList
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetSystemTimeAsFileTime
GetStartupInfoW
EncodePointer
DecodePointer

user32

SetWindowPos
MapWindowPoints
GetClientRect
GetParent
UnregisterClassA
EndDialog
GetMonitorInfoW
MonitorFromWindow
GetWindowLongW
GetWindowRect
GetWindow
PostMessageW
SendInput
WaitForInputIdle
EnumWindows
GetDesktopWindow
IsDialogMessageW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
DialogBoxParamW
PostQuitMessage
GetKeyState
GetActiveWindow
GetSystemMetrics
LoadImageW
SendMessageW
ShowWindow
DestroyWindow
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
CreateDialogParamW
DefWindowProcW
SetWindowLongPtrW
LoadStringW
wvsprintfW
CharNextW
MessageBoxW
GetDlgItem
SetDlgItemTextW
GetWindowThreadProcessId

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

OpenServiceW
RegOpenKeyExA
RegQueryValueExW
RegQueryValueExA
ControlService
DeleteService
OpenSCManagerW
CreateServiceW
StartServiceW
CloseServiceHandle
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

pdh

PdhAddCounterW
PdhOpenQueryW
PdhLookupPerfNameByIndexW
PdhGetFormattedCounterValue
PdhCollectQueryData

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
eboost.sys
.sys windows:6 windows x64 arch:x64

09b8a932c1691d4f00a61c70991c46b5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:49:67:9d:ae:90:2c:ed:7c:73:ac:69:dd:6e:7f:94
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

01/09/2009, 00:00

Not After

01/09/2010, 23:59

Subject

CN=MDO,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=MDO,L=Moscow,ST=n/a,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a0:73:d0:ce:e7:48:0e:0f:e8:f5:c8:8e:8d:72:95:d4:7a:05:b8:99
Signer

Actual PE Digest

a0:73:d0:ce:e7:48:0e:0f:e8:f5:c8:8e:8d:72:95:d4:7a:05:b8:99

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\work\eboostr\driver\objchk_wnet_amd64\amd64\EBoost.pdb

Imports

ntoskrnl.exe

ExFreePoolWithTag
ExAllocatePoolWithTag
MmUnmapIoSpace
MmGetPhysicalMemoryRanges
ExIsProcessorFeaturePresent
MmMapIoSpace
MmGetPhysicalAddress
RtlCompareMemoryUlong
ExDeleteNPagedLookasideList
ExpInterlockedPopEntrySList
ExInitializePagedLookasideList
ExDeletePagedLookasideList
ExInitializeNPagedLookasideList
ExpInterlockedPushEntrySList
ExQueryDepthSList
IoAllocateWorkItem
IoFreeIrp
IoInitializeIrp
IoAllocateIrp
IoAllocateMdl
MmProbeAndLockPages
IoFreeMdl
MmMapLockedPagesSpecifyCache
IoGetRequestorProcessId
IofCompleteRequest
IoFreeWorkItem
IoQueueWorkItem
ObfDereferenceObject
RtlInitUnicodeString
RtlVolumeDeviceToDosName
RtlUpcaseUnicodeString
IoRegisterPlugPlayNotification
ZwReadFile
RtlRandom
ZwClose
RtlAppendUnicodeStringToString
RtlEqualUnicodeString
RtlCopyUnicodeString
IoUnregisterPlugPlayNotification
IoDeleteSymbolicLink
IoUnregisterShutdownNotification
MmIsAddressValid
RtlAppendUnicodeToString
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
ZwSetValueKey
ZwOpenKey
ZwQueryValueKey
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
ObQueryNameString
InitSafeBootMode
KeEnterCriticalRegion
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
KeLeaveCriticalRegion
ExInitializeResourceLite
IoRegisterFsRegistrationChange
ZwCreateKey
IoDetachDevice
RtlAssert
PoCallDriver
IofCallDriver
IoGetDeviceObjectPointer
KeInitializeEvent
IoBuildDeviceIoControlRequest
KeWaitForSingleObject
IoGetTopLevelIrp
IoSetTopLevelIrp
_vsnprintf
DbgPrint
DbgBreakPoint
RtlInitAnsiString
KeSetEvent
IoReuseIrp
ObReferenceObjectByHandle
FsRtlDissectName
KeClearEvent
ObfReferenceObject
ExAcquireResourceSharedLite
FsRtlLookupPerStreamContextInternal
FsRtlInsertPerStreamContext
FsRtlRemovePerStreamContext
MmUnlockPages
PsGetCurrentProcessId
RtlIntegerToUnicodeString
IoGetBootDiskInformation
KeDelayExecutionThread
ZwSetInformationFile
ZwQueryInformationFile
ZwQueryVolumeInformationFile
ZwWriteFile
IoIsOperationSynchronous
IoBuildPartialMdl
MmBuildMdlForNonPagedPool
ExUnregisterCallback
MmFreePagesFromMdl
ExCreateCallback
ExRegisterCallback
MmAllocatePagesForMdl
_purecall
PsLookupProcessByProcessId
ObOpenObjectByPointer
IoIs32bitProcess
IoStopTimer
IoInitializeTimer
IoStartTimer
IoRegisterShutdownNotification
PsSetCreateProcessNotifyRoutine
IoAcquireVpbSpinLock
IoReleaseVpbSpinLock
RtlCompareMemory
KeBugCheckEx
KeQueryTimeIncrement
IoGetCurrentProcess
PsGetVersion
MmGetSystemRoutineAddress
__C_specific_handler

Sections

.text
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 640B - Virtual size: 550B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
memeat.exe
.exe windows:5 windows x64 arch:x64

10f20cafdb59023dcde6219957b6e1b0

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9a:42:ce:56:77:47:e6:ff:d7:66:ba:21:93:ef:27:23
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

06/02/2008, 00:00

Not After

05/02/2011, 23:59

Subject

CN=MDO,O=MDO,POSTALCODE=109319,STREET=Volgogradskiy prospekt 26-1,L=Moscow,ST=n/a,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7e:a5:ce:4d:18:f2:2d:07:f2:d1:82:b3:b2:0f:1e:ee:09:96:5a:e3
Signer

Actual PE Digest

7e:a5:ce:4d:18:f2:2d:07:f2:d1:82:b3:b2:0f:1e:ee:09:96:5a:e3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\FirmTools\projects\eBoostr\_Release\x64\memeat.pdb

Imports

kernel32

OpenEventW
WaitForSingleObject
VirtualAlloc
Sleep
VirtualFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoW
RaiseException
RtlPcToFileHeader
RtlUnwindEx
GetLastError
HeapFree
HeapAlloc
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
GetModuleHandleW
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
WideCharToMultiByte
LCMapStringW
HeapReAlloc

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sqlite.dll
.dll windows:5 windows x64 arch:x64

ef22ac8b8facacc297a805e62b4b82c4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\FirmTools\projects\eBoostr\_Release\x64\sqlite.pdb

Imports

kernel32

GetFullPathNameW
GetFullPathNameA
CreateFileA
GetFileSize
SetFilePointer
SetEndOfFile
FreeLibrary
QueryPerformanceCounter
UnlockFile
LockFile
GetTickCount
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
Sleep
GetVersionExW
LeaveCriticalSection
GetFileAttributesA
GetFileAttributesW
ReadFile
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetLastError
GetProcAddress
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
GetDiskFreeSpaceA
DeleteCriticalSection
GetCurrentThreadId
CloseHandle
DeleteFileW
GetCurrentProcessId
GetTempPathA
GetSystemTime
AreFileApisANSI
DeleteFileA
HeapAlloc
HeapFree
HeapReAlloc
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameA
HeapSetInformation
HeapCreate
HeapDestroy
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
GetTimeZoneInformation
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
HeapSize
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
RaiseException
RtlPcToFileHeader

Exports

Exports

??0CTransaction@@QEAA@AEAVCppSQLite3DB@@@Z
??0CTransaction@@QEAA@AEBV0@@Z
??0CppSQLite3Binary@@QEAA@AEBV0@@Z
??0CppSQLite3Binary@@QEAA@XZ
??0CppSQLite3Buffer@@QEAA@AEBV0@@Z
??0CppSQLite3Buffer@@QEAA@XZ
??0CppSQLite3DB@@AEAA@AEBV0@@Z
??0CppSQLite3DB@@QEAA@XZ
??0CppSQLite3Exception@@QEAA@AEBV0@@Z
??0CppSQLite3Exception@@QEAA@HPEAD_N@Z
??0CppSQLite3Query@@QEAA@AEBV0@@Z
??0CppSQLite3Query@@QEAA@PEAUsqlite3@@PEAUsqlite3_stmt@@_N2@Z
??0CppSQLite3Query@@QEAA@XZ
??0CppSQLite3Statement@@QEAA@AEBV0@@Z
??0CppSQLite3Statement@@QEAA@PEAUsqlite3@@PEAUsqlite3_stmt@@@Z
??0CppSQLite3Statement@@QEAA@XZ
??0CppSQLite3Table@@QEAA@AEBV0@@Z
??0CppSQLite3Table@@QEAA@PEAPEADHH@Z
??0CppSQLite3Table@@QEAA@XZ
??1CTransaction@@UEAA@XZ
??1CppSQLite3Binary@@UEAA@XZ
??1CppSQLite3Buffer@@UEAA@XZ
??1CppSQLite3DB@@UEAA@XZ
??1CppSQLite3Exception@@UEAA@XZ
??1CppSQLite3Query@@UEAA@XZ
??1CppSQLite3Statement@@UEAA@XZ
??1CppSQLite3Table@@UEAA@XZ
??4CppSQLite3Binary@@QEAAAEAV0@AEBV0@@Z
??4CppSQLite3Buffer@@QEAAAEAV0@AEBV0@@Z
??4CppSQLite3DB@@AEAAAEAV0@AEBV0@@Z
??4CppSQLite3Exception@@QEAAAEAV0@AEBV0@@Z
??4CppSQLite3Query@@QEAAAEAV0@AEBV0@@Z
??4CppSQLite3Statement@@UEAAAEAV0@AEBV0@@Z
??4CppSQLite3Table@@UEAAAEAV0@AEBV0@@Z
??BCppSQLite3Buffer@@UEAAPEBDXZ
??_7CTransaction@@6B@
??_7CppSQLite3Binary@@6B@
??_7CppSQLite3Buffer@@6B@
??_7CppSQLite3DB@@6B@
??_7CppSQLite3Exception@@6B@
??_7CppSQLite3Query@@6B@
??_7CppSQLite3Statement@@6B@
??_7CppSQLite3Table@@6B@
?SQLiteVersion@CppSQLite3DB@@SAPEBDXZ
?allocBuffer@CppSQLite3Binary@@UEAAPEAEH@Z
?bind@CppSQLite3Statement@@UEAAXHH@Z
?bind@CppSQLite3Statement@@UEAAXHN@Z
?bind@CppSQLite3Statement@@UEAAXHPEBD@Z
?bind@CppSQLite3Statement@@UEAAXHPEBEH@Z
?bindNull@CppSQLite3Statement@@UEAAXH@Z
?checkDB@CppSQLite3DB@@AEAAXXZ
?checkDB@CppSQLite3Statement@@AEAAXXZ
?checkResults@CppSQLite3Table@@AEAAXXZ
?checkVM@CppSQLite3Query@@AEAAXXZ
?checkVM@CppSQLite3Statement@@AEAAXXZ
?clear@CppSQLite3Binary@@UEAAXXZ
?clear@CppSQLite3Buffer@@UEAAXXZ
?close@CppSQLite3DB@@UEAAXXZ
?compile@CppSQLite3DB@@AEAAPEAUsqlite3_stmt@@PEBD@Z
?compileStatement@CppSQLite3DB@@UEAA?AVCppSQLite3Statement@@PEBD@Z
?eof@CppSQLite3Query@@UEAA_NXZ
?errorCode@CppSQLite3Exception@@UEAA?BHXZ
?errorCodeAsString@CppSQLite3Exception@@SAPEBDH@Z
?errorMessage@CppSQLite3Exception@@UEAAPEBDXZ
?execDML@CppSQLite3DB@@UEAAHPEBD@Z
?execDML@CppSQLite3Statement@@UEAAHXZ
?execQuery@CppSQLite3DB@@UEAA?AVCppSQLite3Query@@PEBD@Z
?execQuery@CppSQLite3Statement@@UEAA?AVCppSQLite3Query@@XZ
?execScalar@CppSQLite3DB@@UEAAHPEBD@Z
?fieldDataType@CppSQLite3Query@@UEAAHH@Z
?fieldDeclType@CppSQLite3Query@@UEAAPEBDH@Z
?fieldIndex@CppSQLite3Query@@UEAAHPEBD@Z
?fieldIsNull@CppSQLite3Query@@UEAA_NH@Z
?fieldIsNull@CppSQLite3Query@@UEAA_NPEBD@Z
?fieldIsNull@CppSQLite3Table@@UEAA_NH@Z
?fieldIsNull@CppSQLite3Table@@UEAA_NPEBD@Z
?fieldName@CppSQLite3Query@@UEAAPEBDH@Z
?fieldName@CppSQLite3Table@@UEAAPEBDH@Z
?fieldValue@CppSQLite3Query@@UEAAPEBDH@Z
?fieldValue@CppSQLite3Query@@UEAAPEBDPEBD@Z
?fieldValue@CppSQLite3Table@@UEAAPEBDH@Z
?fieldValue@CppSQLite3Table@@UEAAPEBDPEBD@Z
?finalize@CppSQLite3Query@@UEAAXXZ
?finalize@CppSQLite3Statement@@UEAAXXZ
?finalize@CppSQLite3Table@@UEAAXXZ
?format@CppSQLite3Buffer@@UEAAPEBDPEBDZZ
?getBinary@CppSQLite3Binary@@UEAAPEBEXZ
?getBinaryLength@CppSQLite3Binary@@UEAAHXZ
?getBlobField@CppSQLite3Query@@UEAAPEBEHAEAH@Z
?getBlobField@CppSQLite3Query@@UEAAPEBEPEBDAEAH@Z
?getEncoded@CppSQLite3Binary@@UEAAPEBEXZ
?getFloatField@CppSQLite3Query@@UEAANHN@Z
?getFloatField@CppSQLite3Query@@UEAANPEBDN@Z
?getFloatField@CppSQLite3Table@@UEAANHN@Z
?getFloatField@CppSQLite3Table@@UEAANPEBDN@Z
?getInt64Field@CppSQLite3Query@@UEAA_JHH@Z
?getInt64Field@CppSQLite3Query@@UEAA_JPEBDH@Z
?getIntField@CppSQLite3Query@@UEAAHHH@Z
?getIntField@CppSQLite3Query@@UEAAHPEBDH@Z
?getIntField@CppSQLite3Table@@UEAAHHH@Z
?getIntField@CppSQLite3Table@@UEAAHPEBDH@Z
?getStringField@CppSQLite3Query@@UEAAPEBDHPEBD@Z
?getStringField@CppSQLite3Query@@UEAAPEBDPEBD0@Z
?getStringField@CppSQLite3Table@@UEAAPEBDHPEBD@Z
?getStringField@CppSQLite3Table@@UEAAPEBDPEBD0@Z
?getTable@CppSQLite3DB@@UEAA?AVCppSQLite3Table@@PEBD@Z
?interrupt@CppSQLite3DB@@UEAAXXZ
?isInitialized@CppSQLite3DB@@UEAA_NXZ
?lastRowId@CppSQLite3DB@@UEAA_JXZ
?nextRow@CppSQLite3Query@@UEAAXXZ
?numFields@CppSQLite3Query@@UEAAHXZ
?numFields@CppSQLite3Table@@UEAAHXZ
?numRows@CppSQLite3Table@@UEAAHXZ
?open@CppSQLite3DB@@UEAAXPEBD_N@Z
?reset@CppSQLite3Statement@@UEAAXXZ
?setBinary@CppSQLite3Binary@@UEAAXPEBEH@Z
?setBusyTimeout@CppSQLite3DB@@UEAAXH@Z
?setEncoded@CppSQLite3Binary@@UEAAXPEBE@Z
?setRow@CppSQLite3Table@@UEAAXH@Z
?sqlite3RollbackAll@CppSQLite3DB@@UEAAXXZ
?tableExists@CppSQLite3DB@@UEAA_NPEBD@Z

Sections

.text
Size: 554KB - Virtual size: 554KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sqlite.dll.new
.dll windows:5 windows x64 arch:x64

ef22ac8b8facacc297a805e62b4b82c4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\FirmTools\projects\eBoostr\_Release\x64\sqlite.pdb

Imports

kernel32

GetFullPathNameW
GetFullPathNameA
CreateFileA
GetFileSize
SetFilePointer
SetEndOfFile
FreeLibrary
QueryPerformanceCounter
UnlockFile
LockFile
GetTickCount
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
Sleep
GetVersionExW
LeaveCriticalSection
GetFileAttributesA
GetFileAttributesW
ReadFile
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetLastError
GetProcAddress
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
GetDiskFreeSpaceA
DeleteCriticalSection
GetCurrentThreadId
CloseHandle
DeleteFileW
GetCurrentProcessId
GetTempPathA
GetSystemTime
AreFileApisANSI
DeleteFileA
HeapAlloc
HeapFree
HeapReAlloc
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameA
HeapSetInformation
HeapCreate
HeapDestroy
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
GetTimeZoneInformation
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
HeapSize
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
RaiseException
RtlPcToFileHeader

Exports

Exports

??0CTransaction@@QEAA@AEAVCppSQLite3DB@@@Z
??0CTransaction@@QEAA@AEBV0@@Z
??0CppSQLite3Binary@@QEAA@AEBV0@@Z
??0CppSQLite3Binary@@QEAA@XZ
??0CppSQLite3Buffer@@QEAA@AEBV0@@Z
??0CppSQLite3Buffer@@QEAA@XZ
??0CppSQLite3DB@@AEAA@AEBV0@@Z
??0CppSQLite3DB@@QEAA@XZ
??0CppSQLite3Exception@@QEAA@AEBV0@@Z
??0CppSQLite3Exception@@QEAA@HPEAD_N@Z
??0CppSQLite3Query@@QEAA@AEBV0@@Z
??0CppSQLite3Query@@QEAA@PEAUsqlite3@@PEAUsqlite3_stmt@@_N2@Z
??0CppSQLite3Query@@QEAA@XZ
??0CppSQLite3Statement@@QEAA@AEBV0@@Z
??0CppSQLite3Statement@@QEAA@PEAUsqlite3@@PEAUsqlite3_stmt@@@Z
??0CppSQLite3Statement@@QEAA@XZ
??0CppSQLite3Table@@QEAA@AEBV0@@Z
??0CppSQLite3Table@@QEAA@PEAPEADHH@Z
??0CppSQLite3Table@@QEAA@XZ
??1CTransaction@@UEAA@XZ
??1CppSQLite3Binary@@UEAA@XZ
??1CppSQLite3Buffer@@UEAA@XZ
??1CppSQLite3DB@@UEAA@XZ
??1CppSQLite3Exception@@UEAA@XZ
??1CppSQLite3Query@@UEAA@XZ
??1CppSQLite3Statement@@UEAA@XZ
??1CppSQLite3Table@@UEAA@XZ
??4CppSQLite3Binary@@QEAAAEAV0@AEBV0@@Z
??4CppSQLite3Buffer@@QEAAAEAV0@AEBV0@@Z
??4CppSQLite3DB@@AEAAAEAV0@AEBV0@@Z
??4CppSQLite3Exception@@QEAAAEAV0@AEBV0@@Z
??4CppSQLite3Query@@QEAAAEAV0@AEBV0@@Z
??4CppSQLite3Statement@@UEAAAEAV0@AEBV0@@Z
??4CppSQLite3Table@@UEAAAEAV0@AEBV0@@Z
??BCppSQLite3Buffer@@UEAAPEBDXZ
??_7CTransaction@@6B@
??_7CppSQLite3Binary@@6B@
??_7CppSQLite3Buffer@@6B@
??_7CppSQLite3DB@@6B@
??_7CppSQLite3Exception@@6B@
??_7CppSQLite3Query@@6B@
??_7CppSQLite3Statement@@6B@
??_7CppSQLite3Table@@6B@
?SQLiteVersion@CppSQLite3DB@@SAPEBDXZ
?allocBuffer@CppSQLite3Binary@@UEAAPEAEH@Z
?bind@CppSQLite3Statement@@UEAAXHH@Z
?bind@CppSQLite3Statement@@UEAAXHN@Z
?bind@CppSQLite3Statement@@UEAAXHPEBD@Z
?bind@CppSQLite3Statement@@UEAAXHPEBEH@Z
?bindNull@CppSQLite3Statement@@UEAAXH@Z
?checkDB@CppSQLite3DB@@AEAAXXZ
?checkDB@CppSQLite3Statement@@AEAAXXZ
?checkResults@CppSQLite3Table@@AEAAXXZ
?checkVM@CppSQLite3Query@@AEAAXXZ
?checkVM@CppSQLite3Statement@@AEAAXXZ
?clear@CppSQLite3Binary@@UEAAXXZ
?clear@CppSQLite3Buffer@@UEAAXXZ
?close@CppSQLite3DB@@UEAAXXZ
?compile@CppSQLite3DB@@AEAAPEAUsqlite3_stmt@@PEBD@Z
?compileStatement@CppSQLite3DB@@UEAA?AVCppSQLite3Statement@@PEBD@Z
?eof@CppSQLite3Query@@UEAA_NXZ
?errorCode@CppSQLite3Exception@@UEAA?BHXZ
?errorCodeAsString@CppSQLite3Exception@@SAPEBDH@Z
?errorMessage@CppSQLite3Exception@@UEAAPEBDXZ
?execDML@CppSQLite3DB@@UEAAHPEBD@Z
?execDML@CppSQLite3Statement@@UEAAHXZ
?execQuery@CppSQLite3DB@@UEAA?AVCppSQLite3Query@@PEBD@Z
?execQuery@CppSQLite3Statement@@UEAA?AVCppSQLite3Query@@XZ
?execScalar@CppSQLite3DB@@UEAAHPEBD@Z
?fieldDataType@CppSQLite3Query@@UEAAHH@Z
?fieldDeclType@CppSQLite3Query@@UEAAPEBDH@Z
?fieldIndex@CppSQLite3Query@@UEAAHPEBD@Z
?fieldIsNull@CppSQLite3Query@@UEAA_NH@Z
?fieldIsNull@CppSQLite3Query@@UEAA_NPEBD@Z
?fieldIsNull@CppSQLite3Table@@UEAA_NH@Z
?fieldIsNull@CppSQLite3Table@@UEAA_NPEBD@Z
?fieldName@CppSQLite3Query@@UEAAPEBDH@Z
?fieldName@CppSQLite3Table@@UEAAPEBDH@Z
?fieldValue@CppSQLite3Query@@UEAAPEBDH@Z
?fieldValue@CppSQLite3Query@@UEAAPEBDPEBD@Z
?fieldValue@CppSQLite3Table@@UEAAPEBDH@Z
?fieldValue@CppSQLite3Table@@UEAAPEBDPEBD@Z
?finalize@CppSQLite3Query@@UEAAXXZ
?finalize@CppSQLite3Statement@@UEAAXXZ
?finalize@CppSQLite3Table@@UEAAXXZ
?format@CppSQLite3Buffer@@UEAAPEBDPEBDZZ
?getBinary@CppSQLite3Binary@@UEAAPEBEXZ
?getBinaryLength@CppSQLite3Binary@@UEAAHXZ
?getBlobField@CppSQLite3Query@@UEAAPEBEHAEAH@Z
?getBlobField@CppSQLite3Query@@UEAAPEBEPEBDAEAH@Z
?getEncoded@CppSQLite3Binary@@UEAAPEBEXZ
?getFloatField@CppSQLite3Query@@UEAANHN@Z
?getFloatField@CppSQLite3Query@@UEAANPEBDN@Z
?getFloatField@CppSQLite3Table@@UEAANHN@Z
?getFloatField@CppSQLite3Table@@UEAANPEBDN@Z
?getInt64Field@CppSQLite3Query@@UEAA_JHH@Z
?getInt64Field@CppSQLite3Query@@UEAA_JPEBDH@Z
?getIntField@CppSQLite3Query@@UEAAHHH@Z
?getIntField@CppSQLite3Query@@UEAAHPEBDH@Z
?getIntField@CppSQLite3Table@@UEAAHHH@Z
?getIntField@CppSQLite3Table@@UEAAHPEBDH@Z
?getStringField@CppSQLite3Query@@UEAAPEBDHPEBD@Z
?getStringField@CppSQLite3Query@@UEAAPEBDPEBD0@Z
?getStringField@CppSQLite3Table@@UEAAPEBDHPEBD@Z
?getStringField@CppSQLite3Table@@UEAAPEBDPEBD0@Z
?getTable@CppSQLite3DB@@UEAA?AVCppSQLite3Table@@PEBD@Z
?interrupt@CppSQLite3DB@@UEAAXXZ
?isInitialized@CppSQLite3DB@@UEAA_NXZ
?lastRowId@CppSQLite3DB@@UEAA_JXZ
?nextRow@CppSQLite3Query@@UEAAXXZ
?numFields@CppSQLite3Query@@UEAAHXZ
?numFields@CppSQLite3Table@@UEAAHXZ
?numRows@CppSQLite3Table@@UEAAHXZ
?open@CppSQLite3DB@@UEAAXPEBD_N@Z
?reset@CppSQLite3Statement@@UEAAXXZ
?setBinary@CppSQLite3Binary@@UEAAXPEBEH@Z
?setBusyTimeout@CppSQLite3DB@@UEAAXH@Z
?setEncoded@CppSQLite3Binary@@UEAAXPEBE@Z
?setRow@CppSQLite3Table@@UEAAXH@Z
?sqlite3RollbackAll@CppSQLite3DB@@UEAAXXZ
?tableExists@CppSQLite3DB@@UEAA_NPEBD@Z

Sections

.text
Size: 554KB - Virtual size: 554KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
eBoostr PRO v4.0.0.554/使用说明.txt

Sharing

General

Malware Config

Signatures

Files

d747f4a80618ace515b1cb6776c81419

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

sqlite

shlwapi

pdh

psapi

Exports

Exports

Sections

.text Size: - Virtual size: 504KB

.rdata Size: - Virtual size: 101KB

.data Size: - Virtual size: 24KB

.rsrc Size: 2KB - Virtual size: 5KB

.vmp0 Size: - Virtual size: 14KB

.tls Size: 512B - Virtual size: 24B

.vmp1 Size: 329KB - Virtual size: 328KB

a8105eeda9e6a3ba0aaca0edd3809799

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

sqlite

shlwapi

comctl32

version

urlmon

Exports

Exports

Sections

.text Size: - Virtual size: 802KB

.rdata Size: - Virtual size: 138KB

.data Size: - Virtual size: 40KB

.rsrc Size: 570KB - Virtual size: 602KB

.vmp0 Size: - Virtual size: 12KB

.tls Size: 512B - Virtual size: 24B

.vmp1 Size: 464KB - Virtual size: 463KB

424ab9b61877ef265e4f24fe135a5f9e

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89Certificate

Extended Key Usages

Key Usages

9a:42:ce:56:77:47:e6:ff:d7:66:ba:21:93:ef:27:23Certificate

Extended Key Usages

Key Usages

49:4e:e6:86:7b:bf:4d:13:71:5f:40:73:04:2e:8f:78:9d:61:23:7dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

sqlite

shlwapi

pdh

psapi

Sections

.text Size: 578KB - Virtual size: 578KB

.text
Size: - Virtual size: 504KB

.rdata
Size: - Virtual size: 101KB

.data
Size: - Virtual size: 24KB

.rsrc
Size: 2KB - Virtual size: 5KB

.vmp0
Size: - Virtual size: 14KB

.tls
Size: 512B - Virtual size: 24B

.vmp1
Size: 329KB - Virtual size: 328KB

.text
Size: - Virtual size: 802KB

.rdata
Size: - Virtual size: 138KB

.data
Size: - Virtual size: 40KB

.rsrc
Size: 570KB - Virtual size: 602KB

.vmp0
Size: - Virtual size: 12KB

.tls
Size: 512B - Virtual size: 24B

.vmp1
Size: 464KB - Virtual size: 463KB

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

9a:42:ce:56:77:47:e6:ff:d7:66:ba:21:93:ef:27:23
Certificate

49:4e:e6:86:7b:bf:4d:13:71:5f:40:73:04:2e:8f:78:9d:61:23:7d
Signer

.text
Size: 578KB - Virtual size: 578KB

.rdata
Size: 149KB - Virtual size: 148KB

.data
Size: 17KB - Virtual size: 28KB

.pdata
Size: 37KB - Virtual size: 36KB

.rsrc
Size: 5KB - Virtual size: 5KB

.text
Size: - Virtual size: 941KB

.rdata
Size: - Virtual size: 226KB

.data
Size: - Virtual size: 47KB

.pdata
Size: - Virtual size: 60KB

.rsrc
Size: 570KB - Virtual size: 602KB

.vmp0
Size: - Virtual size: 14KB

.tls
Size: 512B - Virtual size: 48B

.vmp1
Size: 539KB - Virtual size: 538KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0f:49:67:9d:ae:90:2c:ed:7c:73:ac:69:dd:6e:7f:94
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

50:e2:15:b4:9e:6b:d8:d6:54:10:6f:cd:27:20:ad:a1:f7:6b:9a:d5
Signer

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 409KB

.ndata
Size: - Virtual size: 1.3MB

.rsrc
Size: 117KB - Virtual size: 116KB